Analysis Report · CAPE Sandbox

Analysis Details

Category	Package	Started	Completed	Duration	Options	Logs
URL	edge	2026-05-28 17:41:27	2026-05-28 17:44:40	193s
Reports	JSON

Options

interactive=1
nohuman=yes
vnc_port=5910

Analysis Log

2026-05-28 20:40:10,002 [root] INFO: Date set to: 20260528T17:41:32, timeout set to: 600
2026-05-28 17:41:32,006 [root] DEBUG: Starting analyzer from: C:\q61py415
2026-05-28 17:41:32,006 [root] DEBUG: Storing results at: C:\BzuLYXQUrs
2026-05-28 17:41:32,015 [root] DEBUG: Pipe server name: \\.\PIPE\IkRdYsEaKU
2026-05-28 17:41:32,016 [root] DEBUG: Python path: C:\Users\admin\AppData\Local\Python\pythoncore-3.14-64
2026-05-28 17:41:32,016 [root] INFO: analysis running as an admin
2026-05-28 17:41:32,016 [root] INFO: analysis package specified: "edge"
2026-05-28 17:41:32,016 [root] DEBUG: importing analysis package module: "modules.packages.edge"...
2026-05-28 17:41:32,021 [root] DEBUG: imported analysis package "edge"
2026-05-28 17:41:32,023 [root] DEBUG: initializing analysis package "edge"...
2026-05-28 17:41:32,023 [root] DEBUG: New location of moved file: https://sugarcraft(dot)net/
2026-05-28 17:41:32,023 [root] INFO: Analyzer: Package modules.packages.edge does not specify a dll option
2026-05-28 17:41:32,024 [root] INFO: Analyzer: Package modules.packages.edge does not specify a dll_64 option
2026-05-28 17:41:32,024 [root] INFO: Analyzer: Package modules.packages.edge does not specify a loader option
2026-05-28 17:41:32,024 [root] INFO: Analyzer: Package modules.packages.edge does not specify a loader_64 option
2026-05-28 17:41:32,076 [root] DEBUG: Imported auxiliary module "modules.auxiliary.browser"
2026-05-28 17:41:32,079 [root] DEBUG: Imported auxiliary module "modules.auxiliary.digisig"
2026-05-28 17:41:32,090 [root] DEBUG: Imported auxiliary module "modules.auxiliary.disguise"
2026-05-28 17:41:32,096 [root] DEBUG: Imported auxiliary module "modules.auxiliary.human"
2026-05-28 17:41:32,100 [lib.api.screenshot] DEBUG: Importing 'PIL.ImageChops'
2026-05-28 17:41:32,100 [lib.api.screenshot] ERROR: No module named 'PIL'
2026-05-28 17:41:32,100 [root] DEBUG: Imported auxiliary module "modules.auxiliary.screenshots"
2026-05-28 17:41:32,102 [root] DEBUG: Imported auxiliary module "modules.auxiliary.tlsdump"
2026-05-28 17:41:32,102 [root] DEBUG: Initialized auxiliary module "Browser"
2026-05-28 17:41:32,102 [root] DEBUG: attempting to configure 'Browser' from data
2026-05-28 17:41:32,103 [root] DEBUG: module Browser does not support data configuration, ignoring
2026-05-28 17:41:32,103 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.browser"...
2026-05-28 17:41:32,103 [root] DEBUG: Started auxiliary module modules.auxiliary.browser
2026-05-28 17:41:32,103 [root] DEBUG: Initialized auxiliary module "DigiSig"
2026-05-28 17:41:32,103 [root] DEBUG: attempting to configure 'DigiSig' from data
2026-05-28 17:41:32,104 [root] DEBUG: module DigiSig does not support data configuration, ignoring
2026-05-28 17:41:32,104 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.digisig"...
2026-05-28 17:41:32,104 [modules.auxiliary.digisig] DEBUG: Skipping authenticode validation, analysis is not a file
2026-05-28 17:41:32,104 [root] DEBUG: Started auxiliary module modules.auxiliary.digisig
2026-05-28 17:41:32,104 [root] DEBUG: Initialized auxiliary module "Disguise"
2026-05-28 17:41:32,105 [root] DEBUG: attempting to configure 'Disguise' from data
2026-05-28 17:41:32,105 [root] DEBUG: module Disguise does not support data configuration, ignoring
2026-05-28 17:41:32,105 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.disguise"...
2026-05-28 17:41:32,107 [modules.auxiliary.disguise] INFO: Launched background process notepad.exe hidden (PID: 2672)
2026-05-28 17:41:32,110 [modules.auxiliary.disguise] INFO: Disguising GUID to 6575d657-0ae1-4491-884c-aa1cccdd08f8
2026-05-28 17:41:32,110 [root] DEBUG: Started auxiliary module modules.auxiliary.disguise
2026-05-28 17:41:32,110 [root] DEBUG: Initialized auxiliary module "Human"
2026-05-28 17:41:32,111 [root] DEBUG: attempting to configure 'Human' from data
2026-05-28 17:41:32,111 [root] DEBUG: module Human does not support data configuration, ignoring
2026-05-28 17:41:32,111 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.human"...
2026-05-28 17:41:32,113 [root] DEBUG: Started auxiliary module modules.auxiliary.human
2026-05-28 17:41:32,113 [root] DEBUG: Initialized auxiliary module "Screenshots"
2026-05-28 17:41:32,113 [root] DEBUG: attempting to configure 'Screenshots' from data
2026-05-28 17:41:32,114 [root] DEBUG: module Screenshots does not support data configuration, ignoring
2026-05-28 17:41:32,114 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.screenshots"...
2026-05-28 17:41:32,118 [modules.auxiliary.screenshots] WARNING: Python Image Library is not installed, screenshots are disabled
2026-05-28 17:41:32,119 [root] DEBUG: Started auxiliary module modules.auxiliary.screenshots
2026-05-28 17:41:32,119 [root] DEBUG: Initialized auxiliary module "TLSDumpMasterSecrets"
2026-05-28 17:41:32,120 [root] DEBUG: attempting to configure 'TLSDumpMasterSecrets' from data
2026-05-28 17:41:32,120 [root] DEBUG: module TLSDumpMasterSecrets does not support data configuration, ignoring
2026-05-28 17:41:32,120 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.tlsdump"...
2026-05-28 17:41:32,122 [modules.auxiliary.tlsdump] WARNING: Unable to find lsass.exe process
2026-05-28 17:41:32,123 [root] DEBUG: Started auxiliary module modules.auxiliary.tlsdump
2026-05-28 17:41:32,124 [root] INFO: Interactive mode enabled - injecting into explorer shell
2026-05-28 17:41:32,184 [lib.api.process] INFO: Monitor config for process 4248: C:\q61py415\dll\4248.ini
2026-05-28 17:41:32,185 [lib.api.process] INFO: Option 'interactive' with value '1' sent to monitor
2026-05-28 17:41:32,188 [lib.api.process] INFO: 64-bit DLL to inject is C:\q61py415\dll\wXsOlW.dll, loader C:\q61py415\bin\OCVwDwZX.exe
2026-05-28 17:41:32,233 [root] DEBUG: Loader: Injecting process 4248 with C:\q61py415\dll\wXsOlW.dll.
2026-05-28 17:41:32,404 [root] DEBUG: 4248: Python path set to 'C:\Users\admin\AppData\Local\Python\pythoncore-3.14-64'.
2026-05-28 17:41:32,405 [root] DEBUG: 4248: Disabling sleep skipping.
2026-05-28 17:41:32,405 [root] DEBUG: 4248: Interactive desktop enabled.
2026-05-28 17:41:32,406 [root] DEBUG: 4248: Dropped file limit defaulting to 100.
2026-05-28 17:41:32,406 [root] DEBUG: 4248: Interactive desktop - injecting Explorer Shell
2026-05-28 17:41:32,414 [root] DEBUG: 4248: YaraInit: Compiled 44 rule files
2026-05-28 17:41:32,416 [root] DEBUG: 4248: YaraInit: Compiled rules saved to file C:\q61py415\data\yara\capemon.yac
2026-05-28 17:41:32,438 [root] DEBUG: 4248: RtlInsertInvertedFunctionTable 0x00007FFC2D10090E, LdrpInvertedFunctionTableSRWLock 0x00007FFC2D25D4F0
2026-05-28 17:41:32,439 [root] DEBUG: 4248: YaraScan: Scanning 0x00007FF651080000, size 0x545316
2026-05-28 17:41:32,496 [root] DEBUG: 4248: Monitor initialised: 64-bit capemon loaded in process 4248 at 0x00007FFC14380000, thread 964, image base 0x00007FF651080000, stack from 0x0000000002AC1000-0x0000000002AD0000
2026-05-28 17:41:32,497 [root] DEBUG: 4248: Commandline: C:\Windows\Explorer.EXE
2026-05-28 17:41:32,509 [root] DEBUG: 4248: Hooked 69 out of 69 functions
2026-05-28 17:41:32,540 [root] DEBUG: 4248: Syscall hook installed, syscall logging level 1
2026-05-28 17:41:32,546 [root] DEBUG: InjectDllViaThread: Successfully injected Dll into process via RtlCreateUserThread.
2026-05-28 17:41:32,546 [root] DEBUG: Successfully injected DLL C:\q61py415\dll\wXsOlW.dll.
2026-05-28 17:41:32,548 [lib.api.process] INFO: Injected into 64-bit <Process 4248 explorer.exe>
2026-05-28 17:41:36,492 [root] DEBUG: 4248: caller_dispatch: Added region at 0x00007FF651080000 to tracked regions list (ntdll::NtDuplicateObject returns to 0x00007FF65125D17E, thread 4908).
2026-05-28 17:41:36,493 [root] DEBUG: 4248: YaraScan: Scanning 0x00007FF651080000, size 0x545316
2026-05-28 17:41:36,528 [root] DEBUG: 4248: ProcessImageBase: Main module image at 0x00007FF651080000 unmodified (entropy change 0.000000e+00)
2026-05-28 17:41:39,791 [root] INFO: Restarting WMI Service
2026-05-28 17:41:40,842 [root] DEBUG: 4248: CreateProcessHandler: Injection info set for new process 2072: C:\Program Files\Google\Chrome\Application\chrome.exe, ImageBase: 0x00007FF78CD00000
2026-05-28 17:41:40,844 [root] INFO: Announced 64-bit process name: chrome.exe pid: 2072
2026-05-28 17:41:40,845 [lib.api.process] INFO: Monitor config for process 2072: C:\q61py415\dll\2072.ini
2026-05-28 17:41:40,846 [lib.api.process] INFO: Option 'interactive' with value '1' sent to monitor
2026-05-28 17:41:40,847 [lib.api.process] INFO: 64-bit DLL to inject is C:\q61py415\dll\wXsOlW.dll, loader C:\q61py415\bin\OCVwDwZX.exe
2026-05-28 17:41:40,851 [root] DEBUG: Loader: Injecting process 2072 (thread 1884) with C:\q61py415\dll\wXsOlW.dll.
2026-05-28 17:41:40,852 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2026-05-28 17:41:40,852 [root] DEBUG: Successfully injected DLL C:\q61py415\dll\wXsOlW.dll.
2026-05-28 17:41:40,853 [lib.api.process] INFO: Injected into 64-bit <Process 2072 chrome.exe>
2026-05-28 17:41:40,854 [root] INFO: Announced 64-bit process name: chrome.exe pid: 2072
2026-05-28 17:41:40,854 [lib.api.process] INFO: Monitor config for process 2072: C:\q61py415\dll\2072.ini
2026-05-28 17:41:40,855 [lib.api.process] INFO: Option 'interactive' with value '1' sent to monitor
2026-05-28 17:41:40,855 [lib.api.process] INFO: 64-bit DLL to inject is C:\q61py415\dll\wXsOlW.dll, loader C:\q61py415\bin\OCVwDwZX.exe
2026-05-28 17:41:40,859 [root] DEBUG: Loader: Injecting process 2072 (thread 1884) with C:\q61py415\dll\wXsOlW.dll.
2026-05-28 17:41:40,859 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2026-05-28 17:41:40,860 [root] DEBUG: Successfully injected DLL C:\q61py415\dll\wXsOlW.dll.
2026-05-28 17:41:40,861 [lib.api.process] INFO: Injected into 64-bit <Process 2072 chrome.exe>
2026-05-28 17:41:40,950 [root] DEBUG: 2072: Python path set to 'C:\Users\admin\AppData\Local\Python\pythoncore-3.14-64'.
2026-05-28 17:41:40,951 [root] DEBUG: 2072: Interactive desktop enabled.
2026-05-28 17:41:40,952 [root] DEBUG: 2072: Dropped file limit defaulting to 100.
2026-05-28 17:41:40,956 [root] DEBUG: 2072: Chrome-specific hook-set enabled.
2026-05-28 17:41:40,958 [root] DEBUG: 2072: Disabling sleep skipping.
2026-05-28 17:41:40,960 [root] DEBUG: 2072: YaraInit: Compiled rules loaded from existing file C:\q61py415\data\yara\capemon.yac
2026-05-28 17:41:40,972 [root] DEBUG: 2072: RtlInsertInvertedFunctionTable 0x00007FFC2D10090E, LdrpInvertedFunctionTableSRWLock 0x00007FFC2D25D4F0
2026-05-28 17:41:40,973 [root] DEBUG: 2072: Monitor initialised: 64-bit capemon loaded in process 2072 at 0x00007FFC14380000, thread 1884, image base 0x00007FF78CD00000, stack from 0x00000036489F4000-0x0000003648A00000
2026-05-28 17:41:40,973 [root] DEBUG: 2072: Commandline: "C:\Program Files\Google\Chrome\Application\chrome.exe"
2026-05-28 17:41:40,980 [root] DEBUG: 2072: Hooked 2 out of 2 functions
2026-05-28 17:41:41,008 [root] DEBUG: 2072: Syscall hook installed, syscall logging level 1
2026-05-28 17:41:41,012 [root] DEBUG: 2072: RestoreHeaders: Restored original import table.
2026-05-28 17:41:41,013 [root] INFO: Loaded monitor into process with pid 2072
2026-05-28 17:41:41,014 [root] DEBUG: 2072: DLL loaded at 0x00007FFC2B0C0000: C:\Windows\System32\bcryptprimitives (0x82000 bytes).
2026-05-28 17:41:41,032 [root] DEBUG: 2072: InstrumentationCallback: Added region at 0x00007FFC136D0014 (base 0x00007FFC13420000) to tracked regions list (thread 1884).
2026-05-28 17:41:41,034 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:41,035 [root] DEBUG: 2072: DLL loaded at 0x00007FFC298F0000: C:\Windows\system32\ntmarta (0x33000 bytes).
2026-05-28 17:41:41,039 [root] DEBUG: 2072: caller_dispatch: Added region at 0x00007FF78CD00000 to tracked regions list (kernel32::CreateProcessInternalW returns to 0x00007FF78CD372AF, thread 1884).
2026-05-28 17:41:41,042 [root] DEBUG: 2072: ProcessImageBase: Main module image at 0x00007FF78CD00000 unmodified (entropy change 0.000000e+00)
2026-05-28 17:41:41,046 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270666e+00 (from 6.270496e+00)
2026-05-28 17:41:41,047 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:41,051 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270666e+00 (from 6.270496e+00)
2026-05-28 17:41:41,051 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:41,052 [root] DEBUG: 2072: DLL loaded at 0x00007FFC2A140000: C:\Windows\SYSTEM32\Wldp (0x2d000 bytes).
2026-05-28 17:41:41,055 [root] DEBUG: 2072: DLL loaded at 0x00007FFC288B0000: C:\Windows\SYSTEM32\windows.storage (0x79b000 bytes).
2026-05-28 17:41:41,061 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270666e+00 (from 6.270496e+00)
2026-05-28 17:41:41,061 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:41,062 [root] DEBUG: 2072: CreateProcessHandler: Injection info set for new process 1264: C:\Program Files\Google\Chrome\Application\chrome.exe, ImageBase: 0x00007FF78CD00000
2026-05-28 17:41:41,063 [root] DEBUG: 2072: ProcessMessage: Skipping monitoring process 1264
2026-05-28 17:41:41,067 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270666e+00 (from 6.270496e+00)
2026-05-28 17:41:41,068 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:41,070 [root] DEBUG: 2072: ProcessMessage: Skipping monitoring process 1264
2026-05-28 17:41:41,123 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270914e+00 (from 6.270496e+00)
2026-05-28 17:41:41,124 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:41,228 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270914e+00 (from 6.270496e+00)
2026-05-28 17:41:41,229 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:41,235 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270914e+00 (from 6.270496e+00)
2026-05-28 17:41:41,235 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:41,240 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270913e+00 (from 6.270496e+00)
2026-05-28 17:41:41,242 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:41,247 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270914e+00 (from 6.270496e+00)
2026-05-28 17:41:41,247 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:41,248 [root] DEBUG: 2072: DLL loaded at 0x00007FFC15250000: C:\Windows\SYSTEM32\WINMM (0x27000 bytes).
2026-05-28 17:41:41,249 [root] DEBUG: 2072: DLL loaded at 0x00007FFC1E180000: C:\Windows\SYSTEM32\DWrite (0x27f000 bytes).
2026-05-28 17:41:41,249 [root] DEBUG: 2072: DLL loaded at 0x00007FFC2A4F0000: C:\Windows\SYSTEM32\DPAPI (0xa000 bytes).
2026-05-28 17:41:41,250 [root] DEBUG: 2072: DLL loaded at 0x00007FFBD4D10000: C:\Program Files\Google\Chrome\Application\148.0.7778.217\chrome (0x10fdc000 bytes).
2026-05-28 17:41:41,258 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270913e+00 (from 6.270496e+00)
2026-05-28 17:41:41,259 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:41,263 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270913e+00 (from 6.270496e+00)
2026-05-28 17:41:41,263 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:41,264 [root] DEBUG: 2072: DLL loaded at 0x00007FFC17FD0000: C:\Windows\SYSTEM32\KBDUS (0x9000 bytes).
2026-05-28 17:41:41,268 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270914e+00 (from 6.270496e+00)
2026-05-28 17:41:41,269 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:41,274 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270914e+00 (from 6.270496e+00)
2026-05-28 17:41:41,275 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:41,275 [root] DEBUG: 2072: DLL loaded at 0x00007FFC28160000: C:\Windows\system32\uxtheme (0x9e000 bytes).
2026-05-28 17:41:41,281 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270913e+00 (from 6.270496e+00)
2026-05-28 17:41:41,282 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:41,283 [root] DEBUG: 2072: DLL loaded at 0x00007FFC2A6C0000: C:\Windows\SYSTEM32\USERENV (0x2e000 bytes).
2026-05-28 17:41:41,286 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270914e+00 (from 6.270496e+00)
2026-05-28 17:41:41,288 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:41,289 [root] DEBUG: 2072: DLL loaded at 0x00007FFC29060000: C:\Windows\SYSTEM32\gpapi (0x23000 bytes).
2026-05-28 17:41:41,293 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270914e+00 (from 6.270496e+00)
2026-05-28 17:41:41,293 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:41,294 [root] DEBUG: 2072: DLL loaded at 0x00007FFC29930000: C:\Windows\SYSTEM32\wkscli (0x19000 bytes).
2026-05-28 17:41:41,298 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270914e+00 (from 6.270496e+00)
2026-05-28 17:41:41,298 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:41,299 [root] DEBUG: 2072: DLL loaded at 0x00007FFC29CA0000: C:\Windows\SYSTEM32\netutils (0xc000 bytes).
2026-05-28 17:41:41,310 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270913e+00 (from 6.270496e+00)
2026-05-28 17:41:41,311 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:41,314 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270913e+00 (from 6.270496e+00)
2026-05-28 17:41:41,315 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:41,315 [root] DEBUG: 2072: DLL loaded at 0x00007FFC17770000: C:\Windows\system32\netapi32 (0x19000 bytes).
2026-05-28 17:41:41,320 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270914e+00 (from 6.270496e+00)
2026-05-28 17:41:41,320 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:41,326 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270914e+00 (from 6.270496e+00)
2026-05-28 17:41:41,326 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:41,330 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270890e+00 (from 6.270496e+00)
2026-05-28 17:41:41,331 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:41,333 [root] DEBUG: 2072: DLL loaded at 0x00007FFC29860000: C:\Windows\SYSTEM32\msvcp110_win (0x8a000 bytes).
2026-05-28 17:41:41,334 [root] DEBUG: 2072: DLL loaded at 0x00007FFC2A090000: C:\Windows\SYSTEM32\cryptsp (0x18000 bytes).
2026-05-28 17:41:41,336 [root] DEBUG: 2072: DLL loaded at 0x00007FFC27830000: C:\Windows\SYSTEM32\DSREG (0x141000 bytes).
2026-05-28 17:41:41,341 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270891e+00 (from 6.270496e+00)
2026-05-28 17:41:41,341 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:41,342 [root] DEBUG: 2072: DLL loaded at 0x00007FFC2A700000: C:\Windows\SYSTEM32\profapi (0x25000 bytes).
2026-05-28 17:41:41,361 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270891e+00 (from 6.270496e+00)
2026-05-28 17:41:41,364 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:41,370 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270891e+00 (from 6.270496e+00)
2026-05-28 17:41:41,371 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:41,375 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270891e+00 (from 6.270496e+00)
2026-05-28 17:41:41,375 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:41,380 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270891e+00 (from 6.270496e+00)
2026-05-28 17:41:41,380 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:41,386 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270890e+00 (from 6.270496e+00)
2026-05-28 17:41:41,386 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:41,387 [root] DEBUG: 2072: DLL loaded at 0x00007FFC2B280000: C:\Windows\System32\MSCTF (0x114000 bytes).
2026-05-28 17:41:41,392 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270892e+00 (from 6.270496e+00)
2026-05-28 17:41:41,392 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270892e+00 (from 6.270496e+00)
2026-05-28 17:41:41,393 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:41,396 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:41,397 [root] DEBUG: 2072: DLL loaded at 0x00007FFC2A630000: C:\Windows\SYSTEM32\powrprof (0x4b000 bytes).
2026-05-28 17:41:41,398 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270892e+00 (from 6.270496e+00)
2026-05-28 17:41:41,399 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:41,402 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270892e+00 (from 6.270496e+00)
2026-05-28 17:41:41,403 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:41,403 [root] DEBUG: 2072: DLL loaded at 0x00007FFC2A560000: C:\Windows\SYSTEM32\UMPDC (0x12000 bytes).
2026-05-28 17:41:41,407 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270890e+00 (from 6.270496e+00)
2026-05-28 17:41:41,408 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:41,409 [root] DEBUG: 2072: DLL loaded at 0x00007FFC286B0000: C:\Windows\SYSTEM32\kernel.appcore (0x12000 bytes).
2026-05-28 17:41:41,415 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270891e+00 (from 6.270496e+00)
2026-05-28 17:41:41,415 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:41,419 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270891e+00 (from 6.270496e+00)
2026-05-28 17:41:41,419 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:41,423 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270891e+00 (from 6.270496e+00)
2026-05-28 17:41:41,424 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:41,429 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270891e+00 (from 6.270496e+00)
2026-05-28 17:41:41,430 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:41,435 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270891e+00 (from 6.270496e+00)
2026-05-28 17:41:41,435 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:41,436 [root] DEBUG: 2072: DLL loaded at 0x00007FFC171F0000: C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.3636_none_60b6a03d71f818d5\COMCTL32 (0x29a000 bytes).
2026-05-28 17:41:41,440 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270893e+00 (from 6.270496e+00)
2026-05-28 17:41:41,440 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:41,446 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270893e+00 (from 6.270496e+00)
2026-05-28 17:41:41,446 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:41,451 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270893e+00 (from 6.270496e+00)
2026-05-28 17:41:41,451 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:41,452 [root] DEBUG: 2072: DLL loaded at 0x00007FFC29B90000: C:\Windows\SYSTEM32\IPHLPAPI (0x3b000 bytes).
2026-05-28 17:41:41,452 [root] DEBUG: 2072: DLL loaded at 0x00007FFC26180000: C:\Windows\system32\NLAapi (0x1d000 bytes).
2026-05-28 17:41:41,457 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270893e+00 (from 6.270496e+00)
2026-05-28 17:41:41,458 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:41,461 [root] DEBUG: 2072: DLL loaded at 0x00007FFC2C7B0000: C:\Windows\System32\NSI (0x8000 bytes).
2026-05-28 17:41:41,465 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270893e+00 (from 6.270496e+00)
2026-05-28 17:41:41,466 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:41,466 [root] DEBUG: 2072: DLL loaded at 0x00007FFC232D0000: C:\Windows\SYSTEM32\dhcpcsvc6 (0x17000 bytes).
2026-05-28 17:41:41,470 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270892e+00 (from 6.270496e+00)
2026-05-28 17:41:41,471 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:41,471 [root] DEBUG: 2072: DLL loaded at 0x00007FFC232B0000: C:\Windows\SYSTEM32\dhcpcsvc (0x1d000 bytes).
2026-05-28 17:41:41,476 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270897e+00 (from 6.270496e+00)
2026-05-28 17:41:41,477 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:41,477 [root] DEBUG: 2072: DLL loaded at 0x00007FFC29BD0000: C:\Windows\SYSTEM32\DNSAPI (0xca000 bytes).
2026-05-28 17:41:41,482 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270898e+00 (from 6.270496e+00)
2026-05-28 17:41:41,483 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:41,488 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270898e+00 (from 6.270496e+00)
2026-05-28 17:41:41,489 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:41,493 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270898e+00 (from 6.270496e+00)
2026-05-28 17:41:41,494 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:41,499 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270898e+00 (from 6.270496e+00)
2026-05-28 17:41:41,500 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:41,503 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270898e+00 (from 6.270496e+00)
2026-05-28 17:41:41,504 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:41,504 [root] DEBUG: 2072: DLL loaded at 0x00007FFC2C9C0000: C:\Windows\System32\clbcatq (0xa9000 bytes).
2026-05-28 17:41:41,510 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270897e+00 (from 6.270496e+00)
2026-05-28 17:41:41,511 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:41,515 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270897e+00 (from 6.270496e+00)
2026-05-28 17:41:41,516 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:41,521 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270897e+00 (from 6.270496e+00)
2026-05-28 17:41:41,523 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:41,527 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270897e+00 (from 6.270496e+00)
2026-05-28 17:41:41,528 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:41,532 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270895e+00 (from 6.270496e+00)
2026-05-28 17:41:41,532 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:41,536 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270895e+00 (from 6.270496e+00)
2026-05-28 17:41:41,536 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:41,538 [root] DEBUG: 2072: DLL loaded at 0x00007FFC27DC0000: C:\Windows\System32\CoreMessaging (0xf2000 bytes).
2026-05-28 17:41:41,539 [root] DEBUG: 2072: DLL loaded at 0x00007FFC26FE0000: C:\Windows\SYSTEM32\wintypes (0x155000 bytes).
2026-05-28 17:41:41,539 [root] DEBUG: 2072: DLL loaded at 0x00007FFC27980000: C:\Windows\System32\CoreUIComponents (0x35b000 bytes).
2026-05-28 17:41:41,540 [root] DEBUG: 2072: DLL loaded at 0x00007FFC1FA90000: C:\Windows\SYSTEM32\textinputframework (0xf9000 bytes).
2026-05-28 17:41:41,546 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270895e+00 (from 6.270496e+00)
2026-05-28 17:41:41,547 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:41,547 [root] DEBUG: 2072: DLL loaded at 0x00007FFC25980000: C:\Windows\System32\twinapi.appcore (0x203000 bytes).
2026-05-28 17:41:41,552 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270895e+00 (from 6.270496e+00)
2026-05-28 17:41:41,555 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:41,556 [root] DEBUG: 2072: DLL loaded at 0x00007FFC17530000: C:\Windows\system32\twinapi (0xa9000 bytes).
2026-05-28 17:41:41,561 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270896e+00 (from 6.270496e+00)
2026-05-28 17:41:41,561 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:41,567 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270894e+00 (from 6.270496e+00)
2026-05-28 17:41:41,568 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:41,573 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270894e+00 (from 6.270496e+00)
2026-05-28 17:41:41,573 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:41,577 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270894e+00 (from 6.270496e+00)
2026-05-28 17:41:41,578 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:41,583 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270894e+00 (from 6.270496e+00)
2026-05-28 17:41:41,584 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:41,591 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270894e+00 (from 6.270496e+00)
2026-05-28 17:41:41,591 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:41,595 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270895e+00 (from 6.270496e+00)
2026-05-28 17:41:41,595 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:41,599 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270909e+00 (from 6.270496e+00)
2026-05-28 17:41:41,600 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:41,604 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270907e+00 (from 6.270496e+00)
2026-05-28 17:41:41,605 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:41,606 [root] DEBUG: 2072: DLL loaded at 0x00007FFC25B90000: C:\Windows\System32\WindowManagementAPI (0xa1000 bytes).
2026-05-28 17:41:41,606 [root] DEBUG: 2072: DLL loaded at 0x00007FFC27140000: C:\Windows\System32\PROPSYS (0xf6000 bytes).
2026-05-28 17:41:41,607 [root] DEBUG: 2072: DLL loaded at 0x00007FFC1F650000: C:\Windows\System32\InputHost (0x152000 bytes).
2026-05-28 17:41:41,607 [root] DEBUG: 2072: DLL loaded at 0x00007FFC1FB90000: C:\Windows\System32\Windows.UI (0x141000 bytes).
2026-05-28 17:41:41,614 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270909e+00 (from 6.270496e+00)
2026-05-28 17:41:41,615 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270909e+00 (from 6.270496e+00)
2026-05-28 17:41:41,615 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:41,617 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:41,622 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270909e+00 (from 6.270496e+00)
2026-05-28 17:41:41,623 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:41,623 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270909e+00 (from 6.270496e+00)
2026-05-28 17:41:41,624 [root] DEBUG: 2072: DLL loaded at 0x00007FFC29860000: C:\Windows\SYSTEM32\msvcp110_win (0x8a000 bytes).
2026-05-28 17:41:41,624 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:41,625 [root] DEBUG: 2072: DLL loaded at 0x00007FFC20270000: C:\Windows\SYSTEM32\MDMRegistration (0x68000 bytes).
2026-05-28 17:41:41,629 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270909e+00 (from 6.270496e+00)
2026-05-28 17:41:41,630 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:41,630 [root] DEBUG: 2072: DLL loaded at 0x00007FFC27460000: C:\Windows\SYSTEM32\WTSAPI32 (0x14000 bytes).
2026-05-28 17:41:41,635 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270907e+00 (from 6.270496e+00)
2026-05-28 17:41:41,635 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:41,636 [root] DEBUG: 2072: DLL loaded at 0x00007FFC2A500000: C:\Windows\SYSTEM32\WINSTA (0x5b000 bytes).
2026-05-28 17:41:41,642 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270910e+00 (from 6.270496e+00)
2026-05-28 17:41:41,642 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:41,660 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270910e+00 (from 6.270496e+00)
2026-05-28 17:41:41,660 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:41,661 [root] DEBUG: 2072: DLL loaded at 0x00007FFC257D0000: C:\Windows\SYSTEM32\ColorAdapterClient (0x11000 bytes).
2026-05-28 17:41:41,662 [root] DEBUG: 2072: DLL loaded at 0x00007FFC257F0000: C:\Windows\SYSTEM32\mscms (0xae000 bytes).
2026-05-28 17:41:41,671 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270909e+00 (from 6.270496e+00)
2026-05-28 17:41:41,672 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270911e+00 (from 6.270496e+00)
2026-05-28 17:41:41,673 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270910e+00 (from 6.270496e+00)
2026-05-28 17:41:41,676 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:41,677 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:41,681 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270911e+00 (from 6.270496e+00)
2026-05-28 17:41:41,681 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:41,682 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270911e+00 (from 6.270496e+00)
2026-05-28 17:41:41,682 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:41,686 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:41,687 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270911e+00 (from 6.270496e+00)
2026-05-28 17:41:41,689 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270911e+00 (from 6.270496e+00)
2026-05-28 17:41:41,689 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:41,690 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:41,690 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270911e+00 (from 6.270496e+00)
2026-05-28 17:41:41,691 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:41,692 [root] DEBUG: 2072: DLL loaded at 0x00007FFC2ACD0000: C:\Windows\System32\cfgmgr32 (0x4e000 bytes).
2026-05-28 17:41:41,693 [root] DEBUG: 2072: DLL loaded at 0x00007FFC2A490000: C:\Windows\System32\DEVOBJ (0x33000 bytes).
2026-05-28 17:41:41,695 [root] DEBUG: 2072: DLL loaded at 0x00007FFC23860000: C:\Windows\System32\MMDevApi (0x85000 bytes).
2026-05-28 17:41:41,696 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270909e+00 (from 6.270496e+00)
2026-05-28 17:41:41,701 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270922e+00 (from 6.270496e+00)
2026-05-28 17:41:41,702 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:41,702 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:41,708 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270922e+00 (from 6.270496e+00)
2026-05-28 17:41:41,711 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270924e+00 (from 6.270496e+00)
2026-05-28 17:41:41,712 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270924e+00 (from 6.270496e+00)
2026-05-28 17:41:41,712 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:41,725 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:41,726 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:41,730 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270924e+00 (from 6.270496e+00)
2026-05-28 17:41:41,731 [root] DEBUG: 2072: CreateProcessHandler: Injection info set for new process 4360: C:\Program Files\Google\Chrome\Application\chrome.exe, ImageBase: 0x00007FF78CD00000
2026-05-28 17:41:41,732 [root] DEBUG: 2072: CreateProcessHandler: Injection info set for new process 3136: C:\Program Files\Google\Chrome\Application\chrome.exe, ImageBase: 0x00007FF78CD00000
2026-05-28 17:41:41,733 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:41,733 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270924e+00 (from 6.270496e+00)
2026-05-28 17:41:41,734 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270924e+00 (from 6.270496e+00)
2026-05-28 17:41:41,735 [root] DEBUG: 2072: ProcessMessage: Skipping monitoring process 4360
2026-05-28 17:41:41,744 [root] DEBUG: 2072: ProcessMessage: Skipping monitoring process 3136
2026-05-28 17:41:41,744 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:41,744 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:41,749 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270924e+00 (from 6.270496e+00)
2026-05-28 17:41:41,749 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270923e+00 (from 6.270496e+00)
2026-05-28 17:41:41,750 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270923e+00 (from 6.270496e+00)
2026-05-28 17:41:41,750 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:41,751 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:41,751 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:41,752 [root] DEBUG: 2072: ProcessMessage: Skipping monitoring process 4360
2026-05-28 17:41:41,758 [root] DEBUG: 2072: ProcessMessage: Skipping monitoring process 3136
2026-05-28 17:41:41,759 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270922e+00 (from 6.270496e+00)
2026-05-28 17:41:41,760 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270922e+00 (from 6.270496e+00)
2026-05-28 17:41:41,761 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:41,764 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:41,778 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270924e+00 (from 6.270496e+00)
2026-05-28 17:41:41,779 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270924e+00 (from 6.270496e+00)
2026-05-28 17:41:41,787 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:41,794 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:41,799 [root] DEBUG: 2072: DLL loaded at 0x00007FFC2A090000: C:\Windows\SYSTEM32\CRYPTSP (0x18000 bytes).
2026-05-28 17:41:41,813 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270924e+00 (from 6.270496e+00)
2026-05-28 17:41:41,814 [root] DEBUG: 2072: DLL loaded at 0x00007FFC2A1B0000: C:\Windows\SYSTEM32\ncrypt (0x27000 bytes).
2026-05-28 17:41:41,819 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:41,821 [root] DEBUG: 2072: DLL loaded at 0x00007FFC2B260000: C:\Windows\System32\imagehlp (0x1d000 bytes).
2026-05-28 17:41:41,825 [root] DEBUG: 2072: DLL loaded at 0x00007FFC236C0000: C:\Windows\SYSTEM32\tbs (0x1b000 bytes).
2026-05-28 17:41:41,829 [root] DEBUG: 2072: DLL loaded at 0x00007FFC1AF70000: C:\Windows\SYSTEM32\DMCmnUtils (0x7c000 bytes).
2026-05-28 17:41:41,842 [root] DEBUG: 2072: DLL loaded at 0x00007FFC20230000: C:\Windows\SYSTEM32\omadmapi (0x3a000 bytes).
2026-05-28 17:41:41,844 [root] DEBUG: package modules.packages.edge does not support configure, ignoring
2026-05-28 17:41:41,845 [root] WARNING: configuration error for package modules.packages.edge: error importing data.packages.edge: No module named 'data.packages'
2026-05-28 17:41:41,847 [lib.core.compound] INFO: C:\Users\admin\AppData\Local\Temp already exists, skipping creation
2026-05-28 17:41:41,852 [lib.api.process] INFO: Successfully executed process from path "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" with arguments ""https://sugarcraft(dot)net/"" with pid 2208
2026-05-28 17:41:41,853 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270924e+00 (from 6.270496e+00)
2026-05-28 17:41:41,853 [lib.api.process] INFO: Monitor config for process 2208: C:\q61py415\dll\2208.ini
2026-05-28 17:41:41,854 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:41,855 [lib.api.process] INFO: Option 'interactive' with value '1' sent to monitor
2026-05-28 17:41:41,856 [root] DEBUG: 2072: DLL loaded at 0x00007FFC2A170000: C:\Windows\SYSTEM32\NTASN1 (0x3b000 bytes).
2026-05-28 17:41:41,857 [lib.api.process] INFO: 64-bit DLL to inject is C:\q61py415\dll\wXsOlW.dll, loader C:\q61py415\bin\OCVwDwZX.exe
2026-05-28 17:41:41,866 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270922e+00 (from 6.270496e+00)
2026-05-28 17:41:41,869 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:41,871 [root] DEBUG: Loader: Injecting process 2208 (thread 5180) with C:\q61py415\dll\wXsOlW.dll.
2026-05-28 17:41:41,872 [root] DEBUG: 2072: DLL loaded at 0x00007FFC1E400000: C:\Windows\System32\Windows.UI.Immersive (0x139000 bytes).
2026-05-28 17:41:41,886 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270924e+00 (from 6.270496e+00)
2026-05-28 17:41:41,887 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270924e+00 (from 6.270496e+00)
2026-05-28 17:41:41,888 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:41,888 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2026-05-28 17:41:41,892 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:41,899 [root] DEBUG: Successfully injected DLL C:\q61py415\dll\wXsOlW.dll.
2026-05-28 17:41:41,900 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270924e+00 (from 6.270496e+00)
2026-05-28 17:41:41,901 [root] DEBUG: 2072: DLL loaded at 0x00007FFC2A580000: C:\Windows\SYSTEM32\sxs (0xa2000 bytes).
2026-05-28 17:41:41,902 [lib.api.process] INFO: Injected into 64-bit <Process 2208 msedge.exe>
2026-05-28 17:41:41,906 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:41,914 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270925e+00 (from 6.270496e+00)
2026-05-28 17:41:41,915 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270925e+00 (from 6.270496e+00)
2026-05-28 17:41:41,915 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270925e+00 (from 6.270496e+00)
2026-05-28 17:41:41,915 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:41,916 [root] DEBUG: 2072: CreateProcessHandler: Injection info set for new process 5756: C:\Program Files\Google\Chrome\Application\chrome.exe, ImageBase: 0x00007FF78CD00000
2026-05-28 17:41:41,934 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270925e+00 (from 6.270496e+00)
2026-05-28 17:41:41,935 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:41,940 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:41,955 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270925e+00 (from 6.270496e+00)
2026-05-28 17:41:41,955 [root] DEBUG: 2072: ProcessMessage: Skipping monitoring process 5756
2026-05-28 17:41:41,964 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:41,965 [root] DEBUG: 2072: DLL loaded at 0x00007FFC22A50000: C:\Windows\SYSTEM32\WINHTTP (0x10a000 bytes).
2026-05-28 17:41:41,972 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270924e+00 (from 6.270496e+00)
2026-05-28 17:41:41,978 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270924e+00 (from 6.270496e+00)
2026-05-28 17:41:41,979 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270924e+00 (from 6.270496e+00)
2026-05-28 17:41:41,979 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270924e+00 (from 6.270496e+00)
2026-05-28 17:41:41,980 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270924e+00 (from 6.270496e+00)
2026-05-28 17:41:41,981 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:41,989 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270924e+00 (from 6.270496e+00)
2026-05-28 17:41:41,995 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270924e+00 (from 6.270496e+00)
2026-05-28 17:41:41,996 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:41,997 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:42,000 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:42,001 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:42,006 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:42,007 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:42,009 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:42,020 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270924e+00 (from 6.270496e+00)
2026-05-28 17:41:42,024 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270924e+00 (from 6.270496e+00)
2026-05-28 17:41:42,026 [root] DEBUG: 2072: ProcessMessage: Skipping monitoring process 5756
2026-05-28 17:41:42,032 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270924e+00 (from 6.270496e+00)
2026-05-28 17:41:42,033 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270924e+00 (from 6.270496e+00)
2026-05-28 17:41:42,034 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:42,040 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:42,048 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270924e+00 (from 6.270496e+00)
2026-05-28 17:41:42,049 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:42,058 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:42,059 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270924e+00 (from 6.270496e+00)
2026-05-28 17:41:42,060 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:42,063 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270924e+00 (from 6.270496e+00)
2026-05-28 17:41:42,065 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270924e+00 (from 6.270496e+00)
2026-05-28 17:41:42,065 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270924e+00 (from 6.270496e+00)
2026-05-28 17:41:42,066 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:42,073 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270924e+00 (from 6.270496e+00)
2026-05-28 17:41:42,074 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:42,075 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:42,093 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270924e+00 (from 6.270496e+00)
2026-05-28 17:41:42,095 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:42,100 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:42,101 [root] DEBUG: 2072: DLL loaded at 0x00007FFC284D0000: C:\Windows\System32\RMCLIENT (0x2a000 bytes).
2026-05-28 17:41:42,102 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270924e+00 (from 6.270496e+00)
2026-05-28 17:41:42,103 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:42,105 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270924e+00 (from 6.270496e+00)
2026-05-28 17:41:42,106 [root] DEBUG: 2072: DLL loaded at 0x00007FFC26310000: C:\Windows\System32\XmlLite (0x36000 bytes).
2026-05-28 17:41:42,107 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:42,107 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:42,109 [root] DEBUG: 2072: DLL loaded at 0x00007FFC16860000: C:\Windows\System32\wpnapps (0x15b000 bytes).
2026-05-28 17:41:42,112 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270924e+00 (from 6.270496e+00)
2026-05-28 17:41:42,115 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270924e+00 (from 6.270496e+00)
2026-05-28 17:41:42,117 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:42,118 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:42,119 [root] DEBUG: 2072: DLL loaded at 0x00007FFC25960000: C:\Windows\SYSTEM32\usermgrcli (0x16000 bytes).
2026-05-28 17:41:42,124 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270923e+00 (from 6.270496e+00)
2026-05-28 17:41:42,124 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270923e+00 (from 6.270496e+00)
2026-05-28 17:41:42,125 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:42,125 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:42,126 [root] DEBUG: 2072: DLL loaded at 0x00007FFC0C8D0000: C:\Windows\System32\CryptoWinRT (0x61000 bytes).
2026-05-28 17:41:42,129 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270951e+00 (from 6.270496e+00)
2026-05-28 17:41:42,130 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:42,135 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270951e+00 (from 6.270496e+00)
2026-05-28 17:41:42,135 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270951e+00 (from 6.270496e+00)
2026-05-28 17:41:42,135 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:42,136 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:42,140 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270951e+00 (from 6.270496e+00)
2026-05-28 17:41:42,140 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270951e+00 (from 6.270496e+00)
2026-05-28 17:41:42,140 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:42,141 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:42,142 [root] DEBUG: 2072: DLL loaded at 0x00007FFC2A1B0000: C:\Windows\System32\ncrypt (0x27000 bytes).
2026-05-28 17:41:42,142 [root] DEBUG: 2072: DLL loaded at 0x00007FFC23C70000: C:\Windows\System32\cryptngc (0x77000 bytes).
2026-05-28 17:41:42,149 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270951e+00 (from 6.270496e+00)
2026-05-28 17:41:42,149 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270951e+00 (from 6.270496e+00)
2026-05-28 17:41:42,149 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:42,150 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:42,151 [root] DEBUG: 2072: DLL loaded at 0x00007FFC2A170000: C:\Windows\System32\NTASN1 (0x3b000 bytes).
2026-05-28 17:41:42,154 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270951e+00 (from 6.270496e+00)
2026-05-28 17:41:42,154 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:42,155 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270951e+00 (from 6.270496e+00)
2026-05-28 17:41:42,156 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:42,157 [root] DEBUG: 2072: DLL loaded at 0x00007FFC0C8A0000: C:\Windows\system32\ngcksp (0x27000 bytes).
2026-05-28 17:41:42,161 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270950e+00 (from 6.270496e+00)
2026-05-28 17:41:42,162 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:42,164 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270952e+00 (from 6.270496e+00)
2026-05-28 17:41:42,165 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:42,165 [root] DEBUG: 2072: DLL loaded at 0x00007FFC0D0A0000: C:\Windows\System32\CapabilityAccessManagerClient (0x3f000 bytes).
2026-05-28 17:41:42,171 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270952e+00 (from 6.270496e+00)
2026-05-28 17:41:42,171 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:42,177 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270952e+00 (from 6.270496e+00)
2026-05-28 17:41:42,182 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:42,188 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270951e+00 (from 6.270496e+00)
2026-05-28 17:41:42,188 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:42,194 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270952e+00 (from 6.270496e+00)
2026-05-28 17:41:42,195 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:42,196 [root] DEBUG: 2072: DLL loaded at 0x00007FFC29090000: C:\Windows\system32\dxgi (0xf3000 bytes).
2026-05-28 17:41:42,197 [root] DEBUG: 2072: DLL loaded at 0x00007FFC26D70000: C:\Windows\system32\d3d11 (0x263000 bytes).
2026-05-28 17:41:42,198 [root] DEBUG: 2072: DLL loaded at 0x00007FFC27240000: C:\Windows\system32\dcomp (0x1e3000 bytes).
2026-05-28 17:41:42,198 [root] DEBUG: 2072: DLL loaded at 0x00007FFC14FC0000: C:\Windows\system32\dataexchange (0x3e000 bytes).
2026-05-28 17:41:42,203 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270952e+00 (from 6.270496e+00)
2026-05-28 17:41:42,203 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270952e+00 (from 6.270496e+00)
2026-05-28 17:41:42,204 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:42,204 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:42,206 [root] DEBUG: 2072: DLL loaded at 0x00007FFC24D40000: C:\Windows\System32\OneCoreUAPCommonProxyStub (0x7d0000 bytes).
2026-05-28 17:41:42,216 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270953e+00 (from 6.270496e+00)
2026-05-28 17:41:42,217 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270954e+00 (from 6.270496e+00)
2026-05-28 17:41:42,218 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:42,219 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:42,220 [root] DEBUG: 2072: DLL loaded at 0x00007FFC293F0000: C:\Windows\System32\FirewallAPI (0x96000 bytes).
2026-05-28 17:41:42,223 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270954e+00 (from 6.270496e+00)
2026-05-28 17:41:42,228 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270954e+00 (from 6.270496e+00)
2026-05-28 17:41:42,230 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:42,234 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:42,235 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270954e+00 (from 6.270496e+00)
2026-05-28 17:41:42,236 [root] DEBUG: 2072: DLL loaded at 0x00007FFC293B0000: C:\Windows\System32\fwbase (0x36000 bytes).
2026-05-28 17:41:42,248 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:42,257 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270952e+00 (from 6.270496e+00)
2026-05-28 17:41:42,259 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270952e+00 (from 6.270496e+00)
2026-05-28 17:41:42,260 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270952e+00 (from 6.270496e+00)
2026-05-28 17:41:42,260 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:42,261 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:42,264 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:42,266 [root] DEBUG: 2072: DLL loaded at 0x00007FFC23800000: C:\Windows\System32\usermgrproxy (0x54000 bytes).
2026-05-28 17:41:42,269 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270953e+00 (from 6.270496e+00)
2026-05-28 17:41:42,272 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270953e+00 (from 6.270496e+00)
2026-05-28 17:41:42,274 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270953e+00 (from 6.270496e+00)
2026-05-28 17:41:42,276 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:42,277 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:42,278 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:42,279 [root] DEBUG: 2072: DLL loaded at 0x00007FFC06820000: C:\Windows\System32\Windows.Media (0x726000 bytes).
2026-05-28 17:41:42,282 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270953e+00 (from 6.270496e+00)
2026-05-28 17:41:42,284 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270952e+00 (from 6.270496e+00)
2026-05-28 17:41:42,284 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:42,285 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:42,285 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270952e+00 (from 6.270496e+00)
2026-05-28 17:41:42,288 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:42,290 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270952e+00 (from 6.270496e+00)
2026-05-28 17:41:42,292 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:42,293 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270952e+00 (from 6.270496e+00)
2026-05-28 17:41:42,295 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:42,300 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270952e+00 (from 6.270496e+00)
2026-05-28 17:41:42,301 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270952e+00 (from 6.270496e+00)
2026-05-28 17:41:42,301 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270952e+00 (from 6.270496e+00)
2026-05-28 17:41:42,303 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:42,305 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:42,307 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:42,309 [root] DEBUG: 2072: CreateProcessHandler: Injection info set for new process 4648: C:\Program Files\Google\Chrome\Application\chrome.exe, ImageBase: 0x00007FF78CD00000
2026-05-28 17:41:42,310 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270953e+00 (from 6.270496e+00)
2026-05-28 17:41:42,311 [root] DEBUG: 2072: DLL loaded at 0x00007FFC1BE00000: C:\Windows\SYSTEM32\LINKINFO (0xd000 bytes).
2026-05-28 17:41:42,315 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:42,316 [root] DEBUG: 2072: ProcessMessage: Skipping monitoring process 4648
2026-05-28 17:41:42,319 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270953e+00 (from 6.270496e+00)
2026-05-28 17:41:42,320 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270953e+00 (from 6.270496e+00)
2026-05-28 17:41:42,321 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270953e+00 (from 6.270496e+00)
2026-05-28 17:41:42,322 [root] DEBUG: 2072: CreateProcessHandler: Injection info set for new process 5668: C:\Program Files\Google\Chrome\Application\chrome.exe, ImageBase: 0x00007FF78CD00000
2026-05-28 17:41:42,322 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:42,323 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:42,327 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:42,328 [root] DEBUG: 2072: ProcessMessage: Skipping monitoring process 5668
2026-05-28 17:41:42,328 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270953e+00 (from 6.270496e+00)
2026-05-28 17:41:42,329 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270953e+00 (from 6.270496e+00)
2026-05-28 17:41:42,331 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270953e+00 (from 6.270496e+00)
2026-05-28 17:41:42,332 [root] DEBUG: 2072: DLL loaded at 0x00007FFC283C0000: C:\Windows\SYSTEM32\dwmapi (0x2f000 bytes).
2026-05-28 17:41:42,333 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:42,337 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:42,340 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270953e+00 (from 6.270496e+00)
2026-05-28 17:41:42,341 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:42,341 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:42,341 [root] DEBUG: 2072: ProcessMessage: Skipping monitoring process 4648
2026-05-28 17:41:42,342 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270953e+00 (from 6.270496e+00)
2026-05-28 17:41:42,342 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270953e+00 (from 6.270496e+00)
2026-05-28 17:41:42,343 [root] DEBUG: 2072: DLL loaded at 0x00007FFC15030000: C:\Windows\SYSTEM32\OLEACC (0x66000 bytes).
2026-05-28 17:41:42,347 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270953e+00 (from 6.270496e+00)
2026-05-28 17:41:42,347 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:42,348 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270954e+00 (from 6.270496e+00)
2026-05-28 17:41:42,348 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:42,351 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:42,353 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:42,355 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270954e+00 (from 6.270496e+00)
2026-05-28 17:41:42,356 [root] DEBUG: 2072: ProcessMessage: Skipping monitoring process 5668
2026-05-28 17:41:42,356 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270954e+00 (from 6.270496e+00)
2026-05-28 17:41:42,357 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:42,357 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270954e+00 (from 6.270496e+00)
2026-05-28 17:41:42,363 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:42,369 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:42,370 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270954e+00 (from 6.270496e+00)
2026-05-28 17:41:42,370 [root] DEBUG: 2072: DLL loaded at 0x00007FFC1D050000: C:\Windows\system32\directmanipulation (0x9d000 bytes).
2026-05-28 17:41:42,371 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270954e+00 (from 6.270496e+00)
2026-05-28 17:41:42,379 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:42,384 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270953e+00 (from 6.270496e+00)
2026-05-28 17:41:42,385 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:42,390 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:42,410 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270953e+00 (from 6.270496e+00)
2026-05-28 17:41:42,463 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270953e+00 (from 6.270496e+00)
2026-05-28 17:41:42,465 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270953e+00 (from 6.270496e+00)
2026-05-28 17:41:42,465 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270953e+00 (from 6.270496e+00)
2026-05-28 17:41:42,465 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:42,466 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270953e+00 (from 6.270496e+00)
2026-05-28 17:41:42,467 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270953e+00 (from 6.270496e+00)
2026-05-28 17:41:42,467 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:42,470 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:42,472 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:42,479 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:42,480 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:42,485 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270953e+00 (from 6.270496e+00)
2026-05-28 17:41:42,485 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270953e+00 (from 6.270496e+00)
2026-05-28 17:41:42,486 [root] DEBUG: 2072: DLL loaded at 0x00007FFC14D70000: C:\Windows\system32\explorerframe (0x244000 bytes).
2026-05-28 17:41:42,491 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270954e+00 (from 6.270496e+00)
2026-05-28 17:41:42,492 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:42,493 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:42,497 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:42,497 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:42,498 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270953e+00 (from 6.270496e+00)
2026-05-28 17:41:42,499 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:42,501 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:42,502 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:42,539 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:42,550 [root] DEBUG: 2072: CreateProcessHandler: Injection info set for new process 8428: C:\Program Files\Google\Chrome\Application\chrome.exe, ImageBase: 0x00007FF78CD00000
2026-05-28 17:41:42,551 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:42,552 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:42,555 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:42,555 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:42,556 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:42,556 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:42,557 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:42,557 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:42,558 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:42,573 [root] DEBUG: 2072: ProcessMessage: Skipping monitoring process 8428
2026-05-28 17:41:42,578 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:42,579 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:42,605 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:42,622 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:42,623 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:42,624 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:42,625 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:42,627 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:42,628 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:42,629 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:42,629 [root] DEBUG: 2072: DLL loaded at 0x00007FFC22E90000: C:\Windows\system32\wlanapi (0x74000 bytes).
2026-05-28 17:41:42,635 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:42,636 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270956e+00 (from 6.270496e+00)
2026-05-28 17:41:42,637 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:42,640 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:42,641 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270956e+00 (from 6.270496e+00)
2026-05-28 17:41:42,641 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270956e+00 (from 6.270496e+00)
2026-05-28 17:41:42,642 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270956e+00 (from 6.270496e+00)
2026-05-28 17:41:42,642 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270956e+00 (from 6.270496e+00)
2026-05-28 17:41:42,642 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270956e+00 (from 6.270496e+00)
2026-05-28 17:41:42,643 [root] DEBUG: 2072: ProcessMessage: Skipping monitoring process 8428
2026-05-28 17:41:42,643 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:42,647 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:42,650 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:42,651 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:42,659 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:42,660 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270956e+00 (from 6.270496e+00)
2026-05-28 17:41:42,662 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270956e+00 (from 6.270496e+00)
2026-05-28 17:41:42,663 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270956e+00 (from 6.270496e+00)
2026-05-28 17:41:42,665 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:42,666 [root] DEBUG: 2072: DLL loaded at 0x00007FFC2A2D0000: C:\Windows\SYSTEM32\MSASN1 (0x12000 bytes).
2026-05-28 17:41:42,672 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270956e+00 (from 6.270496e+00)
2026-05-28 17:41:42,673 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:42,674 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:42,682 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270956e+00 (from 6.270496e+00)
2026-05-28 17:41:42,683 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:42,689 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:42,694 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270956e+00 (from 6.270496e+00)
2026-05-28 17:41:42,697 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:42,698 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270956e+00 (from 6.270496e+00)
2026-05-28 17:41:42,698 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270956e+00 (from 6.270496e+00)
2026-05-28 17:41:42,699 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270956e+00 (from 6.270496e+00)
2026-05-28 17:41:42,700 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:42,704 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270956e+00 (from 6.270496e+00)
2026-05-28 17:41:42,705 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:42,706 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:42,706 [root] DEBUG: 2072: DLL loaded at 0x00007FFC2A090000: C:\Windows\SYSTEM32\CRYPTSP (0x18000 bytes).
2026-05-28 17:41:42,713 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270956e+00 (from 6.270496e+00)
2026-05-28 17:41:42,714 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:42,716 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:42,723 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270956e+00 (from 6.270496e+00)
2026-05-28 17:41:42,724 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270956e+00 (from 6.270496e+00)
2026-05-28 17:41:42,724 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:42,727 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:42,729 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270956e+00 (from 6.270496e+00)
2026-05-28 17:41:42,729 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:42,730 [root] DEBUG: 2072: DLL loaded at 0x00007FFC297D0000: C:\Windows\system32\rsaenh (0x34000 bytes).
2026-05-28 17:41:42,734 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:42,735 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:42,736 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:42,746 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:42,747 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:42,748 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:42,757 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:42,759 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:42,762 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:42,763 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:42,763 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:42,764 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:42,767 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:42,769 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:42,770 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:42,770 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:42,776 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:42,781 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:42,785 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:42,786 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:42,788 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:42,813 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:42,813 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:42,814 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:42,816 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:42,818 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:42,819 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:42,820 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:42,821 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:42,826 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:42,826 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:42,826 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:42,827 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:42,831 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:42,832 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:42,832 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:42,833 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:42,836 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:42,837 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:42,838 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:42,838 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:42,842 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:42,843 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:42,843 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:42,844 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:42,848 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:42,849 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:42,850 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:42,850 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:42,852 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:42,853 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:42,855 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:42,855 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:42,859 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:42,860 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:42,865 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:42,866 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:42,870 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:42,871 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:42,875 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:42,876 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:42,881 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:42,881 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:42,885 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:42,886 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:42,890 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:42,890 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:42,896 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:42,897 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:42,901 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:42,901 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:42,906 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:42,906 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:42,912 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:42,913 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:42,917 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:42,919 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:42,923 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:42,924 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:42,928 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:42,928 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:42,933 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:42,933 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:42,937 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:42,938 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:42,943 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:42,943 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:42,947 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:42,948 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:42,953 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:42,954 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:42,972 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:42,973 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:42,974 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:42,974 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:42,975 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:42,976 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:42,978 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:42,979 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:42,980 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:42,981 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:42,981 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:42,986 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:42,987 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:42,988 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:42,988 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:42,989 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:42,999 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:43,000 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:43,000 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:43,000 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:43,004 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:43,006 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:43,008 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:43,008 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:43,012 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:43,013 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:43,017 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:43,017 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:43,022 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:43,022 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:43,028 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:43,028 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:43,029 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:43,032 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:43,036 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:43,036 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:43,044 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:43,046 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:43,046 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:43,053 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:43,058 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:43,059 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:43,063 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:43,064 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:43,069 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:43,070 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:43,078 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:43,079 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:43,087 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:43,088 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:43,093 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:43,093 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:43,098 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:43,106 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:43,115 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:43,120 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:43,133 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:43,136 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:43,137 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:43,138 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:43,143 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:43,146 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:43,148 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:43,156 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:43,159 [root] DEBUG: 2072: CreateProcessHandler: Injection info set for new process 9436: C:\Program Files\Google\Chrome\Application\chrome.exe, ImageBase: 0x00007FF78CD00000
2026-05-28 17:41:43,160 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:43,161 [root] DEBUG: 2072: ProcessMessage: Skipping monitoring process 9436
2026-05-28 17:41:43,166 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:43,169 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:43,170 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:43,171 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:43,173 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:43,174 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:43,175 [root] DEBUG: 2072: ProcessMessage: Skipping monitoring process 9436
2026-05-28 17:41:43,176 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:43,188 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:43,189 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:43,189 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:43,190 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:43,190 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:43,196 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:43,196 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:43,197 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:43,204 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:43,205 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:43,206 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:43,210 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:43,215 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:43,215 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:43,216 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:43,220 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:43,221 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:43,221 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:43,226 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:43,227 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:43,231 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:43,232 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:43,232 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:43,233 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:43,238 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:43,239 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:43,242 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:43,243 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:43,247 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:43,247 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:43,251 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:43,252 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:43,256 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:43,256 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:43,261 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:43,261 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:43,266 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:43,267 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:43,268 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:43,268 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:43,295 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:43,297 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:43,301 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:43,302 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:43,306 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:43,307 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:43,314 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:43,315 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:43,328 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:43,328 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:43,333 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:43,333 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:43,352 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:43,353 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:43,361 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:43,361 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:43,362 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:43,362 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:43,367 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:43,368 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:43,368 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:43,369 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:43,374 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:43,375 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:43,385 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:43,385 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:43,389 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:43,390 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:43,396 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:43,396 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:43,417 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:43,418 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:43,424 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:43,424 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:43,441 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:43,442 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:43,447 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:43,448 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:43,487 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:43,488 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:43,496 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:43,497 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:43,502 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:43,503 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:43,524 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:43,525 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:43,530 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:43,531 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:43,536 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:43,536 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:43,549 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:43,550 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:43,550 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:43,551 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:43,556 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:43,556 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:43,563 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:43,564 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:43,570 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:43,571 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:43,573 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:43,573 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:43,580 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:43,581 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:43,587 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:43,589 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:43,593 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:43,594 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:43,598 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:43,598 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:43,758 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:43,759 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:43,912 [lib.api.process] INFO: Successfully resumed process with pid 2208
2026-05-28 17:41:43,928 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:43,929 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:43,950 [root] DEBUG: 2208: Python path set to 'C:\Users\admin\AppData\Local\Python\pythoncore-3.14-64'.
2026-05-28 17:41:43,951 [root] DEBUG: 2208: Interactive desktop enabled.
2026-05-28 17:41:43,951 [root] DEBUG: 2208: Dropped file limit defaulting to 100.
2026-05-28 17:41:43,959 [root] DEBUG: 2208: Edge-specific hook-set enabled.
2026-05-28 17:41:43,961 [root] DEBUG: 2208: Disabling sleep skipping.
2026-05-28 17:41:43,962 [root] DEBUG: 2208: YaraInit: Compiled rules loaded from existing file C:\q61py415\data\yara\capemon.yac
2026-05-28 17:41:43,973 [root] DEBUG: 2208: RtlInsertInvertedFunctionTable 0x00007FFC2D10090E, LdrpInvertedFunctionTableSRWLock 0x00007FFC2D25D4F0
2026-05-28 17:41:43,974 [root] DEBUG: 2208: Monitor initialised: 64-bit capemon loaded in process 2208 at 0x00007FFC14380000, thread 5180, image base 0x00007FF7B5F00000, stack from 0x000000A0977F4000-0x000000A097800000
2026-05-28 17:41:43,974 [root] DEBUG: 2208: Commandline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" "https://sugarcraft(dot)net/"
2026-05-28 17:41:43,982 [root] DEBUG: 2208: Hooked 2 out of 2 functions
2026-05-28 17:41:44,018 [root] DEBUG: 2208: Syscall hook installed, syscall logging level 1
2026-05-28 17:41:44,022 [root] DEBUG: 2208: RestoreHeaders: Restored original import table.
2026-05-28 17:41:44,023 [root] INFO: Loaded monitor into process with pid 2208
2026-05-28 17:41:44,023 [root] DEBUG: 2208: DLL loaded at 0x00007FFC2B0C0000: C:\Windows\System32\bcryptprimitives (0x82000 bytes).
2026-05-28 17:41:44,025 [root] DEBUG: 2208: DLL loaded at 0x00007FFC19C80000: C:\Windows\SYSTEM32\version (0xa000 bytes).
2026-05-28 17:41:44,026 [root] DEBUG: 2208: DLL loaded at 0x00007FFC2B150000: C:\Windows\System32\shcore (0xad000 bytes).
2026-05-28 17:41:44,027 [root] DEBUG: 2208: DLL loaded at 0x00007FFC2A140000: C:\Windows\SYSTEM32\Wldp (0x2d000 bytes).
2026-05-28 17:41:44,027 [root] DEBUG: 2208: DLL loaded at 0x00007FFC288B0000: C:\Windows\SYSTEM32\windows.storage (0x79b000 bytes).
2026-05-28 17:41:44,028 [root] DEBUG: 2208: DLL loaded at 0x00007FFC2B150000: C:\Windows\System32\SHCORE (0xad000 bytes).
2026-05-28 17:41:44,029 [root] DEBUG: 2208: DLL loaded at 0x00007FFC298F0000: C:\Windows\SYSTEM32\ntmarta (0x33000 bytes).
2026-05-28 17:41:44,072 [root] DEBUG: 2208: DLL loaded at 0x00007FFC15250000: C:\Windows\SYSTEM32\WINMM (0x27000 bytes).
2026-05-28 17:41:44,073 [root] DEBUG: 2208: DLL loaded at 0x00007FFBBE9A0000: C:\Program Files (x86)\Microsoft\Edge\Application\148.0.3967.83\msedge (0x136be000 bytes).
2026-05-28 17:41:44,075 [root] DEBUG: 2208: DLL loaded at 0x00007FFC17FD0000: C:\Windows\SYSTEM32\KBDUS (0x9000 bytes).
2026-05-28 17:41:44,077 [root] DEBUG: 2208: DLL loaded at 0x00007FFC28160000: C:\Windows\system32\uxtheme (0x9e000 bytes).
2026-05-28 17:41:44,080 [root] DEBUG: 2208: DLL loaded at 0x00007FFC286B0000: C:\Windows\SYSTEM32\kernel.appcore (0x12000 bytes).
2026-05-28 17:41:44,081 [root] DEBUG: 2208: DLL loaded at 0x00007FFC2C9C0000: C:\Windows\System32\clbcatq (0xa9000 bytes).
2026-05-28 17:41:44,081 [root] DEBUG: 2208: DLL loaded at 0x00007FFC20250000: C:\Windows\System32\Windows.System.Profile.PlatformDiagnosticsAndUsageDataSettings (0x16000 bytes).
2026-05-28 17:41:44,083 [root] DEBUG: 2208: DLL loaded at 0x00007FFC29860000: C:\Windows\SYSTEM32\msvcp110_win (0x8a000 bytes).
2026-05-28 17:41:44,083 [root] DEBUG: 2208: CreateProcessHandler: Injection info set for new process 10176: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe, ImageBase: 0x00007FF7B5F00000
2026-05-28 17:41:44,084 [root] DEBUG: 2208: DLL loaded at 0x00007FFC23B90000: C:\Windows\SYSTEM32\policymanager (0xa1000 bytes).
2026-05-28 17:41:44,085 [root] DEBUG: 2208: ProcessMessage: Skipping monitoring process 10176
2026-05-28 17:41:44,086 [root] DEBUG: 2208: ProcessMessage: Skipping monitoring process 10176
2026-05-28 17:41:44,088 [root] DEBUG: 2208: DLL loaded at 0x00007FFC2A6C0000: C:\Windows\SYSTEM32\USERENV (0x2e000 bytes).
2026-05-28 17:41:44,089 [root] DEBUG: 2208: DLL loaded at 0x00007FFC29060000: C:\Windows\SYSTEM32\gpapi (0x23000 bytes).
2026-05-28 17:41:44,089 [root] DEBUG: 2208: DLL loaded at 0x00007FFC29930000: C:\Windows\SYSTEM32\wkscli (0x19000 bytes).
2026-05-28 17:41:44,090 [root] DEBUG: 2208: DLL loaded at 0x00007FFC29CA0000: C:\Windows\SYSTEM32\netutils (0xc000 bytes).
2026-05-28 17:41:44,091 [root] DEBUG: 2208: DLL loaded at 0x00007FFC29860000: C:\Windows\SYSTEM32\msvcp110_win (0x8a000 bytes).
2026-05-28 17:41:44,092 [root] DEBUG: 2208: DLL loaded at 0x00007FFC17910000: C:\Windows\SYSTEM32\MDMRegistration (0x68000 bytes).
2026-05-28 17:41:44,093 [root] DEBUG: 2208: DLL loaded at 0x00007FFC2A630000: C:\Windows\SYSTEM32\powrprof (0x4b000 bytes).
2026-05-28 17:41:44,094 [root] DEBUG: 2208: DLL loaded at 0x00007FFC2A090000: C:\Windows\SYSTEM32\CRYPTSP (0x18000 bytes).
2026-05-28 17:41:44,095 [root] DEBUG: 2208: DLL loaded at 0x00007FFC2A1B0000: C:\Windows\SYSTEM32\ncrypt (0x27000 bytes).
2026-05-28 17:41:44,095 [root] DEBUG: 2208: DLL loaded at 0x00007FFC2B260000: C:\Windows\System32\imagehlp (0x1d000 bytes).
2026-05-28 17:41:44,096 [root] DEBUG: 2208: DLL loaded at 0x00007FFC236C0000: C:\Windows\SYSTEM32\tbs (0x1b000 bytes).
2026-05-28 17:41:44,096 [root] DEBUG: 2208: DLL loaded at 0x00007FFC1AF70000: C:\Windows\SYSTEM32\DMCmnUtils (0x7c000 bytes).
2026-05-28 17:41:44,097 [root] DEBUG: 2208: DLL loaded at 0x00007FFC15500000: C:\Windows\SYSTEM32\omadmapi (0x3a000 bytes).
2026-05-28 17:41:44,098 [root] DEBUG: 2208: DLL loaded at 0x00007FFC2A560000: C:\Windows\SYSTEM32\UMPDC (0x12000 bytes).
2026-05-28 17:41:44,099 [root] DEBUG: 2208: DLL loaded at 0x00007FFC2A170000: C:\Windows\SYSTEM32\NTASN1 (0x3b000 bytes).
2026-05-28 17:41:44,100 [root] DEBUG: 2208: DLL loaded at 0x00007FFC17770000: C:\Windows\SYSTEM32\netapi32 (0x19000 bytes).
2026-05-28 17:41:44,101 [root] DEBUG: 2208: DLL loaded at 0x00007FFC29860000: C:\Windows\SYSTEM32\msvcp110_win (0x8a000 bytes).
2026-05-28 17:41:44,102 [root] DEBUG: 2208: DLL loaded at 0x00007FFC2A090000: C:\Windows\SYSTEM32\cryptsp (0x18000 bytes).
2026-05-28 17:41:44,103 [root] DEBUG: 2208: DLL loaded at 0x00007FFC27830000: C:\Windows\SYSTEM32\DSREG (0x141000 bytes).
2026-05-28 17:41:44,104 [root] DEBUG: 2208: DLL loaded at 0x00007FFC2A700000: C:\Windows\SYSTEM32\profapi (0x25000 bytes).
2026-05-28 17:41:44,111 [root] DEBUG: 2208: DLL loaded at 0x00007FFC2B280000: C:\Windows\System32\MSCTF (0x114000 bytes).
2026-05-28 17:41:44,112 [root] DEBUG: 2208: DLL loaded at 0x00007FFC20230000: C:\Windows\System32\AssignedAccessRuntime (0x14000 bytes).
2026-05-28 17:41:44,112 [root] DEBUG: 2208: DLL loaded at 0x00007FFC2A630000: C:\Windows\SYSTEM32\powrprof (0x4b000 bytes).
2026-05-28 17:41:44,113 [root] DEBUG: 2208: DLL loaded at 0x00007FFC2A560000: C:\Windows\SYSTEM32\UMPDC (0x12000 bytes).
2026-05-28 17:41:44,116 [root] DEBUG: 2208: DLL loaded at 0x00007FFC21B30000: C:\Windows\System32\SystemSettings.DataModel (0x74000 bytes).
2026-05-28 17:41:44,118 [root] DEBUG: 2208: DLL loaded at 0x00007FFC1E180000: C:\Windows\SYSTEM32\DWrite (0x27f000 bytes).
2026-05-28 17:41:44,120 [root] DEBUG: 2208: DLL loaded at 0x00007FFC171F0000: C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.3636_none_60b6a03d71f818d5\COMCTL32 (0x29a000 bytes).
2026-05-28 17:41:44,122 [root] DEBUG: 2208: DLL loaded at 0x00007FFC24D40000: C:\Windows\System32\OneCoreUAPCommonProxyStub (0x7d0000 bytes).
2026-05-28 17:41:44,122 [root] DEBUG: 2208: DLL loaded at 0x00007FFC2A4F0000: C:\Windows\SYSTEM32\DPAPI (0xa000 bytes).
2026-05-28 17:41:44,124 [root] DEBUG: 2208: DLL loaded at 0x00007FFC29B90000: C:\Windows\SYSTEM32\IPHLPAPI (0x3b000 bytes).
2026-05-28 17:41:44,124 [root] DEBUG: 2208: DLL loaded at 0x00007FFC26180000: C:\Windows\system32\NLAapi (0x1d000 bytes).
2026-05-28 17:41:44,126 [root] DEBUG: 2208: DLL loaded at 0x00007FFC2C7B0000: C:\Windows\System32\NSI (0x8000 bytes).
2026-05-28 17:41:44,127 [root] DEBUG: 2208: DLL loaded at 0x00007FFC232D0000: C:\Windows\SYSTEM32\dhcpcsvc6 (0x17000 bytes).
2026-05-28 17:41:44,127 [root] DEBUG: 2208: DLL loaded at 0x00007FFC216E0000: C:\Windows\System32\StructuredQuery (0xa6000 bytes).
2026-05-28 17:41:44,128 [root] DEBUG: 2208: DLL loaded at 0x00007FFC2ACD0000: C:\Windows\System32\CFGMGR32 (0x4e000 bytes).
2026-05-28 17:41:44,129 [root] DEBUG: 2208: DLL loaded at 0x00007FFC232B0000: C:\Windows\SYSTEM32\dhcpcsvc (0x1d000 bytes).
2026-05-28 17:41:44,130 [root] DEBUG: 2208: DLL loaded at 0x00007FFC27140000: C:\Windows\SYSTEM32\PROPSYS (0xf6000 bytes).
2026-05-28 17:41:44,132 [root] DEBUG: 2208: DLL loaded at 0x00007FFC29BD0000: C:\Windows\SYSTEM32\DNSAPI (0xca000 bytes).
2026-05-28 17:41:44,134 [root] DEBUG: 2208: DLL loaded at 0x00007FFC1BEB0000: C:\Windows\System32\Windows.StateRepositoryPS (0x146000 bytes).
2026-05-28 17:41:44,136 [root] DEBUG: 2208: DLL loaded at 0x00007FFC27DC0000: C:\Windows\System32\CoreMessaging (0xf2000 bytes).
2026-05-28 17:41:44,137 [root] DEBUG: 2208: DLL loaded at 0x00007FFC26FE0000: C:\Windows\SYSTEM32\wintypes (0x155000 bytes).
2026-05-28 17:41:44,137 [root] DEBUG: 2208: DLL loaded at 0x00007FFC27980000: C:\Windows\System32\CoreUIComponents (0x35b000 bytes).
2026-05-28 17:41:44,138 [root] DEBUG: 2208: DLL loaded at 0x00007FFC1FA90000: C:\Windows\SYSTEM32\textinputframework (0xf9000 bytes).
2026-05-28 17:41:44,140 [root] DEBUG: 2208: DLL loaded at 0x00007FFC1BCF0000: C:\Windows\system32\Windows.Storage.Search (0xc6000 bytes).
2026-05-28 17:41:44,141 [root] DEBUG: 2208: DLL loaded at 0x00007FFC25980000: C:\Windows\System32\twinapi.appcore (0x203000 bytes).
2026-05-28 17:41:44,143 [root] DEBUG: 2208: DLL loaded at 0x00007FFC17530000: C:\Windows\system32\twinapi (0xa9000 bytes).
2026-05-28 17:41:44,144 [root] DEBUG: 2208: DLL loaded at 0x00007FFC1AD10000: C:\Windows\system32\mssprxy (0x28000 bytes).
2026-05-28 17:41:44,148 [root] DEBUG: 2208: DLL loaded at 0x00007FFC25B90000: C:\Windows\System32\WindowManagementAPI (0xa1000 bytes).
2026-05-28 17:41:44,148 [root] DEBUG: 2208: DLL loaded at 0x00007FFC1F650000: C:\Windows\System32\InputHost (0x152000 bytes).
2026-05-28 17:41:44,149 [root] DEBUG: 2208: DLL loaded at 0x00007FFC1FB90000: C:\Windows\System32\Windows.UI (0x141000 bytes).
2026-05-28 17:41:44,150 [root] DEBUG: 2208: DLL loaded at 0x00007FFC1ACE0000: C:\Windows\SYSTEM32\edputil (0x24000 bytes).
2026-05-28 17:41:44,158 [root] DEBUG: 2208: DLL loaded at 0x00007FFC27460000: C:\Windows\SYSTEM32\WTSAPI32 (0x14000 bytes).
2026-05-28 17:41:44,163 [root] DEBUG: 2208: DLL loaded at 0x00007FFC2A500000: C:\Windows\SYSTEM32\WINSTA (0x5b000 bytes).
2026-05-28 17:41:44,166 [root] DEBUG: 2208: DLL loaded at 0x00007FFC20C50000: C:\Windows\System32\iertutil (0x2bc000 bytes).
2026-05-28 17:41:44,167 [root] DEBUG: 2208: DLL loaded at 0x00007FFC1AC10000: C:\Windows\System32\Windows.Web (0xc3000 bytes).
2026-05-28 17:41:44,169 [root] DEBUG: 2208: DLL loaded at 0x00007FFBBE3D0000: C:\Program Files (x86)\Microsoft\Edge\Application\148.0.3967.83\oneauth (0x5c4000 bytes).
2026-05-28 17:41:44,171 [root] DEBUG: 2208: DLL loaded at 0x00007FFC1CBA0000: C:\Windows\SYSTEM32\Secur32 (0xc000 bytes).
2026-05-28 17:41:44,173 [root] DEBUG: 2208: DLL loaded at 0x00007FFC22A50000: C:\Windows\SYSTEM32\WINHTTP (0x10a000 bytes).
2026-05-28 17:41:44,174 [root] DEBUG: 2208: DLL loaded at 0x00007FFC1E400000: C:\Windows\System32\Windows.UI.Immersive (0x139000 bytes).
2026-05-28 17:41:44,175 [root] DEBUG: 2208: DLL loaded at 0x00007FFC257D0000: C:\Windows\SYSTEM32\ColorAdapterClient (0x11000 bytes).
2026-05-28 17:41:44,176 [root] DEBUG: 2208: DLL loaded at 0x00007FFC257F0000: C:\Windows\SYSTEM32\mscms (0xae000 bytes).
2026-05-28 17:41:44,202 [root] DEBUG: 2208: DLL loaded at 0x00007FFC1BE00000: C:\Windows\SYSTEM32\LINKINFO (0xd000 bytes).
2026-05-28 17:41:44,229 [root] DEBUG: 2208: CreateProcessHandler: Injection info set for new process 10688: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe, ImageBase: 0x00007FF7B5F00000
2026-05-28 17:41:44,230 [root] DEBUG: 2208: DLL loaded at 0x00007FFC29090000: C:\Windows\system32\dxgi (0xf3000 bytes).
2026-05-28 17:41:44,231 [root] DEBUG: 2208: caller_dispatch: Added region at 0x00007FF7B5F00000 to tracked regions list (kernel32::CreateProcessInternalW returns to 0x00007FF7B5FF7D66, thread 10372).
2026-05-28 17:41:44,231 [root] DEBUG: 2208: DLL loaded at 0x00007FFC26D70000: C:\Windows\system32\d3d11 (0x263000 bytes).
2026-05-28 17:41:44,232 [root] DEBUG: 2208: ProcessMessage: Skipping monitoring process 10688
2026-05-28 17:41:44,233 [root] DEBUG: 2208: DLL loaded at 0x00007FFC27240000: C:\Windows\system32\dcomp (0x1e3000 bytes).
2026-05-28 17:41:44,233 [root] DEBUG: 2208: ProcessMessage: Skipping monitoring process 10688
2026-05-28 17:41:44,235 [root] DEBUG: 2208: DLL loaded at 0x00007FFC14FC0000: C:\Windows\system32\dataexchange (0x3e000 bytes).
2026-05-28 17:41:44,236 [root] DEBUG: 2208: ProcessImageBase: Main module image at 0x00007FF7B5F00000 unmodified (entropy change 0.000000e+00)
2026-05-28 17:41:44,258 [root] DEBUG: 2208: CreateProcessHandler: Injection info set for new process 10748: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe, ImageBase: 0x00007FF7B5F00000
2026-05-28 17:41:44,275 [root] DEBUG: 2208: DLL loaded at 0x00007FFC2A580000: C:\Windows\SYSTEM32\sxs (0xa2000 bytes).
2026-05-28 17:41:44,281 [root] DEBUG: 2208: CreateProcessHandler: Injection info set for new process 10760: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe, ImageBase: 0x00007FF7B5F00000
2026-05-28 17:41:44,282 [root] DEBUG: 2208: ProcessMessage: Skipping monitoring process 10748
2026-05-28 17:41:44,285 [root] DEBUG: 2208: CreateProcessHandler: Injection info set for new process 10828: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe, ImageBase: 0x00007FF7B5F00000
2026-05-28 17:41:44,286 [root] DEBUG: 2208: CreateProcessHandler: Injection info set for new process 10836: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe, ImageBase: 0x00007FF7B5F00000
2026-05-28 17:41:44,291 [root] DEBUG: 2208: ProcessMessage: Skipping monitoring process 10760
2026-05-28 17:41:44,292 [root] DEBUG: 2208: DLL loaded at 0x00007FFC17950000: C:\Windows\System32\Windows.System.Profile.RetailInfo (0x28000 bytes).
2026-05-28 17:41:44,293 [root] DEBUG: 2208: ProcessMessage: Skipping monitoring process 10828
2026-05-28 17:41:44,294 [root] DEBUG: 2208: ProcessMessage: Skipping monitoring process 10836
2026-05-28 17:41:44,295 [root] DEBUG: 2208: ProcessMessage: Skipping monitoring process 10748
2026-05-28 17:41:44,296 [root] DEBUG: 2208: ProcessMessage: Skipping monitoring process 10828
2026-05-28 17:41:44,297 [root] DEBUG: 2208: ProcessMessage: Skipping monitoring process 10760
2026-05-28 17:41:44,297 [root] DEBUG: 2208: ProcessMessage: Skipping monitoring process 10836
2026-05-28 17:41:44,308 [root] DEBUG: 2208: DLL loaded at 0x00007FFC15030000: C:\Windows\SYSTEM32\OLEACC (0x66000 bytes).
2026-05-28 17:41:44,342 [root] DEBUG: 2208: DLL loaded at 0x00007FFC1D050000: C:\Windows\system32\directmanipulation (0x9d000 bytes).
2026-05-28 17:41:44,374 [root] DEBUG: 2208: DLL loaded at 0x00007FFC25960000: C:\Windows\SYSTEM32\usermgrcli (0x16000 bytes).
2026-05-28 17:41:44,382 [root] DEBUG: 2208: DLL loaded at 0x00007FFC12AB0000: C:\Windows\System32\Windows.Internal.UI.Shell.WindowTabManager (0x6d000 bytes).
2026-05-28 17:41:44,383 [root] DEBUG: 2208: DLL loaded at 0x00007FFC283C0000: C:\Windows\SYSTEM32\dwmapi (0x2f000 bytes).
2026-05-28 17:41:44,513 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:44,548 [root] DEBUG: 2208: DLL loaded at 0x00007FFC198A0000: C:\Windows\System32\Windows.Security.Authentication.Web.Core (0x11d000 bytes).
2026-05-28 17:41:44,591 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:44,597 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:44,603 [root] DEBUG: 2208: CreateProcessHandler: Injection info set for new process 11252: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe, ImageBase: 0x00007FF7B5F00000
2026-05-28 17:41:44,605 [root] DEBUG: 2208: DLL loaded at 0x00007FFC2A2D0000: C:\Windows\SYSTEM32\MSASN1 (0x12000 bytes).
2026-05-28 17:41:44,606 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:44,621 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:44,623 [root] DEBUG: 2208: ProcessMessage: Skipping monitoring process 11252
2026-05-28 17:41:44,624 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:44,624 [root] DEBUG: 2208: DLL loaded at 0x00007FFC1C0A0000: C:\Windows\System32\OneCoreCommonProxyStub (0x7f000 bytes).
2026-05-28 17:41:44,625 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:44,626 [root] DEBUG: 2208: ProcessMessage: Skipping monitoring process 11252
2026-05-28 17:41:44,628 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:44,633 [root] DEBUG: 2208: DLL loaded at 0x00007FFBED5F0000: C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Well Known Domains\1.2.0.0\well_known_domains (0x9e000 bytes).
2026-05-28 17:41:44,636 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:44,636 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:44,638 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:44,639 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:44,644 [root] DEBUG: 2208: DLL loaded at 0x00007FFC2A090000: C:\Windows\SYSTEM32\CRYPTSP (0x18000 bytes).
2026-05-28 17:41:44,646 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:44,647 [root] DEBUG: 2208: DLL loaded at 0x00007FFC1CFE0000: C:\Windows\System32\vaultcli (0x51000 bytes).
2026-05-28 17:41:44,650 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:44,653 [root] DEBUG: 2208: DLL loaded at 0x00007FFC297D0000: C:\Windows\system32\rsaenh (0x34000 bytes).
2026-05-28 17:41:44,665 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:44,666 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:44,667 [root] DEBUG: 2208: DLL loaded at 0x00007FFC17910000: C:\Windows\System32\aadWamExtension (0x36000 bytes).
2026-05-28 17:41:44,668 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:44,672 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:44,681 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:44,683 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:44,684 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:44,684 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:44,686 [root] DEBUG: 2208: DLL loaded at 0x00007FFBED560000: C:\Windows\System32\MicrosoftAccountWAMExtension (0x8c000 bytes).
2026-05-28 17:41:44,688 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:44,689 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:44,694 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:44,695 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:44,700 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:44,702 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:44,706 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:44,709 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:45,079 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:45,080 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:45,364 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:45,365 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:45,369 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:45,370 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:45,374 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:45,375 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:45,379 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:45,380 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:45,381 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:45,381 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:45,385 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:45,385 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:45,399 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:45,400 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:45,400 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:45,400 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:45,404 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:45,404 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:45,405 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:45,405 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:45,411 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:45,411 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:45,418 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:45,418 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:45,425 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:45,426 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:45,430 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:45,430 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:45,444 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:45,444 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:45,449 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:45,449 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:45,461 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:45,461 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:45,467 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:45,467 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:45,486 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:45,486 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:45,491 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:45,491 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:45,498 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:45,499 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:45,504 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:45,504 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:45,519 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:45,520 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:45,524 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:45,524 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:45,534 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:45,535 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:45,539 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:45,539 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:45,550 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:45,551 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:45,555 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:45,555 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:45,580 [root] DEBUG: 2208: CreateProcessHandler: Injection info set for new process 11928: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe, ImageBase: 0x00007FF7B5F00000
2026-05-28 17:41:45,581 [root] DEBUG: 2208: CreateProcessHandler: Injection info set for new process 11940: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe, ImageBase: 0x00007FF7B5F00000
2026-05-28 17:41:45,582 [root] DEBUG: 2208: ProcessMessage: Skipping monitoring process 11928
2026-05-28 17:41:45,582 [root] DEBUG: 2208: ProcessMessage: Skipping monitoring process 11940
2026-05-28 17:41:45,583 [root] DEBUG: 2208: ProcessMessage: Skipping monitoring process 11928
2026-05-28 17:41:45,583 [root] DEBUG: 2208: ProcessMessage: Skipping monitoring process 11940
2026-05-28 17:41:45,593 [root] DEBUG: 2208: DLL loaded at 0x00007FFC24C20000: C:\Windows\System32\netprofm (0x3f000 bytes).
2026-05-28 17:41:45,620 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:45,621 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:45,626 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:45,626 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:45,637 [root] DEBUG: 2208: DLL loaded at 0x00007FFBB9DC0000: C:\Program Files (x86)\Microsoft\Edge\Application\148.0.3967.83\telclient (0x3ed000 bytes).
2026-05-28 17:41:45,657 [root] DEBUG: 2208: DLL loaded at 0x00007FFC2C0D0000: C:\Windows\System32\SETUPAPI (0x46e000 bytes).
2026-05-28 17:41:45,658 [root] DEBUG: 2208: DLL loaded at 0x00007FFC225B0000: C:\Windows\System32\npmproxy (0x10000 bytes).
2026-05-28 17:41:45,660 [root] DEBUG: 2208: DLL loaded at 0x00007FFBB9A80000: C:\Program Files (x86)\Microsoft\Edge\Application\148.0.3967.83\oneds (0x33f000 bytes).
2026-05-28 17:41:45,664 [root] DEBUG: 2208: DLL loaded at 0x00007FFC2A490000: C:\Windows\SYSTEM32\DEVOBJ (0x33000 bytes).
2026-05-28 17:41:45,665 [root] DEBUG: 2208: DLL loaded at 0x00007FFC2B050000: C:\Windows\System32\WINTRUST (0x67000 bytes).
2026-05-28 17:41:45,679 [root] DEBUG: 2208: DLL loaded at 0x00007FFC293F0000: C:\Windows\System32\FirewallAPI (0x96000 bytes).
2026-05-28 17:41:45,680 [root] DEBUG: 2208: DLL loaded at 0x00007FFC293B0000: C:\Windows\System32\fwbase (0x36000 bytes).
2026-05-28 17:41:45,689 [root] DEBUG: 2208: DLL loaded at 0x00007FFC11D50000: C:\Program Files (x86)\Microsoft\Edge\Application\148.0.3967.83\microsoft_shell_integration (0x78000 bytes).
2026-05-28 17:41:45,699 [root] DEBUG: 2208: DLL loaded at 0x00007FFBBCBD0000: C:\Program Files (x86)\Microsoft\Edge\Application\148.0.3967.83\ffmpeg (0x467000 bytes).
2026-05-28 17:41:45,701 [root] DEBUG: 2208: DLL loaded at 0x00007FFC284D0000: C:\Windows\System32\RMCLIENT (0x2a000 bytes).
2026-05-28 17:41:45,702 [root] DEBUG: 2208: DLL loaded at 0x00007FFC26310000: C:\Windows\System32\XmlLite (0x36000 bytes).
2026-05-28 17:41:45,702 [root] DEBUG: 2208: DLL loaded at 0x00007FFC16860000: C:\Windows\System32\wpnapps (0x15b000 bytes).
2026-05-28 17:41:45,722 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:45,723 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:45,727 [root] DEBUG: 2208: DLL loaded at 0x00007FFC11B00000: C:\Windows\System32\ShellCommonCommonProxyStub (0xe4000 bytes).
2026-05-28 17:41:45,727 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:45,728 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:45,752 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:45,753 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:45,759 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:45,759 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:45,775 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:45,776 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:45,780 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:45,780 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:45,787 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:45,788 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:45,792 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:45,792 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:45,796 [root] DEBUG: 2208: DLL loaded at 0x00007FFC20180000: C:\Windows\system32\TenantRestrictionsPlugin (0x1b000 bytes).
2026-05-28 17:41:45,801 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:45,803 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:45,806 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:45,807 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:45,816 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:45,817 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:45,821 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:45,821 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:45,830 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:45,831 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:45,835 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:45,835 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:45,847 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:45,847 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:45,851 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:45,852 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:45,863 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:45,864 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:45,869 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:45,869 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:45,886 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:45,887 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:45,890 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:45,891 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:45,898 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:45,899 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:45,903 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:45,903 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:45,917 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:45,917 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:45,921 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:45,922 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:45,929 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:45,929 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:45,933 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:45,934 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:45,960 [root] DEBUG: 2208: CreateProcessHandler: Injection info set for new process 10964: C:\Program Files (x86)\Microsoft\Edge\Application\148.0.3967.83\identity_helper.exe, ImageBase: 0x00007FF7809A0000
2026-05-28 17:41:45,961 [root] INFO: Announced 64-bit process name: identity_helper.exe pid: 10964
2026-05-28 17:41:45,961 [lib.api.process] INFO: Monitor config for process 10964: C:\q61py415\dll\10964.ini
2026-05-28 17:41:45,962 [lib.api.process] INFO: Option 'interactive' with value '1' sent to monitor
2026-05-28 17:41:45,997 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:45,998 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:46,003 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:46,004 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:46,059 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:46,060 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:46,064 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:46,065 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:46,079 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:46,079 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:46,084 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:46,085 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:46,091 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:46,092 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:46,096 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:46,097 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:46,100 [root] DEBUG: 2208: DLL loaded at 0x00007FFC29860000: C:\Windows\SYSTEM32\msvcp110_win (0x8a000 bytes).
2026-05-28 17:41:46,101 [root] DEBUG: 2208: DLL loaded at 0x00007FFC23B90000: C:\Windows\SYSTEM32\policymanager (0xa1000 bytes).
2026-05-28 17:41:46,108 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:46,108 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:46,113 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:46,114 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:46,122 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:46,123 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:46,128 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:46,128 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:46,135 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:46,136 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:46,140 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:46,141 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:46,147 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:46,148 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:46,151 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:46,152 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:46,161 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:46,162 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:46,166 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:46,167 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:46,468 [lib.api.process] INFO: Potential dll side-loading detected in local directory: d3dcompiler_47.dll
2026-05-28 17:41:46,468 [lib.api.process] INFO: Potential dll side-loading detected in local directory: onnxruntime.dll
2026-05-28 17:41:46,471 [lib.api.process] INFO: 64-bit DLL to inject is C:\q61py415\dll\wXsOlW.dll, loader C:\q61py415\bin\OCVwDwZX.exe
2026-05-28 17:41:46,475 [root] DEBUG: Loader: Injecting process 10964 (thread 10984) with C:\q61py415\dll\wXsOlW.dll.
2026-05-28 17:41:46,476 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2026-05-28 17:41:46,476 [root] DEBUG: Successfully injected DLL C:\q61py415\dll\wXsOlW.dll.
2026-05-28 17:41:46,478 [lib.api.process] INFO: Injected into 64-bit <Process 10964 identity_helper.exe>
2026-05-28 17:41:46,483 [root] DEBUG: 2208: DLL loaded at 0x00007FFC23660000: C:\Windows\SYSTEM32\capauthz (0x51000 bytes).
2026-05-28 17:41:46,484 [root] DEBUG: 2208: DLL loaded at 0x00007FFC204E0000: C:\Windows\SYSTEM32\windows.staterepositorycore (0x11000 bytes).
2026-05-28 17:41:46,486 [root] DEBUG: 2208: CreateProcessHandler: Injection info set for new process 12320: C:\Program Files (x86)\Microsoft\Edge\Application\148.0.3967.83\identity_helper.exe, ImageBase: 0x00007FF7809A0000
2026-05-28 17:41:46,488 [root] INFO: Announced 64-bit process name: identity_helper.exe pid: 12320
2026-05-28 17:41:46,488 [lib.api.process] INFO: Monitor config for process 12320: C:\q61py415\dll\12320.ini
2026-05-28 17:41:46,489 [lib.api.process] INFO: Option 'interactive' with value '1' sent to monitor
2026-05-28 17:41:46,557 [lib.api.process] INFO: Potential dll side-loading detected in local directory: d3dcompiler_47.dll
2026-05-28 17:41:46,557 [lib.api.process] INFO: Potential dll side-loading detected in local directory: onnxruntime.dll
2026-05-28 17:41:46,559 [lib.api.process] INFO: 64-bit DLL to inject is C:\q61py415\dll\wXsOlW.dll, loader C:\q61py415\bin\OCVwDwZX.exe
2026-05-28 17:41:46,563 [root] DEBUG: Loader: Injecting process 12320 (thread 12324) with C:\q61py415\dll\wXsOlW.dll.
2026-05-28 17:41:46,563 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2026-05-28 17:41:46,564 [root] DEBUG: Successfully injected DLL C:\q61py415\dll\wXsOlW.dll.
2026-05-28 17:41:46,565 [lib.api.process] INFO: Injected into 64-bit <Process 12320 identity_helper.exe>
2026-05-28 17:41:46,567 [root] INFO: Announced 64-bit process name: identity_helper.exe pid: 12320
2026-05-28 17:41:46,567 [lib.api.process] INFO: Monitor config for process 12320: C:\q61py415\dll\12320.ini
2026-05-28 17:41:46,568 [lib.api.process] INFO: Option 'interactive' with value '1' sent to monitor
2026-05-28 17:41:46,636 [lib.api.process] INFO: Potential dll side-loading detected in local directory: d3dcompiler_47.dll
2026-05-28 17:41:46,636 [lib.api.process] INFO: Potential dll side-loading detected in local directory: onnxruntime.dll
2026-05-28 17:41:46,638 [lib.api.process] INFO: 64-bit DLL to inject is C:\q61py415\dll\wXsOlW.dll, loader C:\q61py415\bin\OCVwDwZX.exe
2026-05-28 17:41:46,642 [root] DEBUG: Loader: Injecting process 12320 (thread 12324) with C:\q61py415\dll\wXsOlW.dll.
2026-05-28 17:41:46,642 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2026-05-28 17:41:46,643 [root] DEBUG: Successfully injected DLL C:\q61py415\dll\wXsOlW.dll.
2026-05-28 17:41:46,644 [lib.api.process] INFO: Injected into 64-bit <Process 12320 identity_helper.exe>
2026-05-28 17:41:46,658 [root] DEBUG: 12320: Python path set to 'C:\Users\admin\AppData\Local\Python\pythoncore-3.14-64'.
2026-05-28 17:41:46,658 [root] DEBUG: 12320: Interactive desktop enabled.
2026-05-28 17:41:46,659 [root] DEBUG: 12320: Dropped file limit defaulting to 100.
2026-05-28 17:41:46,664 [root] DEBUG: 12320: Disabling sleep skipping.
2026-05-28 17:41:46,665 [root] DEBUG: 12320: YaraInit: Compiled rules loaded from existing file C:\q61py415\data\yara\capemon.yac
2026-05-28 17:41:46,677 [root] DEBUG: 12320: RtlInsertInvertedFunctionTable 0x00007FFC2D10090E, LdrpInvertedFunctionTableSRWLock 0x00007FFC2D25D4F0
2026-05-28 17:41:46,677 [root] DEBUG: 12320: YaraScan: Scanning 0x00007FF7809A0000, size 0x28b4d8
2026-05-28 17:41:46,695 [root] DEBUG: 12320: Monitor initialised: 64-bit capemon loaded in process 12320 at 0x00007FFC14380000, thread 12324, image base 0x00007FF7809A0000, stack from 0x0000005093D94000-0x0000005093DA0000
2026-05-28 17:41:46,696 [root] DEBUG: 12320: Commandline: "C:\Program Files (x86)\Microsoft\Edge\Application\148.0.3967.83\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=windows_package_identity --skip-read-main-dll --metrics-shmem-handle=5004,i,10041185329265187298,11074568154246322711,524288 --field-trial-handle=2364,i,10929924703418574237,15321897610074055618,262144 --variations-seed-version --pseudonymization-salt-handle=2368,i,15205487911583646568,1435369039403
2026-05-28 17:41:46,696 [root] DEBUG: 12320: add_all_dlls_to_dll_ranges: skipping C:\Program Files (x86)\Microsoft\Edge\Application\148.0.3967.83\msedge_elf.dll
2026-05-28 17:41:46,705 [root] DEBUG: 12320: hook_api: LdrpCallInitRoutine export address 0x00007FFC2D1099BC obtained via GetFunctionAddress
2026-05-28 17:41:46,732 [root] WARNING: b'Unable to create trampoline for LockResource, hook type 2'
2026-05-28 17:41:46,733 [root] DEBUG: 12320: set_hooks: Unable to hook LockResource
2026-05-28 17:41:46,740 [root] DEBUG: 12320: Hooked 627 out of 628 functions
2026-05-28 17:41:46,746 [root] DEBUG: 2208: DLL loaded at 0x00007FFC19AE0000: C:\Windows\System32\Windows.ApplicationModel (0xe9000 bytes).
2026-05-28 17:41:46,747 [root] DEBUG: 2208: DLL loaded at 0x00007FFC23A80000: C:\Windows\System32\AppXDeploymentClient (0x102000 bytes).
2026-05-28 17:41:46,750 [root] DEBUG: 2208: DLL loaded at 0x00007FFC22E90000: C:\Windows\system32\wlanapi (0x74000 bytes).
2026-05-28 17:41:46,755 [root] DEBUG: 12320: Syscall hook installed, syscall logging level 1
2026-05-28 17:41:46,760 [root] DEBUG: 12320: RestoreHeaders: Restored original import table.
2026-05-28 17:41:46,760 [root] INFO: Loaded monitor into process with pid 12320
2026-05-28 17:41:46,761 [root] DEBUG: 12320: YaraScan: Scanning 0x00007FFBD2060000, size 0x4b9994
2026-05-28 17:41:46,845 [root] DEBUG: 12320: YaraScan: Scanning 0x00007FFBD2060000, size 0x4b9994
2026-05-28 17:41:46,867 [root] DEBUG: 2208: DLL loaded at 0x00007FFC17770000: C:\Windows\SYSTEM32\NETAPI32 (0x19000 bytes).
2026-05-28 17:41:46,870 [root] DEBUG: 2208: DLL loaded at 0x00007FFC2A1B0000: C:\Windows\SYSTEM32\ncrypt (0x27000 bytes).
2026-05-28 17:41:46,871 [root] DEBUG: 2208: DLL loaded at 0x00007FFC2A170000: C:\Windows\SYSTEM32\NTASN1 (0x3b000 bytes).
2026-05-28 17:41:46,872 [root] DEBUG: 12320: YaraScan: Scanning 0x00007FFBD2060000, size 0x4b9994
2026-05-28 17:41:46,873 [root] DEBUG: 2208: DLL loaded at 0x00007FFC236E0000: C:\Windows\system32\PCPKsp (0x118000 bytes).
2026-05-28 17:41:46,879 [root] DEBUG: 2208: DLL loaded at 0x00007FFC2B260000: C:\Windows\System32\imagehlp (0x1d000 bytes).
2026-05-28 17:41:46,880 [root] DEBUG: 2208: DLL loaded at 0x00007FFC236C0000: C:\Windows\SYSTEM32\tbs (0x1b000 bytes).
2026-05-28 17:41:46,889 [root] DEBUG: 2208: DLL loaded at 0x00007FFC17800000: C:\Windows\system32\ncryptprov (0x5a000 bytes).
2026-05-28 17:41:46,901 [root] DEBUG: 12320: YaraScan: Scanning 0x00007FFBD2060000, size 0x4b9994
2026-05-28 17:41:46,926 [root] DEBUG: 12320: YaraScan: Scanning 0x00007FFBD2060000, size 0x4b9994
2026-05-28 17:41:46,952 [root] DEBUG: 12320: YaraScan: Scanning 0x00007FFBD2060000, size 0x4b9994
2026-05-28 17:41:46,977 [root] DEBUG: 12320: YaraScan: Scanning 0x00007FFBD2060000, size 0x4b9994
2026-05-28 17:41:47,004 [root] DEBUG: 2208: DLL loaded at 0x00007FFC29EA0000: C:\Windows\system32\mswsock (0x6a000 bytes).
2026-05-28 17:41:47,006 [root] DEBUG: 12320: caller_dispatch: Added region at 0x00007FFBD2060000 to tracked regions list (ntdll::NtProtectVirtualMemory returns to 0x00007FFBD225F156, thread 12324).
2026-05-28 17:41:47,006 [root] DEBUG: 12320: caller_dispatch: Scanning calling region at 0x00007FFBD2060000...
2026-05-28 17:41:47,010 [root] DEBUG: 12320: ProcessTrackedRegion: Region at 0x00007FFBD2060000 mapped as \Device\HarddiskVolume2\Program Files (x86)\Microsoft\Edge\Application\148.0.3967.83\msedge_elf.dll appears unmodified, skipping
2026-05-28 17:41:47,012 [root] DEBUG: 12320: DLL loaded at 0x00007FFC2B0C0000: C:\Windows\System32\bcryptprimitives (0x82000 bytes).
2026-05-28 17:41:47,043 [root] DEBUG: 12320: YaraScan: Scanning 0x00007FF7809A0000, size 0x28b4d8
2026-05-28 17:41:47,059 [root] DEBUG: 12320: YaraScan: Scanning 0x00007FF7809A0000, size 0x28b4d8
2026-05-28 17:41:47,075 [root] DEBUG: 12320: YaraScan: Scanning 0x00007FF7809A0000, size 0x28b4d8
2026-05-28 17:41:47,091 [root] DEBUG: 12320: YaraScan: Scanning 0x00007FF7809A0000, size 0x28b4d8
2026-05-28 17:41:47,107 [root] DEBUG: 12320: YaraScan: Scanning 0x00007FF7809A0000, size 0x28b4d8
2026-05-28 17:41:47,124 [root] DEBUG: 12320: YaraScan: Scanning 0x00007FF7809A0000, size 0x28b4d8
2026-05-28 17:41:47,141 [root] DEBUG: 12320: caller_dispatch: Added region at 0x00007FF7809A0000 to tracked regions list (ntdll::NtProtectVirtualMemory returns to 0x00007FF780A94096, thread 12324).
2026-05-28 17:41:47,142 [root] DEBUG: 12320: YaraScan: Scanning 0x00007FF7809A0000, size 0x28b4d8
2026-05-28 17:41:47,159 [root] DEBUG: 12320: ProcessImageBase: Main module image at 0x00007FF7809A0000 unmodified (entropy change 0.000000e+00)
2026-05-28 17:41:47,163 [root] DEBUG: 12320: DLL loaded at 0x00007FFC2B150000: C:\Windows\System32\shcore (0xad000 bytes).
2026-05-28 17:41:47,186 [root] DEBUG: 12320: DLL loaded at 0x00007FFBBE9A0000: C:\Program Files (x86)\Microsoft\Edge\Application\148.0.3967.83\msedge (0x136be000 bytes).
2026-05-28 17:41:47,190 [root] DEBUG: 12320: DLL loaded at 0x00007FFC28160000: C:\Windows\system32\uxtheme (0x9e000 bytes).
2026-05-28 17:41:47,193 [root] DEBUG: 12320: DLL loaded at 0x00007FFC2B280000: C:\Windows\System32\MSCTF (0x114000 bytes).
2026-05-28 17:41:47,222 [root] DEBUG: 12320: DLL loaded at 0x00007FFC286B0000: C:\Windows\SYSTEM32\kernel.appcore (0x12000 bytes).
2026-05-28 17:41:47,271 [root] DEBUG: 12320: DLL loaded at 0x00007FFC2C9C0000: C:\Windows\System32\clbcatq (0xa9000 bytes).
2026-05-28 17:41:47,282 [root] DEBUG: 12320: DLL loaded at 0x00007FFC2B150000: C:\Windows\System32\shcore (0xad000 bytes).
2026-05-28 17:41:47,283 [root] DEBUG: 12320: DLL loaded at 0x00007FFC27140000: C:\Windows\System32\PROPSYS (0xf6000 bytes).
2026-05-28 17:41:47,284 [root] DEBUG: 12320: DLL loaded at 0x00007FFC27DC0000: C:\Windows\System32\CoreMessaging (0xf2000 bytes).
2026-05-28 17:41:47,284 [root] DEBUG: 12320: DLL loaded at 0x00007FFC19830000: C:\Windows\System32\execmodelclient (0x63000 bytes).
2026-05-28 17:41:47,292 [root] DEBUG: 12320: DLL loaded at 0x00007FFC25980000: C:\Windows\System32\twinapi.appcore (0x203000 bytes).
2026-05-28 17:41:47,294 [root] DEBUG: 12320: DLL loaded at 0x00007FFC26FE0000: C:\Windows\SYSTEM32\wintypes (0x155000 bytes).
2026-05-28 17:41:47,296 [root] DEBUG: 12320: DLL loaded at 0x00007FFC284D0000: C:\Windows\System32\RMCLIENT (0x2a000 bytes).
2026-05-28 17:41:47,297 [root] DEBUG: 12320: DLL loaded at 0x00007FFC26310000: C:\Windows\System32\XmlLite (0x36000 bytes).
2026-05-28 17:41:47,297 [root] DEBUG: 12320: DLL loaded at 0x00007FFC16860000: C:\Windows\System32\wpnapps (0x15b000 bytes).
2026-05-28 17:41:47,305 [root] DEBUG: 12320: DLL loaded at 0x00007FFC1C0A0000: C:\Windows\System32\OneCoreCommonProxyStub (0x7f000 bytes).
2026-05-28 17:41:47,313 [root] DEBUG: 12320: DLL loaded at 0x00007FFC178B0000: C:\Windows\system32\execmodelproxy (0x18000 bytes).
2026-05-28 17:41:47,319 [root] DEBUG: 12320: DLL loaded at 0x00007FFC29860000: C:\Windows\System32\msvcp110_win (0x8a000 bytes).
2026-05-28 17:41:47,320 [root] DEBUG: 12320: DLL loaded at 0x00007FFC23B90000: C:\Windows\SYSTEM32\policymanager (0xa1000 bytes).
2026-05-28 17:41:47,323 [root] DEBUG: 12320: DLL loaded at 0x00007FFC25960000: C:\Windows\SYSTEM32\usermgrcli (0x16000 bytes).
2026-05-28 17:41:47,331 [root] DEBUG: 12320: DLL loaded at 0x00007FFC24D40000: C:\Windows\System32\OneCoreUAPCommonProxyStub (0x7d0000 bytes).
2026-05-28 17:41:47,335 [root] DEBUG: 12320: DLL loaded at 0x00007FFC1BEB0000: C:\Windows\System32\Windows.StateRepositoryPS (0x146000 bytes).
2026-05-28 17:41:47,342 [root] DEBUG: 12320: DLL loaded at 0x00007FFC2B050000: C:\Windows\System32\WINTRUST (0x67000 bytes).
2026-05-28 17:41:47,343 [root] DEBUG: 12320: DLL loaded at 0x00007FFC23660000: C:\Windows\SYSTEM32\capauthz (0x51000 bytes).
2026-05-28 17:41:47,351 [root] DEBUG: 12320: DLL loaded at 0x00007FFC2A2D0000: C:\Windows\System32\MSASN1 (0x12000 bytes).
2026-05-28 17:41:47,401 [root] DEBUG: 12320: DLL loaded at 0x00007FFC19AE0000: C:\Windows\System32\Windows.ApplicationModel (0xe9000 bytes).
2026-05-28 17:41:47,407 [root] DEBUG: 12320: DLL loaded at 0x00007FFC0C8D0000: C:\Windows\System32\CryptoWinRT (0x61000 bytes).
2026-05-28 17:41:47,420 [lib.api.process] INFO: Monitor config for process 760: C:\q61py415\dll\760.ini
2026-05-28 17:41:47,421 [lib.api.process] INFO: Option 'interactive' with value '1' sent to monitor
2026-05-28 17:41:47,422 [lib.api.process] INFO: 64-bit DLL to inject is C:\q61py415\dll\wXsOlW.dll, loader C:\q61py415\bin\OCVwDwZX.exe
2026-05-28 17:41:47,427 [root] DEBUG: Loader: Injecting process 760 with C:\q61py415\dll\wXsOlW.dll.
2026-05-28 17:41:47,430 [root] DEBUG: 760: Python path set to 'C:\Users\admin\AppData\Local\Python\pythoncore-3.14-64'.
2026-05-28 17:41:47,430 [root] DEBUG: 760: Disabling sleep skipping.
2026-05-28 17:41:47,430 [root] DEBUG: 760: Interactive desktop enabled.
2026-05-28 17:41:47,431 [root] DEBUG: 760: Dropped file limit defaulting to 100.
2026-05-28 17:41:47,434 [root] DEBUG: 760: Services hook set enabled
2026-05-28 17:41:47,435 [root] DEBUG: 760: YaraInit: Compiled rules loaded from existing file C:\q61py415\data\yara\capemon.yac
2026-05-28 17:41:47,449 [root] DEBUG: 760: RtlInsertInvertedFunctionTable 0x00007FFC2D10090E, LdrpInvertedFunctionTableSRWLock 0x00007FFC2D25D4F0
2026-05-28 17:41:47,450 [root] DEBUG: 760: Monitor initialised: 64-bit capemon loaded in process 760 at 0x00007FFC14380000, thread 12848, image base 0x00007FF7B7570000, stack from 0x000000946FBF4000-0x000000946FC00000
2026-05-28 17:41:47,450 [root] DEBUG: 760: Commandline: C:\Windows\system32\svchost.exe -k DcomLaunch -p
2026-05-28 17:41:47,463 [root] DEBUG: 760: Hooked 69 out of 69 functions
2026-05-28 17:41:47,464 [root] INFO: Loaded monitor into process with pid 760
2026-05-28 17:41:47,464 [root] DEBUG: InjectDllViaThread: Successfully injected Dll into process via RtlCreateUserThread.
2026-05-28 17:41:47,465 [root] DEBUG: Successfully injected DLL C:\q61py415\dll\wXsOlW.dll.
2026-05-28 17:41:47,466 [lib.api.process] INFO: Injected into 64-bit <Process 760 svchost.exe>
2026-05-28 17:41:47,595 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:47,596 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:47,600 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:47,600 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:47,795 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:47,796 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:47,800 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:47,801 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:48,409 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:48,410 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:49,488 [root] DEBUG: 12320: DLL loaded at 0x00007FFC200C0000: C:\Windows\System32\StateRepository.Core (0xb1000 bytes).
2026-05-28 17:41:49,489 [root] DEBUG: 12320: DLL loaded at 0x00007FFC20500000: C:\Windows\System32\Windows.StateRepository (0x58e000 bytes).
2026-05-28 17:41:49,489 [root] DEBUG: 12320: DLL loaded at 0x00007FFC17000000: C:\Windows\System32\TileDataRepository (0x99000 bytes).
2026-05-28 17:41:49,490 [root] DEBUG: 12320: DLL loaded at 0x00007FFC10950000: C:\Windows\System32\biwinrt (0x53000 bytes).
2026-05-28 17:41:49,505 [root] DEBUG: 12320: DLL loaded at 0x00007FFC23800000: C:\Windows\System32\usermgrproxy (0x54000 bytes).
2026-05-28 17:41:49,550 [root] DEBUG: 12320: DLL loaded at 0x00007FFC29090000: C:\Windows\System32\dxgi (0xf3000 bytes).
2026-05-28 17:41:49,551 [root] DEBUG: 12320: DLL loaded at 0x00007FFC26D70000: C:\Windows\System32\d3d11 (0x263000 bytes).
2026-05-28 17:41:49,558 [root] DEBUG: 12320: DLL loaded at 0x00007FFC1D2B0000: C:\Windows\System32\WININET (0x4d6000 bytes).
2026-05-28 17:41:49,558 [root] DEBUG: 12320: DLL loaded at 0x00007FFC10840000: C:\Windows\System32\windows.internal.shell.broker (0xdd000 bytes).
2026-05-28 17:41:49,572 [root] DEBUG: 12320: DLL loaded at 0x00007FFC11C60000: C:\Windows\System32\PCShellCommonProxyStub (0x13000 bytes).
2026-05-28 17:41:49,593 [root] DEBUG: 12320: DLL loaded at 0x00007FFC2A6C0000: C:\Windows\System32\USERENV (0x2e000 bytes).
2026-05-28 17:41:49,594 [root] DEBUG: 12320: DLL loaded at 0x00007FFC2A140000: C:\Windows\System32\Wldp (0x2d000 bytes).
2026-05-28 17:41:49,594 [root] DEBUG: 12320: DLL loaded at 0x00007FFC288B0000: C:\Windows\SYSTEM32\windows.storage (0x79b000 bytes).
2026-05-28 17:41:49,595 [root] DEBUG: 12320: DLL loaded at 0x00007FFC20480000: C:\Windows\System32\Bcp47Langs (0x5b000 bytes).
2026-05-28 17:41:49,595 [root] DEBUG: 12320: DLL loaded at 0x00007FFC16A70000: C:\Windows\System32\StartTileData (0x58a000 bytes).
2026-05-28 17:41:49,625 [root] DEBUG: 12320: DLL loaded at 0x00007FFC10BF0000: C:\Windows\System32\Windows.Storage.ApplicationData (0x66000 bytes).
2026-05-28 17:41:49,654 [root] DEBUG: 12320: DLL loaded at 0x00007FFC1AD10000: C:\Windows\system32\mssprxy (0x28000 bytes).
2026-05-28 17:41:49,690 [root] DEBUG: 12320: DLL loaded at 0x00007FFC2ACD0000: C:\Windows\System32\CFGMGR32 (0x4e000 bytes).
2026-05-28 17:41:50,612 [root] DEBUG: 2208: CreateProcessHandler: Injection info set for new process 13100: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe, ImageBase: 0x00007FF7B5F00000
2026-05-28 17:41:50,613 [root] DEBUG: 2208: ProcessMessage: Skipping monitoring process 13100
2026-05-28 17:41:50,614 [root] DEBUG: 2208: ProcessMessage: Skipping monitoring process 13100
2026-05-28 17:41:52,237 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:41:52,238 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:41:59,769 [root] INFO: Process with pid 12320 has terminated
2026-05-28 17:41:59,770 [root] DEBUG: 12320: NtTerminateProcess hook: Attempting to dump process 12320
2026-05-28 17:41:59,773 [root] DEBUG: 12320: DoProcessDump: Skipping process dump as code is identical on disk.
2026-05-28 17:42:00,449 [root] INFO: Announced starting service "b'GoogleUpdaterService149.0.7814.0'"
2026-05-28 17:42:00,450 [lib.api.process] INFO: Monitor config for process 624: C:\q61py415\dll\624.ini
2026-05-28 17:42:00,451 [lib.api.process] INFO: Option 'interactive' with value '1' sent to monitor
2026-05-28 17:42:00,452 [lib.api.process] INFO: 64-bit DLL to inject is C:\q61py415\dll\wXsOlW.dll, loader C:\q61py415\bin\OCVwDwZX.exe
2026-05-28 17:42:00,456 [root] DEBUG: Loader: Injecting process 624 with C:\q61py415\dll\wXsOlW.dll.
2026-05-28 17:42:00,458 [root] DEBUG: Loader: Copied config file C:\q61py415\dll\624.ini to system path C:\624.ini
2026-05-28 17:42:00,462 [root] DEBUG: Loader: Unable to open process, launched: PPLinject64.exe 624 C:\q61py415\dll\wXsOlW.dll
2026-05-28 17:42:00,467 [root] DEBUG: Successfully injected DLL C:\q61py415\dll\wXsOlW.dll.
2026-05-28 17:42:00,479 [lib.api.process] INFO: Injected into 64-bit <Process 624 services.exe>
2026-05-28 17:42:03,601 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:42:03,603 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:42:03,610 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270955e+00 (from 6.270496e+00)
2026-05-28 17:42:03,611 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:42:03,612 [root] DEBUG: 2072: DLL loaded at 0x00007FFC25E00000: C:\Windows\System32\taskschd (0xac000 bytes).
2026-05-28 17:42:03,617 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270956e+00 (from 6.270496e+00)
2026-05-28 17:42:03,617 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:42:03,618 [root] DEBUG: 2072: DLL loaded at 0x00007FFC1CBA0000: C:\Windows\SYSTEM32\Secur32 (0xc000 bytes).
2026-05-28 17:42:05,615 [root] DEBUG: 2208: DLL loaded at 0x00007FFC23E60000: C:\Windows\SYSTEM32\wevtapi (0x65000 bytes).
2026-05-28 17:42:11,711 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270956e+00 (from 6.270496e+00)
2026-05-28 17:42:11,712 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:42:11,718 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270956e+00 (from 6.270496e+00)
2026-05-28 17:42:11,718 [root] DEBUG: 2072: CreateProcessHandler: Injection info set for new process 12764: C:\Program Files\Google\Chrome\Application\chrome.exe, ImageBase: 0x00007FF78CD00000
2026-05-28 17:42:11,719 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:42:11,719 [root] DEBUG: 2072: ProcessMessage: Skipping monitoring process 12764
2026-05-28 17:42:11,728 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270956e+00 (from 6.270496e+00)
2026-05-28 17:42:11,728 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270956e+00 (from 6.270496e+00)
2026-05-28 17:42:11,729 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:42:11,730 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:42:11,730 [root] DEBUG: 2072: ProcessMessage: Skipping monitoring process 12764
2026-05-28 17:42:11,755 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270956e+00 (from 6.270496e+00)
2026-05-28 17:42:11,764 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:42:11,773 [root] DEBUG: 2072: CreateProcessHandler: Injection info set for new process 8160: C:\Program Files\Google\Chrome\Application\chrome.exe, ImageBase: 0x00007FF78CD00000
2026-05-28 17:42:11,773 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270956e+00 (from 6.270496e+00)
2026-05-28 17:42:11,774 [root] DEBUG: 2072: ProcessMessage: Skipping monitoring process 8160
2026-05-28 17:42:11,779 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:42:11,781 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270956e+00 (from 6.270496e+00)
2026-05-28 17:42:11,781 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:42:11,782 [root] DEBUG: 2072: ProcessMessage: Skipping monitoring process 8160
2026-05-28 17:42:11,815 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270956e+00 (from 6.270496e+00)
2026-05-28 17:42:11,819 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:42:11,827 [root] DEBUG: 2072: CreateProcessHandler: Injection info set for new process 7824: C:\Program Files\Google\Chrome\Application\chrome.exe, ImageBase: 0x00007FF78CD00000
2026-05-28 17:42:11,827 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270956e+00 (from 6.270496e+00)
2026-05-28 17:42:11,829 [root] DEBUG: 2072: ProcessMessage: Skipping monitoring process 7824
2026-05-28 17:42:11,830 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:42:11,836 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270956e+00 (from 6.270496e+00)
2026-05-28 17:42:11,837 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:42:11,838 [root] DEBUG: 2072: ProcessMessage: Skipping monitoring process 7824
2026-05-28 17:42:11,864 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270956e+00 (from 6.270496e+00)
2026-05-28 17:42:11,874 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:42:11,884 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270956e+00 (from 6.270496e+00)
2026-05-28 17:42:11,885 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:42:14,084 [root] DEBUG: 2208: DLL loaded at 0x00007FFC1FE60000: C:\Windows\System32\Windows.System.UserProfile.DiagnosticsSettings (0x15000 bytes).
2026-05-28 17:42:14,162 [root] DEBUG: 2208: CreateProcessHandler: Injection info set for new process 13388: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe, ImageBase: 0x00007FF7B5F00000
2026-05-28 17:42:14,163 [root] DEBUG: 2208: ProcessMessage: Skipping monitoring process 13388
2026-05-28 17:42:14,164 [root] DEBUG: 2208: ProcessMessage: Skipping monitoring process 13388
2026-05-28 17:42:20,632 [root] DEBUG: 2208: CreateProcessHandler: Injection info set for new process 13500: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe, ImageBase: 0x00007FF7B5F00000
2026-05-28 17:42:20,633 [root] DEBUG: 2208: ProcessMessage: Skipping monitoring process 13500
2026-05-28 17:42:20,634 [root] DEBUG: 2208: ProcessMessage: Skipping monitoring process 13500
2026-05-28 17:42:42,099 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270956e+00 (from 6.270496e+00)
2026-05-28 17:42:42,100 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:42:42,743 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270956e+00 (from 6.270496e+00)
2026-05-28 17:42:42,744 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:42:44,150 [root] DEBUG: 2208: DLL loaded at 0x00007FFC292E0000: C:\Windows\SYSTEM32\sppc (0x25000 bytes).
2026-05-28 17:42:44,151 [root] DEBUG: 2208: DLL loaded at 0x00007FFC29310000: C:\Windows\system32\slc (0x29000 bytes).
2026-05-28 17:42:44,153 [root] DEBUG: 2208: DLL loaded at 0x00007FFC1CF10000: C:\Windows\system32\slwga (0x19000 bytes).
2026-05-28 17:42:44,185 [root] DEBUG: 2208: DLL loaded at 0x00007FFC14880000: C:\Windows\System32\Windows.System.Diagnostics.Telemetry.PlatformTelemetryClient (0x12000 bytes).
2026-05-28 17:42:44,197 [root] DEBUG: 2208: CreateProcessHandler: Injection info set for new process 13868: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe, ImageBase: 0x00007FF7B5F00000
2026-05-28 17:42:44,198 [root] DEBUG: 2208: ProcessMessage: Skipping monitoring process 13868
2026-05-28 17:42:44,199 [root] DEBUG: 2208: ProcessMessage: Skipping monitoring process 13868
2026-05-28 17:42:44,306 [root] DEBUG: 2208: DLL loaded at 0x00007FFBE85B0000: C:\Windows\System32\CloudExperienceHostCommon (0x128000 bytes).
2026-05-28 17:42:48,899 [root] DEBUG: 4248: DLL loaded at 0x00007FFC14310000: C:\Windows\SYSTEM32\storageusage (0x2f000 bytes).
2026-05-28 17:43:20,654 [root] DEBUG: 2208: CreateProcessHandler: Injection info set for new process 13416: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe, ImageBase: 0x00007FF7B5F00000
2026-05-28 17:43:20,656 [root] DEBUG: 2208: ProcessMessage: Skipping monitoring process 13416
2026-05-28 17:43:20,657 [root] DEBUG: 2208: ProcessMessage: Skipping monitoring process 13416
2026-05-28 17:43:24,436 [root] DEBUG: 2208: CreateProcessHandler: Injection info set for new process 12064: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe, ImageBase: 0x00007FF7B5F00000
2026-05-28 17:43:24,437 [root] DEBUG: 2208: ProcessMessage: Skipping monitoring process 12064
2026-05-28 17:43:24,438 [root] DEBUG: 2208: ProcessMessage: Skipping monitoring process 12064
2026-05-28 17:43:24,781 [root] DEBUG: 2208: DLL loaded at 0x00007FFC15280000: C:\Windows\System32\Windows.Security.Authentication.OnlineId (0xf4000 bytes).
2026-05-28 17:43:30,171 [root] DEBUG: 2208: CreateProcessHandler: Injection info set for new process 13596: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe, ImageBase: 0x00007FF7B5F00000
2026-05-28 17:43:30,433 [root] DEBUG: 2208: ProcessMessage: Skipping monitoring process 13596
2026-05-28 17:43:30,719 [root] DEBUG: 2208: ProcessMessage: Skipping monitoring process 13596
2026-05-28 17:43:42,259 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270956e+00 (from 6.270496e+00)
2026-05-28 17:43:43,575 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:43:44,801 [root] DEBUG: 2208: CreateProcessHandler: Injection info set for new process 5932: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe, ImageBase: 0x00007FF7B5F00000
2026-05-28 17:43:45,162 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270956e+00 (from 6.270496e+00)
2026-05-28 17:43:45,578 [root] DEBUG: 2072: CreateProcessHandler: Injection info set for new process 13828: C:\Program Files\Google\Chrome\Application\chrome.exe, ImageBase: 0x00007FF78CD00000
2026-05-28 17:43:45,801 [root] DEBUG: 2208: ProcessMessage: Skipping monitoring process 5932
2026-05-28 17:43:45,893 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:43:46,025 [root] DEBUG: 2072: ProcessMessage: Skipping monitoring process 13828
2026-05-28 17:43:46,120 [root] DEBUG: 2208: ProcessMessage: Skipping monitoring process 5932
2026-05-28 17:43:46,255 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270956e+00 (from 6.270496e+00)
2026-05-28 17:43:46,344 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270956e+00 (from 6.270496e+00)
2026-05-28 17:43:46,484 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270956e+00 (from 6.270496e+00)
2026-05-28 17:43:46,619 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:43:46,705 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:43:46,800 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:43:46,999 [root] DEBUG: 2072: ProcessMessage: Skipping monitoring process 13828
2026-05-28 17:43:47,216 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270956e+00 (from 6.270496e+00)
2026-05-28 17:43:47,420 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:43:47,629 [root] DEBUG: 2072: ProcessTrackedRegion: Updated entropy for tracked region at 0x00007FFC13420000: 6.270956e+00 (from 6.270496e+00)
2026-05-28 17:43:47,821 [root] DEBUG: 2072: ProcessTrackedRegion: Region at 0x00007FFC13420000 mapped as \Device\HarddiskVolume2\Program Files\Google\Chrome\Application\148.0.7778.217\chrome_elf.dll is in known range, skipping
2026-05-28 17:43:50,542 [root] DEBUG: 4248: CreateProcessHandler: Injection info set for new process 14276: C:\Windows\system32\taskmgr.exe, ImageBase: 0x00007FF7299E0000
2026-05-28 17:43:50,790 [root] INFO: Announced 64-bit process name: Taskmgr.exe pid: 14276
2026-05-28 17:43:50,871 [lib.api.process] INFO: Monitor config for process 14276: C:\q61py415\dll\14276.ini
2026-05-28 17:43:51,070 [lib.api.process] INFO: Option 'interactive' with value '1' sent to monitor
2026-05-28 17:43:51,152 [lib.api.process] INFO: 64-bit DLL to inject is C:\q61py415\dll\wXsOlW.dll, loader C:\q61py415\bin\OCVwDwZX.exe
2026-05-28 17:43:51,462 [root] DEBUG: Loader: Injecting process 14276 (thread 14212) with C:\q61py415\dll\wXsOlW.dll.
2026-05-28 17:43:51,700 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2026-05-28 17:43:51,904 [root] DEBUG: Successfully injected DLL C:\q61py415\dll\wXsOlW.dll.
2026-05-28 17:43:52,182 [lib.api.process] INFO: Injected into 64-bit <Process 14276 Taskmgr.exe>
2026-05-28 17:43:52,392 [root] INFO: Announced 64-bit process name: Taskmgr.exe pid: 14276
2026-05-28 17:43:52,469 [lib.api.process] INFO: Monitor config for process 14276: C:\q61py415\dll\14276.ini
2026-05-28 17:43:52,553 [lib.api.process] INFO: Option 'interactive' with value '1' sent to monitor
2026-05-28 17:43:52,639 [lib.api.process] INFO: 64-bit DLL to inject is C:\q61py415\dll\wXsOlW.dll, loader C:\q61py415\bin\OCVwDwZX.exe
2026-05-28 17:43:53,056 [root] DEBUG: Loader: Injecting process 14276 (thread 14212) with C:\q61py415\dll\wXsOlW.dll.
2026-05-28 17:43:53,259 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2026-05-28 17:43:53,467 [root] DEBUG: Successfully injected DLL C:\q61py415\dll\wXsOlW.dll.
2026-05-28 17:43:53,706 [lib.api.process] INFO: Injected into 64-bit <Process 14276 Taskmgr.exe>
2026-05-28 17:43:53,909 [root] INFO: Announced 64-bit process name: Taskmgr.exe pid: 14276
2026-05-28 17:43:53,993 [lib.api.process] INFO: Monitor config for process 14276: C:\q61py415\dll\14276.ini
2026-05-28 17:43:54,071 [lib.api.process] INFO: Option 'interactive' with value '1' sent to monitor
2026-05-28 17:43:54,147 [lib.api.process] INFO: 64-bit DLL to inject is C:\q61py415\dll\wXsOlW.dll, loader C:\q61py415\bin\OCVwDwZX.exe
2026-05-28 17:43:54,450 [root] DEBUG: Loader: Injecting process 14276 with C:\q61py415\dll\wXsOlW.dll.
2026-05-28 17:43:54,655 [root] DEBUG: InjectDll: No thread ID supplied, initial thread ID 14212, handle 0x120
2026-05-28 17:43:54,846 [root] DEBUG: InjectDllViaIAT: This image has already been patched.
2026-05-28 17:43:55,050 [root] DEBUG: Successfully injected DLL C:\q61py415\dll\wXsOlW.dll.
2026-05-28 17:43:55,291 [lib.api.process] INFO: Injected into 64-bit <Process 14276 Taskmgr.exe>
2026-05-28 17:43:55,668 [root] DEBUG: 14276: Python path set to 'C:\Users\admin\AppData\Local\Python\pythoncore-3.14-64'.
2026-05-28 17:43:55,853 [root] DEBUG: 14276: Interactive desktop enabled.
2026-05-28 17:43:56,080 [root] DEBUG: 14276: Dropped file limit defaulting to 100.
2026-05-28 17:43:56,422 [root] DEBUG: 14276: Disabling sleep skipping.
2026-05-28 17:43:56,613 [root] DEBUG: 14276: YaraInit: Compiled rules loaded from existing file C:\q61py415\data\yara\capemon.yac
2026-05-28 17:43:56,820 [root] DEBUG: 14276: RtlInsertInvertedFunctionTable 0x00007FFC2D10090E, LdrpInvertedFunctionTableSRWLock 0x00007FFC2D25D4F0
2026-05-28 17:43:57,053 [root] DEBUG: 14276: YaraScan: Scanning 0x00007FF7299E0000, size 0x12fcfe
2026-05-28 17:43:57,294 [root] DEBUG: 14276: Monitor initialised: 64-bit capemon loaded in process 14276 at 0x00007FFC14380000, thread 14212, image base 0x00007FF7299E0000, stack from 0x000000ED18D94000-0x000000ED18DA0000
2026-05-28 17:43:57,520 [root] DEBUG: 14276: Commandline: "C:\Windows\system32\taskmgr.exe" /4
2026-05-28 17:43:57,725 [root] DEBUG: 14276: hook_api: LdrpCallInitRoutine export address 0x00007FFC2D1099BC obtained via GetFunctionAddress
2026-05-28 17:43:57,901 [root] WARNING: b'Unable to create trampoline for LockResource, hook type 2'
2026-05-28 17:43:58,100 [root] DEBUG: 14276: set_hooks: Unable to hook LockResource
2026-05-28 17:43:58,288 [root] DEBUG: 14276: Hooked 627 out of 628 functions
2026-05-28 17:43:58,491 [root] DEBUG: 14276: Syscall hook installed, syscall logging level 1
2026-05-28 17:43:58,685 [root] DEBUG: 14276: RestoreHeaders: Restored original import table.
2026-05-28 17:43:58,865 [root] INFO: Loaded monitor into process with pid 14276
2026-05-28 17:43:59,115 [root] DEBUG: 14276: DLL loaded at 0x00007FFC2A560000: C:\Windows\system32\UMPDC (0x12000 bytes).
2026-05-28 17:43:59,294 [root] DEBUG: 14276: caller_dispatch: Added region at 0x00007FF7299E0000 to tracked regions list (ntdll::NtAllocateVirtualMemory returns to 0x00007FF729A0FF02, thread 14212).
2026-05-28 17:43:59,479 [root] DEBUG: 14276: YaraScan: Scanning 0x00007FF7299E0000, size 0x12fcfe
2026-05-28 17:43:59,682 [root] DEBUG: 14276: ProcessImageBase: Main module image at 0x00007FF7299E0000 unmodified (entropy change 0.000000e+00)
2026-05-28 17:44:00,015 [root] DEBUG: 14276: DLL loaded at 0x00007FFC2B0C0000: C:\Windows\System32\bcryptPrimitives (0x82000 bytes).
2026-05-28 17:44:00,216 [root] DEBUG: 14276: DLL loaded at 0x00007FFC2C9C0000: C:\Windows\System32\clbcatq (0xa9000 bytes).
2026-05-28 17:44:00,416 [root] DEBUG: 14276: DLL loaded at 0x00007FFC2B280000: C:\Windows\System32\MSCTF (0x114000 bytes).
2026-05-28 17:44:00,615 [root] DEBUG: 14276: DLL loaded at 0x00007FFC1C2E0000: C:\Windows\system32\TextShaping (0xac000 bytes).
2026-05-28 17:44:00,941 [root] DEBUG: 14276: DLL loaded at 0x00007FFC298F0000: C:\Windows\SYSTEM32\ntmarta (0x33000 bytes).
2026-05-28 17:44:01,194 [root] DEBUG: 14276: DLL loaded at 0x00007FFC27DC0000: C:\Windows\System32\CoreMessaging (0xf2000 bytes).
2026-05-28 17:44:01,411 [root] DEBUG: 14276: DLL loaded at 0x00007FFC26FE0000: C:\Windows\SYSTEM32\wintypes (0x155000 bytes).
2026-05-28 17:44:01,575 [root] DEBUG: 14276: DLL loaded at 0x00007FFC27980000: C:\Windows\System32\CoreUIComponents (0x35b000 bytes).
2026-05-28 17:44:01,784 [root] DEBUG: 14276: DLL loaded at 0x00007FFC1FA90000: C:\Windows\SYSTEM32\textinputframework (0xf9000 bytes).
2026-05-28 17:44:02,010 [root] DEBUG: 14276: DLL loaded at 0x00007FFC29860000: C:\Windows\system32\msvcp110_win (0x8a000 bytes).
2026-05-28 17:44:02,257 [root] DEBUG: 14276: DLL loaded at 0x00007FFC23B90000: C:\Windows\SYSTEM32\policymanager (0xa1000 bytes).
2026-05-28 17:44:02,501 [root] DEBUG: 14276: DLL loaded at 0x00007FFC1D240000: C:\Windows\System32\NetworkUXBroker (0x6d000 bytes).
2026-05-28 17:44:02,784 [root] DEBUG: 14276: DLL loaded at 0x00007FFC0D2A0000: C:\Windows\SYSTEM32\atlthunk (0xd000 bytes).
2026-05-28 17:44:03,216 [root] DEBUG: 4248: DLL loaded at 0x00007FFC0D0A0000: C:\Windows\System32\CapabilityAccessManagerClient (0x3f000 bytes).
2026-05-28 17:44:03,389 [root] DEBUG: 14276: DLL loaded at 0x00007FFC27460000: C:\Windows\system32\WTSAPI32 (0x14000 bytes).
2026-05-28 17:44:06,907 [root] DEBUG: 14276: DLL loaded at 0x00007FFC2A500000: C:\Windows\system32\WINSTA (0x5b000 bytes).
2026-05-28 17:44:08,042 [root] DEBUG: 14276: DLL loaded at 0x00007FFC25C40000: C:\Windows\system32\WindowsCodecs (0x1b4000 bytes).
2026-05-28 17:44:09,884 [root] DEBUG: 760: CreateProcessHandler: Injection info set for new process 12736: C:\Windows\system32\DllHost.exe, ImageBase: 0x00007FF6ABE30000
2026-05-28 17:44:11,582 [root] DEBUG: 14276: DLL loaded at 0x00007FFC26310000: C:\Windows\system32\XmlLite (0x36000 bytes).
2026-05-28 17:44:12,106 [root] INFO: Announced 64-bit process name: dllhost.exe pid: 12736
2026-05-28 17:44:12,455 [lib.api.process] INFO: Monitor config for process 12736: C:\q61py415\dll\12736.ini
2026-05-28 17:44:12,625 [root] DEBUG: 14276: DLL loaded at 0x00007FFC2A700000: C:\Windows\System32\profapi (0x25000 bytes).
2026-05-28 17:44:13,146 [lib.api.process] INFO: Option 'interactive' with value '1' sent to monitor
2026-05-28 17:44:13,492 [lib.api.process] INFO: 64-bit DLL to inject is C:\q61py415\dll\wXsOlW.dll, loader C:\q61py415\bin\OCVwDwZX.exe
2026-05-28 17:44:13,492 [root] DEBUG: 14276: DLL loaded at 0x00007FFC1E400000: C:\Windows\System32\Windows.UI.Immersive (0x139000 bytes).
2026-05-28 17:44:14,782 [root] DEBUG: 14276: DLL loaded at 0x00007FFC15030000: C:\Windows\system32\OLEACC (0x66000 bytes).
2026-05-28 17:44:15,333 [root] DEBUG: Loader: Injecting process 12736 (thread 14316) with C:\q61py415\dll\wXsOlW.dll.
2026-05-28 17:44:16,087 [root] DEBUG: 14276: DLL loaded at 0x00007FFC19C60000: C:\Windows\system32\srumapi (0x14000 bytes).
2026-05-28 17:44:16,639 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2026-05-28 17:44:17,211 [root] DEBUG: 14276: DLL loaded at 0x00007FFC2A140000: C:\Windows\system32\Wldp (0x2d000 bytes).
2026-05-28 17:44:17,986 [root] DEBUG: Successfully injected DLL C:\q61py415\dll\wXsOlW.dll.
2026-05-28 17:44:20,843 [root] DEBUG: 14276: DLL loaded at 0x00007FFC288B0000: C:\Windows\SYSTEM32\windows.storage (0x79b000 bytes).
2026-05-28 17:44:21,410 [lib.api.process] INFO: Injected into 64-bit <Process 12736 dllhost.exe>
2026-05-28 17:44:21,750 [root] DEBUG: 14276: DLL loaded at 0x00007FFC213D0000: C:\Windows\system32\samcli (0x19000 bytes).
2026-05-28 17:44:21,913 [root] INFO: Announced 64-bit process name: dllhost.exe pid: 12736
2026-05-28 17:44:22,034 [lib.api.process] INFO: Monitor config for process 12736: C:\q61py415\dll\12736.ini
2026-05-28 17:44:22,033 [root] DEBUG: 14276: DLL loaded at 0x00007FFC27430000: C:\Windows\system32\SAMLIB (0x28000 bytes).
2026-05-28 17:44:22,152 [lib.api.process] INFO: Option 'interactive' with value '1' sent to monitor
2026-05-28 17:44:22,402 [lib.api.process] INFO: 64-bit DLL to inject is C:\q61py415\dll\wXsOlW.dll, loader C:\q61py415\bin\OCVwDwZX.exe
2026-05-28 17:44:22,402 [root] DEBUG: 14276: DLL loaded at 0x00007FFC29CA0000: C:\Windows\system32\netutils (0xc000 bytes).
2026-05-28 17:44:22,744 [root] DEBUG: 14276: OpenProcessHandler: Injection info created for process 92, handle 0x5cc:
2026-05-28 17:44:22,869 [root] DEBUG: 14276: DLL loaded at 0x00007FFC24B40000: C:\Windows\System32\ActXPrxy (0xa2000 bytes).
2026-05-28 17:44:22,950 [root] DEBUG: Loader: Injecting process 12736 (thread 14316) with C:\q61py415\dll\wXsOlW.dll.
2026-05-28 17:44:23,037 [root] DEBUG: 14276: OpenProcessHandler: Injection info created for process 436, handle 0x5cc: C:\Windows\System32\csrss.exe
2026-05-28 17:44:23,168 [root] DEBUG: 14276: DLL loaded at 0x00007FFC14D00000: C:\Windows\System32\thumbcache (0x66000 bytes).
2026-05-28 17:44:23,325 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2026-05-28 17:44:23,405 [root] DEBUG: 14276: OpenProcessHandler: Injection info created for process 524, handle 0x5cc: C:\Windows\System32\csrss.exe
2026-05-28 17:44:23,492 [root] DEBUG: 14276: DLL loaded at 0x00007FFC27140000: C:\Windows\system32\propsys (0xf6000 bytes).
2026-05-28 17:44:23,621 [root] DEBUG: Successfully injected DLL C:\q61py415\dll\wXsOlW.dll.
2026-05-28 17:44:23,853 [root] DEBUG: 14276: OpenProcessHandler: Injection info created for process 624, handle 0x5cc: C:\Windows\System32\services.exe
2026-05-28 17:44:23,994 [root] DEBUG: 14276: DLL loaded at 0x00007FFC25980000: C:\Windows\System32\twinapi.appcore (0x203000 bytes).
2026-05-28 17:44:24,035 [lib.api.process] INFO: Injected into 64-bit <Process 12736 dllhost.exe>
2026-05-28 17:44:24,091 [root] DEBUG: 14276: OpenProcessHandler: Injection info created for process 760, handle 0x5cc: C:\Windows\System32\svchost.exe
2026-05-28 17:44:24,227 [root] DEBUG: 14276: DLL loaded at 0x00007FFC19AE0000: C:\Windows\System32\Windows.ApplicationModel (0xe9000 bytes).
2026-05-28 17:44:24,362 [root] DEBUG: 760: CreateProcessHandler: Injection info set for new process 2700: C:\Windows\system32\DllHost.exe, ImageBase: 0x00007FF6ABE30000
2026-05-28 17:44:24,463 [root] DEBUG: 14276: OpenProcessHandler: Image base for process 760 (handle 0x5cc): 0x00007FF7B7570000.
2026-05-28 17:44:24,593 [root] DEBUG: 14276: DLL loaded at 0x00007FFC1BEB0000: C:\Windows\System32\Windows.StateRepositoryPS (0x146000 bytes).
2026-05-28 17:44:24,757 [root] INFO: Announced 64-bit process name: dllhost.exe pid: 2700
2026-05-28 17:44:24,849 [lib.api.process] INFO: Monitor config for process 2700: C:\q61py415\dll\2700.ini
2026-05-28 17:44:24,887 [root] DEBUG: 14276: OpenProcessHandler: Injection info created for process 780, handle 0x5cc: C:\Windows\System32\fontdrvhost.exe
2026-05-28 17:44:25,077 [lib.api.process] INFO: Option 'interactive' with value '1' sent to monitor
2026-05-28 17:44:25,151 [lib.api.process] INFO: 64-bit DLL to inject is C:\q61py415\dll\wXsOlW.dll, loader C:\q61py415\bin\OCVwDwZX.exe
2026-05-28 17:44:25,150 [root] DEBUG: 14276: OpenProcessHandler: Injection info created for process 928, handle 0x5cc: C:\Windows\System32\svchost.exe
2026-05-28 17:44:25,470 [root] DEBUG: 14276: OpenProcessHandler: Image base for process 928 (handle 0x5cc): 0x00007FF7B7570000.
2026-05-28 17:44:25,603 [root] DEBUG: Loader: Injecting process 2700 (thread 3912) with C:\q61py415\dll\wXsOlW.dll.
2026-05-28 17:44:25,690 [root] DEBUG: 14276: OpenProcessHandler: Injection info created for process 420, handle 0x5cc: C:\Windows\System32\svchost.exe
2026-05-28 17:44:25,816 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2026-05-28 17:44:25,893 [root] DEBUG: 14276: OpenProcessHandler: Image base for process 420 (handle 0x5cc): 0x00007FF7B7570000.
2026-05-28 17:44:25,978 [root] DEBUG: Successfully injected DLL C:\q61py415\dll\wXsOlW.dll.
2026-05-28 17:44:26,066 [root] DEBUG: 14276: OpenProcessHandler: Injection info created for process 688, handle 0x5cc: C:\Windows\System32\svchost.exe
2026-05-28 17:44:26,194 [lib.api.process] INFO: Injected into 64-bit <Process 2700 dllhost.exe>
2026-05-28 17:44:26,286 [root] DEBUG: 14276: OpenProcessHandler: Image base for process 688 (handle 0x5cc): 0x00007FF7B7570000.
2026-05-28 17:44:26,410 [root] INFO: Announced 64-bit process name: dllhost.exe pid: 2700
2026-05-28 17:44:26,508 [lib.api.process] INFO: Monitor config for process 2700: C:\q61py415\dll\2700.ini
2026-05-28 17:44:26,574 [lib.api.process] INFO: Option 'interactive' with value '1' sent to monitor
2026-05-28 17:44:26,574 [root] DEBUG: 14276: OpenProcessHandler: Injection info created for process 1108, handle 0x5cc: C:\Windows\System32\svchost.exe

Process Log

Pre-Script Log

During-Script Log

Machine Information

Name	Label	Manager	Started On	Shutdown On	Route
cuckoo1	cuckoo1	KVM	2026-05-28 17:41:27	2026-05-28 17:44:39	`none`

URL Details

Processing 0.79s

0.483s UrlAnalysis
0.285s BehaviorAnalysis
0.018s AnalysisInfo
0.001s Debug
0.001s script_log_processing

Signatures 0.74s

0.249s antiav_detectreg
0.085s infostealer_ftp
0.081s territorial_disputes_sigs
0.063s antianalysis_detectreg
0.048s infostealer_im
0.028s antivm_vbox_keys
0.019s antivm_vmware_keys
0.017s uses_windows_utilities
0.016s suspicious_command_tools
0.015s odbcconf_bypass
0.014s antivm_parallels_keys
0.014s antivm_xen_keys
0.01s antivm_generic_diskreg
0.009s antivm_vpc_keys
0.009s infostealer_mail
0.005s antiav_detectfile
0.005s antivm_bochs_keys
0.005s antivm_hyperv_keys
0.005s bypass_firewall
0.005s masquerade_process_name
0.004s disables_windows_defender_logging
0.004s removes_windows_defender_contextmenu
0.003s antivm_generic_bios
0.003s infostealer_bitcoin
0.003s ransomware_files
0.003s recon_fingerprint
0.002s antianalysis_detectfile
0.002s antivm_vbox_files
0.002s ketrican_regkeys
0.002s ransomware_extensions_known
0.001s accesses_netlogon_regkey
0.001s adds_admin_user
0.001s adds_user
0.001s overwrites_admin_password
0.001s antidebug_devices
0.001s antivm_vmware_files
0.001s checks_uac_status
0.001s uac_bypass_cmstpcom
0.001s discover_registry_mount_points
0.001s packer_armadillo_regkey
0.001s tampers_etw
0.001s uses_ms_protocol

Reporting 0.02s

0.017s JsonDump

Signatures

Checks available memory

Queries computer hostname

Queries the keyboard layout

Queries the computer locale (possible geofencing)

SetUnhandledExceptionFilter detected (possible anti-debug)

Checks system language via registry key (possible geofencing)

regkey: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-AU

regkey: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-AU

Queries process token information to check for Administrator privileges or UAC elevation status

Queried the FIPS cryptography policy, can be used to adapt C2 network encryption or by legitimate encryption software

behavioral_fips_reconnaissance: ["Taskmgr.exe (PID: 14276) probed FIPS encryption policy at 'HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\STE'", "Taskmgr.exe (PID: 14276) probed FIPS encryption policy at 'HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\MDMEnabled'", "Taskmgr.exe (PID: 14276) probed FIPS encryption policy at 'HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy'", "Taskmgr.exe (PID: 14276) probed FIPS encryption policy at 'HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\Enabled'", "Taskmgr.exe (PID: 14276) probed FIPS encryption policy at 'HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Lsa\\FipsAlgorithmPolicy'"]

Queries the mount points and then resolves volume paths to enumerate storage devices

A DLL was loaded from a suspicious directory

suspicious_dll_load: Process msedge.exe loaded a DLL from a suspicious directory, this is possibly indicative of DLL side loading/search order hijacking

Registers a vectored exception handler (VEH), possibly to hijack execution flow

Creates a process in a suspended state, likely for injection

Resumed a thread in another process

thread_resumed: Process explorer.exe with process ID 4248 resumed a thread in another process with the process ID 14276

Reads from the memory of another process

read_memory: Process taskmgr.exe with process ID 14276 read from the memory of process handle 0x000005cc

Queries registry mount points to identify historical or connected removable/network drives

mount_point_key: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{e32a94c0-5af2-11f1-ae2c-806e6f6e6963}\

mount_point_key: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{528c102f-0000-0000-0000-300300000000}\Data

mount_point_key: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{e32a94c0-5af2-11f1-ae2c-806e6f6e6963}\Generation

mount_point_key: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{528c102f-0000-0000-0000-c0dd0e000000}\Data

mount_point_key: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{528c102f-0000-0000-0000-100000000000}\Data

mount_point_key: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{528c102f-0000-0000-0000-100000000000}\Generation

mount_point_key: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{528c102f-0000-0000-0000-300300000000}\

mount_point_key: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{e32a94c0-5af2-11f1-ae2c-806e6f6e6963}\Data

mount_point_key: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{528c102f-0000-0000-0000-100000000000}\

mount_point_key: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{528c102f-0000-0000-0000-c0dd0e000000}\

mount_point_key: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{528c102f-0000-0000-0000-300300000000}\Generation

mount_point_key: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{528c102f-0000-0000-0000-c0dd0e000000}\Generation

Tries to unhook or modify Windows functions monitored by CAPE

unhook: function_name: CommandLineToArgvW, type: restored

Seek in progress...

00:00 / 00:00

Summary

Accessed Files Modified Files Registry Keys Read Registry Keys Deleted Registry Keys Executed Commands Mutexes Started Services

\Device\Bam
C:\
C:\Windows\
C:\Windows\System32\
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations
C:\Users\admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk
C:\Users\admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar
C:\Windows\apppatch\sysmain.sdb
C:\Program Files\
C:\Program Files\Google\
C:\Program Files\Google\Chrome\Application\
C:\Program Files (x86)\Microsoft\
C:\Program Files (x86)\Microsoft\Edge\Application\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
C:\Users\admin
C:\Users\admin\AppData\Local
C:\Users\admin\AppData\Local\Microsoft\Windows\Explorer
C:\Users\admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db
C:\Users\admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_32.db
C:\program files (x86)\microsoft\Edge\application\msedge.exe
C:\program files (x86)\microsoft\Edge\SystemResources\msedge.exe.mun
C:\Windows\System32\SecurityHealthSSO.dll
C:\Windows\System32\twinui.pcshell.dll
C:\Windows\System32\storageusage.dll
C:\Windows\System32
C:\Windows\System32\Taskmgr.exe
C:\Windows\System32\Taskmgr.exe\
C:\Windows
C:
\??\MountPointManager
\??\Volume{528c102f-0000-0000-0000-300300000000}
C:\Windows\System32\en-US\taskmgr.exe.mui
C:\Windows\WinSxS\FileMaps\$$_system32_21f9a9c4a2f8b514.cdf-ms
C:\Windows\System32\usp10.dll
C:\Windows\Globalization\Sorting\sortdefault.nls
\??\pipe\crashpad_2208_BWQPYTKWQIYHENVA
C:\Program Files (x86)\Microsoft\Edge\Application\148.0.3967.83\148.0.3967.83\msedge.dll
C:\Program Files (x86)\Microsoft\Edge\Application\148.0.3967.83\msedge.dll
C:\Program Files (x86)\Microsoft\Edge\Application\148.0.3967.83\icudtl.dat
C:\Program Files (x86)\Microsoft\Edge\Application\148.0.3967.83\v8_context_snapshot.bin
C:\Program Files (x86)\Microsoft\Edge\Application\148.0.3967.83\msedge_100_percent.pak
C:\Program Files (x86)\Microsoft\Edge\Application\148.0.3967.83\msedge_200_percent.pak
C:\Program Files (x86)\Microsoft\Edge\Application\148.0.3967.83\Locales
C:\Program Files (x86)\Microsoft\Edge\Application\148.0.3967.83\Locales\en-US.pak
C:\Program Files (x86)\Microsoft\Edge\Application\148.0.3967.83\resources.pak
C:\Windows\System32\kernel.appcore.dll
C:\Windows\System32\policymanager.dll
C:\Program Files (x86)\Microsoft\Edge\Application\msvcp110_win.dll
C:\Windows\System32\msvcp110_win.dll
C:\Windows\System32\usermgrcli.dll
C:\Windows\System32\capauthz.dll
C:\Program Files (x86)\Microsoft\Edge\Application\MSASN1.dll
C:\Windows\System32\msasn1.dll
C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.MicrosoftEdge.Stable_148.0.3967.83_neutral__8wekyb3d8bbwe\S-1-5-21-3968686040-3210279463-847977608-1001.pckgdep
C:\Windows\System32\en-US\KERNELBASE.dll.mui
C:\Windows\SysWOW64\propsys.dll
C:\Windows\System32\propsys.dll
C:\Users\admin\AppData\Local\Packages\Microsoft.MicrosoftEdge.Stable_8wekyb3d8bbwe
C:\Users\admin\AppData\Local\Packages\Microsoft.MicrosoftEdge.Stable_8wekyb3d8bbwe\
C:\Users\admin\AppData\Local\Packages
C:\Users\admin\AppData\Local\Packages\
C:\Users\admin\AppData\Local\
C:\Users\admin\AppData
C:\Users\admin\AppData\
C:\Users\admin\
C:\Users
C:\Users\
\Device\DeviceApi\CMApi
C:\Users\admin\AppData\Local\Packages\Microsoft.MicrosoftEdge.Stable_8wekyb3d8bbwe\LocalState\ToastCollectionIcons\*
\??\PhysicalDrive0
C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.Windows.Search_1.14.10.19041_neutral_neutral_cw5n1h2txyewy\S-1-5-21-3968686040-3210279463-847977608-1001.pckgdep
C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.Windows.Search_1.14.10.19041_neutral_neutral_cw5n1h2txyewy\S-1-5-18.pckgdep
C:\Windows\System32\umpdc.dll
C:\Windows\WindowsShell.Manifest
\Device\CNG
C:\Windows\System32\taskmgr.exe.3.Manifest
C:\Windows\Fonts\staticcache.dat
C:\Windows\System32\TextShaping.dll
C:\Windows\System32\textinputframework.dll
C:\Windows\System32\CoreUIComponents.dll
C:\Windows\System32\CoreMessaging.dll
C:\Windows\System32\ntmarta.dll
C:\Windows\System32\WinTypes.dll
\Device\PcwDrv
C:\Windows\System32\wtsapi32.dll
C:\Windows\System32\winsta.dll
C:\Windows\System32\WindowsCodecs.dll
C:\Windows\System32\WDI\LogFiles\StartupInfo\S-1-5-21-3968686040-3210279463-847977608-1001_StartupInfo1.xml
C:\Windows\System32\WDI\LogFiles\StartupInfo\S-1-5-21-3968686040-3210279463-847977608-1001_StartupInfo2.xml
C:\Windows\System32\WDI\LogFiles\StartupInfo\S-1-5-21-3968686040-3210279463-847977608-1001_StartupInfo3.xml
C:\Windows\System32\WDI\LogFiles\StartupInfo\S-1-5-21-3968686040-3210279463-847977608-1001_StartupInfo4.xml
C:\Windows\System32\WDI\LogFiles\StartupInfo\S-1-5-21-3968686040-3210279463-847977608-1001_StartupInfo5.xml
C:\Windows\System32\xmllite.dll
C:\Program Files (x86)\Steam\bin\cef\cef.win64\steamwebhelper.exe
C:\Program Files\Google\Chrome\Application\PlatformExperienceHelper\platform_experience_helper.exe
C:\Program Files\Google\Chrome\Application\148.0.7778.217\Installer\chrmstp.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\System32\oleacc.dll
C:\Windows\System32\en-US\OLEACCRC.DLL.mui
C:\Windows\System32\UxTheme.dll.Config
C:\Windows\System32\uxtheme.dll
C:\Windows\System32\resmon.exe
C:\Windows\System32\windows.storage.dll
C:\Windows\System32\wldp.dll
C:\Windows\System32\samcli.dll
C:\Program Files
C:\Windows\System32\reg.exe
C:\Users\admin\AppData\Local\Discord\app-1.0.9238\Discord.exe
C:\Program Files (x86)\Steam\steamsysinfo.exe
C:\Windows\System32\SecurityHealthSystray.exe
C:\Users\admin\AppData\Local\Microsoft\WindowsApps\python.exe
C:\Users\admin\AppData\Local\Python\pythoncore-3.14-64\python.exe
C:\Users\admin\AppData\Local\Discord\Update.exe
C:\Program Files (x86)\Steam\steam.exe
C:\Users\admin\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.*
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\*.*
C:\Windows\System32\en-US\SecurityHealthSystray.exe.mui
C:\Windows\System32\en\SecurityHealthSystray.exe.mui
C:\Windows\System32\shell32.dll
C:\Users\admin\AppData\Local\IconCache.db
C:\Windows\System32\samlib.dll
C:\Windows\System32\netutils.dll
C:\Windows\System32\en-US\csrss.exe.mui
C:\Users\admin\AppData\Local\Microsoft\Windows\Explorer\IconCacheToDelete
C:\Users\admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_16.db
C:\Users\admin\AppData\Local\Microsoft\Windows\Caches
C:\Users\admin\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
C:\Users\admin\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000002.db
C:\Users\desktop.ini
C:\Users\admin\AppData\Local\Microsoft
C:\Users\admin\AppData\Local\Microsoft\WindowsApps
C:\Users\admin\AppData\Local\Microsoft\WindowsApps\desktop.ini
C:\Windows\System32\en-US\propsys.dll.mui
C:\Users\admin\AppData\Local\microsoft\windowsapps\python.exe
C:\Windows\System32\imageres.dll
C:\Windows\System32\en-US\imageres.dll.mui
C:\Windows\System32\SystemResources\imageres.dll.mui.mun
C:\Windows\SystemResources\imageres.dll.mun
C:\Windows\System32\conhost.exe
C:\??\c:\windows\system32\conhost.exe
C:\Users\admin\AppData\Local\SystemResources\update.exe.mun
C:\Windows\System32\en-US\reg.exe.mui
C:\Windows\SystemResources\reg.exe.mun
C:\Users\admin\AppData\Local\Discord\app-1.0.9238\modules\discord_voice-1\discord_voice\gpu_encoder_helper.exe
C:\Users\admin\AppData\Local\Discord\app-1.0.9238\modules\discord_voice-1\SystemResources\gpu_encoder_helper.exe.mun
C:\Windows\System32\bin\vulkandriverquery64.exe
C:\Windows\System32\bin\vulkandriverquery.exe
C:\Windows\System32\bin\gldriverquery64.exe
C:\Windows\System32\bin\gldriverquery.exe
C:\Program Files (x86)
C:\Program Files (x86)\desktop.ini
C:\Program Files (x86)\Steam
C:\program files (x86)\Steam\steamsysinfo.exe
C:\program files (x86)\SystemResources\steamsysinfo.exe.mun
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
C:\Windows\System32\en-US\services.exe.mui
C:\Windows\System32\en-US\svchost.exe.mui

C:\Users\admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db
C:\Users\admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_32.db
\??\pipe\crashpad_2208_BWQPYTKWQIYHENVA
C:\Users\admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_16.db

HKEY_LOCAL_MACHINE\Software\WOW6432Node\Microsoft\EdgeUpdate\Clients\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\EdgeUpdate\Clients\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}\channel
HKEY_LOCAL_MACHINE\Software\WOW6432Node\Microsoft\EdgeUpdate\ClientState\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\EdgeUpdate\ClientState\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}\ap
HKEY_LOCAL_MACHINE\Software\WOW6432Node\Microsoft\EdgeUpdate\ClientState\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}\cohort
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\EdgeUpdate\ClientState\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}\cohort\name
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\CustomLocale
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-AU
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\ExtendedLocale
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-AU
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Versions\000603xx
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Sorting\Ids
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Ids\en-AU
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Ids\en
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\OEM
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\OEM\DeviceForm
HKEY_CURRENT_USER
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\Personalize
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\Personalize\AppsUseLightTheme
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-US
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-US
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\UBR
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\DisplayVersion
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{628ACE20-B77A-456F-A88D-547DB6CEEDD5}\LocalServer32
HKEY_CURRENT_USER\Software\Classes
HKEY_LOCAL_MACHINE\Software\Microsoft\COM3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\COM3\Com+Enabled
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Background.BackgroundExecutionManager
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Background.BackgroundExecutionManager\ActivationType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Background.BackgroundExecutionManager\Server
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Background.BackgroundExecutionManager\DllPath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Background.BackgroundExecutionManager\Threading
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Background.BackgroundExecutionManager\TrustLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Background.BackgroundExecutionManager\CustomAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Background.BackgroundExecutionManager\RemoteServer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Background.BackgroundExecutionManager\ActivateAsUser
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Background.BackgroundExecutionManager\ActivateInSharedBroker
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Background.BackgroundExecutionManager\ActivateInBrokerForMediumILContainer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Background.BackgroundExecutionManager\Permissions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Background.BackgroundExecutionManager\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\Diagnosis
HKEY_LOCAL_MACHINE\Software\Microsoft\OLE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\MaxSxSHashCount
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.Diagnostics.AsyncCausalityTracer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.Diagnostics.AsyncCausalityTracer\ActivationType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.Diagnostics.AsyncCausalityTracer\Server
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.Diagnostics.AsyncCausalityTracer\DllPath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.Diagnostics.AsyncCausalityTracer\Threading
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.Diagnostics.AsyncCausalityTracer\TrustLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.Diagnostics.AsyncCausalityTracer\CustomAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.Diagnostics.AsyncCausalityTracer\RemoteServer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.Diagnostics.AsyncCausalityTracer\ActivateAsUser
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.Diagnostics.AsyncCausalityTracer\ActivateInSharedBroker
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.Diagnostics.AsyncCausalityTracer\ActivateInBrokerForMediumILContainer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.Diagnostics.AsyncCausalityTracer\Permissions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.Diagnostics.AsyncCausalityTracer\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.Notifications.ToastNotificationManager
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.Notifications.ToastNotificationManager\ActivationType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.Notifications.ToastNotificationManager\Server
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.Notifications.ToastNotificationManager\DllPath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.Notifications.ToastNotificationManager\Threading
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.Notifications.ToastNotificationManager\TrustLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.Notifications.ToastNotificationManager\CustomAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.Notifications.ToastNotificationManager\RemoteServer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.Notifications.ToastNotificationManager\ActivateAsUser
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.Notifications.ToastNotificationManager\ActivateInSharedBroker
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.Notifications.ToastNotificationManager\ActivateInBrokerForMediumILContainer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.Notifications.ToastNotificationManager\Permissions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.Notifications.ToastNotificationManager\ActivateOnHostFlags
HKEY_CURRENT_USER\Software\Classes\Interface\{E1CDD77A-65D3-4DB0-B339-21F6A48CC2FF}
HKEY_CURRENT_USER\Software\Classes\Interface\{E1CDD77A-65D3-4db0-B339-21F6A48CC2FF}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E1CDD77A-65D3-4db0-B339-21F6A48CC2FF}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E1CDD77A-65D3-4db0-B339-21F6A48CC2FF}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Classes\Interface\{00000035-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{00000035-0000-0000-C000-000000000046}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{00000035-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AF86E2E0-B12D-4c6a-9C5A-D7AA65101E90}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Classes\Interface\{428D4DDD-3462-43DF-9395-1EFF13AE7A4B}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{428D4DDD-3462-43DF-9395-1EFF13AE7A4B}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{428D4DDD-3462-43DF-9395-1EFF13AE7A4B}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Classes\CLSID\{B03C2205-F02E-4D77-80DF-E1747AFDD39C}
HKEY_CURRENT_USER\Software\Classes\CLSID\{b03c2205-f02e-4d77-80df-e1747afdd39c}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b03c2205-f02e-4d77-80df-e1747afdd39c}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b03c2205-f02e-4d77-80df-e1747afdd39c}\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b03c2205-f02e-4d77-80df-e1747afdd39c}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b03c2205-f02e-4d77-80df-e1747afdd39c}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b03c2205-f02e-4d77-80df-e1747afdd39c}\InprocServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b03c2205-f02e-4d77-80df-e1747afdd39c}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b03c2205-f02e-4d77-80df-e1747afdd39c}\InprocServer32\ThreadingModel
HKEY_CURRENT_USER\Software\Classes\CLSID\{b03c2205-f02e-4d77-80df-e1747afdd39c}\InprocHandler32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b03c2205-f02e-4d77-80df-e1747afdd39c}\InprocHandler32
HKEY_CURRENT_USER\Software\Classes\CLSID\{b03c2205-f02e-4d77-80df-e1747afdd39c}\InprocHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b03c2205-f02e-4d77-80df-e1747afdd39c}\InprocHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b03c2205-f02e-4d77-80df-e1747afdd39c}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b03c2205-f02e-4d77-80df-e1747afdd39c}\AppID
HKEY_CURRENT_USER\Software\Classes\CLSID\{b03c2205-f02e-4d77-80df-e1747afdd39c}\LocalServer
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b03c2205-f02e-4d77-80df-e1747afdd39c}\LocalServer
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b03c2205-f02e-4d77-80df-e1747afdd39c}\Elevation
HKEY_CURRENT_USER\Software\Classes\Interface\{50AC103F-D235-4598-BBEF-98FE4D1A3AD4}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{50ac103f-d235-4598-bbef-98fe4d1a3ad4}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{50ac103f-d235-4598-bbef-98fe4d1a3ad4}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Classes\CLSID\{6DB7CD52-E3B7-4ECC-BB1F-388AEEF6BB50}
HKEY_CURRENT_USER\Software\Classes\CLSID\{6db7cd52-e3b7-4ecc-bb1f-388aeef6bb50}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6db7cd52-e3b7-4ecc-bb1f-388aeef6bb50}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6db7cd52-e3b7-4ecc-bb1f-388aeef6bb50}\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6db7cd52-e3b7-4ecc-bb1f-388aeef6bb50}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6db7cd52-e3b7-4ecc-bb1f-388aeef6bb50}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6db7cd52-e3b7-4ecc-bb1f-388aeef6bb50}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6db7cd52-e3b7-4ecc-bb1f-388aeef6bb50}\InProcServer32\ThreadingModel
HKEY_CURRENT_USER\Software\Classes\CLSID\{6db7cd52-e3b7-4ecc-bb1f-388aeef6bb50}\InprocHandler32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6db7cd52-e3b7-4ecc-bb1f-388aeef6bb50}\InprocHandler32
HKEY_CURRENT_USER\Software\Classes\CLSID\{6db7cd52-e3b7-4ecc-bb1f-388aeef6bb50}\InprocHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6db7cd52-e3b7-4ecc-bb1f-388aeef6bb50}\InprocHandler
HKEY_CURRENT_USER\Software\Classes\CLSID\{6db7cd52-e3b7-4ecc-bb1f-388aeef6bb50}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6db7cd52-e3b7-4ecc-bb1f-388aeef6bb50}\InProcServer32\InprocServer32
HKEY_CURRENT_USER\Software\Classes\CLSID\{6db7cd52-e3b7-4ecc-bb1f-388aeef6bb50}\InProcServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6db7cd52-e3b7-4ecc-bb1f-388aeef6bb50}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6db7cd52-e3b7-4ecc-bb1f-388aeef6bb50}\AppID
HKEY_CURRENT_USER\Software\Classes\CLSID\{6db7cd52-e3b7-4ecc-bb1f-388aeef6bb50}\LocalServer
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6db7cd52-e3b7-4ecc-bb1f-388aeef6bb50}\LocalServer
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6db7cd52-e3b7-4ecc-bb1f-388aeef6bb50}\Elevation
HKEY_CURRENT_USER\Software\Classes\Interface\{3BC3D253-2F31-4092-9129-8AD5ABF067DA}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3bc3d253-2f31-4092-9129-8ad5abf067da}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3bc3d253-2f31-4092-9129-8ad5abf067da}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\Software\Microsoft\PolicyManager\default\Privacy\LetAppsRunInBackground_UserInControlOfTheseApps
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Privacy\LetAppsRunInBackground_UserInControlOfTheseApps\PolicyType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Privacy\LetAppsRunInBackground_UserInControlOfTheseApps\RegKeyPathRedirect
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Privacy\LetAppsRunInBackground_UserInControlOfTheseApps\grouppolicyname
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Privacy\LetAppsRunInBackground_UserInControlOfTheseApps\grouppolicypath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Privacy\LetAppsRunInBackground_UserInControlOfTheseApps\grouppolicyismultisz
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Privacy\LetAppsRunInBackground_UserInControlOfTheseApps\grouppolicymultiszSeparatorChar
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Privacy\LetAppsRunInBackground_UserInControlOfTheseApps\ADMXMetadataUser
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Privacy\LetAppsRunInBackground_UserInControlOfTheseApps\ADMXMetadataBoth
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Privacy\LetAppsRunInBackground_UserInControlOfTheseApps\30Value
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Privacy\LetAppsRunInBackground_UserInControlOfTheseApps\Value
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\AppPrivacy
HKEY_LOCAL_MACHINE\Software\Microsoft\PolicyManager\current\Device\Privacy
HKEY_LOCAL_MACHINE\Software\Microsoft\PolicyManager\default\Privacy\LetAppsRunInBackground_ForceAllowTheseApps
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Privacy\LetAppsRunInBackground_ForceAllowTheseApps\PolicyType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Privacy\LetAppsRunInBackground_ForceAllowTheseApps\Behavior
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Privacy\LetAppsRunInBackground_ForceAllowTheseApps\MergeAlgorithm
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Privacy\LetAppsRunInBackground_ForceAllowTheseApps\RegKeyPathRedirectMapped
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Privacy\LetAppsRunInBackground_ForceAllowTheseApps\RegKeyPathRedirect
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Privacy\LetAppsRunInBackground_ForceAllowTheseApps\grouppolicyname
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Privacy\LetAppsRunInBackground_ForceAllowTheseApps\grouppolicypath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Privacy\LetAppsRunInBackground_ForceAllowTheseApps\grouppolicyismultisz
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Privacy\LetAppsRunInBackground_ForceAllowTheseApps\grouppolicymultiszSeparatorChar
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Privacy\LetAppsRunInBackground_ForceAllowTheseApps\ADMXMetadataUser
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Privacy\LetAppsRunInBackground_ForceAllowTheseApps\ADMXMetadataDevice
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Privacy\LetAppsRunInBackground_ForceAllowTheseApps\ADMXMetadataBoth
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Privacy\LetAppsRunInBackground_ForceAllowTheseApps\30Value
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Privacy\LetAppsRunInBackground_ForceAllowTheseApps\Value
HKEY_LOCAL_MACHINE\Software\Microsoft\PolicyManager\default\Privacy\LetAppsRunInBackground_ForceDenyTheseApps
HKEY_CURRENT_USER\Software\Classes\CLSID\{0c9281f9-6da1-4006-8729-de6e6b61581c}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Privacy\LetAppsRunInBackground_ForceDenyTheseApps\PolicyType
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0c9281f9-6da1-4006-8729-de6e6b61581c}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Privacy\LetAppsRunInBackground_ForceDenyTheseApps\Behavior
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Privacy\LetAppsRunInBackground_ForceDenyTheseApps\MergeAlgorithm
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Privacy\LetAppsRunInBackground_ForceDenyTheseApps\RegKeyPathRedirectMapped
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Privacy\LetAppsRunInBackground_ForceDenyTheseApps\RegKeyPathRedirect
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Privacy\LetAppsRunInBackground_ForceDenyTheseApps\grouppolicyname
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0c9281f9-6da1-4006-8729-de6e6b61581c}\InprocServer32
HKEY_CURRENT_USER\Software\Classes\CLSID\{0c9281f9-6da1-4006-8729-de6e6b61581c}\InprocHandler32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Privacy\LetAppsRunInBackground_ForceDenyTheseApps\grouppolicymultiszSeparatorChar
HKEY_CURRENT_USER\Software\Classes\CLSID\{0c9281f9-6da1-4006-8729-de6e6b61581c}\InprocHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Privacy\LetAppsRunInBackground_ForceDenyTheseApps\ADMXMetadataUser
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Privacy\LetAppsRunInBackground_ForceDenyTheseApps\ADMXMetadataDevice
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Privacy\LetAppsRunInBackground_ForceDenyTheseApps\ADMXMetadataBoth
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\Software\Microsoft\PolicyManager\default\Privacy\LetAppsRunInBackground
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Privacy\LetAppsRunInBackground\PolicyType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Privacy\LetAppsRunInBackground\Behavior
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Privacy\LetAppsRunInBackground\MergeAlgorithm
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Privacy\LetAppsRunInBackground\RegKeyPathRedirectMapped
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Privacy\LetAppsRunInBackground\RegKeyPathRedirect
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Privacy\LetAppsRunInBackground\grouppolicyname
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Privacy\LetAppsRunInBackground\grouppolicypath
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DF8E9480-CA73-448E-B8F0-DA000F581428}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Privacy\LetAppsRunInBackground\grouppolicymultiszSeparatorChar
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Privacy\LetAppsRunInBackground\ADMXMetadataUser
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Privacy\LetAppsRunInBackground\ADMXMetadataDevice
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Privacy\LetAppsRunInBackground\ADMXMetadataBoth
HKEY_CURRENT_USER\Software\Classes\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Privacy\LetAppsRunInBackground\30Value
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.User\Server
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.User\DllPath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.User\Threading
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\InProcServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.User\CustomAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.User\ActivateAsUser
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.User\ActivateInSharedBroker
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.User\ActivateInBrokerForMediumILContainer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.User\Permissions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.User\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\Server
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\Server\StateRepository
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\Server\StateRepository\ExePath
HKEY_CURRENT_USER\Software\Classes\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\InprocHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\Server\StateRepository\CommandLine
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\Server\StateRepository\IdentityType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\Server\StateRepository\Permissions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\Server\StateRepository\ActivatableClasses
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\Server\StateRepository\AppId
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\Server\StateRepository\Identity
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\Server\StateRepository\ServiceName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\Server\StateRepository\ExplicitPsmActivationType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\Server\StateRepository\CustomAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\InProcServer32\ThreadingModel
HKEY_CURRENT_USER\Software\Classes\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\InprocHandler32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\InprocHandler32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\InprocHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\AppID
HKEY_CURRENT_USER\Software\Classes\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\LocalServer
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\LocalServer
HKEY_CURRENT_USER\Software\Classes\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\Elevation
HKEY_CURRENT_USER\Software\Classes\Interface\{84103CCB-2FD7-4D6C-962E-5D8582B4C720}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{84103ccb-2fd7-4d6c-962e-5d8582b4c720}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Classes\CLSID\{C53E07EC-25F3-4093-AA39-FC67EA22E99D}
HKEY_CURRENT_USER\Software\Classes\CLSID\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\InProcServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\InProcServer32\(Default)
HKEY_CURRENT_USER\Software\Classes\CLSID\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\InprocHandler32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\InprocHandler32
HKEY_CURRENT_USER\Software\Classes\CLSID\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\InprocHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\InprocHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\InProcServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\AppID
HKEY_CURRENT_USER\Software\Classes\CLSID\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\LocalServer
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\LocalServer
HKEY_CURRENT_USER\Software\Classes\Interface\{DCAEE35A-508D-4419-9E56-50D658C2C812}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DCAEE35A-508D-4419-9E56-50D658C2C812}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DCAEE35A-508D-4419-9E56-50D658C2C812}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{C53E07EC-25F3-4093-AA39-FC67EA22E99D}
HKEY_CURRENT_USER\Software\Classes\Interface\{5232F8EA-49C7-4840-BFBB-66E785689E88}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5232f8ea-49c7-4840-bfbb-66e785689e88}\ProxyStubClsid32
HKEY_CURRENT_USER\Software\Classes\Interface\{5232f8ea-49c7-4840-bfbb-66e785689e88}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5232f8ea-49c7-4840-bfbb-66e785689e88}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.Package
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.Package\ActivationType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.Package\Server
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.Package\DllPath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.Package\Threading
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{926516E8-D891-45BC-9DE5-6959FB8ECAC5}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.Package\CustomAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.Package\RemoteServer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.Package\ActivateAsUser
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.Package\ActivateInSharedBroker
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.Package\ActivateInBrokerForMediumILContainer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.Package\Permissions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.Package\ActivateOnHostFlags
HKEY_CURRENT_USER\Software\Classes\Interface\{A819F3DE-60AA-5159-8407-F0A7FB1F6832}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{a819f3de-60aa-5159-8407-f0a7fb1f6832}\ProxyStubClsid32
HKEY_CURRENT_USER\Software\Classes\Interface\{0450CE77-AF0D-40AC-93FD-1E5D48C89419}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0450ce77-af0d-40ac-93fd-1e5d48c89419}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Classes\Interface\{195F5943-0C04-4EAB-B907-735817FDAC77}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{195f5943-0c04-4eab-b907-735817fdac77}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{195f5943-0c04-4eab-b907-735817fdac77}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\msasn1
HKEY_CURRENT_USER\Software\Classes\Interface\{D6F5F569-D40D-407C-8989-88CAB42CFD14}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D6F5F569-D40D-407C-8989-88CAB42CFD14}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D6F5F569-D40D-407C-8989-88CAB42CFD14}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Classes\Interface\{79AB57F6-43FE-487B-8A7F-99567200AE94}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{79ab57f6-43fe-487b-8a7f-99567200ae94}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{79ab57f6-43fe-487b-8a7f-99567200ae94}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Classes\Interface\{679C64B7-81AB-42C2-8819-C958767753F4}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{679C64B7-81AB-42C2-8819-C958767753F4}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{679C64B7-81AB-42C2-8819-C958767753F4}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\Software\Microsoft\SecurityManager\CapAuthz
HKEY_LOCAL_MACHINE\Software\Microsoft\SecurityManager\CapAuthz\HasRepaired
HKEY_LOCAL_MACHINE\Software\Microsoft\SecurityManager\CapAuthz\HasRepaired\VolatileChildTest
HKEY_LOCAL_MACHINE\Software\Microsoft\SecurityManager\CapDBRedirect
HKEY_LOCAL_MACHINE\Software\Microsoft\SecurityManager\CapAuthz\ApplicationsEx\Microsoft.MicrosoftEdge.Stable_148.0.3967.83_neutral__8wekyb3d8bbwe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SecurityManager\CapAuthz\ApplicationsEx\Microsoft.MicrosoftEdge.Stable_148.0.3967.83_neutral__8wekyb3d8bbwe\AppPackageType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SecurityManager\CapAuthz\ApplicationsEx\Microsoft.MicrosoftEdge.Stable_148.0.3967.83_neutral__8wekyb3d8bbwe\PackageSid
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SecurityManager\CapAuthz\ApplicationsEx\Microsoft.MicrosoftEdge.Stable_148.0.3967.83_neutral__8wekyb3d8bbwe\CapSids
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SecurityManager\CapAuthz\ApplicationsEx\Microsoft.MicrosoftEdge.Stable_148.0.3967.83_neutral__8wekyb3d8bbwe\ApplicationFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Privacy\LetAppsRunInBackground_UserInControlOfTheseApps\Behavior
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Privacy\LetAppsRunInBackground_UserInControlOfTheseApps\MergeAlgorithm
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Privacy\LetAppsRunInBackground_UserInControlOfTheseApps\RegKeyPathRedirectMapped
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Privacy\LetAppsRunInBackground_UserInControlOfTheseApps\ADMXMetadataDevice
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Privacy\LetAppsRunInBackground_ForceDenyTheseApps\grouppolicypath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Privacy\LetAppsRunInBackground_ForceDenyTheseApps\grouppolicyismultisz
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Privacy\LetAppsRunInBackground_ForceDenyTheseApps\30Value
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Privacy\LetAppsRunInBackground_ForceDenyTheseApps\Value
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Privacy\LetAppsRunInBackground\grouppolicyismultisz
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Privacy\LetAppsRunInBackground\Value
HKEY_LOCAL_MACHINE
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Appx
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\PackageRepositoryRoot
HKEY_CURRENT_USER\Software\Classes\Interface\{F655B052-348B-4AB0-947B-A7DAFA44D404}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F655B052-348B-4AB0-947B-A7DAFA44D404}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F655B052-348B-4AB0-947B-A7DAFA44D404}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Classes\Interface\{58058629-16A1-438A-90C8-7E954B3734B1}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{58058629-16A1-438A-90C8-7E954B3734B1}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{58058629-16A1-438A-90C8-7E954B3734B1}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Classes\Interface\{23EB7394-4610-4807-BAEC-9A72F86FFA0B}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{23EB7394-4610-4807-BAEC-9A72F86FFA0B}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{23EB7394-4610-4807-BAEC-9A72F86FFA0B}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Classes\Interface\{2A1821FE-179D-49BC-B79D-A527920D3665}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2A1821FE-179D-49BC-B79D-A527920D3665}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2A1821FE-179D-49BC-B79D-A527920D3665}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.LimitedAccessFeatures
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.LimitedAccessFeatures\ActivationType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.LimitedAccessFeatures\Server
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.LimitedAccessFeatures\DllPath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.LimitedAccessFeatures\Threading
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.LimitedAccessFeatures\TrustLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.LimitedAccessFeatures\CustomAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.LimitedAccessFeatures\RemoteServer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.LimitedAccessFeatures\ActivateAsUser
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.LimitedAccessFeatures\ActivateInSharedBroker
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.LimitedAccessFeatures\ActivateInBrokerForMediumILContainer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.LimitedAccessFeatures\Permissions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.LimitedAccessFeatures\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\Software\Microsoft\LanguageOverlay\OverlayPackages\en-US
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\AppModel\LimitedAccessFeatures
HKEY_CURRENT_USER\Software\Classes\Interface\{C5543B33-5C73-4DC5-9211-24077D3B06C5}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\LimitedAccessFeatures\com.microsoft.windows.taskbar.requestPinSecondaryTile\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C5543B33-5C73-4DC5-9211-24077D3B06C5}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C5543B33-5C73-4DC5-9211-24077D3B06C5}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Cryptography.CryptographicBuffer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Cryptography.CryptographicBuffer\ActivationType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Cryptography.CryptographicBuffer\Server
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Cryptography.CryptographicBuffer\DllPath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Cryptography.CryptographicBuffer\Threading
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Cryptography.CryptographicBuffer\TrustLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Cryptography.CryptographicBuffer\CustomAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Cryptography.CryptographicBuffer\RemoteServer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Cryptography.CryptographicBuffer\ActivateAsUser
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Cryptography.CryptographicBuffer\ActivateInSharedBroker
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Cryptography.CryptographicBuffer\ActivateInBrokerForMediumILContainer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Cryptography.CryptographicBuffer\Permissions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Cryptography.CryptographicBuffer\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Cryptography.Core.HashAlgorithmNames
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Cryptography.Core.HashAlgorithmNames\ActivationType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Cryptography.Core.HashAlgorithmNames\Server
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Cryptography.Core.HashAlgorithmNames\DllPath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Cryptography.Core.HashAlgorithmNames\Threading
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Cryptography.Core.HashAlgorithmNames\TrustLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Cryptography.Core.HashAlgorithmNames\CustomAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Cryptography.Core.HashAlgorithmNames\RemoteServer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Cryptography.Core.HashAlgorithmNames\ActivateAsUser
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Cryptography.Core.HashAlgorithmNames\ActivateInSharedBroker
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Cryptography.Core.HashAlgorithmNames\ActivateInBrokerForMediumILContainer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Cryptography.Core.HashAlgorithmNames\Permissions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Cryptography.Core.HashAlgorithmNames\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Cryptography.Core.HashAlgorithmProvider
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Cryptography.Core.HashAlgorithmProvider\ActivationType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Cryptography.Core.HashAlgorithmProvider\Server
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Cryptography.Core.HashAlgorithmProvider\DllPath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Cryptography.Core.HashAlgorithmProvider\Threading
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Cryptography.Core.HashAlgorithmProvider\TrustLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Cryptography.Core.HashAlgorithmProvider\CustomAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Cryptography.Core.HashAlgorithmProvider\RemoteServer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Cryptography.Core.HashAlgorithmProvider\ActivateAsUser
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Cryptography.Core.HashAlgorithmProvider\ActivateInSharedBroker
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Cryptography.Core.HashAlgorithmProvider\ActivateInBrokerForMediumILContainer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Cryptography.Core.HashAlgorithmProvider\Permissions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Cryptography.Core.HashAlgorithmProvider\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\LimitedAccessFeatures\com.microsoft.windows.taskbar.requestPinSecondaryTile\Expiration
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Core.CoreApplication
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Core.CoreApplication\ActivationType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Core.CoreApplication\Server
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Core.CoreApplication\DllPath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Core.CoreApplication\Threading
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Core.CoreApplication\TrustLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Core.CoreApplication\CustomAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Core.CoreApplication\RemoteServer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Core.CoreApplication\ActivateAsUser
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Core.CoreApplication\ActivateInSharedBroker
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Core.CoreApplication\ActivateInBrokerForMediumILContainer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Core.CoreApplication\Permissions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Core.CoreApplication\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.Collections.PropertySet
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.Collections.PropertySet\ActivationType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.Collections.PropertySet\Server
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.Collections.PropertySet\DllPath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.Collections.PropertySet\Threading
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.Collections.PropertySet\TrustLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.Collections.PropertySet\CustomAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.Collections.PropertySet\RemoteServer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.Collections.PropertySet\ActivateAsUser
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.Collections.PropertySet\ActivateInSharedBroker
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.Collections.PropertySet\ActivateInBrokerForMediumILContainer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.Collections.PropertySet\Permissions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.Collections.PropertySet\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\Software\Microsoft\XAML
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\XAML\OneCoreTransformsEnabledByDefault
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.PropertyValue
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.PropertyValue\ActivationType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.PropertyValue\Server
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.PropertyValue\DllPath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.PropertyValue\Threading
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.PropertyValue\TrustLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.PropertyValue\CustomAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.PropertyValue\RemoteServer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.PropertyValue\ActivateAsUser
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.PropertyValue\ActivateInSharedBroker
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.PropertyValue\ActivateInBrokerForMediumILContainer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.PropertyValue\Permissions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.PropertyValue\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.StartScreen.SecondaryTile
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.StartScreen.SecondaryTile\ActivationType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.StartScreen.SecondaryTile\Server
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.StartScreen.SecondaryTile\DllPath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.StartScreen.SecondaryTile\Threading
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.StartScreen.SecondaryTile\TrustLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.StartScreen.SecondaryTile\CustomAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.StartScreen.SecondaryTile\RemoteServer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.StartScreen.SecondaryTile\ActivateAsUser
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.StartScreen.SecondaryTile\ActivateInSharedBroker
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.StartScreen.SecondaryTile\ActivateInBrokerForMediumILContainer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.StartScreen.SecondaryTile\Permissions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.StartScreen.SecondaryTile\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.Tiles.SecondaryTileStore
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.Tiles.SecondaryTileStore\ActivationType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.Tiles.SecondaryTileStore\Server
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.Tiles.SecondaryTileStore\DllPath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.Tiles.SecondaryTileStore\Threading
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.Tiles.SecondaryTileStore\TrustLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.Tiles.SecondaryTileStore\CustomAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.Tiles.SecondaryTileStore\RemoteServer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.Tiles.SecondaryTileStore\ActivateAsUser
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.Tiles.SecondaryTileStore\ActivateInSharedBroker
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.Tiles.SecondaryTileStore\ActivateInBrokerForMediumILContainer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.Tiles.SecondaryTileStore\Permissions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.Tiles.SecondaryTileStore\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Background.BackgroundTaskRegistration
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Background.BackgroundTaskRegistration\ActivationType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Background.BackgroundTaskRegistration\Server
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Background.BackgroundTaskRegistration\DllPath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Background.BackgroundTaskRegistration\ActivateInBrokerForMediumILContainer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Background.BackgroundTaskRegistration\Permissions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Background.BackgroundTaskRegistration\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.System.Internal.UserManager
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.System.Internal.UserManager\ActivationType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.System.Internal.UserManager\Server
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.System.Internal.UserManager\DllPath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.System.Internal.UserManager\Threading
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.System.Internal.UserManager\TrustLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Background.BackgroundWorkManager\ActivationType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.System.Internal.UserManager\CustomAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Background.BackgroundWorkManager\Server
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.System.Internal.UserManager\ActivateAsUser
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.System.Internal.UserManager\ActivateInSharedBroker
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.System.Internal.UserManager\ActivateInBrokerForMediumILContainer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.System.Internal.UserManager\Permissions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.System.Internal.UserManager\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Background.BackgroundWorkManager\TrustLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\Server\UserManager
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\Server\UserManager\ExePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\Server\UserManager\CommandLine
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Background.BackgroundWorkManager\ActivateInSharedBroker
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\Server\UserManager\IdentityType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Background.BackgroundWorkManager\ActivateInBrokerForMediumILContainer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\Server\UserManager\Permissions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Background.BackgroundWorkManager\Permissions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\Server\UserManager\ServerType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\Server\UserManager\AppId
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\Server\UserManager\Identity
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\Server\UserManager\ServiceName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\Server\UserManager\ExplicitPsmActivationType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\Server\UserManager\CustomAttributes
HKEY_CURRENT_USER\Software\Classes\Interface\{350E1244-4575-45EE-8595-0AA8C6506FC7}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{350E1244-4575-45EE-8595-0AA8C6506FC7}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{350E1244-4575-45EE-8595-0AA8C6506FC7}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Classes\Interface\{01CF8BD4-E3D6-413D-8339-36D46E78D12C}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{01CF8BD4-E3D6-413D-8339-36D46E78D12C}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{01CF8BD4-E3D6-413D-8339-36D46E78D12C}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Classes\Interface\{252E7F79-ACFA-4EA2-9A7E-FA27A8A4D3D9}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{252E7F79-ACFA-4EA2-9A7E-FA27A8A4D3D9}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{252E7F79-ACFA-4EA2-9A7E-FA27A8A4D3D9}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Classes\CLSID\{1BAC8681-2965-4FFC-92D1-170CA4099E01}
HKEY_CURRENT_USER\Software\Classes\CLSID\{1BAC8681-2965-4FFC-92D1-170CA4099E01}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1BAC8681-2965-4FFC-92D1-170CA4099E01}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1BAC8681-2965-4FFC-92D1-170CA4099E01}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1BAC8681-2965-4FFC-92D1-170CA4099E01}\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1BAC8681-2965-4FFC-92D1-170CA4099E01}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1BAC8681-2965-4FFC-92D1-170CA4099E01}\InProcServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1BAC8681-2965-4FFC-92D1-170CA4099E01}\InProcServer32\(Default)
HKEY_CURRENT_USER\Software\Classes\CLSID\{1BAC8681-2965-4FFC-92D1-170CA4099E01}\InprocHandler32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1BAC8681-2965-4FFC-92D1-170CA4099E01}\InprocHandler32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1BAC8681-2965-4FFC-92D1-170CA4099E01}\InprocHandler
HKEY_CURRENT_USER\Software\Classes\CLSID\{1BAC8681-2965-4FFC-92D1-170CA4099E01}\InprocHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1BAC8681-2965-4FFC-92D1-170CA4099E01}\InProcServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1BAC8681-2965-4FFC-92D1-170CA4099E01}\AppID
HKEY_CURRENT_USER\Software\Classes\CLSID\{1BAC8681-2965-4FFC-92D1-170CA4099E01}\LocalServer
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1BAC8681-2965-4FFC-92D1-170CA4099E01}\LocalServer
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{1BAC8681-2965-4FFC-92D1-170CA4099E01}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1BAC8681-2965-4FFC-92D1-170CA4099E01}\Elevation
HKEY_CURRENT_USER\Software\Classes\Interface\{100EB64B-B24C-4C38-8964-720D926D05A4}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{100EB64B-B24C-4C38-8964-720D926D05A4}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{100EB64B-B24C-4C38-8964-720D926D05A4}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{DF9A26C6-E746-4BCD-B5D4-120103C4209B}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DF9A26C6-E746-4BCD-B5D4-120103C4209B}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DF9A26C6-E746-4BCD-B5D4-120103C4209B}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.SecondaryTileView
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.SecondaryTileView\Server
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.SecondaryTileView\DllPath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.SecondaryTileView\Threading
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.SecondaryTileView\RemoteServer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.SecondaryTileView\ActivateAsUser
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.SecondaryTileView\TrustLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.SecondaryTileView\ActivateInSharedBroker
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.SecondaryTileView\ActivateInBrokerForMediumILContainer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.SecondaryTileView\Permissions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.SecondaryTileView\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.Collections.ValueSet
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.Collections.ValueSet\ActivationType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.Collections.ValueSet\Server
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.Collections.ValueSet\DllPath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.Collections.ValueSet\Threading
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.Collections.ValueSet\TrustLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.Collections.ValueSet\CustomAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.Collections.ValueSet\ActivateAsUser
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.Collections.ValueSet\ActivateInSharedBroker
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.Collections.ValueSet\ActivateInBrokerForMediumILContainer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.Collections.ValueSet\Permissions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.Collections.ValueSet\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{b3f72108-5c5c-469b-a5e5-3f64d2a39b01}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Storage.Streams.DataWriter\ActivationType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Storage.Streams.DataWriter\Server
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Storage.Streams.DataWriter\DllPath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.Application\ActivationType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Storage.Streams.DataWriter\Threading
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.Application\Server
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.Application\DllPath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Storage.Streams.DataWriter\CustomAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Storage.Streams.DataWriter\RemoteServer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Storage.Streams.DataWriter\ActivateAsUser
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.Application\ActivateAsUser
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Storage.Streams.DataWriter\ActivateInBrokerForMediumILContainer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.Application\Permissions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.Application\ActivateOnHostFlags
HKEY_CURRENT_USER\Software\Classes\Interface\{D81E96F1-A89C-417E-9335-59531026309D}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{d81e96f1-a89c-417e-9335-59531026309d}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{d81e96f1-a89c-417e-9335-59531026309d}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Classes\Interface\{3BED20A5-6DEE-4297-B976-3B30DF69A7AA}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3bed20a5-6dee-4297-b976-3b30df69a7aa}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3bed20a5-6dee-4297-b976-3b30df69a7aa}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Storage.Streams.DataReader
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Storage.Streams.DataReader\ActivationType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Storage.Streams.DataReader\Server
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Storage.Streams.DataReader\DllPath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Storage.Streams.DataReader\Threading
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Storage.Streams.DataReader\TrustLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Storage.Streams.DataReader\CustomAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Storage.Streams.DataReader\RemoteServer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Storage.Streams.DataReader\ActivateAsUser
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Storage.Streams.DataReader\ActivateInSharedBroker
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Storage.Streams.DataReader\ActivateInBrokerForMediumILContainer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Storage.Streams.DataReader\Permissions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Storage.Streams.DataReader\ActivateOnHostFlags
HKEY_CURRENT_USER\Software\Classes\Interface\{7F290DA0-75E3-5885-898D-1F5B1ED47ED2}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7f290da0-75e3-5885-898d-1f5b1ed47ed2}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7f290da0-75e3-5885-898d-1f5b1ed47ed2}\ProxyStubClsid32
HKEY_CURRENT_USER\Software\Classes\Interface\{9ED07B24-36FD-543B-948E-B01FE5814B49}
HKEY_CURRENT_USER\Software\Classes\Interface\{9ed07b24-36fd-543b-948e-b01fe5814b49}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9ed07b24-36fd-543b-948e-b01fe5814b49}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9ed07b24-36fd-543b-948e-b01fe5814b49}\ProxyStubClsid32
HKEY_CURRENT_USER\Software\Classes\Interface\{EFE869FC-5841-55F1-AA56-82C7219AAA09}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{efe869fc-5841-55f1-aa56-82c7219aaa09}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{efe869fc-5841-55f1-aa56-82c7219aaa09}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Classes\Interface\{2C08602F-40B1-5E97-AE21-5C04D7FB829C}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2C08602F-40B1-5E97-AE21-5C04D7FB829C}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2C08602F-40B1-5E97-AE21-5C04D7FB829C}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Classes\Interface\{62AE0FDA-B238-554F-A275-1DC16D6CA03A}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{62AE0FDA-B238-554F-A275-1DC16D6CA03A}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{62AE0FDA-B238-554F-A275-1DC16D6CA03A}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Classes\Interface\{8445D2AE-DD03-5B98-95E4-82B43A3F0D64}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8445D2AE-DD03-5B98-95E4-82B43A3F0D64}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8445D2AE-DD03-5B98-95E4-82B43A3F0D64}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Classes\Interface\{9BCB843B-221B-5FBE-9B20-7028BC4E8653}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9BCB843B-221B-5FBE-9B20-7028BC4E8653}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9BCB843B-221B-5FBE-9B20-7028BC4E8653}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.Shell.TaskbarManager
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.Shell.TaskbarManager\ActivationType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.Shell.TaskbarManager\Server
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.Shell.TaskbarManager\DllPath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.Shell.TaskbarManager\Threading
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.Shell.TaskbarManager\TrustLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.Shell.TaskbarManager\CustomAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.Shell.TaskbarManager\RemoteServer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.Shell.TaskbarManager\ActivateAsUser
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.Shell.TaskbarManager\ActivateInSharedBroker
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.Shell.TaskbarManager\ActivateInBrokerForMediumILContainer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.Shell.TaskbarManager\Permissions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.Shell.TaskbarManager\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.ApplicationModel.TaskbarPinnableSurface
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.ApplicationModel.TaskbarPinnableSurface\ActivationType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.ApplicationModel.TaskbarPinnableSurface\Server
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.ApplicationModel.TaskbarPinnableSurface\DllPath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.ApplicationModel.TaskbarPinnableSurface\Threading
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.ApplicationModel.TaskbarPinnableSurface\TrustLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.ApplicationModel.TaskbarPinnableSurface\CustomAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.ApplicationModel.TaskbarPinnableSurface\RemoteServer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.ApplicationModel.TaskbarPinnableSurface\ActivateAsUser
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.ApplicationModel.TaskbarPinnableSurface\ActivateInSharedBroker
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.ApplicationModel.TaskbarPinnableSurface\ActivateInBrokerForMediumILContainer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.ApplicationModel.TaskbarPinnableSurface\Permissions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.ApplicationModel.TaskbarPinnableSurface\ActivateOnHostFlags
HKEY_CURRENT_USER\Software\Classes\Interface\{7E470A8A-3ACD-5913-AF64-4AB78355BE5F}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7E470A8A-3ACD-5913-AF64-4AB78355BE5F}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7E470A8A-3ACD-5913-AF64-4AB78355BE5F}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Classes\CLSID\{9F1FA092-87AA-C78A-4073-7E873ED1E3CF}
HKEY_CURRENT_USER\Software\Classes\CLSID\{9F1FA092-87AA-C78A-4073-7E873ED1E3CF}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9F1FA092-87AA-C78A-4073-7E873ED1E3CF}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9F1FA092-87AA-C78A-4073-7E873ED1E3CF}\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9F1FA092-87AA-C78A-4073-7E873ED1E3CF}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9F1FA092-87AA-C78A-4073-7E873ED1E3CF}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9F1FA092-87AA-C78A-4073-7E873ED1E3CF}\InProcServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9F1FA092-87AA-C78A-4073-7E873ED1E3CF}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9F1FA092-87AA-C78A-4073-7E873ED1E3CF}\InProcServer32\ThreadingModel
HKEY_CURRENT_USER\Software\Classes\CLSID\{9F1FA092-87AA-C78A-4073-7E873ED1E3CF}\InprocHandler32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9F1FA092-87AA-C78A-4073-7E873ED1E3CF}\InprocHandler32
HKEY_CURRENT_USER\Software\Classes\CLSID\{9F1FA092-87AA-C78A-4073-7E873ED1E3CF}\InprocHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9F1FA092-87AA-C78A-4073-7E873ED1E3CF}\InprocHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9F1FA092-87AA-C78A-4073-7E873ED1E3CF}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9F1FA092-87AA-C78A-4073-7E873ED1E3CF}\AppID
HKEY_CURRENT_USER\Software\Classes\CLSID\{9F1FA092-87AA-C78A-4073-7E873ED1E3CF}\LocalServer
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9F1FA092-87AA-C78A-4073-7E873ED1E3CF}\LocalServer
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9F1FA092-87AA-C78A-4073-7E873ED1E3CF}\Elevation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.StartScreen.StartScreenManager
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.StartScreen.StartScreenManager\ActivationType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.StartScreen.StartScreenManager\Server
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.StartScreen.StartScreenManager\DllPath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.StartScreen.StartScreenManager\Threading
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.StartScreen.StartScreenManager\TrustLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.StartScreen.StartScreenManager\CustomAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.StartScreen.StartScreenManager\RemoteServer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.StartScreen.StartScreenManager\ActivateAsUser
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.StartScreen.StartScreenManager\ActivateInSharedBroker
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.StartScreen.StartScreenManager\ActivateInBrokerForMediumILContainer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.StartScreen.StartScreenManager\Permissions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.StartScreen.StartScreenManager\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.System.User
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.System.User\ActivationType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.System.User\Server
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.System.User\DllPath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.System.User\Threading
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.System.User\TrustLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.System.User\CustomAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.System.User\RemoteServer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.System.User\ActivateAsUser
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.System.User\ActivateInSharedBroker
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.System.User\ActivateInBrokerForMediumILContainer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.System.User\Permissions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.System.User\ActivateOnHostFlags
HKEY_CURRENT_USER\Software\Classes\Interface\{155EB23B-242A-45E0-A2E9-3171FC6A7FDD}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{155EB23B-242A-45E0-A2E9-3171FC6A7FDD}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{155EB23B-242A-45E0-A2E9-3171FC6A7FDD}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Classes\Interface\{E44EA1DF-BB85-5A8C-BDDC-C8E960C355C9}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{e44ea1df-bb85-5a8c-bddc-c8e960c355c9}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{e44ea1df-bb85-5a8c-bddc-c8e960c355c9}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Classes\Interface\{8CBD762A-1222-5EE5-B745-489E7A42C6EC}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8cbd762a-1222-5ee5-b745-489e7a42c6ec}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8cbd762a-1222-5ee5-b745-489e7a42c6ec}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.Tiles.TileStore
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.Tiles.TileStore\ActivationType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.Tiles.TileStore\Server
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.Tiles.TileStore\DllPath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.Tiles.TileStore\Threading
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.Tiles.TileStore\TrustLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.Tiles.TileStore\CustomAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.Tiles.TileStore\RemoteServer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.Tiles.TileStore\ActivateAsUser
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.Tiles.TileStore\ActivateInSharedBroker
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.Tiles.TileStore\ActivateInBrokerForMediumILContainer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.Tiles.TileStore\Permissions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.Tiles.TileStore\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.TileView
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.TileView\ActivationType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.TileView\Server
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.TileView\DllPath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.TileView\Threading
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.TileView\TrustLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.TileView\CustomAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.TileView\RemoteServer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.TileView\ActivateAsUser
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.TileView\ActivateInSharedBroker
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.TileView\ActivateInBrokerForMediumILContainer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.TileView\Permissions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.TileView\ActivateOnHostFlags
HKEY_CURRENT_USER\Software\Classes\Interface\{6D3BC882-23A4-4706-B8FA-FC7DE2FC325D}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6d3bc882-23a4-4706-b8fa-fc7de2fc325d}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6d3bc882-23a4-4706-b8fa-fc7de2fc325d}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\AppModel\PinnableSurfaces
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\PinnableSurfaces\DefaultStart
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.ApplicationModel.StartPinnableSurface
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.ApplicationModel.StartPinnableSurface\ActivationType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.ApplicationModel.StartPinnableSurface\Server
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.ApplicationModel.StartPinnableSurface\DllPath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.ApplicationModel.StartPinnableSurface\Threading
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.ApplicationModel.StartPinnableSurface\TrustLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.ApplicationModel.StartPinnableSurface\CustomAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.ApplicationModel.StartPinnableSurface\RemoteServer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.ApplicationModel.StartPinnableSurface\ActivateAsUser
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.ApplicationModel.StartPinnableSurface\ActivateInSharedBroker
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.ApplicationModel.StartPinnableSurface\ActivateInBrokerForMediumILContainer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.ApplicationModel.StartPinnableSurface\Permissions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.ApplicationModel.StartPinnableSurface\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\Software\Microsoft\SecurityManager\AdminCapabilities
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SecurityManager\AdminCapabilities\shellExperience
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Storage.ApplicationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Storage.ApplicationData\ActivationType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Storage.ApplicationData\Server
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Storage.ApplicationData\DllPath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Storage.ApplicationData\Threading
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Storage.ApplicationData\TrustLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Storage.ApplicationData\CustomAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Storage.ApplicationData\RemoteServer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Storage.ApplicationData\ActivateAsUser
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Storage.ApplicationData\ActivateInSharedBroker
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Storage.ApplicationData\ActivateInBrokerForMediumILContainer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Storage.ApplicationData\Permissions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Storage.ApplicationData\ActivateOnHostFlags
HKEY_USERS
HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.MicrosoftEdge.Stable_8wekyb3d8bbwe\PSR
HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.MicrosoftEdge.Stable_8wekyb3d8bbwe\PSR\WnfStateName
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Local AppData
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-3968686040-3210279463-847977608-1001
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-3968686040-3210279463-847977608-1001\ProfileImagePath
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoPropertiesMyComputer
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoPropertiesRecycleBin
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoControlPanel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetFolders
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoInternetIcon
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Applications\identity_helper.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\ValidateRegItems
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\MonitorRegistry
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoCommonGroups
HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\CallForAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\RestrictedAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\FolderValueFlags
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\NonEnum
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\NonEnum
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{20D04FE0-3AEA-1069-A2D8-08002B30309D}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\ValidateRegItems
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\MonitorRegistry
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\SyncRootManager
HKEY_CLASSES_ROOT\Directory
HKEY_CURRENT_USER\Software\Classes\Directory\ShellEx\LibraryDescriptionHandler
HKEY_LOCAL_MACHINE\Software\Classes\Directory\ShellEx\LibraryDescriptionHandler
HKEY_CLASSES_ROOT\Folder
HKEY_CURRENT_USER\Software\Classes\Folder\ShellEx\LibraryDescriptionHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\ShellEx\LibraryDescriptionHandler
HKEY_CLASSES_ROOT\AllFilesystemObjects
HKEY_CURRENT_USER\Software\Classes\AllFilesystemObjects\ShellEx\LibraryDescriptionHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\ShellEx\LibraryDescriptionHandler
HKEY_CURRENT_USER\Software\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF50}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF50}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF50}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF55}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF55}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF55}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{528c102f-0000-0000-0000-300300000000}\
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{528c102f-0000-0000-0000-300300000000}\Data
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{528c102f-0000-0000-0000-300300000000}\Generation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DontShowSuperHidden
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellState
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoWebView
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ClassicShell
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\SeparateProcess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoNetCrawling
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{528c102f-0000-0000-0000-100000000000}\Data
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{528c102f-0000-0000-0000-100000000000}\
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{528c102f-0000-0000-0000-100000000000}\Generation
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Hidden
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\DontPrettyPath
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowInfoTip
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideIcons
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{528c102f-0000-0000-0000-c0dd0e000000}\
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\MapNetDrvBtn
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{528c102f-0000-0000-0000-c0dd0e000000}\Data
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\WebView
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Filter
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{528c102f-0000-0000-0000-c0dd0e000000}\Generation
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\SeparateProcess
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{e32a94c0-5af2-11f1-ae2c-806e6f6e6963}\
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{e32a94c0-5af2-11f1-ae2c-806e6f6e6963}\Data
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\IconsOnly
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowTypeOverlay
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{e32a94c0-5af2-11f1-ae2c-806e6f6e6963}\Generation
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowStatusBar
HKEY_CURRENT_USER\Software\Classes\Directory\ShellEx\IconHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\ShellEx\IconHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\ShellEx\IconHandler
HKEY_CURRENT_USER\Software\Classes\Directory\DocObject
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\DocObject
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\DocObject
HKEY_CURRENT_USER\Software\Classes\Directory\BrowseInPlace
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\BrowseInPlace
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\BrowseInPlace
HKEY_CURRENT_USER\Software\Classes\Directory\Clsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\Clsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\Clsid
HKEY_CURRENT_USER\Software\Classes\Directory\IsShortcut
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\IsShortcut
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\IsShortcut
HKEY_CURRENT_USER\Software\Classes\Directory\AlwaysShowExt
HKEY_CURRENT_USER\Software\Classes\Directory\NeverShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\NeverShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\NeverShowExt
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\DefinitionFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\InitFolderHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\PropertyBag
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\KnownFolders
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Start Menu
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A4115719-D62E-491D-AA7C-E74B8BE3B067}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\DefinitionFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\InitFolderHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\PropertyBag
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Common Start Menu
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{AE50C081-EBD2-438A-8655-8A092E34987A}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{AE50C081-EBD2-438A-8655-8A092E34987A}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{AE50C081-EBD2-438A-8655-8A092E34987A}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{AE50C081-EBD2-438A-8655-8A092E34987A}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{AE50C081-EBD2-438A-8655-8A092E34987A}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{AE50C081-EBD2-438A-8655-8A092E34987A}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{AE50C081-EBD2-438A-8655-8A092E34987A}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{AE50C081-EBD2-438A-8655-8A092E34987A}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{AE50C081-EBD2-438A-8655-8A092E34987A}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{AE50C081-EBD2-438A-8655-8A092E34987A}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{AE50C081-EBD2-438A-8655-8A092E34987A}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{AE50C081-EBD2-438A-8655-8A092E34987A}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{AE50C081-EBD2-438A-8655-8A092E34987A}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{AE50C081-EBD2-438A-8655-8A092E34987A}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{AE50C081-EBD2-438A-8655-8A092E34987A}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{AE50C081-EBD2-438A-8655-8A092E34987A}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{AE50C081-EBD2-438A-8655-8A092E34987A}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{AE50C081-EBD2-438A-8655-8A092E34987A}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{AE50C081-EBD2-438A-8655-8A092E34987A}\DefinitionFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{AE50C081-EBD2-438A-8655-8A092E34987A}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{AE50C081-EBD2-438A-8655-8A092E34987A}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{AE50C081-EBD2-438A-8655-8A092E34987A}\InitFolderHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{AE50C081-EBD2-438A-8655-8A092E34987A}\PropertyBag
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Recent
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F38BF404-1D43-42F2-9305-67DE0B28FC23}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\DefinitionFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\InitFolderHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\PropertyBag
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\DefinitionFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\InitFolderHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\PropertyBag
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\DefinitionFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\InitFolderHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\PropertyBag
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Personal
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\DefinitionFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\InitFolderHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\PropertyBag
HKEY_CURRENT_USER\Software\Classes\Directory\ShellEx\PropertyHandler
HKEY_LOCAL_MACHINE\Software\Classes\Directory\ShellEx\PropertyHandler
HKEY_CURRENT_USER\Software\Classes\Folder\ShellEx\PropertyHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\ShellEx\PropertyHandler
HKEY_CURRENT_USER\Software\Classes\AllFilesystemObjects\ShellEx\PropertyHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\ShellEx\PropertyHandler
HKEY_CLASSES_ROOT\Drive\shellex\FolderExtensions
HKEY_CLASSES_ROOT\Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9}\DriveMask
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\TaskManager
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\TaskManager\StartUpTab
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\TaskManager
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System
HKEY_LOCAL_MACHINE\Software\Microsoft\DirectUI\DynamicScaling
HKEY_LOCAL_MACHINE\Software\Microsoft\DirectUI
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\STE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\Enabled
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\MDMEnabled
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Policies\Microsoft\Cryptography\Configuration
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\TaskManager\Preferences
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\TaskManager\UseStatusSetting
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\ResourcePolicies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\DataFilePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane6
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane8
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane10
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane11
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane12
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane13
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane14
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane15
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane16
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Segoe UI
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\Compatibility\taskmgr.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\OOBE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\OOBE\LaunchUserOOBE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\Compatibility\AppCompatClassName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\EnableAnchorContext
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\IsVailContainer
HKEY_LOCAL_MACHINE\Software\Microsoft\Input
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Input\ResyncResetTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Input\MaxResyncAttempts
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\QfePolicyDefinitions\{A48F1A32-A340-11D1-BC6B-00A0C90312E1}\{572FD217-F7FF-479C-8D96-BC938D6867F5}
HKEY_LOCAL_MACHINE\Software\Microsoft\PolicyManager\default\WindowsLogon\HideFastUserSwitching
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\WindowsLogon\HideFastUserSwitching\PolicyType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\WindowsLogon\HideFastUserSwitching\Behavior
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\WindowsLogon\HideFastUserSwitching\MergeAlgorithm
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\WindowsLogon\HideFastUserSwitching\RegKeyPathRedirectMapped
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\WindowsLogon\HideFastUserSwitching\RegKeyPathRedirect
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\WindowsLogon\HideFastUserSwitching\RegValueNameRedirect
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\WindowsLogon\HideFastUserSwitching\grouppolicyname
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\WindowsLogon\HideFastUserSwitching\ADMXMetadataUser
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\WindowsLogon\HideFastUserSwitching\ADMXMetadataDevice
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\WindowsLogon\HideFastUserSwitching\ADMXMetadataBoth
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\WindowsLogon\HideFastUserSwitching\30Value
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\WindowsLogon\HideFastUserSwitching\Value
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\HideFastUserSwitching
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Networking.UX.UXManager
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Networking.UX.UXManager\ActivationType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Networking.UX.UXManager\Server
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Networking.UX.UXManager\DllPath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Networking.UX.UXManager\Threading
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Networking.UX.UXManager\TrustLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Networking.UX.UXManager\CustomAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Networking.UX.UXManager\RemoteServer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Networking.UX.UXManager\ActivateAsUser
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Networking.UX.UXManager\ActivateInSharedBroker
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Networking.UX.UXManager\ActivateInBrokerForMediumILContainer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Networking.UX.UXManager\Permissions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Networking.UX.UXManager\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\NetworkUXManager
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\NetworkUxManager\Windows.Networking.UX.Internal.DAMediaManager
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\NetworkUxManager\Windows.Networking.UX.Internal.DAMediaManager\Active
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\NetworkUxManager\Windows.Networking.UX.Internal.DAMediaManager\MediaType
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\NetworkUxManager\Windows.Networking.UX.Internal.EthernetMediaManager
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\NetworkUxManager\Windows.Networking.UX.Internal.EthernetMediaManager\Active
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\NetworkUxManager\Windows.Networking.UX.Internal.EthernetMediaManager\MediaType
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\NetworkUxManager\Windows.Networking.UX.Internal.MBMediaManager
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\NetworkUxManager\Windows.Networking.UX.Internal.MBMediaManager\Active
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\NetworkUxManager\Windows.Networking.UX.Internal.MBMediaManager\MediaType
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\NetworkUxManager\Windows.Networking.UX.Internal.RasMediaManager
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\NetworkUxManager\Windows.Networking.UX.Internal.RasMediaManager\Active
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\NetworkUxManager\Windows.Networking.UX.Internal.RasMediaManager\MediaType
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\NetworkUxManager\Windows.Networking.UX.Internal.WlanMediaManager
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\NetworkUxManager\Windows.Networking.UX.Internal.WlanMediaManager\Active
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\NetworkUxManager\Windows.Networking.UX.Internal.WlanMediaManager\MediaType
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Personalization
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\FontSubstitutes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Segoe UI
HKEY_CURRENT_USER\Control Panel\Desktop
HKEY_CURRENT_USER\Control Panel\Desktop\SmoothScroll
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\EnableBalloonTips
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ListviewAlphaSelect
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ListviewShadow
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\AccListViewV6
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\UseDoubleClickTimer
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Explorer
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Explorer
HKEY_CLASSES_ROOT\CLSID\{7ED96837-96F0-4812-B211-F13C24117ED3}\Instance
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7ED96837-96F0-4812-B211-F13C24117ED3}\Instance\{41945702-8302-44A6-9445-AC98E8AFA086}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7ED96837-96F0-4812-B211-F13C24117ED3}\Instance\{41945702-8302-44A6-9445-AC98E8AFA086}\CLSID
HKEY_CLASSES_ROOT\CLSID\{41945702-8302-44A6-9445-AC98E8AFA086}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41945702-8302-44A6-9445-AC98E8AFA086}\Author
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41945702-8302-44A6-9445-AC98E8AFA086}\FriendlyName
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41945702-8302-44A6-9445-AC98E8AFA086}\Version
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41945702-8302-44A6-9445-AC98E8AFA086}\SpecVersion
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41945702-8302-44A6-9445-AC98E8AFA086}\Vendor
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41945702-8302-44A6-9445-AC98E8AFA086}\InProcServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41945702-8302-44A6-9445-AC98E8AFA086}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41945702-8302-44A6-9445-AC98E8AFA086}\ContainerFormat
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41945702-8302-44A6-9445-AC98E8AFA086}\DeviceManufacturer
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41945702-8302-44A6-9445-AC98E8AFA086}\DeviceModels
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41945702-8302-44A6-9445-AC98E8AFA086}\ColorManagementVersion
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41945702-8302-44A6-9445-AC98E8AFA086}\MimeTypes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41945702-8302-44A6-9445-AC98E8AFA086}\FileExtensions
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41945702-8302-44A6-9445-AC98E8AFA086}\SupportAnimation
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41945702-8302-44A6-9445-AC98E8AFA086}\SupportChromakey
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41945702-8302-44A6-9445-AC98E8AFA086}\SupportLossless
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41945702-8302-44A6-9445-AC98E8AFA086}\SupportMultiframe
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41945702-8302-44A6-9445-AC98E8AFA086}\ArbitrationPriority
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41945702-8302-44A6-9445-AC98E8AFA086}\Formats
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41945702-8302-44A6-9445-AC98E8AFA086}\Patterns
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41945702-8302-44A6-9445-AC98E8AFA086}\Patterns\0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41945702-8302-44A6-9445-AC98E8AFA086}\Patterns\0\Pattern
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41945702-8302-44A6-9445-AC98E8AFA086}\Patterns\1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41945702-8302-44A6-9445-AC98E8AFA086}\Patterns\1\Pattern
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41945702-8302-44A6-9445-AC98E8AFA086}\Patterns\10
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41945702-8302-44A6-9445-AC98E8AFA086}\Patterns\10\Pattern
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41945702-8302-44A6-9445-AC98E8AFA086}\Patterns\11
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41945702-8302-44A6-9445-AC98E8AFA086}\Patterns\11\Pattern
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41945702-8302-44A6-9445-AC98E8AFA086}\Patterns\12
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41945702-8302-44A6-9445-AC98E8AFA086}\Patterns\12\Pattern
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41945702-8302-44A6-9445-AC98E8AFA086}\Patterns\13
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41945702-8302-44A6-9445-AC98E8AFA086}\Patterns\13\Pattern
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41945702-8302-44A6-9445-AC98E8AFA086}\Patterns\14
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41945702-8302-44A6-9445-AC98E8AFA086}\Patterns\14\Pattern
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41945702-8302-44A6-9445-AC98E8AFA086}\Patterns\2
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41945702-8302-44A6-9445-AC98E8AFA086}\Patterns\2\Pattern
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41945702-8302-44A6-9445-AC98E8AFA086}\Patterns\3
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41945702-8302-44A6-9445-AC98E8AFA086}\Patterns\3\Pattern
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41945702-8302-44A6-9445-AC98E8AFA086}\Patterns\4
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41945702-8302-44A6-9445-AC98E8AFA086}\Patterns\4\Pattern
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41945702-8302-44A6-9445-AC98E8AFA086}\Patterns\5
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41945702-8302-44A6-9445-AC98E8AFA086}\Patterns\5\Pattern
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41945702-8302-44A6-9445-AC98E8AFA086}\Patterns\6
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41945702-8302-44A6-9445-AC98E8AFA086}\Patterns\6\Pattern
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41945702-8302-44A6-9445-AC98E8AFA086}\Patterns\7
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41945702-8302-44A6-9445-AC98E8AFA086}\Patterns\7\Pattern
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41945702-8302-44A6-9445-AC98E8AFA086}\Patterns\8
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41945702-8302-44A6-9445-AC98E8AFA086}\Patterns\8\Pattern
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41945702-8302-44A6-9445-AC98E8AFA086}\Patterns\9
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41945702-8302-44A6-9445-AC98E8AFA086}\Patterns\9\Pattern
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41945702-8302-44A6-9445-AC98E8AFA086}\Patterns\0\Position
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41945702-8302-44A6-9445-AC98E8AFA086}\Patterns\0\EndOfStream
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41945702-8302-44A6-9445-AC98E8AFA086}\Patterns\0\Mask
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41945702-8302-44A6-9445-AC98E8AFA086}\Patterns\1\Position
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41945702-8302-44A6-9445-AC98E8AFA086}\Patterns\1\EndOfStream
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41945702-8302-44A6-9445-AC98E8AFA086}\Patterns\1\Mask
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41945702-8302-44A6-9445-AC98E8AFA086}\Patterns\10\Position
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41945702-8302-44A6-9445-AC98E8AFA086}\Patterns\10\EndOfStream
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41945702-8302-44A6-9445-AC98E8AFA086}\Patterns\10\Mask
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41945702-8302-44A6-9445-AC98E8AFA086}\Patterns\11\Position
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41945702-8302-44A6-9445-AC98E8AFA086}\Patterns\11\EndOfStream
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41945702-8302-44A6-9445-AC98E8AFA086}\Patterns\11\Mask
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41945702-8302-44A6-9445-AC98E8AFA086}\Patterns\12\Position
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41945702-8302-44A6-9445-AC98E8AFA086}\Patterns\12\EndOfStream
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41945702-8302-44A6-9445-AC98E8AFA086}\Patterns\12\Mask
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41945702-8302-44A6-9445-AC98E8AFA086}\Patterns\13\Position
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41945702-8302-44A6-9445-AC98E8AFA086}\Patterns\13\EndOfStream
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41945702-8302-44A6-9445-AC98E8AFA086}\Patterns\13\Mask
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41945702-8302-44A6-9445-AC98E8AFA086}\Patterns\14\Position
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41945702-8302-44A6-9445-AC98E8AFA086}\Patterns\14\EndOfStream
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41945702-8302-44A6-9445-AC98E8AFA086}\Patterns\14\Mask
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41945702-8302-44A6-9445-AC98E8AFA086}\Patterns\2\Position
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41945702-8302-44A6-9445-AC98E8AFA086}\Patterns\2\EndOfStream
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41945702-8302-44A6-9445-AC98E8AFA086}\Patterns\2\Mask
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41945702-8302-44A6-9445-AC98E8AFA086}\Patterns\3\Position
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41945702-8302-44A6-9445-AC98E8AFA086}\Patterns\3\EndOfStream
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41945702-8302-44A6-9445-AC98E8AFA086}\Patterns\3\Mask
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41945702-8302-44A6-9445-AC98E8AFA086}\Patterns\4\Position
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41945702-8302-44A6-9445-AC98E8AFA086}\Patterns\4\EndOfStream
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41945702-8302-44A6-9445-AC98E8AFA086}\Patterns\4\Mask
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41945702-8302-44A6-9445-AC98E8AFA086}\Patterns\5\Position
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41945702-8302-44A6-9445-AC98E8AFA086}\Patterns\5\EndOfStream
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41945702-8302-44A6-9445-AC98E8AFA086}\Patterns\5\Mask
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41945702-8302-44A6-9445-AC98E8AFA086}\Patterns\6\Position
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41945702-8302-44A6-9445-AC98E8AFA086}\Patterns\6\EndOfStream
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41945702-8302-44A6-9445-AC98E8AFA086}\Patterns\6\Mask
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41945702-8302-44A6-9445-AC98E8AFA086}\Patterns\7\Position
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41945702-8302-44A6-9445-AC98E8AFA086}\Patterns\7\EndOfStream
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41945702-8302-44A6-9445-AC98E8AFA086}\Patterns\7\Mask
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41945702-8302-44A6-9445-AC98E8AFA086}\Patterns\8\Position
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41945702-8302-44A6-9445-AC98E8AFA086}\Patterns\8\EndOfStream
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41945702-8302-44A6-9445-AC98E8AFA086}\Patterns\8\Mask
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41945702-8302-44A6-9445-AC98E8AFA086}\Patterns\9\Position
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41945702-8302-44A6-9445-AC98E8AFA086}\Patterns\9\EndOfStream
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41945702-8302-44A6-9445-AC98E8AFA086}\Patterns\9\Mask
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7ED96837-96F0-4812-B211-F13C24117ED3}\Instance\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7ED96837-96F0-4812-B211-F13C24117ED3}\Instance\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\CLSID
HKEY_CLASSES_ROOT\CLSID\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\Author
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\FriendlyName
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\Version
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\SpecVersion
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\Vendor
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\InProcServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\ContainerFormat
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\DeviceManufacturer
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\DeviceModels
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\ColorManagementVersion
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\MimeTypes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\FileExtensions
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\SupportAnimation
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\SupportChromakey
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\SupportLossless
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\SupportMultiframe
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\ArbitrationPriority
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\Formats
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\Patterns
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\Patterns\0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\Patterns\0\Pattern
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\Patterns\1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\Patterns\1\Pattern
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\Patterns\10
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\Patterns\10\Pattern
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\Patterns\11
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\Patterns\11\Pattern
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\Patterns\12
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\Patterns\12\Pattern
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\Patterns\2
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\Patterns\2\Pattern
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\Patterns\3
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\Patterns\3\Pattern
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\Patterns\4
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\Patterns\4\Pattern
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\Patterns\5
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\Patterns\5\Pattern
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\Patterns\6
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\Patterns\6\Pattern
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\Patterns\7
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\Patterns\7\Pattern
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\Patterns\8
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\Patterns\8\Pattern
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\Patterns\9
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\Patterns\9\Pattern
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\Patterns\0\Position
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\Patterns\0\EndOfStream
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\Patterns\0\Mask
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\Patterns\1\Position
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\Patterns\1\EndOfStream
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\Patterns\1\Mask
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\Patterns\10\Position
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\Patterns\10\EndOfStream
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\Patterns\10\Mask
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\Patterns\11\Position
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\Patterns\11\EndOfStream
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\Patterns\11\Mask
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\Patterns\12\Position
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\Patterns\12\EndOfStream
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\Patterns\12\Mask
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\Patterns\2\Position
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\Patterns\2\EndOfStream
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\Patterns\2\Mask
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\Patterns\3\Position
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\Patterns\3\EndOfStream
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\Patterns\3\Mask
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\Patterns\4\Position
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\Patterns\4\EndOfStream
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\Patterns\4\Mask
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\Patterns\5\Position
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\Patterns\5\EndOfStream
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\Patterns\5\Mask
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\Patterns\6\Position
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\Patterns\6\EndOfStream
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\Patterns\6\Mask
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\Patterns\7\Position
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\Patterns\7\EndOfStream
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\Patterns\7\Mask
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\Patterns\8\Position
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\Patterns\8\EndOfStream
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\Patterns\8\Mask
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\Patterns\9\Position
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\Patterns\9\EndOfStream
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\Patterns\9\Mask
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\AccountPicture\Users
HKEY_CLASSES_ROOT\Interface\{618736E0-3C3D-11CF-810C-00AA00389B71}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{618736E0-3C3D-11CF-810C-00AA00389B71}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Segoe MDL2 Assets
HKEY_CURRENT_USER\Software\Classes\Interface\{26460E96-1D01-43E4-9FB8-B7ED958F362B}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{26460E96-1D01-43E4-9FB8-B7ED958F362B}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{26460E96-1D01-43E4-9FB8-B7ED958F362B}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\DefinitionFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\InitFolderHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\PropertyBag
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir (x86)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{6D809377-6AF0-444B-8957-A3773F02200E}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{6D809377-6AF0-444b-8957-A3773F02200E}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{6D809377-6AF0-444b-8957-A3773F02200E}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{6D809377-6AF0-444b-8957-A3773F02200E}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{6D809377-6AF0-444b-8957-A3773F02200E}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{6D809377-6AF0-444b-8957-A3773F02200E}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{6D809377-6AF0-444b-8957-A3773F02200E}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{6D809377-6AF0-444b-8957-A3773F02200E}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{6D809377-6AF0-444b-8957-A3773F02200E}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{6D809377-6AF0-444b-8957-A3773F02200E}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{6D809377-6AF0-444b-8957-A3773F02200E}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{6D809377-6AF0-444b-8957-A3773F02200E}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{6D809377-6AF0-444b-8957-A3773F02200E}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{6D809377-6AF0-444b-8957-A3773F02200E}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{6D809377-6AF0-444b-8957-A3773F02200E}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{6D809377-6AF0-444b-8957-A3773F02200E}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{6D809377-6AF0-444b-8957-A3773F02200E}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{6D809377-6AF0-444b-8957-A3773F02200E}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{6D809377-6AF0-444b-8957-A3773F02200E}\DefinitionFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{6D809377-6AF0-444b-8957-A3773F02200E}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{6D809377-6AF0-444b-8957-A3773F02200E}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{6D809377-6AF0-444b-8957-A3773F02200E}\InitFolderHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{6D809377-6AF0-444b-8957-A3773F02200E}\PropertyBag
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\DefinitionFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\InitFolderHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\PropertyBag
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{905E63B6-C1BF-494E-B29C-65B732D3D21A}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\DefinitionFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\InitFolderHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\PropertyBag
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\KnownFolderSettings
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B97D20BB-F46A-4C97-BA10-5E3608430854}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B97D20BB-F46A-4C97-BA10-5E3608430854}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B97D20BB-F46A-4C97-BA10-5E3608430854}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B97D20BB-F46A-4C97-BA10-5E3608430854}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B97D20BB-F46A-4C97-BA10-5E3608430854}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B97D20BB-F46A-4C97-BA10-5E3608430854}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B97D20BB-F46A-4C97-BA10-5E3608430854}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B97D20BB-F46A-4C97-BA10-5E3608430854}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B97D20BB-F46A-4C97-BA10-5E3608430854}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B97D20BB-F46A-4C97-BA10-5E3608430854}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B97D20BB-F46A-4C97-BA10-5E3608430854}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B97D20BB-F46A-4C97-BA10-5E3608430854}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B97D20BB-F46A-4C97-BA10-5E3608430854}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B97D20BB-F46A-4C97-BA10-5E3608430854}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B97D20BB-F46A-4C97-BA10-5E3608430854}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B97D20BB-F46A-4C97-BA10-5E3608430854}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B97D20BB-F46A-4C97-BA10-5E3608430854}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B97D20BB-F46A-4C97-BA10-5E3608430854}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B97D20BB-F46A-4C97-BA10-5E3608430854}\DefinitionFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B97D20BB-F46A-4C97-BA10-5E3608430854}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B97D20BB-F46A-4C97-BA10-5E3608430854}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B97D20BB-F46A-4C97-BA10-5E3608430854}\InitFolderHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B97D20BB-F46A-4C97-BA10-5E3608430854}\PropertyBag
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Startup
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\DefinitionFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\InitFolderHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\PropertyBag
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Common Startup
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SecurityHealth
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\SecurityHealth
HKEY_LOCAL_MACHINE\Software\Microsoft\LanguageOverlay\OverlayPackages\en
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Max Cached Icons
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\DefinitionFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\InitFolderHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\PropertyBag
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\DefinitionFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\InitFolderHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\PropertyBag
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\GlobalAssocChangedCounter
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\GlobalAssocChangedCounter
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\UseDefaultTile
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\AccountPicture\Users\S-1-5-21-3968686040-3210279463-847977608-1001
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Scaling
HKEY_CURRENT_USER\Software\Classes\Interface\{D782CCBA-AFB0-43F1-94DB-FDA3779EACCB}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D782CCBA-AFB0-43F1-94DB-FDA3779EACCB}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D782CCBA-AFB0-43F1-94DB-FDA3779EACCB}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ThumbnailCache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\CAPEAgent
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\CAPEAgent
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Applications\taskmgr.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowCompColor
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\NoNetCrawling
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\AutoCheckSelect
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\KindMap
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\KindMap\.exe
HKEY_CLASSES_ROOT\.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.exe\Content Type
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\AllowFileCLSIDJunctions
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.exe\(Default)
HKEY_CLASSES_ROOT\exefile
HKEY_CURRENT_USER\Software\Classes\exefile\CurVer
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\CurVer
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\ShellEx\IconHandler
HKEY_CLASSES_ROOT\SystemFileAssociations\.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.exe\ShellEx\IconHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\DocObject
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.exe\DocObject
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\BrowseInPlace
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.exe\BrowseInPlace
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\Clsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.exe\Clsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\IsShortcut
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.exe\IsShortcut
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\AlwaysShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.exe\AlwaysShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\NeverShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.exe\NeverShowExt
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\SafeProcessSearchMode
HKEY_CURRENT_USER\Software\Classes\DelegateFolders
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\DelegateFolders
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\DelegateFolders\
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\DelegateFolders
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\Desktop\NameSpace
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\Desktop\NameSpace\DelegateFolders
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\DelegateFolders\StorageDelegateSuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\DelegateFolders\StorageDelegate
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OneDrive
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\OneDrive
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Discord
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\Discord
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Steam
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\Steam
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MicrosoftEdgeAutoLaunch_29EBC4579851B72EE312C449CF839B1A
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\MicrosoftEdgeAutoLaunch_29EBC4579851B72EE312C449CF839B1A
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Internal.StartupTaskInternal
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Internal.StartupTaskInternal\ActivationType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Internal.StartupTaskInternal\Server
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Internal.StartupTaskInternal\DllPath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Internal.StartupTaskInternal\Threading
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Internal.StartupTaskInternal\TrustLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Internal.StartupTaskInternal\CustomAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Internal.StartupTaskInternal\RemoteServer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Internal.StartupTaskInternal\ActivateAsUser
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Internal.StartupTaskInternal\ActivateInSharedBroker
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Internal.StartupTaskInternal\ActivateInBrokerForMediumILContainer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Internal.StartupTaskInternal\Permissions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Internal.StartupTaskInternal\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SecurityManager\AdminCapabilities\automatedAppLaunch
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.ApplicationExtension
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.ApplicationExtension\ActivationType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.ApplicationExtension\Server
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.ApplicationExtension\DllPath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.ApplicationExtension\Threading
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.ApplicationExtension\TrustLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.ApplicationExtension\CustomAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.ApplicationExtension\RemoteServer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.ApplicationExtension\ActivateAsUser
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.ApplicationExtension\ActivateInSharedBroker
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.ApplicationExtension\ActivateInBrokerForMediumILContainer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.ApplicationExtension\Permissions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.ApplicationExtension\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\Server\StateRepository\ServerType
HKEY_CURRENT_USER\Software\Classes\Interface\{B94B62A2-4012-4B7E-A395-F21CC665FD12}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{b94b62a2-4012-4b7e-a395-f21cc665fd12}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{b94b62a2-4012-4b7e-a395-f21cc665fd12}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\Elevation
HKEY_CURRENT_USER\Software\Classes\Interface\{AF86E2E0-B12D-4C6A-9C5A-D7AA65101E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AF86E2E0-B12D-4c6a-9C5A-D7AA65101E90}\ProxyStubClsid32
HKEY_CURRENT_USER\Software\Classes\Interface\{6CB10ED7-4BCA-5561-B2E1-40E1197C1B0C}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6cb10ed7-4bca-5561-b2e1-40e1197c1b0c}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6cb10ed7-4bca-5561-b2e1-40e1197c1b0c}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.Package\TrustLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0450ce77-af0d-40ac-93fd-1e5d48c89419}\ProxyStubClsid32

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\EdgeUpdate\Clients\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}\channel
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\EdgeUpdate\ClientState\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}\ap
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\EdgeUpdate\ClientState\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}\cohort\name
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-AU
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-AU
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Versions\000603xx
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Ids\en-AU
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Ids\en
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\OEM\DeviceForm
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\Personalize\AppsUseLightTheme
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-US
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-US
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\UBR
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\DisplayVersion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\COM3\Com+Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Background.BackgroundExecutionManager\ActivationType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Background.BackgroundExecutionManager\Server
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Background.BackgroundExecutionManager\DllPath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Background.BackgroundExecutionManager\Threading
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Background.BackgroundExecutionManager\TrustLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Background.BackgroundExecutionManager\RemoteServer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Background.BackgroundExecutionManager\ActivateAsUser
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Background.BackgroundExecutionManager\ActivateInSharedBroker
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Background.BackgroundExecutionManager\ActivateInBrokerForMediumILContainer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Background.BackgroundExecutionManager\Permissions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Background.BackgroundExecutionManager\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\MaxSxSHashCount
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.Diagnostics.AsyncCausalityTracer\ActivationType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.Diagnostics.AsyncCausalityTracer\Server
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.Diagnostics.AsyncCausalityTracer\DllPath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.Diagnostics.AsyncCausalityTracer\Threading
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.Diagnostics.AsyncCausalityTracer\TrustLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.Diagnostics.AsyncCausalityTracer\RemoteServer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.Diagnostics.AsyncCausalityTracer\ActivateAsUser
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.Diagnostics.AsyncCausalityTracer\ActivateInSharedBroker
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.Diagnostics.AsyncCausalityTracer\ActivateInBrokerForMediumILContainer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.Diagnostics.AsyncCausalityTracer\Permissions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.Diagnostics.AsyncCausalityTracer\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.Notifications.ToastNotificationManager\ActivationType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.Notifications.ToastNotificationManager\Server
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.Notifications.ToastNotificationManager\DllPath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.Notifications.ToastNotificationManager\Threading
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.Notifications.ToastNotificationManager\TrustLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.Notifications.ToastNotificationManager\RemoteServer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.Notifications.ToastNotificationManager\ActivateAsUser
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.Notifications.ToastNotificationManager\ActivateInSharedBroker
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.Notifications.ToastNotificationManager\ActivateInBrokerForMediumILContainer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.Notifications.ToastNotificationManager\Permissions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.Notifications.ToastNotificationManager\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E1CDD77A-65D3-4db0-B339-21F6A48CC2FF}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{00000035-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AF86E2E0-B12D-4c6a-9C5A-D7AA65101E90}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{428D4DDD-3462-43DF-9395-1EFF13AE7A4B}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b03c2205-f02e-4d77-80df-e1747afdd39c}\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b03c2205-f02e-4d77-80df-e1747afdd39c}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b03c2205-f02e-4d77-80df-e1747afdd39c}\InprocServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b03c2205-f02e-4d77-80df-e1747afdd39c}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b03c2205-f02e-4d77-80df-e1747afdd39c}\InprocServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b03c2205-f02e-4d77-80df-e1747afdd39c}\AppID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{50ac103f-d235-4598-bbef-98fe4d1a3ad4}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6db7cd52-e3b7-4ecc-bb1f-388aeef6bb50}\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6db7cd52-e3b7-4ecc-bb1f-388aeef6bb50}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6db7cd52-e3b7-4ecc-bb1f-388aeef6bb50}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6db7cd52-e3b7-4ecc-bb1f-388aeef6bb50}\InProcServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6db7cd52-e3b7-4ecc-bb1f-388aeef6bb50}\InProcServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6db7cd52-e3b7-4ecc-bb1f-388aeef6bb50}\AppID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3bc3d253-2f31-4092-9129-8ad5abf067da}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Privacy\LetAppsRunInBackground_UserInControlOfTheseApps\PolicyType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Privacy\LetAppsRunInBackground_UserInControlOfTheseApps\RegKeyPathRedirect
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Privacy\LetAppsRunInBackground_UserInControlOfTheseApps\grouppolicyname
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Privacy\LetAppsRunInBackground_UserInControlOfTheseApps\grouppolicypath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Privacy\LetAppsRunInBackground_UserInControlOfTheseApps\grouppolicyismultisz
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Privacy\LetAppsRunInBackground_UserInControlOfTheseApps\grouppolicymultiszSeparatorChar
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Privacy\LetAppsRunInBackground_UserInControlOfTheseApps\ADMXMetadataUser
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Privacy\LetAppsRunInBackground_UserInControlOfTheseApps\ADMXMetadataBoth
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Privacy\LetAppsRunInBackground_UserInControlOfTheseApps\30Value
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Privacy\LetAppsRunInBackground_UserInControlOfTheseApps\Value
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Privacy\LetAppsRunInBackground_ForceAllowTheseApps\PolicyType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Privacy\LetAppsRunInBackground_ForceAllowTheseApps\Behavior
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Privacy\LetAppsRunInBackground_ForceAllowTheseApps\MergeAlgorithm
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Privacy\LetAppsRunInBackground_ForceAllowTheseApps\RegKeyPathRedirectMapped
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Privacy\LetAppsRunInBackground_ForceAllowTheseApps\RegKeyPathRedirect
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Privacy\LetAppsRunInBackground_ForceAllowTheseApps\grouppolicyname
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Privacy\LetAppsRunInBackground_ForceAllowTheseApps\grouppolicypath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Privacy\LetAppsRunInBackground_ForceAllowTheseApps\grouppolicyismultisz
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Privacy\LetAppsRunInBackground_ForceAllowTheseApps\grouppolicymultiszSeparatorChar
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Privacy\LetAppsRunInBackground_ForceAllowTheseApps\ADMXMetadataUser
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Privacy\LetAppsRunInBackground_ForceAllowTheseApps\ADMXMetadataDevice
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Privacy\LetAppsRunInBackground_ForceAllowTheseApps\ADMXMetadataBoth
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Privacy\LetAppsRunInBackground_ForceAllowTheseApps\30Value
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Privacy\LetAppsRunInBackground_ForceAllowTheseApps\Value
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Privacy\LetAppsRunInBackground_ForceDenyTheseApps\PolicyType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Privacy\LetAppsRunInBackground_ForceDenyTheseApps\Behavior
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Privacy\LetAppsRunInBackground_ForceDenyTheseApps\MergeAlgorithm
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Privacy\LetAppsRunInBackground_ForceDenyTheseApps\RegKeyPathRedirectMapped
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Privacy\LetAppsRunInBackground_ForceDenyTheseApps\RegKeyPathRedirect
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Privacy\LetAppsRunInBackground_ForceDenyTheseApps\grouppolicyname
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Privacy\LetAppsRunInBackground_ForceDenyTheseApps\grouppolicymultiszSeparatorChar
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Privacy\LetAppsRunInBackground_ForceDenyTheseApps\ADMXMetadataUser
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Privacy\LetAppsRunInBackground_ForceDenyTheseApps\ADMXMetadataDevice
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Privacy\LetAppsRunInBackground_ForceDenyTheseApps\ADMXMetadataBoth
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Privacy\LetAppsRunInBackground\PolicyType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Privacy\LetAppsRunInBackground\Behavior
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Privacy\LetAppsRunInBackground\MergeAlgorithm
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Privacy\LetAppsRunInBackground\RegKeyPathRedirectMapped
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Privacy\LetAppsRunInBackground\RegKeyPathRedirect
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Privacy\LetAppsRunInBackground\grouppolicyname
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Privacy\LetAppsRunInBackground\grouppolicypath
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DF8E9480-CA73-448E-B8F0-DA000F581428}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Privacy\LetAppsRunInBackground\grouppolicymultiszSeparatorChar
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Privacy\LetAppsRunInBackground\ADMXMetadataUser
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Privacy\LetAppsRunInBackground\ADMXMetadataDevice
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Privacy\LetAppsRunInBackground\ADMXMetadataBoth
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Privacy\LetAppsRunInBackground\30Value
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.User\Server
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.User\DllPath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.User\Threading
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\InProcServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.User\ActivateAsUser
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.User\ActivateInSharedBroker
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.User\ActivateInBrokerForMediumILContainer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.User\Permissions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.User\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\Server\StateRepository\ExePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\Server\StateRepository\CommandLine
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\Server\StateRepository\IdentityType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\Server\StateRepository\Permissions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\Server\StateRepository\ActivatableClasses
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\Server\StateRepository\AppId
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\Server\StateRepository\Identity
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\Server\StateRepository\ServiceName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\Server\StateRepository\ExplicitPsmActivationType
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\InProcServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\AppID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{84103ccb-2fd7-4d6c-962e-5d8582b4c720}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\InProcServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\InProcServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\AppID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DCAEE35A-508D-4419-9E56-50D658C2C812}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5232f8ea-49c7-4840-bfbb-66e785689e88}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.Package\ActivationType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.Package\Server
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.Package\DllPath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.Package\Threading
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.Package\RemoteServer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.Package\ActivateAsUser
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.Package\ActivateInSharedBroker
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.Package\ActivateInBrokerForMediumILContainer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.Package\Permissions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.Package\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0450ce77-af0d-40ac-93fd-1e5d48c89419}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{195f5943-0c04-4eab-b907-735817fdac77}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D6F5F569-D40D-407C-8989-88CAB42CFD14}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{79ab57f6-43fe-487b-8a7f-99567200ae94}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{679C64B7-81AB-42C2-8819-C958767753F4}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SecurityManager\CapAuthz\ApplicationsEx\Microsoft.MicrosoftEdge.Stable_148.0.3967.83_neutral__8wekyb3d8bbwe\AppPackageType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SecurityManager\CapAuthz\ApplicationsEx\Microsoft.MicrosoftEdge.Stable_148.0.3967.83_neutral__8wekyb3d8bbwe\PackageSid
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SecurityManager\CapAuthz\ApplicationsEx\Microsoft.MicrosoftEdge.Stable_148.0.3967.83_neutral__8wekyb3d8bbwe\CapSids
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SecurityManager\CapAuthz\ApplicationsEx\Microsoft.MicrosoftEdge.Stable_148.0.3967.83_neutral__8wekyb3d8bbwe\ApplicationFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Privacy\LetAppsRunInBackground_UserInControlOfTheseApps\Behavior
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Privacy\LetAppsRunInBackground_UserInControlOfTheseApps\MergeAlgorithm
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Privacy\LetAppsRunInBackground_UserInControlOfTheseApps\RegKeyPathRedirectMapped
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Privacy\LetAppsRunInBackground_UserInControlOfTheseApps\ADMXMetadataDevice
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Privacy\LetAppsRunInBackground_ForceDenyTheseApps\grouppolicypath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Privacy\LetAppsRunInBackground_ForceDenyTheseApps\grouppolicyismultisz
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Privacy\LetAppsRunInBackground_ForceDenyTheseApps\30Value
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Privacy\LetAppsRunInBackground_ForceDenyTheseApps\Value
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Privacy\LetAppsRunInBackground\grouppolicyismultisz
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Privacy\LetAppsRunInBackground\Value
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\PackageRepositoryRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F655B052-348B-4AB0-947B-A7DAFA44D404}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{58058629-16A1-438A-90C8-7E954B3734B1}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{23EB7394-4610-4807-BAEC-9A72F86FFA0B}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2A1821FE-179D-49BC-B79D-A527920D3665}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.LimitedAccessFeatures\ActivationType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.LimitedAccessFeatures\Server
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.LimitedAccessFeatures\DllPath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.LimitedAccessFeatures\Threading
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.LimitedAccessFeatures\TrustLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.LimitedAccessFeatures\RemoteServer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.LimitedAccessFeatures\ActivateAsUser
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.LimitedAccessFeatures\ActivateInSharedBroker
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.LimitedAccessFeatures\ActivateInBrokerForMediumILContainer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.LimitedAccessFeatures\Permissions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.LimitedAccessFeatures\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\LimitedAccessFeatures\com.microsoft.windows.taskbar.requestPinSecondaryTile\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C5543B33-5C73-4DC5-9211-24077D3B06C5}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Cryptography.CryptographicBuffer\ActivationType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Cryptography.CryptographicBuffer\Server
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Cryptography.CryptographicBuffer\DllPath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Cryptography.CryptographicBuffer\Threading
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Cryptography.CryptographicBuffer\TrustLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Cryptography.CryptographicBuffer\RemoteServer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Cryptography.CryptographicBuffer\ActivateAsUser
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Cryptography.CryptographicBuffer\ActivateInSharedBroker
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Cryptography.CryptographicBuffer\ActivateInBrokerForMediumILContainer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Cryptography.CryptographicBuffer\Permissions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Cryptography.CryptographicBuffer\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Cryptography.Core.HashAlgorithmNames\ActivationType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Cryptography.Core.HashAlgorithmNames\Server
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Cryptography.Core.HashAlgorithmNames\DllPath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Cryptography.Core.HashAlgorithmNames\Threading
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Cryptography.Core.HashAlgorithmNames\TrustLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Cryptography.Core.HashAlgorithmNames\RemoteServer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Cryptography.Core.HashAlgorithmNames\ActivateAsUser
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Cryptography.Core.HashAlgorithmNames\ActivateInSharedBroker
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Cryptography.Core.HashAlgorithmNames\ActivateInBrokerForMediumILContainer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Cryptography.Core.HashAlgorithmNames\Permissions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Cryptography.Core.HashAlgorithmNames\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Cryptography.Core.HashAlgorithmProvider\ActivationType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Cryptography.Core.HashAlgorithmProvider\Server
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Cryptography.Core.HashAlgorithmProvider\DllPath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Cryptography.Core.HashAlgorithmProvider\Threading
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Cryptography.Core.HashAlgorithmProvider\TrustLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Cryptography.Core.HashAlgorithmProvider\RemoteServer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Cryptography.Core.HashAlgorithmProvider\ActivateAsUser
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Cryptography.Core.HashAlgorithmProvider\ActivateInSharedBroker
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Cryptography.Core.HashAlgorithmProvider\ActivateInBrokerForMediumILContainer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Cryptography.Core.HashAlgorithmProvider\Permissions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Security.Cryptography.Core.HashAlgorithmProvider\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\LimitedAccessFeatures\com.microsoft.windows.taskbar.requestPinSecondaryTile\Expiration
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Core.CoreApplication\ActivationType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Core.CoreApplication\Server
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Core.CoreApplication\DllPath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Core.CoreApplication\Threading
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Core.CoreApplication\TrustLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Core.CoreApplication\RemoteServer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Core.CoreApplication\ActivateAsUser
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Core.CoreApplication\ActivateInSharedBroker
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Core.CoreApplication\ActivateInBrokerForMediumILContainer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Core.CoreApplication\Permissions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Core.CoreApplication\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.Collections.PropertySet\ActivationType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.Collections.PropertySet\Server
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.Collections.PropertySet\DllPath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.Collections.PropertySet\Threading
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.Collections.PropertySet\TrustLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.Collections.PropertySet\RemoteServer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.Collections.PropertySet\ActivateAsUser
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.Collections.PropertySet\ActivateInSharedBroker
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.Collections.PropertySet\ActivateInBrokerForMediumILContainer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.Collections.PropertySet\Permissions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.Collections.PropertySet\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\XAML\OneCoreTransformsEnabledByDefault
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.PropertyValue\ActivationType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.PropertyValue\Server
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.PropertyValue\DllPath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.PropertyValue\Threading
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.PropertyValue\TrustLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.PropertyValue\RemoteServer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.PropertyValue\ActivateAsUser
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.PropertyValue\ActivateInSharedBroker
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.PropertyValue\ActivateInBrokerForMediumILContainer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.PropertyValue\Permissions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.PropertyValue\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.StartScreen.SecondaryTile\ActivationType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.StartScreen.SecondaryTile\Server
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.StartScreen.SecondaryTile\DllPath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.StartScreen.SecondaryTile\Threading
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.StartScreen.SecondaryTile\TrustLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.StartScreen.SecondaryTile\RemoteServer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.StartScreen.SecondaryTile\ActivateAsUser
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.StartScreen.SecondaryTile\ActivateInSharedBroker
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.StartScreen.SecondaryTile\ActivateInBrokerForMediumILContainer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.StartScreen.SecondaryTile\Permissions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.StartScreen.SecondaryTile\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.Tiles.SecondaryTileStore\ActivationType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.Tiles.SecondaryTileStore\Server
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.Tiles.SecondaryTileStore\DllPath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.Tiles.SecondaryTileStore\Threading
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.Tiles.SecondaryTileStore\TrustLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.Tiles.SecondaryTileStore\RemoteServer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.Tiles.SecondaryTileStore\ActivateAsUser
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.Tiles.SecondaryTileStore\ActivateInSharedBroker
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.Tiles.SecondaryTileStore\ActivateInBrokerForMediumILContainer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.Tiles.SecondaryTileStore\Permissions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.Tiles.SecondaryTileStore\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Background.BackgroundTaskRegistration\ActivationType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Background.BackgroundTaskRegistration\Server
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Background.BackgroundTaskRegistration\DllPath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Background.BackgroundTaskRegistration\ActivateInBrokerForMediumILContainer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Background.BackgroundTaskRegistration\Permissions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Background.BackgroundTaskRegistration\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.System.Internal.UserManager\ActivationType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.System.Internal.UserManager\Server
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.System.Internal.UserManager\DllPath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.System.Internal.UserManager\Threading
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.System.Internal.UserManager\TrustLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Background.BackgroundWorkManager\ActivationType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Background.BackgroundWorkManager\Server
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.System.Internal.UserManager\ActivateAsUser
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.System.Internal.UserManager\ActivateInSharedBroker
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.System.Internal.UserManager\ActivateInBrokerForMediumILContainer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.System.Internal.UserManager\Permissions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.System.Internal.UserManager\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Background.BackgroundWorkManager\TrustLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\Server\UserManager\ExePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\Server\UserManager\CommandLine
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Background.BackgroundWorkManager\ActivateInSharedBroker
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\Server\UserManager\IdentityType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Background.BackgroundWorkManager\ActivateInBrokerForMediumILContainer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\Server\UserManager\Permissions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Background.BackgroundWorkManager\Permissions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\Server\UserManager\ServerType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\Server\UserManager\AppId
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\Server\UserManager\Identity
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\Server\UserManager\ServiceName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\Server\UserManager\ExplicitPsmActivationType
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{350E1244-4575-45EE-8595-0AA8C6506FC7}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{01CF8BD4-E3D6-413D-8339-36D46E78D12C}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{252E7F79-ACFA-4EA2-9A7E-FA27A8A4D3D9}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1BAC8681-2965-4FFC-92D1-170CA4099E01}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1BAC8681-2965-4FFC-92D1-170CA4099E01}\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1BAC8681-2965-4FFC-92D1-170CA4099E01}\InProcServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1BAC8681-2965-4FFC-92D1-170CA4099E01}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1BAC8681-2965-4FFC-92D1-170CA4099E01}\InProcServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1BAC8681-2965-4FFC-92D1-170CA4099E01}\AppID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{100EB64B-B24C-4C38-8964-720D926D05A4}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DF9A26C6-E746-4BCD-B5D4-120103C4209B}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.SecondaryTileView\Server
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.SecondaryTileView\DllPath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.SecondaryTileView\Threading
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.SecondaryTileView\RemoteServer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.SecondaryTileView\ActivateAsUser
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.SecondaryTileView\TrustLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.SecondaryTileView\ActivateInSharedBroker
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.SecondaryTileView\ActivateInBrokerForMediumILContainer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.SecondaryTileView\Permissions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.SecondaryTileView\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.Collections.ValueSet\ActivationType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.Collections.ValueSet\Server
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.Collections.ValueSet\DllPath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.Collections.ValueSet\Threading
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.Collections.ValueSet\TrustLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.Collections.ValueSet\ActivateAsUser
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.Collections.ValueSet\ActivateInSharedBroker
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.Collections.ValueSet\ActivateInBrokerForMediumILContainer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.Collections.ValueSet\Permissions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.Collections.ValueSet\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{b3f72108-5c5c-469b-a5e5-3f64d2a39b01}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Storage.Streams.DataWriter\ActivationType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Storage.Streams.DataWriter\Server
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Storage.Streams.DataWriter\DllPath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.Application\ActivationType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Storage.Streams.DataWriter\Threading
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.Application\Server
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.Application\DllPath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Storage.Streams.DataWriter\RemoteServer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Storage.Streams.DataWriter\ActivateAsUser
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.Application\ActivateAsUser
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Storage.Streams.DataWriter\ActivateInBrokerForMediumILContainer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.Application\Permissions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.Application\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{d81e96f1-a89c-417e-9335-59531026309d}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3bed20a5-6dee-4297-b976-3b30df69a7aa}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Storage.Streams.DataReader\ActivationType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Storage.Streams.DataReader\Server
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Storage.Streams.DataReader\DllPath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Storage.Streams.DataReader\Threading
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Storage.Streams.DataReader\TrustLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Storage.Streams.DataReader\RemoteServer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Storage.Streams.DataReader\ActivateAsUser
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Storage.Streams.DataReader\ActivateInSharedBroker
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Storage.Streams.DataReader\ActivateInBrokerForMediumILContainer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Storage.Streams.DataReader\Permissions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Storage.Streams.DataReader\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7f290da0-75e3-5885-898d-1f5b1ed47ed2}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9ed07b24-36fd-543b-948e-b01fe5814b49}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{efe869fc-5841-55f1-aa56-82c7219aaa09}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2C08602F-40B1-5E97-AE21-5C04D7FB829C}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{62AE0FDA-B238-554F-A275-1DC16D6CA03A}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8445D2AE-DD03-5B98-95E4-82B43A3F0D64}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9BCB843B-221B-5FBE-9B20-7028BC4E8653}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.Shell.TaskbarManager\ActivationType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.Shell.TaskbarManager\Server
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.Shell.TaskbarManager\DllPath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.Shell.TaskbarManager\Threading
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.Shell.TaskbarManager\TrustLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.Shell.TaskbarManager\RemoteServer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.Shell.TaskbarManager\ActivateAsUser
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.Shell.TaskbarManager\ActivateInSharedBroker
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.Shell.TaskbarManager\ActivateInBrokerForMediumILContainer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.Shell.TaskbarManager\Permissions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.Shell.TaskbarManager\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.ApplicationModel.TaskbarPinnableSurface\ActivationType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.ApplicationModel.TaskbarPinnableSurface\Server
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.ApplicationModel.TaskbarPinnableSurface\DllPath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.ApplicationModel.TaskbarPinnableSurface\Threading
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.ApplicationModel.TaskbarPinnableSurface\TrustLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.ApplicationModel.TaskbarPinnableSurface\RemoteServer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.ApplicationModel.TaskbarPinnableSurface\ActivateAsUser
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.ApplicationModel.TaskbarPinnableSurface\ActivateInSharedBroker
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.ApplicationModel.TaskbarPinnableSurface\ActivateInBrokerForMediumILContainer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.ApplicationModel.TaskbarPinnableSurface\Permissions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.ApplicationModel.TaskbarPinnableSurface\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7E470A8A-3ACD-5913-AF64-4AB78355BE5F}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9F1FA092-87AA-C78A-4073-7E873ED1E3CF}\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9F1FA092-87AA-C78A-4073-7E873ED1E3CF}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9F1FA092-87AA-C78A-4073-7E873ED1E3CF}\InProcServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9F1FA092-87AA-C78A-4073-7E873ED1E3CF}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9F1FA092-87AA-C78A-4073-7E873ED1E3CF}\InProcServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9F1FA092-87AA-C78A-4073-7E873ED1E3CF}\AppID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.StartScreen.StartScreenManager\ActivationType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.StartScreen.StartScreenManager\Server
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.StartScreen.StartScreenManager\DllPath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.StartScreen.StartScreenManager\Threading
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.StartScreen.StartScreenManager\TrustLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.StartScreen.StartScreenManager\RemoteServer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.StartScreen.StartScreenManager\ActivateAsUser
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.StartScreen.StartScreenManager\ActivateInSharedBroker
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.StartScreen.StartScreenManager\ActivateInBrokerForMediumILContainer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.StartScreen.StartScreenManager\Permissions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.StartScreen.StartScreenManager\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.System.User\ActivationType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.System.User\Server
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.System.User\DllPath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.System.User\Threading
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.System.User\TrustLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.System.User\RemoteServer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.System.User\ActivateAsUser
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.System.User\ActivateInSharedBroker
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.System.User\ActivateInBrokerForMediumILContainer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.System.User\Permissions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.System.User\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{155EB23B-242A-45E0-A2E9-3171FC6A7FDD}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{e44ea1df-bb85-5a8c-bddc-c8e960c355c9}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8cbd762a-1222-5ee5-b745-489e7a42c6ec}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.Tiles.TileStore\ActivationType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.Tiles.TileStore\Server
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.Tiles.TileStore\DllPath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.Tiles.TileStore\Threading
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.Tiles.TileStore\TrustLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.Tiles.TileStore\RemoteServer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.Tiles.TileStore\ActivateAsUser
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.Tiles.TileStore\ActivateInSharedBroker
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.Tiles.TileStore\ActivateInBrokerForMediumILContainer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.Tiles.TileStore\Permissions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.Tiles.TileStore\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.TileView\ActivationType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.TileView\Server
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.TileView\DllPath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.TileView\Threading
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.TileView\TrustLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.TileView\RemoteServer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.TileView\ActivateAsUser
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.TileView\ActivateInSharedBroker
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.TileView\ActivateInBrokerForMediumILContainer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.TileView\Permissions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.TileView\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6d3bc882-23a4-4706-b8fa-fc7de2fc325d}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\PinnableSurfaces\DefaultStart
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.ApplicationModel.StartPinnableSurface\ActivationType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.ApplicationModel.StartPinnableSurface\Server
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.ApplicationModel.StartPinnableSurface\DllPath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.ApplicationModel.StartPinnableSurface\Threading
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.ApplicationModel.StartPinnableSurface\TrustLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.ApplicationModel.StartPinnableSurface\RemoteServer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.ApplicationModel.StartPinnableSurface\ActivateAsUser
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.ApplicationModel.StartPinnableSurface\ActivateInSharedBroker
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.ApplicationModel.StartPinnableSurface\ActivateInBrokerForMediumILContainer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.ApplicationModel.StartPinnableSurface\Permissions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.ApplicationModel.StartPinnableSurface\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SecurityManager\AdminCapabilities\shellExperience
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Storage.ApplicationData\ActivationType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Storage.ApplicationData\Server
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Storage.ApplicationData\DllPath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Storage.ApplicationData\Threading
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Storage.ApplicationData\TrustLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Storage.ApplicationData\RemoteServer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Storage.ApplicationData\ActivateAsUser
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Storage.ApplicationData\ActivateInSharedBroker
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Storage.ApplicationData\ActivateInBrokerForMediumILContainer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Storage.ApplicationData\Permissions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Storage.ApplicationData\ActivateOnHostFlags
HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.MicrosoftEdge.Stable_8wekyb3d8bbwe\PSR\WnfStateName
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Local AppData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-3968686040-3210279463-847977608-1001\ProfileImagePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoPropertiesMyComputer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoPropertiesRecycleBin
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoControlPanel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetFolders
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoInternetIcon
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\ValidateRegItems
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\MonitorRegistry
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoCommonGroups
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\CallForAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\RestrictedAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\FolderValueFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{20D04FE0-3AEA-1069-A2D8-08002B30309D}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\ValidateRegItems
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\NameSpace\MonitorRegistry
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF50}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF55}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{528c102f-0000-0000-0000-300300000000}\Data
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{528c102f-0000-0000-0000-300300000000}\Generation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DontShowSuperHidden
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellState
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoWebView
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ClassicShell
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\SeparateProcess
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoNetCrawling
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{528c102f-0000-0000-0000-100000000000}\Data
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{528c102f-0000-0000-0000-100000000000}\Generation
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Hidden
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\DontPrettyPath
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowInfoTip
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideIcons
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\MapNetDrvBtn
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{528c102f-0000-0000-0000-c0dd0e000000}\Data
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\WebView
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Filter
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{528c102f-0000-0000-0000-c0dd0e000000}\Generation
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\SeparateProcess
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{e32a94c0-5af2-11f1-ae2c-806e6f6e6963}\Data
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\IconsOnly
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowTypeOverlay
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{e32a94c0-5af2-11f1-ae2c-806e6f6e6963}\Generation
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowStatusBar
HKEY_CURRENT_USER\Software\Classes\Directory\DocObject
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\DocObject
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\DocObject
HKEY_CURRENT_USER\Software\Classes\Directory\BrowseInPlace
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\BrowseInPlace
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\BrowseInPlace
HKEY_CURRENT_USER\Software\Classes\Directory\IsShortcut
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\IsShortcut
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\IsShortcut
HKEY_CURRENT_USER\Software\Classes\Directory\AlwaysShowExt
HKEY_CURRENT_USER\Software\Classes\Directory\NeverShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\NeverShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AllFilesystemObjects\NeverShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\DefinitionFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{625B53C3-AB48-4EC1-BA1F-A1EF4146FC19}\InitFolderHandler
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Start Menu
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\DefinitionFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{A4115719-D62E-491D-AA7C-E74B8BE3B067}\InitFolderHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Common Start Menu
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{AE50C081-EBD2-438A-8655-8A092E34987A}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{AE50C081-EBD2-438A-8655-8A092E34987A}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{AE50C081-EBD2-438A-8655-8A092E34987A}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{AE50C081-EBD2-438A-8655-8A092E34987A}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{AE50C081-EBD2-438A-8655-8A092E34987A}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{AE50C081-EBD2-438A-8655-8A092E34987A}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{AE50C081-EBD2-438A-8655-8A092E34987A}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{AE50C081-EBD2-438A-8655-8A092E34987A}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{AE50C081-EBD2-438A-8655-8A092E34987A}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{AE50C081-EBD2-438A-8655-8A092E34987A}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{AE50C081-EBD2-438A-8655-8A092E34987A}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{AE50C081-EBD2-438A-8655-8A092E34987A}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{AE50C081-EBD2-438A-8655-8A092E34987A}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{AE50C081-EBD2-438A-8655-8A092E34987A}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{AE50C081-EBD2-438A-8655-8A092E34987A}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{AE50C081-EBD2-438A-8655-8A092E34987A}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{AE50C081-EBD2-438A-8655-8A092E34987A}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{AE50C081-EBD2-438A-8655-8A092E34987A}\DefinitionFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{AE50C081-EBD2-438A-8655-8A092E34987A}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{AE50C081-EBD2-438A-8655-8A092E34987A}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{AE50C081-EBD2-438A-8655-8A092E34987A}\InitFolderHandler
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Recent
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\DefinitionFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\InitFolderHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\DefinitionFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\InitFolderHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\DefinitionFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\InitFolderHandler
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Personal
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\DefinitionFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{FD228CB7-AE11-4AE3-864C-16F3910AB8FE}\InitFolderHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9}\DriveMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\TaskManager\StartUpTab
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\STE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\Enabled
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\MDMEnabled
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\TaskManager\Preferences
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\TaskManager\UseStatusSetting
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\ResourcePolicies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\DataFilePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane6
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane8
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane10
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane11
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane12
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane13
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane14
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane15
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane16
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\OOBE\LaunchUserOOBE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\EnableAnchorContext
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\IsVailContainer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Input\ResyncResetTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Input\MaxResyncAttempts
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\WindowsLogon\HideFastUserSwitching\PolicyType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\WindowsLogon\HideFastUserSwitching\Behavior
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\WindowsLogon\HideFastUserSwitching\MergeAlgorithm
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\WindowsLogon\HideFastUserSwitching\RegKeyPathRedirectMapped
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\WindowsLogon\HideFastUserSwitching\RegKeyPathRedirect
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\WindowsLogon\HideFastUserSwitching\RegValueNameRedirect
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\WindowsLogon\HideFastUserSwitching\grouppolicyname
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\WindowsLogon\HideFastUserSwitching\ADMXMetadataUser
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\WindowsLogon\HideFastUserSwitching\ADMXMetadataDevice
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\WindowsLogon\HideFastUserSwitching\ADMXMetadataBoth
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\WindowsLogon\HideFastUserSwitching\30Value
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\WindowsLogon\HideFastUserSwitching\Value
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\HideFastUserSwitching
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Networking.UX.UXManager\ActivationType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Networking.UX.UXManager\Server
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Networking.UX.UXManager\DllPath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Networking.UX.UXManager\Threading
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Networking.UX.UXManager\TrustLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Networking.UX.UXManager\RemoteServer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Networking.UX.UXManager\ActivateAsUser
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Networking.UX.UXManager\ActivateInSharedBroker
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Networking.UX.UXManager\ActivateInBrokerForMediumILContainer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Networking.UX.UXManager\Permissions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Networking.UX.UXManager\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\NetworkUxManager\Windows.Networking.UX.Internal.DAMediaManager\Active
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\NetworkUxManager\Windows.Networking.UX.Internal.DAMediaManager\MediaType
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\NetworkUxManager\Windows.Networking.UX.Internal.EthernetMediaManager\Active
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\NetworkUxManager\Windows.Networking.UX.Internal.EthernetMediaManager\MediaType
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\NetworkUxManager\Windows.Networking.UX.Internal.MBMediaManager\Active
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\NetworkUxManager\Windows.Networking.UX.Internal.MBMediaManager\MediaType
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\NetworkUxManager\Windows.Networking.UX.Internal.RasMediaManager\Active
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\NetworkUxManager\Windows.Networking.UX.Internal.RasMediaManager\MediaType
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\NetworkUxManager\Windows.Networking.UX.Internal.WlanMediaManager\Active
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\NetworkUxManager\Windows.Networking.UX.Internal.WlanMediaManager\MediaType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Segoe UI
HKEY_CURRENT_USER\Control Panel\Desktop\SmoothScroll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\EnableBalloonTips
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ListviewAlphaSelect
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ListviewShadow
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\AccListViewV6
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\UseDoubleClickTimer
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7ED96837-96F0-4812-B211-F13C24117ED3}\Instance\{41945702-8302-44A6-9445-AC98E8AFA086}\CLSID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41945702-8302-44A6-9445-AC98E8AFA086}\Author
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41945702-8302-44A6-9445-AC98E8AFA086}\FriendlyName
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41945702-8302-44A6-9445-AC98E8AFA086}\Version
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41945702-8302-44A6-9445-AC98E8AFA086}\SpecVersion
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41945702-8302-44A6-9445-AC98E8AFA086}\Vendor
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41945702-8302-44A6-9445-AC98E8AFA086}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41945702-8302-44A6-9445-AC98E8AFA086}\ContainerFormat
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41945702-8302-44A6-9445-AC98E8AFA086}\DeviceManufacturer
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41945702-8302-44A6-9445-AC98E8AFA086}\DeviceModels
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41945702-8302-44A6-9445-AC98E8AFA086}\ColorManagementVersion
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41945702-8302-44A6-9445-AC98E8AFA086}\MimeTypes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41945702-8302-44A6-9445-AC98E8AFA086}\FileExtensions
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41945702-8302-44A6-9445-AC98E8AFA086}\SupportAnimation
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41945702-8302-44A6-9445-AC98E8AFA086}\SupportChromakey
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41945702-8302-44A6-9445-AC98E8AFA086}\SupportLossless
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41945702-8302-44A6-9445-AC98E8AFA086}\SupportMultiframe
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41945702-8302-44A6-9445-AC98E8AFA086}\ArbitrationPriority
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41945702-8302-44A6-9445-AC98E8AFA086}\Patterns\0\Pattern
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41945702-8302-44A6-9445-AC98E8AFA086}\Patterns\1\Pattern
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41945702-8302-44A6-9445-AC98E8AFA086}\Patterns\10\Pattern
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41945702-8302-44A6-9445-AC98E8AFA086}\Patterns\11\Pattern
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41945702-8302-44A6-9445-AC98E8AFA086}\Patterns\12\Pattern
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41945702-8302-44A6-9445-AC98E8AFA086}\Patterns\13\Pattern
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41945702-8302-44A6-9445-AC98E8AFA086}\Patterns\14\Pattern
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41945702-8302-44A6-9445-AC98E8AFA086}\Patterns\2\Pattern
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41945702-8302-44A6-9445-AC98E8AFA086}\Patterns\3\Pattern
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41945702-8302-44A6-9445-AC98E8AFA086}\Patterns\4\Pattern
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41945702-8302-44A6-9445-AC98E8AFA086}\Patterns\5\Pattern
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41945702-8302-44A6-9445-AC98E8AFA086}\Patterns\6\Pattern
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41945702-8302-44A6-9445-AC98E8AFA086}\Patterns\7\Pattern
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41945702-8302-44A6-9445-AC98E8AFA086}\Patterns\8\Pattern
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41945702-8302-44A6-9445-AC98E8AFA086}\Patterns\9\Pattern
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41945702-8302-44A6-9445-AC98E8AFA086}\Patterns\0\Position
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41945702-8302-44A6-9445-AC98E8AFA086}\Patterns\0\EndOfStream
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41945702-8302-44A6-9445-AC98E8AFA086}\Patterns\0\Mask
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41945702-8302-44A6-9445-AC98E8AFA086}\Patterns\1\Position
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41945702-8302-44A6-9445-AC98E8AFA086}\Patterns\1\EndOfStream
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41945702-8302-44A6-9445-AC98E8AFA086}\Patterns\1\Mask
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41945702-8302-44A6-9445-AC98E8AFA086}\Patterns\10\Position
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41945702-8302-44A6-9445-AC98E8AFA086}\Patterns\10\EndOfStream
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41945702-8302-44A6-9445-AC98E8AFA086}\Patterns\10\Mask
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41945702-8302-44A6-9445-AC98E8AFA086}\Patterns\11\Position
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41945702-8302-44A6-9445-AC98E8AFA086}\Patterns\11\EndOfStream
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41945702-8302-44A6-9445-AC98E8AFA086}\Patterns\11\Mask
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41945702-8302-44A6-9445-AC98E8AFA086}\Patterns\12\Position
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41945702-8302-44A6-9445-AC98E8AFA086}\Patterns\12\EndOfStream
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41945702-8302-44A6-9445-AC98E8AFA086}\Patterns\12\Mask
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41945702-8302-44A6-9445-AC98E8AFA086}\Patterns\13\Position
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41945702-8302-44A6-9445-AC98E8AFA086}\Patterns\13\EndOfStream
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41945702-8302-44A6-9445-AC98E8AFA086}\Patterns\13\Mask
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41945702-8302-44A6-9445-AC98E8AFA086}\Patterns\14\Position
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41945702-8302-44A6-9445-AC98E8AFA086}\Patterns\14\EndOfStream
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41945702-8302-44A6-9445-AC98E8AFA086}\Patterns\14\Mask
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41945702-8302-44A6-9445-AC98E8AFA086}\Patterns\2\Position
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41945702-8302-44A6-9445-AC98E8AFA086}\Patterns\2\EndOfStream
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41945702-8302-44A6-9445-AC98E8AFA086}\Patterns\2\Mask
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41945702-8302-44A6-9445-AC98E8AFA086}\Patterns\3\Position
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41945702-8302-44A6-9445-AC98E8AFA086}\Patterns\3\EndOfStream
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41945702-8302-44A6-9445-AC98E8AFA086}\Patterns\3\Mask
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41945702-8302-44A6-9445-AC98E8AFA086}\Patterns\4\Position
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41945702-8302-44A6-9445-AC98E8AFA086}\Patterns\4\EndOfStream
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41945702-8302-44A6-9445-AC98E8AFA086}\Patterns\4\Mask
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41945702-8302-44A6-9445-AC98E8AFA086}\Patterns\5\Position
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41945702-8302-44A6-9445-AC98E8AFA086}\Patterns\5\EndOfStream
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41945702-8302-44A6-9445-AC98E8AFA086}\Patterns\5\Mask
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41945702-8302-44A6-9445-AC98E8AFA086}\Patterns\6\Position
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41945702-8302-44A6-9445-AC98E8AFA086}\Patterns\6\EndOfStream
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41945702-8302-44A6-9445-AC98E8AFA086}\Patterns\6\Mask
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41945702-8302-44A6-9445-AC98E8AFA086}\Patterns\7\Position
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41945702-8302-44A6-9445-AC98E8AFA086}\Patterns\7\EndOfStream
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41945702-8302-44A6-9445-AC98E8AFA086}\Patterns\7\Mask
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41945702-8302-44A6-9445-AC98E8AFA086}\Patterns\8\Position
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41945702-8302-44A6-9445-AC98E8AFA086}\Patterns\8\EndOfStream
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41945702-8302-44A6-9445-AC98E8AFA086}\Patterns\8\Mask
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41945702-8302-44A6-9445-AC98E8AFA086}\Patterns\9\Position
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41945702-8302-44A6-9445-AC98E8AFA086}\Patterns\9\EndOfStream
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41945702-8302-44A6-9445-AC98E8AFA086}\Patterns\9\Mask
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7ED96837-96F0-4812-B211-F13C24117ED3}\Instance\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\CLSID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\Author
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\FriendlyName
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\Version
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\SpecVersion
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\Vendor
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\ContainerFormat
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\DeviceManufacturer
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\DeviceModels
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\ColorManagementVersion
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\MimeTypes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\FileExtensions
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\SupportAnimation
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\SupportChromakey
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\SupportLossless
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\SupportMultiframe
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\ArbitrationPriority
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\Patterns\0\Pattern
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\Patterns\1\Pattern
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\Patterns\10\Pattern
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\Patterns\11\Pattern
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\Patterns\12\Pattern
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\Patterns\2\Pattern
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\Patterns\3\Pattern
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\Patterns\4\Pattern
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\Patterns\5\Pattern
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\Patterns\6\Pattern
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\Patterns\7\Pattern
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\Patterns\8\Pattern
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\Patterns\9\Pattern
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\Patterns\0\Position
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\Patterns\0\EndOfStream
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\Patterns\0\Mask
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\Patterns\1\Position
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\Patterns\1\EndOfStream
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\Patterns\1\Mask
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\Patterns\10\Position
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\Patterns\10\EndOfStream
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\Patterns\10\Mask
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\Patterns\11\Position
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\Patterns\11\EndOfStream
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\Patterns\11\Mask
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\Patterns\12\Position
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\Patterns\12\EndOfStream
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\Patterns\12\Mask
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\Patterns\2\Position
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\Patterns\2\EndOfStream
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\Patterns\2\Mask
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\Patterns\3\Position
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\Patterns\3\EndOfStream
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\Patterns\3\Mask
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\Patterns\4\Position
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\Patterns\4\EndOfStream
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\Patterns\4\Mask
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\Patterns\5\Position
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\Patterns\5\EndOfStream
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\Patterns\5\Mask
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\Patterns\6\Position
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\Patterns\6\EndOfStream
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\Patterns\6\Mask
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\Patterns\7\Position
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\Patterns\7\EndOfStream
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\Patterns\7\Mask
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\Patterns\8\Position
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\Patterns\8\EndOfStream
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\Patterns\8\Mask
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\Patterns\9\Position
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\Patterns\9\EndOfStream
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}\Patterns\9\Mask
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{618736E0-3C3D-11CF-810C-00AA00389B71}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{26460E96-1D01-43E4-9FB8-B7ED958F362B}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\DefinitionFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\InitFolderHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir (x86)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{6D809377-6AF0-444b-8957-A3773F02200E}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{6D809377-6AF0-444b-8957-A3773F02200E}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{6D809377-6AF0-444b-8957-A3773F02200E}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{6D809377-6AF0-444b-8957-A3773F02200E}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{6D809377-6AF0-444b-8957-A3773F02200E}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{6D809377-6AF0-444b-8957-A3773F02200E}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{6D809377-6AF0-444b-8957-A3773F02200E}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{6D809377-6AF0-444b-8957-A3773F02200E}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{6D809377-6AF0-444b-8957-A3773F02200E}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{6D809377-6AF0-444b-8957-A3773F02200E}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{6D809377-6AF0-444b-8957-A3773F02200E}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{6D809377-6AF0-444b-8957-A3773F02200E}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{6D809377-6AF0-444b-8957-A3773F02200E}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{6D809377-6AF0-444b-8957-A3773F02200E}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{6D809377-6AF0-444b-8957-A3773F02200E}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{6D809377-6AF0-444b-8957-A3773F02200E}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{6D809377-6AF0-444b-8957-A3773F02200E}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{6D809377-6AF0-444b-8957-A3773F02200E}\DefinitionFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{6D809377-6AF0-444b-8957-A3773F02200E}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{6D809377-6AF0-444b-8957-A3773F02200E}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{6D809377-6AF0-444b-8957-A3773F02200E}\InitFolderHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\DefinitionFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\InitFolderHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\DefinitionFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\InitFolderHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B97D20BB-F46A-4C97-BA10-5E3608430854}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B97D20BB-F46A-4C97-BA10-5E3608430854}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B97D20BB-F46A-4C97-BA10-5E3608430854}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B97D20BB-F46A-4C97-BA10-5E3608430854}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B97D20BB-F46A-4C97-BA10-5E3608430854}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B97D20BB-F46A-4C97-BA10-5E3608430854}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B97D20BB-F46A-4C97-BA10-5E3608430854}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B97D20BB-F46A-4C97-BA10-5E3608430854}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B97D20BB-F46A-4C97-BA10-5E3608430854}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B97D20BB-F46A-4C97-BA10-5E3608430854}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B97D20BB-F46A-4C97-BA10-5E3608430854}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B97D20BB-F46A-4C97-BA10-5E3608430854}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B97D20BB-F46A-4C97-BA10-5E3608430854}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B97D20BB-F46A-4C97-BA10-5E3608430854}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B97D20BB-F46A-4C97-BA10-5E3608430854}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B97D20BB-F46A-4C97-BA10-5E3608430854}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B97D20BB-F46A-4C97-BA10-5E3608430854}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B97D20BB-F46A-4C97-BA10-5E3608430854}\DefinitionFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B97D20BB-F46A-4C97-BA10-5E3608430854}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B97D20BB-F46A-4C97-BA10-5E3608430854}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B97D20BB-F46A-4C97-BA10-5E3608430854}\InitFolderHandler
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Startup
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\DefinitionFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\InitFolderHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Common Startup
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SecurityHealth
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\SecurityHealth
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Max Cached Icons
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\DefinitionFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\InitFolderHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\DefinitionFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\InitFolderHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\GlobalAssocChangedCounter
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\GlobalAssocChangedCounter
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\UseDefaultTile
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D782CCBA-AFB0-43F1-94DB-FDA3779EACCB}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\CAPEAgent
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\CAPEAgent
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowCompColor
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\NoNetCrawling
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\AutoCheckSelect
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\KindMap\.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.exe\Content Type
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\AllowFileCLSIDJunctions
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.exe\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\DocObject
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.exe\DocObject
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\BrowseInPlace
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.exe\BrowseInPlace
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\IsShortcut
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.exe\IsShortcut
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\AlwaysShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.exe\AlwaysShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\NeverShowExt
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.exe\NeverShowExt
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\SafeProcessSearchMode
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\DelegateFolders\StorageDelegateSuppressionPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\DelegateFolders\StorageDelegate
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OneDrive
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\OneDrive
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Discord
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\Discord
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Steam
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\Steam
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MicrosoftEdgeAutoLaunch_29EBC4579851B72EE312C449CF839B1A
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\MicrosoftEdgeAutoLaunch_29EBC4579851B72EE312C449CF839B1A
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Internal.StartupTaskInternal\ActivationType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Internal.StartupTaskInternal\Server
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Internal.StartupTaskInternal\DllPath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Internal.StartupTaskInternal\Threading
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Internal.StartupTaskInternal\TrustLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Internal.StartupTaskInternal\RemoteServer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Internal.StartupTaskInternal\ActivateAsUser
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Internal.StartupTaskInternal\ActivateInSharedBroker
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Internal.StartupTaskInternal\ActivateInBrokerForMediumILContainer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Internal.StartupTaskInternal\Permissions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Internal.StartupTaskInternal\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SecurityManager\AdminCapabilities\automatedAppLaunch
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.ApplicationExtension\ActivationType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.ApplicationExtension\Server
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.ApplicationExtension\DllPath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.ApplicationExtension\Threading
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.ApplicationExtension\TrustLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.ApplicationExtension\RemoteServer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.ApplicationExtension\ActivateAsUser
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.ApplicationExtension\ActivateInSharedBroker
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.ApplicationExtension\ActivateInBrokerForMediumILContainer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.ApplicationExtension\Permissions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.ApplicationExtension\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\Server\StateRepository\ServerType
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{b94b62a2-4012-4b7e-a395-f21cc665fd12}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6cb10ed7-4bca-5561-b2e1-40e1197c1b0c}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.Package\TrustLevel

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\TaskManager\Preferences

"C:\Program Files\Google\Chrome\Application\chrome.exe"
"C:\Windows\system32\taskmgr.exe" /4
%SystemRoot%\system32\taskmgr.exe /4
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=148.0.7778.217 --initial-client-data=0x268,0x26c,0x270,0x24c,0x274,0x7ffc136be9c0,0x7ffc136be9cc,0x7ffc136be9d8
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --metrics-shmem-handle=2124,i,8991922744502408939,12035519159370364964,524288 --field-trial-handle=2012,i,17600707042017503324,13396880110355362677,262144 --variations-seed-version=20260528-010044.458000-production --pseudonymization-salt-handle=1988,i,18321507705362758187,1461477607191994340,4 --trace-process-track-uuid=3190708989122997041 --mojo-platform-channel-handle=2168 /prefetch:3
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-pre-read-main-dll --gpu-preferences=SAAAAAAAAADgAAAEAAAAAAAAAAAAAGAAAQAAAAAAAAAAAAAAAAAAAAIAAAAAAAAAAAAAAAAAAAAQAAAAAAAAABAAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --metrics-shmem-handle=1760,i,13651363605794111286,5121436129363740046,262144 --field-trial-handle=2012,i,17600707042017503324,13396880110355362677,262144 --variations-seed-version=20260528-010044.458000-production --pseudonymization-salt-handle=1988,i,18321507705362758187,1461477607191994340,4 --trace-process-track-uuid=3190708988185955192 --mojo-platform-channel-handle=1980 /prefetch:2
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --metrics-shmem-handle=2364,i,6716272949696715985,16613973558693619772,524288 --field-trial-handle=2012,i,17600707042017503324,13396880110355362677,262144 --variations-seed-version=20260528-010044.458000-production --pseudonymization-salt-handle=1988,i,18321507705362758187,1461477607191994340,4 --trace-process-track-uuid=3190708990060038890 --mojo-platform-channel-handle=2408 /prefetch:8
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --time-ticks-at-unix-epoch=-1780003962331981 --launch-time-ticks=539972201 --metrics-shmem-handle=3300,i,6864544789388492662,1904890231814579921,2097152 --field-trial-handle=2012,i,17600707042017503324,13396880110355362677,262144 --variations-seed-version=20260528-010044.458000-production --pseudonymization-salt-handle=1988,i,18321507705362758187,1461477607191994340,4 --trace-process-track-uuid=3190708991934122588 --mojo-platform-channel-handle=3416 /prefetch:1
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --time-ticks-at-unix-epoch=-1780003962331981 --launch-time-ticks=539984704 --metrics-shmem-handle=3460,i,18353002224121741580,13093445649205443798,2097152 --field-trial-handle=2012,i,17600707042017503324,13396880110355362677,262144 --variations-seed-version=20260528-010044.458000-production --pseudonymization-salt-handle=1988,i,18321507705362758187,1461477607191994340,4 --trace-process-track-uuid=3190708990997080739 --mojo-platform-channel-handle=3508 /prefetch:1
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --time-ticks-at-unix-epoch=-1780003962331981 --launch-time-ticks=540171200 --metrics-shmem-handle=3860,i,7480903360239469260,9372336423967034872,2097152 --field-trial-handle=2012,i,17600707042017503324,13396880110355362677,262144 --variations-seed-version=20260528-010044.458000-production --pseudonymization-salt-handle=1988,i,18321507705362758187,1461477607191994340,4 --trace-process-track-uuid=3190708992871164437 --mojo-platform-channel-handle=3976 /prefetch:2
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --time-ticks-at-unix-epoch=-1780003962331981 --launch-time-ticks=540812348 --metrics-shmem-handle=4244,i,11385932005541265785,1562708900009701974,2097152 --field-trial-handle=2012,i,17600707042017503324,13396880110355362677,262144 --variations-seed-version=20260528-010044.458000-production --pseudonymization-salt-handle=1988,i,18321507705362758187,1461477607191994340,4 --trace-process-track-uuid=3190708993808206286 --mojo-platform-channel-handle=4104 /prefetch:1
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --metrics-shmem-handle=5420,i,9293193041365869203,1552283600214825622,524288 --field-trial-handle=2012,i,17600707042017503324,13396880110355362677,262144 --variations-seed-version=20260528-010044.458000-production --pseudonymization-salt-handle=1988,i,18321507705362758187,1461477607191994340,4 --trace-process-track-uuid=3190708994745248135 --mojo-platform-channel-handle=5452 /prefetch:8
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --metrics-shmem-handle=5444,i,10078564000181174557,9062345241240227149,524288 --field-trial-handle=2012,i,17600707042017503324,13396880110355362677,262144 --variations-seed-version=20260528-010044.458000-production --pseudonymization-salt-handle=1988,i,18321507705362758187,1461477607191994340,4 --trace-process-track-uuid=3190708995682289984 --mojo-platform-channel-handle=5456 /prefetch:8
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --metrics-shmem-handle=5472,i,12896046378289974589,11025856552623480385,524288 --field-trial-handle=2012,i,17600707042017503324,13396880110355362677,262144 --variations-seed-version=20260528-010044.458000-production --pseudonymization-salt-handle=1988,i,18321507705362758187,1461477607191994340,4 --trace-process-track-uuid=3190708996619331833 --mojo-platform-channel-handle=5432 /prefetch:8
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.3636 --gpu-preferences=SAAAAAAAAADoAAAEAAAAAAAAAAAAAGAAAQAAAAAAAAAAAAAAAAAAAEIAAAAAAAAAAAAAAAAAAAAQAAAAAAAAABAAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --metrics-shmem-handle=940,i,12374555509904114995,13274239554060129860,262144 --field-trial-handle=2012,i,17600707042017503324,13396880110355362677,262144 --variations-seed-version=20260528-010044.458000-production --pseudonymization-salt-handle=1988,i,18321507705362758187,1461477607191994340,4 --trace-process-track-uuid=3190708997556373682 --mojo-platform-channel-handle=5404 /prefetch:8
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=148.0.7778.180 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=148.0.3967.83 --initial-client-data=0x348,0x34c,0x350,0x344,0x358,0x7ffbd24e5d58,0x7ffbd24e5d64,0x7ffbd24e5d70
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --startup-read-main-dll --metrics-shmem-handle=2224,i,3377350390963965430,16709463295489959638,524288 --field-trial-handle=2364,i,10929924703418574237,15321897610074055618,262144 --variations-seed-version --pseudonymization-salt-handle=2368,i,15205487911583646568,14353690394038058424,4 --trace-process-track-uuid=3190708989122997041 --mojo-platform-channel-handle=2924 /prefetch:3
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --startup-read-main-dll --metrics-shmem-handle=2632,i,2188067933038035117,14075627089191504876,524288 --field-trial-handle=2364,i,10929924703418574237,15321897610074055618,262144 --variations-seed-version --pseudonymization-salt-handle=2368,i,15205487911583646568,14353690394038058424,4 --trace-process-track-uuid=3190708990060038890 --mojo-platform-channel-handle=2932 /prefetch:8
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --gpu-preferences=SAAAAAAAAADgAAAEAAAAAAAAAAAAAGAAAQAAAAAAAAAAAAAAAAAAAAIAAAAAAAAAAAAAAAAAAAAQAAAAAAAAABAAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --startup-read-main-dll --metrics-shmem-handle=2084,i,6134085735445746800,11295493968892064137,262144 --field-trial-handle=2364,i,10929924703418574237,15321897610074055618,262144 --variations-seed-version --pseudonymization-salt-handle=2368,i,15205487911583646568,14353690394038058424,4 --trace-process-track-uuid=3190708988185955192 --mojo-platform-channel-handle=2360 /prefetch:2
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale=en_AU --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --time-ticks-at-unix-epoch=-1780003962331980 --launch-time-ticks=541939531 --ram-no-pressure-read-main-dll --metrics-shmem-handle=3348,i,11950763115237329230,10523231392815793482,2097152 --field-trial-handle=2364,i,10929924703418574237,15321897610074055618,262144 --variations-seed-version --pseudonymization-salt-handle=2368,i,15205487911583646568,14353690394038058424,4 --trace-process-track-uuid=3190708991934122588 --mojo-platform-channel-handle=3392 /prefetch:1
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale=en_AU --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --time-ticks-at-unix-epoch=-1780003962331980 --launch-time-ticks=541940694 --skip-read-main-dll --metrics-shmem-handle=3356,i,5647178414097470528,8114435118095730626,2097152 --field-trial-handle=2364,i,10929924703418574237,15321897610074055618,262144 --variations-seed-version --pseudonymization-salt-handle=2368,i,15205487911583646568,14353690394038058424,4 --trace-process-track-uuid=3190708990997080739 --mojo-platform-channel-handle=3396 /prefetch:1
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale=en_AU --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --time-ticks-at-unix-epoch=-1780003962331980 --launch-time-ticks=542200817 --skip-read-main-dll --metrics-shmem-handle=4836,i,2071220740876779182,5632563938745608015,2097152 --field-trial-handle=2364,i,10929924703418574237,15321897610074055618,262144 --variations-seed-version --pseudonymization-salt-handle=2368,i,15205487911583646568,14353690394038058424,4 --trace-process-track-uuid=3190708992871164437 --mojo-platform-channel-handle=4820 /prefetch:1
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale=en_AU --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --time-ticks-at-unix-epoch=-1780003962331980 --launch-time-ticks=543231074 --skip-read-main-dll --metrics-shmem-handle=4484,i,14410762605053120473,13433378547220591745,2097152 --field-trial-handle=2364,i,10929924703418574237,15321897610074055618,262144 --variations-seed-version --pseudonymization-salt-handle=2368,i,15205487911583646568,14353690394038058424,4 --trace-process-track-uuid=3190708993808206286 --mojo-platform-channel-handle=4024 /prefetch:1
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --skip-read-main-dll --metrics-shmem-handle=4492,i,4020092805845306063,10328045033888351831,524288 --field-trial-handle=2364,i,10929924703418574237,15321897610074055618,262144 --variations-seed-version --pseudonymization-salt-handle=2368,i,15205487911583646568,14353690394038058424,4 --trace-process-track-uuid=3190708994745248135 --mojo-platform-channel-handle=4476 /prefetch:8
"C:\Program Files (x86)\Microsoft\Edge\Application\148.0.3967.83\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=windows_package_identity --skip-read-main-dll --metrics-shmem-handle=5004,i,10041185329265187298,11074568154246322711,524288 --field-trial-handle=2364,i,10929924703418574237,15321897610074055618,262144 --variations-seed-version --pseudonymization-salt-handle=2368,i,15205487911583646568,14353690394038058424,4 --trace-process-track-uuid=3190708995682289984 --mojo-platform-channel-handle=3944 /prefetch:8
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale=en_AU --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=11 --time-ticks-at-unix-epoch=-1780003962331980 --launch-time-ticks=548257368 --skip-read-main-dll --metrics-shmem-handle=6196,i,5145543345457655702,10314529609131888891,2097152 --field-trial-handle=2364,i,10929924703418574237,15321897610074055618,262144 --variations-seed-version --pseudonymization-salt-handle=2368,i,15205487911583646568,14353690394038058424,4 --trace-process-track-uuid=3190708996619331833 --mojo-platform-channel-handle=6160 /prefetch:1
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --skip-read-main-dll --metrics-shmem-handle=1608,i,7042525181872960905,11845032959772828956,524288 --field-trial-handle=2364,i,10929924703418574237,15321897610074055618,262144 --variations-seed-version --pseudonymization-salt-handle=2368,i,15205487911583646568,14353690394038058424,4 --trace-process-track-uuid=3190708997556373682 --mojo-platform-channel-handle=6444 /prefetch:8
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale=en_AU --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=13 --time-ticks-at-unix-epoch=-1780003962331980 --launch-time-ticks=578284156 --ram-no-pressure-read-main-dll --metrics-shmem-handle=4840,i,15748124770976359258,15417350930948584221,2097152 --field-trial-handle=2364,i,10929924703418574237,15321897610074055618,262144 --variations-seed-version --pseudonymization-salt-handle=2368,i,15205487911583646568,14353690394038058424,4 --trace-process-track-uuid=3190708998493415531 --mojo-platform-channel-handle=3316 /prefetch:1
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --skip-read-main-dll --metrics-shmem-handle=4476,i,7622724040228643054,12288759875611487757,524288 --field-trial-handle=2364,i,10929924703418574237,15321897610074055618,262144 --variations-seed-version --pseudonymization-salt-handle=2368,i,15205487911583646568,14353690394038058424,4 --trace-process-track-uuid=3190708999430457380 --mojo-platform-channel-handle=6236 /prefetch:8
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale=en_AU --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --time-ticks-at-unix-epoch=-1780003962331980 --launch-time-ticks=638299828 --ram-no-pressure-read-main-dll --metrics-shmem-handle=4796,i,12195753600292531721,15847398704622992708,2097152 --field-trial-handle=2364,i,10929924703418574237,15321897610074055618,262144 --variations-seed-version --pseudonymization-salt-handle=2368,i,15205487911583646568,14353690394038058424,4 --trace-process-track-uuid=3190709000367499229 --mojo-platform-channel-handle=1396 /prefetch:1
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale=en_AU --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --time-ticks-at-unix-epoch=-1780003962331980 --launch-time-ticks=642079966 --skip-read-main-dll --metrics-shmem-handle=5788,i,4430515866411945987,13768044107232759783,2097152 --field-trial-handle=2364,i,10929924703418574237,15321897610074055618,262144 --variations-seed-version --pseudonymization-salt-handle=2368,i,15205487911583646568,14353690394038058424,4 --trace-process-track-uuid=3190709001304541078 --mojo-platform-channel-handle=5580 /prefetch:1
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --skip-read-main-dll --metrics-shmem-handle=3820,i,17709381801662516536,8945971709259553673,524288 --field-trial-handle=2364,i,10929924703418574237,15321897610074055618,262144 --variations-seed-version --pseudonymization-salt-handle=2368,i,15205487911583646568,14353690394038058424,4 --trace-process-track-uuid=3190709002241582927 --mojo-platform-channel-handle=3372 /prefetch:8
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.3636 --gpu-preferences=SAAAAAAAAADoAAAEAAAAAAAAAAAAAGAAAQAAAAAAAAAAAAAAAAAAAEIAAAAAAAAAAAAAAAAAAAAQAAAAAAAAABAAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --skip-read-main-dll --metrics-shmem-handle=6624,i,1680310522638211945,12008188480887109079,262144 --field-trial-handle=2364,i,10929924703418574237,15321897610074055618,262144 --variations-seed-version --pseudonymization-salt-handle=2368,i,15205487911583646568,14353690394038058424,4 --trace-process-track-uuid=3190709003178624776 --mojo-platform-channel-handle=6648 /prefetch:8
C:\Windows\system32\DllHost.exe /Processid:{7966B4D8-4FDC-4126-A10B-39A3209AD251}

Local\SM0:12320:304:WilStaging_02
Local\SM0:12320:120:WilError_03
Local\SM0:14276:304:WilStaging_02
Local\TM.750ce7b0-e5fd-454f-9fad-2f66513dfa1b
Local\MSCTF.Asm.MutexDefault1
CicLoadWinStaWinSta0
Local\MSCTF.CtfMonitorInstMutexDefault1
Local\SM0:14276:120:WilError_03
Local\SessionImmersiveColorMutex
Global\C::Users:admin:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!rwWriterMutex
Global\C::Users:admin:AppData:Local:Microsoft:Windows:Explorer:iconcache_16.db!dfMaintainer
Global\C::Users:admin:AppData:Local:Microsoft:Windows:Explorer:iconcache_32.db!dfMaintainer
Global\C::Users:admin:AppData:Local:Microsoft:Windows:Explorer:iconcache_48.db!dfMaintainer
Global\C::Users:admin:AppData:Local:Microsoft:Windows:Explorer:iconcache_96.db!dfMaintainer
Global\C::Users:admin:AppData:Local:Microsoft:Windows:Explorer:iconcache_256.db!dfMaintainer
Global\C::Users:admin:AppData:Local:Microsoft:Windows:Explorer:iconcache_768.db!dfMaintainer
Global\C::Users:admin:AppData:Local:Microsoft:Windows:Explorer:iconcache_1280.db!dfMaintainer
Global\C::Users:admin:AppData:Local:Microsoft:Windows:Explorer:iconcache_1920.db!dfMaintainer
Global\C::Users:admin:AppData:Local:Microsoft:Windows:Explorer:iconcache_2560.db!dfMaintainer
Global\C::Users:admin:AppData:Local:Microsoft:Windows:Explorer:iconcache_sr.db!dfMaintainer
Global\C::Users:admin:AppData:Local:Microsoft:Windows:Explorer:iconcache_wide.db!dfMaintainer
Global\C::Users:admin:AppData:Local:Microsoft:Windows:Explorer:iconcache_exif.db!dfMaintainer
Global\C::Users:admin:AppData:Local:Microsoft:Windows:Explorer:iconcache_wide_alternate.db!dfMaintainer
Global\C::Users:admin:AppData:Local:Microsoft:Windows:Explorer:iconcache_custom_stream.db!dfMaintainer
Global\C::Users:admin:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!IconCacheInit
Global\C::Users:admin:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!rwReaderRefs
Global\C::Users:admin:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!045bf8
Global\C::Users:admin:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!0460e8
Global\C::Users:admin:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!0411e8
Global\C::Users:admin:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!0420b8
Global\C::Users:admin:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!0465d8
Global\C::Users:admin:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!048868

GoogleUpdaterService149.0.7814.0

No results found.

No behavioral analysis data available.

Sorry! No strace.

Sorry! No tracee.

Hosts (0)
DNS (0)

Hosts

No hosts contacted.

TCP Connections

No TCP connections recorded.

UDP Connections

No UDP connections recorded.

DNS Requests

No domains contacted.

HTTP Requests

No HTTP(s) requests performed.

SMTP Traffic

No SMTP traffic performed.

IRC Traffic

No IRC requests performed.

ICMP Traffic

No ICMP traffic performed.

CIF Results

No CIF Results

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Suricata HTTP

No Suricata HTTP

Sorry! No Suricata Extracted files.

No dropped files found.

Sorry! No process dumps.