Analysis Report · CAPE Sandbox

Analysis

Category	Package	Started	Completed	Duration	Options	Log(s)
FILE	exe	2025-06-13 22:41:03	2025-06-13 23:11:47	1844 seconds	Show Options	Show Analysis Log

procmemdump=1
import_reconstruction=1
unpacker=2
norefer=1
no-iat=1

2024-11-25 13:37:14,991 [root] INFO: Date set to: 20250613T10:48:29, timeout set to: 1800
2025-06-13 11:48:29,239 [root] DEBUG: Starting analyzer from: C:\tmpjeo7jmad
2025-06-13 11:48:29,239 [root] DEBUG: Storing results at: C:\QoqtHYPS
2025-06-13 11:48:29,239 [root] DEBUG: Pipe server name: \\.\PIPE\YSvIkDlxiX
2025-06-13 11:48:29,239 [root] DEBUG: Python path: C:\Users\Packager\AppData\Local\Programs\Python\Python310-32
2025-06-13 11:48:29,239 [root] INFO: analysis running as an admin
2025-06-13 11:48:29,239 [root] INFO: analysis package specified: "exe"
2025-06-13 11:48:29,239 [root] DEBUG: importing analysis package module: "modules.packages.exe"...
2025-06-13 11:48:30,130 [root] DEBUG: imported analysis package "exe"
2025-06-13 11:48:30,130 [root] DEBUG: initializing analysis package "exe"...
2025-06-13 11:48:30,130 [lib.common.common] INFO: wrapping
2025-06-13 11:48:30,130 [lib.core.compound] INFO: C:\Users\Packager\AppData\Local\Temp already exists, skipping creation
2025-06-13 11:48:30,130 [root] DEBUG: New location of moved file: C:\Users\Packager\AppData\Local\Temp\RemindersServer.exe
2025-06-13 11:48:30,130 [root] INFO: Analyzer: Package modules.packages.exe does not specify a DLL option
2025-06-13 11:48:30,130 [root] INFO: Analyzer: Package modules.packages.exe does not specify a DLL_64 option
2025-06-13 11:48:30,130 [root] INFO: Analyzer: Package modules.packages.exe does not specify a loader option
2025-06-13 11:48:30,130 [root] INFO: Analyzer: Package modules.packages.exe does not specify a loader_64 option
2025-06-13 11:48:30,317 [root] DEBUG: Imported auxiliary module "modules.auxiliary.browser"
2025-06-13 11:48:30,333 [root] DEBUG: Imported auxiliary module "modules.auxiliary.digisig"
2025-06-13 11:48:30,364 [root] DEBUG: Imported auxiliary module "modules.auxiliary.disguise"
2025-06-13 11:48:30,457 [root] DEBUG: Imported auxiliary module "modules.auxiliary.human"
2025-06-13 11:48:30,473 [lib.api.screenshot] DEBUG: Importing 'PIL.ImageChops'
2025-06-13 11:48:30,473 [lib.api.screenshot] ERROR: No module named 'PIL'
2025-06-13 11:48:30,473 [root] DEBUG: Imported auxiliary module "modules.auxiliary.screenshots"
2025-06-13 11:48:30,489 [root] DEBUG: Imported auxiliary module "modules.auxiliary.tlsdump"
2025-06-13 11:48:30,489 [root] DEBUG: Initialized auxiliary module "Browser"
2025-06-13 11:48:30,489 [root] DEBUG: attempting to configure 'Browser' from data
2025-06-13 11:48:30,489 [root] DEBUG: module Browser does not support data configuration, ignoring
2025-06-13 11:48:30,489 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.browser"...
2025-06-13 11:48:30,489 [root] DEBUG: Started auxiliary module modules.auxiliary.browser
2025-06-13 11:48:30,489 [root] DEBUG: Initialized auxiliary module "DigiSig"
2025-06-13 11:48:30,489 [root] DEBUG: attempting to configure 'DigiSig' from data
2025-06-13 11:48:30,489 [root] DEBUG: module DigiSig does not support data configuration, ignoring
2025-06-13 11:48:30,489 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.digisig"...
2025-06-13 11:48:30,489 [modules.auxiliary.digisig] DEBUG: Checking for a digital signature
2025-06-13 11:48:30,692 [modules.auxiliary.digisig] DEBUG: File is not signed
2025-06-13 11:48:30,692 [modules.auxiliary.digisig] INFO: Uploading signature results to aux/DigiSig.json
2025-06-13 11:48:30,692 [root] DEBUG: Started auxiliary module modules.auxiliary.digisig
2025-06-13 11:48:30,692 [root] DEBUG: Initialized auxiliary module "Disguise"
2025-06-13 11:48:30,692 [root] DEBUG: attempting to configure 'Disguise' from data
2025-06-13 11:48:30,692 [root] DEBUG: module Disguise does not support data configuration, ignoring
2025-06-13 11:48:30,692 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.disguise"...
2025-06-13 11:48:30,692 [modules.auxiliary.disguise] INFO: Disguising GUID to c06db7d9-b0ac-435c-9ba2-302bf5f31f7e
2025-06-13 11:48:30,692 [root] DEBUG: Started auxiliary module modules.auxiliary.disguise
2025-06-13 11:48:30,692 [root] DEBUG: Initialized auxiliary module "Human"
2025-06-13 11:48:30,692 [root] DEBUG: attempting to configure 'Human' from data
2025-06-13 11:48:30,692 [root] DEBUG: module Human does not support data configuration, ignoring
2025-06-13 11:48:30,692 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.human"...
2025-06-13 11:48:30,692 [root] DEBUG: Started auxiliary module modules.auxiliary.human
2025-06-13 11:48:30,692 [root] DEBUG: Initialized auxiliary module "Screenshots"
2025-06-13 11:48:30,692 [root] DEBUG: attempting to configure 'Screenshots' from data
2025-06-13 11:48:30,692 [root] DEBUG: module Screenshots does not support data configuration, ignoring
2025-06-13 11:48:30,692 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.screenshots"...
2025-06-13 11:48:30,692 [modules.auxiliary.screenshots] WARNING: Python Image Library is not installed, screenshots are disabled
2025-06-13 11:48:30,692 [root] DEBUG: Started auxiliary module modules.auxiliary.screenshots
2025-06-13 11:48:30,692 [root] DEBUG: Initialized auxiliary module "TLSDumpMasterSecrets"
2025-06-13 11:48:30,692 [root] DEBUG: attempting to configure 'TLSDumpMasterSecrets' from data
2025-06-13 11:48:30,692 [root] DEBUG: module TLSDumpMasterSecrets does not support data configuration, ignoring
2025-06-13 11:48:30,692 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.tlsdump"...
2025-06-13 11:48:30,692 [modules.auxiliary.tlsdump] INFO: lsass.exe found, pid 696
2025-06-13 11:48:30,723 [lib.api.process] INFO: Monitor config for <Process 696 lsass.exe>: C:\tmpjeo7jmad\dll\696.ini
2025-06-13 11:48:30,723 [lib.api.process] INFO: Option 'procmemdump' with value '1' sent to monitor
2025-06-13 11:48:30,723 [lib.api.process] INFO: Option 'import_reconstruction' with value '1' sent to monitor
2025-06-13 11:48:30,723 [lib.api.process] INFO: Option 'unpacker' with value '2' sent to monitor
2025-06-13 11:48:30,723 [lib.api.process] INFO: Option 'norefer' with value '1' sent to monitor
2025-06-13 11:48:30,723 [lib.api.process] INFO: Option 'no-iat' with value '1' sent to monitor
2025-06-13 11:48:30,723 [lib.api.process] INFO: Option 'tlsdump' with value '1' sent to monitor
2025-06-13 11:48:30,739 [lib.api.process] INFO: 64-bit DLL to inject is C:\tmpjeo7jmad\dll\fhRRXtD.dll, loader C:\tmpjeo7jmad\bin\bOYxrlQS.exe
2025-06-13 11:48:30,817 [root] DEBUG: Loader: IAT patching disabled.
2025-06-13 11:48:30,817 [root] DEBUG: Loader: Injecting process 696 with C:\tmpjeo7jmad\dll\fhRRXtD.dll.
2025-06-13 11:48:30,833 [root] DEBUG: 696: Python path set to 'C:\Users\Packager\AppData\Local\Programs\Python\Python310-32'.
2025-06-13 11:48:30,833 [root] INFO: Disabling sleep skipping.
2025-06-13 11:48:30,833 [root] DEBUG: 696: Full process memory dumps enabled.
2025-06-13 11:48:30,833 [root] DEBUG: 696: Import reconstruction of process dumps enabled.
2025-06-13 11:48:30,833 [root] DEBUG: 696: Active unpacking of payloads enabled
2025-06-13 11:48:30,833 [root] DEBUG: 696: CAPE debug - unrecognised key norefer.
2025-06-13 11:48:30,833 [root] DEBUG: 696: TLS secret dump mode enabled.
2025-06-13 11:48:30,848 [root] DEBUG: 696: InternalYaraScan: Scanning 0x00007FF84A790000, size 0x1f4542
2025-06-13 11:48:30,864 [root] DEBUG: 696: InternalYaraScan hit: RtlInsertInvertedFunctionTable
2025-06-13 11:48:30,864 [root] DEBUG: 696: RtlInsertInvertedFunctionTable 0x00007FF84A7A090E, LdrpInvertedFunctionTableSRWLock 0x00007FF84A8FB4F0
2025-06-13 11:48:30,864 [root] DEBUG: 696: Monitor initialised: 64-bit capemon loaded in process 696 at 0x00007FF8234D0000, thread 6920, image base 0x00007FF60D500000, stack from 0x0000008EFAA74000-0x0000008EFAA80000
2025-06-13 11:48:30,864 [root] DEBUG: 696: Commandline: C:\Windows\system32\lsass.exe
2025-06-13 11:48:30,880 [root] DEBUG: 696: Hooked 5 out of 5 functions
2025-06-13 11:48:30,880 [root] DEBUG: InjectDllViaThread: Successfully injected Dll into process via RtlCreateUserThread.
2025-06-13 11:48:30,880 [root] DEBUG: Successfully injected DLL C:\tmpjeo7jmad\dll\fhRRXtD.dll.
2025-06-13 11:48:30,880 [lib.api.process] INFO: Injected into 64-bit <Process 696 lsass.exe>
2025-06-13 11:48:30,8 <truncated>

Machine

Name	Label	Manager	Started On	Shutdown On	Route
win10-2	win10-2	KVM	2025-06-13 22:41:03	2025-06-13 23:11:27	none

File Details

File Name	RemindersServer.exe
File Type	PE32+ executable (GUI) x86-64, for MS Windows
File Size	286208 bytes
MD5	2b443ab8af3e24e6df97c8cf7a1ea039
SHA1	04b3151c3d97555e81103bd2eaaf23cbb7f92f6a
SHA256	fb169c7cda21796ff822cb536e67ab0071a3e54404338897d8b9e58238c103c3 [VT] [MWDB] [Bazaar]
SHA3-384	9b0ec64bf3d0bec530124f2f25b847501b910fc6a51b675ff84541595b13a8384c3f51857f417113ae4a7b686c6eb62d
CRC32	86A6732B
TLSH	T173541B1A7B995CE5E57BA53DD5C3820AE3B2B8610B33DBCB0655034E0F67AE06C39361
Ssdeep	6144:ssKY/SwftnxlE77I0pIra7tjFzq4TaAyFmyS:aY/SwftnxlEg0pIraBjPTaT
PE	File Strings BinGraph Vba2Graph

VirusTotal (0/73)

Full Results

Engine	Result	Engine	Result	Engine	Result

Level

JetCreateDatabaseA

.?AV?$RuntimeClass@U?$RuntimeClassFlags@$01@WRL@Microsoft@@UIUnknown@@@WRL@Microsoft@@

\Reminder_Attachments

s WAVAWH

.?AV?$RuntimeClassBaseT@$01@Details@WRL@Microsoft@@

pA^_^[]

@.data

internal\sdk\inc\wil\result.h

Cortana.ContactPermissions.ContactPermissionsStore

SVWATAVAWH

.idata$6

RoRegisterActivationFactories

USVWAVH

.idata$4

WindowsCreateStringReference

JetBeginTransaction

.rdata$zz

D$`E3

CloseThreadpoolTimer

Cortana.Reminders.TimeTrigger

.?AUIWeakReference@@

api-ms-win-core-heap-l1-1-0.dll

ReleaseMutex

GetStartupInfoW

Cortana Database: No record found, reached end of table

APPID

.rdata$T$brc

ActivityIntermediateStop

0HcD$x3

ResolveDelayLoadedAPI

_initterm_e

_o___stdio_common_vswprintf

_o___stdio_common_vsprintf

.rdata$00$brc

E@9]Du

Longitude

HcL$0HcD$4H

D$HE3

_o__cexit

CreateSemaphoreExW

Cortana.ContactPermissions.CortanaCirclePermission

JetPrepareUpdate

L9v8t"H

api-ms-win-core-com-l1-1-0.dll

H!t$XA

.text$zy

?_Xlength_error@std@@YAXPEBD@Z

DataDump

UserAccountIdMetadata

Geofences

Cortana.Core.CortanaDatabaseProxy

Microsoft-Windows-Shell-CortanaTrace

.data$dk00

_o_malloc

Windows.Storage.ApplicationDataCompositeValue

Reminders WinRT OOP Server

t$ UWAVH

shellcommon\shell\cortana\cortanaservices\src\lib\cortanadatabaseproxy.h

_o__initialize_onexit_table

Cortana.Reminders.Reminder

WaitForMultipleObjects

FileVersion

_o_free

_o__purecall

UATAVH

JetAttachDatabase Begin

D$PE3

L$hH3

Cortana.Reminders.LocationTrigger

shellcommon\shell\cortana\triggers\src\lib\cleardatatask.cpp

__C_specific_handler

s8u6H

p AWH

.didat$7

JetBeginSession Begin

Windows.ApplicationModel.Background.SystemTrigger

memmove

shellcommon\shell\cortana\common\database\src\databasestorageimpl.cpp

std::exception: %hs

ErrorCode

L#T$PI

t$ E3

(caller: %p)

Cortana.CoreServicesTask

JetInit

list<T> too long

WindowsConcatString

wilResult

Windows.System.User

A_A^A\_[]

RoInitialize

%s\%s

xLD8t$@s

CreateEventW

s0u6H

UAVAWH

A_A^_

|$ AVH

.rtc$TAA

_o_exit

@USVWATAVH

bad allocation

ContactId

HcO|H

RemoveDirectoryW

AppLifetime

DatabaseStorage: Delete reminders database

Heading

.text$mn$00

api-ms-win-core-string-l1-1-0.dll

t$ WH

VWAVH

D$LE3

.data$zz

SetLastError

.rsrc$01

CallContext:[%hs]

CompareStringOrdinal

IcO(H

DebugBreak

Cortana Database : Wait for database ready event failed, WaitForSingleObject returns %d

o\$PH

VolumeLevel

JetCreateTableColumnIndexA

Y@H9;u%L

Unknown exception

040904B0

Microsoft Corporation

.CRT$XIC

A_A^A]A\_^[]

M/H!EGH

api-ms-win-crt-runtime-l1-1-0.dll

memcmp

HcG|L

.rdata$zETW2

Cortana.Core.SignalsEngine

M H1E

Cortana.Core.PlatformServices

FRtlNtStatusToDosErrorNoTeb

0A_A^A]A\]

L;0u/H

Bluetooth

@USVWAVH

taskCancellationReason

DeviceName

T$HE3

__std_terminate

-Time

WindowsCreateString

AcquireSRWLockShared

WindowsDeleteString

Cortana.BackgroundTask.ToastNotificationHistoryChangedBackgroundTaskExternal

ntelD

D$PH;

Open Database End

JetCloseDatabase

CoTaskMemAlloc

D9qL|

.?AVbad_alloc@std@@

A_A^A]A\_^]

CoTaskMemRealloc

EnsureCoreServicesStarted

AppAUMID

.rtc$IZZ

H!D$0B

CreateMutexExW

|$\.u

Speed

Cortana.SignalProcessingTask

JetMove

Cortana.Reminders.Attachment

_o__invalid_parameter_noinfo

A_A^]

EventRegister

CortanaCoreInstance

InitializeSListHead

0HcD$p3

Cortana.Reminders.ReminderSyncTask

Cortana: Initializing database at %hs

api-ms-win-core-util-l1-1-0.dll

@UVWH

Warning

_initterm

DeleteFileW

CoInitializeEx

D$08D$1t

t:L;@

_CxxThrowException

Windows.ApplicationModel.Background.MaintenanceTrigger

.?AVWeakReferenceImpl@Details@WRL@Microsoft@@

.idata$5

totalCommitUsage

Signals\Timer

.?AU?$RuntimeClassFlags@$03@WRL@Microsoft@@

CortanaSignals_CoreServicesTask_NextAlarmTrigger

Cortana: Hit an error when trying to initialize database in %ws, will rebuild DB

InitializeSRWLock

shellcommon\shell\cortana\triggers\src\lib\signalprocessingtask.cpp

Cortana.Settings.FeatureConfiguration

hCortana.Core.DatabaseStorage

LeaveCriticalSection

ActionUri1

_o__set_fmode

HeapAlloc

A_A^A\_^

InitOnceComplete

h UAVAWH

Time_Index_Ascending

.text$lp00remindersserver.exe!cold

minATL$__r

.rtc$IAA

WideCharToMultiByte

L$ SVWH

.pdata

IsConnected

.rdata$zz$brc

@SVWH

AppId

Start PlatformServices

D9C(t

JetInit End

SetRestrictedErrorInfo

JetCreateInstanceA

.?AV?$RuntimeClass@U?$RuntimeClassFlags@$01@WRL@Microsoft@@UIWeakReference@@@WRL@Microsoft@@

Reminders

shellcommon\shell\cortana\triggers\src\lib\locationtriggerstaticdevicetask.cpp

NtQueryWnfStateData

Description

callContext

L$PH3

usageIncreased

AlarmStartTime

Cortana::Core::DatabaseStorage::GetTypeAndTimeIndexedData

RemindersServer.pdb

kNextAlarmTrigger

H3E H3E

InternalName

.didat$2

shellcommon\shell\cortana\triggers\src\lib\coreservicestask.cpp

@UVWAVAWH

.?AV?$RuntimeClassImpl@U?$RuntimeClassFlags@$01@WRL@Microsoft@@$00$0A@$0A@UIUnknown@@@Details@WRL@Microsoft@@

Location

JetTerm2

.text$yd

Notification

Cortana.Rules.RulesRawNotificationTaskExternal

TUUUUUU

Cortana.Settings.ConfigurationManager

Cortana.ActionUris.PpleActionUri

CortanaSignals_SignalProcessingTask_StartCallbackDraining

CortanaSignals_SignalProcessingTask_TimerSignalDelay

.data$r$brc

@8|$0t%H

JetCloseTable

CreateDirectoryW

.?AV?$RuntimeClassImpl@U?$RuntimeClassFlags@$01@WRL@Microsoft@@$00$0A@$0A@UIWeakReference@@@Details@WRL@Microsoft@@

Metadata

IsProcessorFeaturePresent

.?AU?$ImplementsHelper@U?$RuntimeClassFlags@$01@WRL@Microsoft@@$00$$V@Details@WRL@Microsoft@@

api-ms-win-core-profile-l1-1-0.dll

api-ms-win-core-libraryloader-l1-2-0.dll

RtlUnsubscribeWnfNotificationWaitForCompletion

ESE instance unavailable (0x%08x), shutting down database

_o__initialize_wide_environment

api-ms-win-core-localization-l1-2-0.dll

.rsrc$02

isScheduled

IsHandsFreeProfileActive

ActivityFailure

Meeting

Cortana.Rules.FetchRulesTask

Cortana.BackgroundTask.ToastNotificationHistoryChangedBackgroundTask

Diagnostic_Level_Time_Index

Function

fD94Bu

SetEvent

JetCreateInstance Begin - instance = %hs dir = %hs

Cortana.UpdateUnknownStateGeofencesTask

D$T9p

expectedTimeUtc

.?AUIUnknown@@

_o__configthreadlocale

.?AU?$ImplementsHelper@U?$RuntimeClassFlags@$02@WRL@Microsoft@@$0A@UIInspectable@@UIDatabaseStorage@Storage@Cortana@@UIWeakReferenceSource@@UIDatabaseStorageAdmin@67@@Details@WRL@Microsoft@@

CortanaSignals_SignalProcessingTask_CancellationRequested

F0D8#ukD8c

Local\SM0:%d:%d:%hs

api-ms-win-core-winrt-l1-1-0.dll

Cortana.Sync.SyncManager

8A_A^A\_^[

delayInSeconds

Cortana.ContactPermissions.ContactPermissionsSyncManager

FindNextFileW

0A^_^

kernel32.dll

JetInit Begin

.bss$00

Cortana.CoreService.TimeZoneChanged

AcquireSRWLockExclusive

RoOriginateErrorW

CortanaSignals_CoreServicesTask_CancellationRequested

.text$di

api-ms-win-crt-private-l1-1-0.dll

FindClose

api-ms-win-core-winrt-string-l1-1-0.dll

FormatMessageW

shellcommon\shell\cortana\triggers\src\lib\userchangedupdatetask.cpp

AlarmId

originatingContextMessage

module

`A_A^A]A\_^]

Open Database Begin

InitializeCriticalSectionAndSpinCount

%hs!%p:

VWATAVAWH

K SVWH

EseDatabase: Opening database

JetSeek

LegalCopyright

H#n0H

DatabaseStorage: Close reminders database

_o___p__commode

CoUninitialize

0A_A^A\_^

function

Begin prepare table %hs

IsCharging

A_A^A]A\_

ATL$__a

D$@fD

.rtc$TZZ

CortanaSignals_UpdateUnknownStateGeofencesTask

CoCreateFreeThreadedMarshaler

GetCurrentProcessId

shellcommon\shell\cortana\reminders\server\exe\main.cpp

api-ms-win-core-synch-l1-2-1.dll

Mscoree.dll

Cortana.DoNotDisturb.DoNotDisturbGetActivationFactory

p WAVAWH

AlarmEventType

Cortana.Reminders.ReminderSyncManager

DeleteCriticalSection

api-ms-win-ntuser-sysparams-l1-1-0.dll

JetCommitTransaction

ext-ms-win-rtcore-ntuser-window-ext-l1-1-0.dll

.rdata$zETW0

RaiseException

ActivityStoppedAutomatically

CreateThreadpoolTimer

RtlCaptureContext

peakPrivateCommitUsage

.tls$ZZZ

Cortana.Reminders.StandardListIds

CoCreateInstance

JetRetrieveColumn

minATL$__z

api-ms-win-core-file-l1-1-0.dll

Cortana::Core::CortanaDatabaseProxy::HandleErrors

JetSetSystemParameterA

x ATAVAWH

@0L9G

appMemoryUsageLevel

DelayLoadFailureHook

WaitForSingleObjectEx

.CRT$XLA

_o___std_exception_copy

L$0H3

GetFileAttributesW

.?AU?$ImplementsHelper@U?$RuntimeClassFlags@$02@WRL@Microsoft@@$00$$V@Details@WRL@Microsoft@@

.bss$zz

shellcommon\shell\cortana\common\database\src\cortanadbhelper.cpp

GetSystemMetrics

A_A^^

Module

api-ms-win-crt-string-l1-1-0.dll

_o__configure_wide_argv

Cortana.UpdateUnknownStateGeofences

wilActivity

WilStaging_02

.rdata$zzzdbg

ThreadId

.rdata$r

api-ms-win-core-path-l1-1-0.dll

Message

Contact

shellcommon\shell\cortana\common\database\inc\cortanadbhelper.h

WindowsDuplicateString

WAVAWH

.CRT$XIA

.rdata

CoResumeClassObjects

JetSetColumns

api-ms-win-core-errorhandling-l1-1-0.dll

@USWH

JetSetCurrentIndexA

CoTaskMemFree

PathAllocCombine

PostThreadMessageW

\$ UVWATAV

JetIndexRecordCount

Cortana.LocationTriggerStaticDeviceTask

+Type

totalCommitLimit

.rdata$00

api-ms-win-core-rtlsupport-l1-1-0.dll

Cortana::Core::PlatformServices::Start

.data$00

minATL$__a

A_A^_

.CRT$XIZ

Oi/TL

ActivityError

ResetEvent

CortanaSignals_LocationTriggerStaticDeviceTask

shellcommon\shell\cortana\common\database\src\esedatabase.cpp

.data$dk00$brc

_o__invalid_parameter_noinfo_noreturn

InitializeCriticalSectionEx

msvcp_win.dll

EncodePointer

FileDescription

!This program cannot be run in DOS mode.

tW@8=

Msg:[%ws]

A_A^A\

\$ UVWH

WaitForSingleObject

@A^_^

.?AVRuntimeClassBase@Details@WRL@Microsoft@@

Cortana.Reminders.ReminderStore

Volume

MacAddress

[HcF|H

Cortana.ContactPermissions.ContactPermissionsSyncTask

JetBeginSession End

Windows.System.MemoryManager

api-ms-win-eventing-provider-l1-1-0.dll

api-ms-win-core-threadpool-l1-2-0.dll

api-ms-win-core-heap-l2-1-0.dll

Title

api-ms-win-core-processthreads-l1-1-0.dll

UWATAVAWH

+AppId

signalEvent

JetOpenTableA

RtlSubscribeWnfStateChangeNotification

taskName

rules

GetModuleFileNameA

Cortana.Reminders.LocationInfo

ED$`H

ntdll.dll

D$xE3

timestamp

_o__set_app_type

A^_^[]

0A_A^A\

_register_thread_local_exe_atexit_callback

IsA2DPActive

api-ms-win-core-sysinfo-l1-1-0.dll

Cortana.Reminders.RemindersMaintenanceTask.Maintenance

Create Database Begin

Cortana.ContactPermissions.ContactPermissionsGetActivationFactory

Windows.ApplicationModel.Appointments.AppointmentManager

WakeAllConditionVariable

t"D8=

Microsoft.Windows.Shell.CortanaSearch

ContextId

InitializeCriticalSection

10.0.17763.292

.?AU?$ImplementsHelper@U?$RuntimeClassFlags@$01@WRL@Microsoft@@$0A@UIUnknown@@@Details@WRL@Microsoft@@

api-ms-win-core-synch-l1-1-0.dll

memcpy

.idata$3

.?AUIInspectable@@

D$ fD

_o_terminate

9\$`v;

reason

Cortana.Reminders.ToastAction

WindowsIsStringEmpty

L9{@u

OpenSemaphoreW

Cortana::Core::DatabaseStorage::GetTimeIndexedData

ReleaseSRWLockExclusive

CortanaSignals_RemindersServer_MemoryUsageChanged

.didat$5

CortanaSignals_SignalProcessingTask

CoWaitForMultipleHandles

shellcommon\shell\cortana\common\utilities\src\coreservicesutilities.cpp

E HcQ|

10.0.17763.292 (WinBuild.160101.0800)

FallbackError

RtlLookupFunctionEntry

CortanaSignals_TaskCancellationRequested

Cortana.Rules.Core.RulesServiceManager

;t$`r

CortanaSignals_LocationTriggerStaticDeviceTask_StartLocationDesktopTriggering

.CRT$XCU

EnterCriticalSection

internal\sdk\inc\wil\resource.h

Windows.Storage.ApplicationData

RtlDllShutdownInProgress

D$(E3

.?AUIDatabaseStorage@Storage@Cortana@@

[%hs(%hs)]

Cortana Database: No record found, could reach end of table

api-ms-win-core-delayload-l1-1-1.dll

JetGetTableColumnInfoA

shellcommon\shell\cortana\common\utilities\src\backgroundtaskhelpers.cpp

Battery

fA9,Qu

QueryPerformanceCounter

message

_o__get_wide_winmain_command_line

originatingContextName

shellcommon\shell\cortana\cortanaservices\src\lib\cortanadatabase.cpp

A^A\_^[]

threadId

Cortana.CDPHelper.SendMessageHelper

EseDatabase::GetRowsInRangeInternal

string too long

t$$fD

Microsoft.Windows.Shell.CortanaSignals

PhoneLock

shellcommon\shell\cortana\cortanaservices\src\lib\coreservices.cpp

Windows.Devices.Geolocation.Geofencing.GeofenceMonitor

@8t$

StringFileInfo

HcG|H

L$(E3

%hs(%d) tid(%x) %08X %ws

H UATAUAVAWH

oD$ f

2333333

.rdata$zETW9

api-ms-win-core-delayload-l1-1-0.dll

GetCurrentProcess

RulesScenarios

Microsoft

api-ms-win-core-handle-l1-1-0.dll

UVWAVAWH

GenericString

Cortana::Core::DatabaseStorage::DeleteOldNotifications

L+6L+

UATAUAVAWH

HeapFree

.?AUIDatabaseStorageAdmin@Storage@Cortana@@

Noisy

End prepare table %hs

currentContextId

UnloadDatabaseAfterIdle

.data$zz$brc

GetTickCount

fileName

A_A^A\_]

Cortana.DoNotDisturb.DNDManager

Cortana.Settings.SettingsContainer

SignalType_Time_Index

.text$mn

PositionSource

AppFriendlyName

EseDatabase::OpenCreateInternal

LocalFree

.text$zz

Signals

privateCommitUsage

JetMakeKey

D$8E3

JetAttachDatabase End

.?AVResultException@wil@@

RoOriginateError

failureId

TerminateProcess

minATL$__m

.didat$3

AppCategory

Cortana.CoreService.Phone

f9,Au

>@8~(urL

SSIDLength

L$XH+

Converted JetError %d to HRESULT 0x%x

EseDatabase: Database open complete, hr=0x%x

Translation

InitializeConditionVariable

Windows.ApplicationModel.Core.CoreApplication

CortanaSignals_RemindersServerStarted

Cortana.Settings.CapabilitiesManager

.?AVbad_array_new_length@std@@

Geofence

D$0fD98t

_o__seh_filter_exe

.?AU?$ImplementsHelper@U?$RuntimeClassFlags@$02@WRL@Microsoft@@$00UIDatabaseStorage@Storage@Cortana@@UIWeakReferenceSource@@UIDatabaseStorageAdmin@56@@Details@WRL@Microsoft@@

+Level

ATL$__z

EseDatabase::OpenCreateDatabase

RoUninitialize

Accuracy

Cortana.CoreService.UserLogon

Cortana.CoreService.Location

UWAVH

H9\$xu

u(8Y`t

DecodePointer

WilError_02

EventWriteTransfer

JetRollback

Cortana.Core.RulesEngine

State

_o__callnewh

L$(E;

oL$0f

@VWAVH

Cortana.Storage.DatabaseStorage

EventSetInformation

CortanaCoreDb

Cortana.ContactPermissions.BreakThroughPermission

JetAttachDatabaseA

.CRT$XPZ

.CRT$XIAC

L$`H3

.text$np

ProductVersion

ID_Index

_c_exit

RemindersServer.exe

AppDwellTime

urHcE

D$@E3

D$ H;CPt#L

E@9]Du)

.text$x

D&(B9D&0r.E3

Cortana.ContactPermissions.ContactPermissions

T$ E3

OutputDebugStringW

D$(I+

CortanaSignals_UserChangedUpdateTask

.didat$4

L$ SWH

__CxxFrameHandler3

.didat$6

ReturnHr

_o__set_new_mode

activatibleClassId

.xdata$x

WindowsGetStringRawBuffer

A^_^

.CRT$XIAA

GetModuleHandleW

JetSetIndexRange

CoAddRefServerProcess

AppEnterTime

EseDatabase::InitializeEse

APPID_Index

UUUUUUU

failureType

Cortana.UserChangedUpdateTask

L$ E3

u H!U

L$PD9

Windows

2H9_`t*H

SleepConditionVariableCS

.CRT$XLZ

IsDebuggerPresent

ESENT.dll

_o__register_onexit_function

EventActivityIdControl

A^A\]

.giats

.CRT$XTA

hresult

.?AVStrongReference@Details@WRL@Microsoft@@

.rdata$zETW1

.rsrc

kernelbase.dll

Communication

D$ H;

D$0E3

A^A\_^]

unH9A

Cortana.Rules.RulesRegisterChannelTask

.?AUIWeakReferenceSource@@

EseDatabase: Close database

T$PL;

.?AU?$ImplementsHelper@U?$RuntimeClassFlags@$02@WRL@Microsoft@@$00UIWeakReferenceSource@@UIDatabaseStorageAdmin@Storage@Cortana@@@Details@WRL@Microsoft@@

RtlVirtualUnwind

H9{Hs<

.idata$2

.data$00$brc

fD9|$`tiL

api-ms-win-core-winrt-error-l1-1-0.dll

_o__crt_atexit

+Time

|$ UH

x AVH

.data$pr00$brc

api-ms-win-core-debug-l1-1-0.dll

ActionUri2

.?AV?$RuntimeClassImpl@U?$RuntimeClassFlags@$02@WRL@Microsoft@@$00$00$0A@UIDatabaseStorage@Storage@Cortana@@UIDatabaseStorageAdmin@56@@Details@WRL@Microsoft@@

L$@I+

.CRT$XCL

0A_A^_

OriginalFilename

WATAUAVAWH

pA_A^_^]

RaiseFailFastException

api-ms-win-core-processthreads-l1-1-1.dll

WindowsStringHasEmbeddedNull

CoReleaseServerProcess

VarFileInfo

api-ms-win-core-interlocked-l1-1-0.dll

CortanaSignals_CoreServicesTask

.tls$

JetBeginSessionA

JetEndSession

@UAVAWH

InvalidSignal

JetDelete

nextAlarmTrigger

D$0D9r

End PlatformServices

A_A^A]A\_

.CRT$XCA

.CRT$XCAA

.xdata

.?AV?$RuntimeClass@U?$RuntimeClassFlags@$02@WRL@Microsoft@@UIDatabaseStorage@Storage@Cortana@@UIDatabaseStorageAdmin@56@@WRL@Microsoft@@

\ESEDatabase_

.gfids

RoGetActivationFactory

ReleaseSRWLockShared

\$ UH

GeoFenceState

EseDatabase::GetAllRowsInternal

Cortana.Rules.FetchRulesTaskExternal

Diagnostic

.CRT$XTZ

AccountId

Cortana.Reminders.RemindersGetActivationFactory

Cortana.BackgroundTask.QuietHoursMeetingMonitorBackgroundTask

\$8E3

%hs(%d)\%hs!%p:

SetThreadpoolTimer

Operating System

RoActivateInstance

Cortana.BackgroundTask.QuietHoursMeetingMonitorBackgroundTaskExternal

EseDatabase::DeleteAllRowsInternal

fD90t,

BINGIDENTITY_PROP_BINGPUID

CoRevokeClassObject

L9{0t#H

.00cfg

.?AVEseDatabase@@

Cortana.Rules.RulesRegisterChannelTaskExternal

vector<T> too long

@.didat

UnhandledExceptionFilter

ClearDataTask_Run

RoRevokeActivationFactories

GetModuleHandleExW

@SUVWH

Error

.?AU?$ImplementsHelper@U?$RuntimeClassFlags@$02@WRL@Microsoft@@$00UIDatabaseStorageAdmin@Storage@Cortana@@@Details@WRL@Microsoft@@

FailFast

UVWATAUAVAWH

EventUnregister

NtUpdateWnfStateData

Ainternal\sdk\inc\wil\filesystem.h

0A_A^]

fE9|]

ProcessId

internal\sdk\inc\wil\staging.h

CloseHandle

L$8E3

T$0E3

D$H!D$@

currentContextName

.?AVexception@std@@

JetCreateInstance End

@.reloc

bad array new length

Latitude

Cortana.Reminders.NullTrigger

.bss$dk00

UserPresence

EseDatabase::CountRowsInRangeInternal

_o___std_exception_destroy

Windows.ApplicationModel.Background.BackgroundTaskRegistration

Cortana.CoreService.Timer

.?AVDontUseNewUseMake@Details@WRL@Microsoft@@

D$0L;

CompanyName

VS_VERSION_INFO

USWATAVAWH

Driving

GetLastError

GetCurrentThreadId

@A_A^_

UWAWH

}0H+}(H

@USVWATAUAVAWH

\$@H;

nbm?B

GetSystemTimeAsFileTime

failureCount

api-ms-win-core-synch-l1-2-0.dll

WaitForThreadpoolTimerCallbacks

Windows.Cortana.PAL.CortanaPAL

A_A^_^]

AuthD

LogHr

.CRT$XCZ

H;\$`

Alarm

.?AU?$ImplementsHelper@U?$RuntimeClassFlags@$01@WRL@Microsoft@@$0A@UIWeakReference@@@Details@WRL@Microsoft@@

f9,Bu

shellcommon\shell\cortana\reminders\server\exe\getactivationfactory.cpp

Cortana.Core.SignalsFactory

|$pH+

Cortana.Settings.SettingsHelper

Cortana.Actions.ActionHandler

map/set<T> too long

9\$tu29\$pu,A

currentContextMessage

_o__exit

Exception

fD94Hu

GetProcessHeap

CoRegisterClassObject

.?AV?$RuntimeClassBaseT@$02@Details@WRL@Microsoft@@

Cortana.Rules.RulesRawNotificationTask

Windows.ApplicationModel.Background.BackgroundTaskBuilder

Microsoft.Windows.AppTelemetryMetadata

JetUpdate

PK_Index

Ag>nW

.CRT$XPA

WindowsCompareStringOrdinal

CortanaCoreDb.dat

currentTimeUtc

SetUnhandledExceptionFilter

Cortana.Reminders.ContactTrigger

shellcommon\shell\cortana\triggers\src\lib\updateunknownstategeofencestask.cpp

EseDatabase::Close

.data

@VAVAWH

L$ UVWH

u0HcH<H

Cortana.Reminders.RemindersMaintenanceTask

Cortana.ClearDataTask

.?AVtype_info@@

.?AVDatabaseStorage@Storage@Cortana@@

Time_Index

api-ms-win-core-winrt-error-l1-1-1.dll

A_A^A]A\]

.text

InitOnceBeginInitialize

fD9,Gu

Cortana::Storage::DatabaseStorage::DeleteDatabase

Version

Cortana::Storage::DatabaseStorage::OpenInternal

Create Database End

_o__errno

Radius

memset

_o___stdio_common_vsnprintf_s

[%hs]

`.rdata

oT$@f

CortanaSignals_DatabaseInstanceFailure

Cortana::Storage::DatabaseStorage::Close

.rdata$brc

ReleaseSemaphore

CortanaSignals_CoreServicesStart

originatingContextId

RoGetMatchingRestrictedErrorInfo

\$ UVWAVAWH

|$ UATAUAVAWH

GetProcAddress

CreateEventExW

.bss$pr00

JetOpenDatabaseA

L#C0M

H!t$8

EseDatabase::PrepareTable

EseDatabase::JetErrToHR

lineNumber

ProductName

FindFirstFileW

Reminders: Version of Cortana DB doesn't match current version %d

CortanaSignals_LocationTriggerStaticDeviceTask_RemoteSession

CortanaSignals_SignalProcessingTask_StartCallbackProcessing

PE Information

Image Base	Entry Point	Reported Checksum	Actual Checksum	Minimum OS Version	PDB Path	Compile Time	Import Hash
0x140000000	0x000022a0	0x000492e8	0x000492e8	10.0	RemindersServer.pdb	2055-12-06 22:44:22	27230a880f40311b6d887da72985c51b

Version Infos

CompanyName	Microsoft Corporation
FileDescription	Reminders WinRT OOP Server
FileVersion	10.0.17763.292 (WinBuild.160101.0800)
InternalName	Reminders WinRT OOP Server
LegalCopyright	Â© Microsoft Corporation. All rights reserved.
OriginalFilename	RemindersServer.exe
ProductName	MicrosoftÂ® WindowsÂ® Operating System
ProductVersion	10.0.17763.292
Translation	0x0409 0x04b0

Sections

Name	RAW Address	Virtual Address	Virtual Size	Size of Raw Data	Characteristics	Entropy
.text	0x00000400	0x00001000	0x0002ccb7	0x0002ce00	IMAGE_SCN_CNT_CODE\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ	6.13
.rdata	0x0002d200	0x0002e000	0x00012956	0x00012a00	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ	4.82
.data	0x0003fc00	0x00041000	0x0000271c	0x00001c00	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE	3.67
.pdata	0x00041800	0x00044000	0x00003120	0x00003200	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ	5.33
.didat	0x00044a00	0x00048000	0x00000010	0x00000200	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE	0.08
.rsrc	0x00044c00	0x00049000	0x00000438	0x00000600	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ	2.57
.reloc	0x00045200	0x0004a000	0x00000a7c	0x00000c00	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_DISCARDABLE\|IMAGE_SCN_MEM_READ	5.19

Name	Offset	Size	Language	Sub-language	Entropy	File type
RT_VERSION	0x00049060	0x000003d4	LANG_ENGLISH	SUBLANG_ENGLISH_US	3.50	None

Imports

Name	Address
?_Xlength_error@std@@YAXPEBD@Z	0x140030ba8

Name	Address
_initterm_e	0x140030b30
_c_exit	0x140030b38
_register_thread_local_exe_atexit_callback	0x140030b40
_initterm	0x140030b48

Name	Address
memset	0x140030b58

Name	Address
_o__get_wide_winmain_command_line	0x140030a10
_o__initialize_onexit_table	0x140030a18
_o__initialize_wide_environment	0x140030a20
_o__invalid_parameter_noinfo	0x140030a28
_o__invalid_parameter_noinfo_noreturn	0x140030a30
_o__purecall	0x140030a38
_o__register_onexit_function	0x140030a40
_o__seh_filter_exe	0x140030a48
_o__set_app_type	0x140030a50
_o__set_fmode	0x140030a58
_o__set_new_mode	0x140030a60
memmove	0x140030a68
_o_exit	0x140030a70
_o_free	0x140030a78
_o_malloc	0x140030a80
_o_terminate	0x140030a88
_CxxThrowException	0x140030a90
_o__exit	0x140030a98
_o___stdio_common_vswprintf	0x140030aa0
_o___stdio_common_vsprintf	0x140030aa8
_o__errno	0x140030ab0
_o___stdio_common_vsnprintf_s	0x140030ab8
_o__crt_atexit	0x140030ac0
_o___std_exception_destroy	0x140030ac8
_o__configure_wide_argv	0x140030ad0
_o__configthreadlocale	0x140030ad8
_o___std_exception_copy	0x140030ae0
_o__cexit	0x140030ae8
_o__callnewh	0x140030af0
_o___p__commode	0x140030af8
__std_terminate	0x140030b00
__C_specific_handler	0x140030b08
__CxxFrameHandler3	0x140030b10
memcmp	0x140030b18
memcpy	0x140030b20

Name	Address
CoAddRefServerProcess	0x1400305e0
CoTaskMemAlloc	0x1400305e8
CoTaskMemRealloc	0x1400305f0
CoInitializeEx	0x1400305f8
CoCreateInstance	0x140030600
CoUninitialize	0x140030608
CoReleaseServerProcess	0x140030610
CoRegisterClassObject	0x140030618
CoTaskMemFree	0x140030620
CoResumeClassObjects	0x140030628
CoRevokeClassObject	0x140030630
CoCreateFreeThreadedMarshaler	0x140030638
CoWaitForMultipleHandles	0x140030640

Name	Address
InitializeCriticalSection	0x140030820
LeaveCriticalSection	0x140030828
SetEvent	0x140030830
DeleteCriticalSection	0x140030838
InitializeCriticalSectionAndSpinCount	0x140030840
InitializeCriticalSectionEx	0x140030848
ResetEvent	0x140030850
CreateEventExW	0x140030858
CreateEventW	0x140030860
EnterCriticalSection	0x140030868
CreateSemaphoreExW	0x140030870
InitializeSRWLock	0x140030878
AcquireSRWLockShared	0x140030880
CreateMutexExW	0x140030888
ReleaseSRWLockShared	0x140030890
OpenSemaphoreW	0x140030898
WaitForSingleObjectEx	0x1400308a0
AcquireSRWLockExclusive	0x1400308a8
ReleaseSemaphore	0x1400308b0
ReleaseSRWLockExclusive	0x1400308b8
ReleaseMutex	0x1400308c0
WaitForSingleObject	0x1400308c8

Name	Address
GetCurrentProcess	0x140030798
TerminateProcess	0x1400307a0
GetStartupInfoW	0x1400307a8
GetCurrentThreadId	0x1400307b0
GetCurrentProcessId	0x1400307b8

Name	Address
SetLastError	0x140030690
SetUnhandledExceptionFilter	0x140030698
UnhandledExceptionFilter	0x1400306a0
RaiseException	0x1400306a8
GetLastError	0x1400306b0

Name	Address
GetProcAddress	0x140030750
GetModuleHandleW	0x140030758
GetModuleFileNameA	0x140030760
GetModuleHandleExW	0x140030768

Name	Address
InitOnceBeginInitialize	0x1400308d8
InitOnceComplete	0x1400308e0

Name	Address
HeapAlloc	0x140030710
HeapFree	0x140030718
GetProcessHeap	0x140030720

Name	Address
WindowsCreateString	0x1400309c0
WindowsGetStringRawBuffer	0x1400309c8
WindowsConcatString	0x1400309d0
WindowsCompareStringOrdinal	0x1400309d8
WindowsDuplicateString	0x1400309e0
WindowsDeleteString	0x1400309e8
WindowsCreateStringReference	0x1400309f0
WindowsIsStringEmpty	0x1400309f8
WindowsStringHasEmbeddedNull	0x140030a00

Name	Address
EventRegister	0x140030b68
EventUnregister	0x140030b70
EventWriteTransfer	0x140030b78
EventActivityIdControl	0x140030b80
EventSetInformation	0x140030b88

Name	Address
EncodePointer	0x140030940
DecodePointer	0x140030948

Name	Address
RoUninitialize	0x140030988
RoActivateInstance	0x140030990
RoRegisterActivationFactories	0x140030998
RoRevokeActivationFactories	0x1400309a0
RoInitialize	0x1400309a8
RoGetActivationFactory	0x1400309b0

Name	Address
SetRestrictedErrorInfo	0x140030958
RoOriginateError	0x140030960
RoOriginateErrorW	0x140030968

Name	Address
FormatMessageW	0x140030778

Name	Address
DebugBreak	0x140030650
OutputDebugStringW	0x140030658
IsDebuggerPresent	0x140030660

Name	Address
CloseHandle	0x140030700

Name	Address
RoGetMatchingRestrictedErrorInfo	0x140030978

Name	Address
GetSystemTimeAsFileTime	0x140030900
GetTickCount	0x140030908

Name	Address
CompareStringOrdinal	0x140030808
WideCharToMultiByte	0x140030810

Name	Address
RtlVirtualUnwind	0x1400307e8
RtlLookupFunctionEntry	0x1400307f0
RtlCaptureContext	0x1400307f8

Name	Address
IsProcessorFeaturePresent	0x1400307c8

Name	Address
QueryPerformanceCounter	0x1400307d8

Name	Address
InitializeSListHead	0x140030740

Name	Address
SetThreadpoolTimer	0x140030918
CloseThreadpoolTimer	0x140030920
WaitForThreadpoolTimerCallbacks	0x140030928
CreateThreadpoolTimer	0x140030930

Name	Address
GetSystemMetrics	0x140030b98

Name	Address
JetPrepareUpdate	0x1400304f8
JetIndexRecordCount	0x140030500
JetSetCurrentIndexA	0x140030508
JetCommitTransaction	0x140030510
JetOpenTableA	0x140030518
JetSetIndexRange	0x140030520
JetSeek	0x140030528
JetCreateInstanceA	0x140030530
JetInit	0x140030538
JetMove	0x140030540
JetBeginTransaction	0x140030548
JetCreateTableColumnIndexA	0x140030550
JetSetColumns	0x140030558
JetRollback	0x140030560
JetUpdate	0x140030568
JetBeginSessionA	0x140030570
JetRetrieveColumn	0x140030578
JetEndSession	0x140030580
JetMakeKey	0x140030588
JetDelete	0x140030590
JetSetSystemParameterA	0x140030598
JetOpenDatabaseA	0x1400305a0
JetCloseDatabase	0x1400305a8
JetCloseTable	0x1400305b0
JetTerm2	0x1400305b8
JetGetTableColumnInfoA	0x1400305c0
JetAttachDatabaseA	0x1400305c8
JetCreateDatabaseA	0x1400305d0

Name	Address
ResolveDelayLoadedAPI	0x140030680

Name	Address
DelayLoadFailureHook	0x140030670

Name	Address
FindClose	0x1400306c0
CreateDirectoryW	0x1400306c8
GetFileAttributesW	0x1400306d0
DeleteFileW	0x1400306d8
FindFirstFileW	0x1400306e0
RemoveDirectoryW	0x1400306e8
FindNextFileW	0x1400306f0

Name	Address
WaitForMultipleObjects	0x1400308f0

Name	Address
PathAllocCombine	0x140030788

Name	Address
LocalFree	0x140030730

Reports: JSON

Statistics (98.66)

Usage

Processing ( 98.16 seconds )

90.208 ProcessMemory
7.296 CAPE
0.652 BehaviorAnalysis
0.005 AnalysisInfo
0.001 Debug

Signatures ( 0.13 seconds )

0.021 antiav_detectreg
0.009 infostealer_ftp
0.009 ransomware_files
0.009 territorial_disputes_sigs
0.007 antianalysis_detectfile
0.006 ransomware_extensions
0.005 antianalysis_detectreg
0.005 antiav_detectfile
0.005 infostealer_im
0.004 infostealer_mail
0.004 masquerade_process_name
0.003 infostealer_bitcoin
0.003 poullight_files
0.003 ursnif_behavior
0.002 antidebug_devices
0.002 antivm_vbox_files
0.002 antivm_vbox_keys
0.002 antivm_vmware_keys
0.002 geodo_banking_trojan
0.001 antivm_generic_diskreg
0.001 antivm_parallels_keys
0.001 antivm_vmware_files
0.001 antivm_vpc_keys
0.001 antivm_xen_keys
0.001 ketrican_regkeys
0.001 browser_security
0.001 darkcomet_regkeys
0.001 disables_backups
0.001 disables_browser_warn
0.001 disables_power_options
0.001 disables_windowsupdate
0.001 azorult_mutexes
0.001 cryptbot_files
0.001 echelon_files
0.001 qulab_files
0.001 revil_mutexes
0.001 limerat_regkeys
0.001 modirat_behavior
0.001 warzonerat_regkeys
0.001 recon_fingerprint
0.001 remcos_regkeys
0.001 suspicious_command_tools
0.001 uses_windows_utilities

Reporting ( 0.37 seconds )

0.34 CAPASummary
0.029 JsonDump

Signatures

Queries the keyboard layout

The PE file contains a PDB path

pdbpath: RemindersServer.pdb

SetUnhandledExceptionFilter detected (possible anti-debug)

At least one process apparently crashed during execution

Possible date expiration check, exits too soon after checking local time

process: dllhost.exe, PID 5816

The binary contains an unknown PE section name indicative of packing

unknown section: {'name': '.didat', 'raw_address': '0x00044a00', 'virtual_address': '0x00048000', 'virtual_size': '0x00000010', 'size_of_data': '0x00000200', 'characteristics': 'IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE', 'characteristics_raw': '0xc0000040', 'entropy': '0.08'}

Tries to unhook or modify Windows functions monitored by CAPE

unhook: function_name: ShellExecuteExW, type: removal

Checks the system manufacturer, likely for anti-virtualization

Process: FileCoAuth.exe (3832)
registry		HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer
Process: FileCoAuth.exe (4284)
registry		HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer
Process: FileCoAuth.exe (500)
registry		HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer

Yara detections observed in process dumps, payloads or dropped files

Hit: PID 3832 triggered the Yara rule 'shellcode_get_eip' with data '['{ E8 00 00 00 00 58 }']'

Hit: PID 4284 triggered the Yara rule 'shellcode_get_eip' with data '['{ E8 00 00 00 00 58 }']'

Hit: PID 500 triggered the Yara rule 'shellcode_get_eip' with data '['{ E8 00 00 00 00 58 }']'

Hit: PID 6208 triggered the Yara rule 'shellcode_get_eip' with data '['{ E8 00 00 00 00 59 }']'

Hit: PID 3968 triggered the Yara rule 'shellcode_get_eip' with data '['{ E8 00 00 00 00 58 }']'

Hit: PID 6576 triggered the Yara rule 'shellcode_get_eip' with data '['{ E8 00 00 00 00 58 }']'

Anomalous binary characteristics

anomaly: Entrypoint of binary is located outside of any mapped sections

Binary compilation timestomping detected

anomaly: Compilation timestamp is in the future

Enumerates physical drives

physical drive access: \??\PHYSICALDRIVE0

physical drive access: \??\PhysicalDrive0

Attempts to interact with an Alternate Data Stream (ADS)

file: C:\$Extend\$Quota:$Q:$INDEX_ALLOCATION

file: \??\Volume{01989354-0000-0000-0000-100000000000}\$Extend\$Quota:$Q:$INDEX_ALLOCATION

file: \??\Volume{01989354-0000-0000-0000-300300000000}\$Extend\$Quota:$Q:$INDEX_ALLOCATION

file: \??\Volume{01989354-0000-0000-0000-10e03f000000}\$Extend\$Quota:$Q:$INDEX_ALLOCATION

Screenshots

No screenshots available.

Hosts

No hosts contacted.

DNS

No domains contacted.

Summary

C:\Windows\System32\kernel.appcore.dll
\Device\CNG
C:\Windows\System32\en-US\KERNELBASE.dll.mui
C:\Windows\Globalization\Sorting\sortdefault.nls
C:\Windows\
C:\Windows\ServiceProfiles\
\??\PhysicalDrive0
C:\Windows\System32\wbem\WmiPrvSE.exe
C:\Users\Packager\AppData\Local\Microsoft\OneDrive\19.043.0304.0013\FileCoAuth.exe
C:\Windows\System32\SecurityHealthHost.exe
C:\Windows\System32\smartscreen.exe
C:\Windows\SysWOW64\smartscreen.exe
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\DeliveryOptimization\Logs\domgmt*.etl
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\DeliveryOptimization\Logs\domgmt.20241122_223814_928.etl
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\DeliveryOptimization\Logs\domgmt.20241125_171546_223.etl
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\DeliveryOptimization\Logs\domgmt.20250614_042951_520.etl
C:\Windows\System32\en-US\domgmt.dll.mui
C:\Windows\System32\policymanager.dll
C:\Windows\System32\msvcp110_win.dll
C:\Windows\SystemResources\USER32.dll.mun
C:\Windows\System32\en-US\USER32.dll.mui
C:\Windows\System32\rpcss.dll
\??\pipe\PIPE_EVENTROOT\CIMV2PROVIDERSUBSYSTEM
C:\Windows\System32\wtsapi32.dll
C:\Windows\System32\winsta.dll
C:\Windows\System32\tzres.dll
C:\Windows\System32\en-US\tzres.dll.mui
C:\Windows\System32\wmiclnt.dll
\??\WMIDataDevice
C:\Windows\System32\samcli.dll
C:\Windows\System32\srvcli.dll
C:\Windows\System32\netutils.dll
C:\Windows\System32\logoncli.dll
C:\Windows\System32\schedcli.dll
C:\Windows\System32\wkscli.dll
C:\Windows\System32\dsrole.dll
\??\PIPE\lsarpc
\??\PIPE\srvsvc
C:\Windows\System32\OemInfo.Ini
C:\Windows\System32\OemLogo.Bmp
C:\Users\Packager\AppData\Local\Microsoft\OneDrive\19.043.0304.0013\CRYPTSP.dll
C:\Windows\System32\cryptsp.dll
C:\Windows\System32\windows.storage.dll
C:\Users\Packager\AppData\Local\Microsoft\OneDrive\19.043.0304.0013\Wldp.dll
C:\Windows\System32\wldp.dll
C:\Users\Packager\AppData\Local\Microsoft\OneDrive\logs\Common
C:\Users\Packager\AppData\Local\Microsoft\OneDrive\logs\Common\FileCoAuth-2025-06-14.0434.3832.1.aodl
C:\Users\Packager\AppData\Local\Microsoft\OneDrive\logs\Common\FileCoAuth*.aodl
C:\Windows\sysnative\en-US\tzres.dll.mui
C:\Users\Packager\AppData\Local\Microsoft\OneDrive\logs\Common\FileCoAuth-2025-06-14.0434.3832.1.odl
C:\Users\Packager\AppData\Local\Microsoft\OneDrive\logs\Common\FileCoAuth*.odl
C:\Users\Packager\AppData\Local\Microsoft\OneDrive\logs\Common\FileCoAuth-2024-11-25.1741.6072.1.odl
C:\Users\Packager\AppData\Local\Microsoft\OneDrive\logs\Common\FileCoAuth-2024-11-25.1816.5756.1.odl
C:\Users\Packager\AppData\Local\Microsoft\OneDrive\logs\Common\FileCoAuth-2024-11-25.1845.6048.1.odl
C:\Users\Packager\AppData\Local\Microsoft\OneDrive\logs\Common\FileCoAuth-2024-11-25.1854.2316.1.odl
C:\Users\Packager\AppData\Local\Microsoft\OneDrive\logs\Common\FileCoAuth-2024-11-25.1913.1964.1.odl
C:\Users\Packager\AppData\Local\Microsoft\OneDrive\logs\Common\FileCoAuth-2024-11-25.2028.1120.1.odl
C:\Users\Packager\AppData\Local\Microsoft\OneDrive\logs\Common\FileCoAuth-2024-11-25.2052.6960.1.odl
C:\Users\Packager\AppData\Local\Microsoft\OneDrive\logs\Common\FileCoAuth-2024-11-25.2125.4072.1.odl
C:\Users\Packager\AppData\Local\Microsoft\OneDrive\logs\Common\FileCoAuth-2024-11-25.2133.5764.1.odl
C:\Users\Packager\AppData\Local\Microsoft\OneDrive\logs\Common\FileCoAuth*.odlsent
C:\Users\Packager\AppData\Local\Microsoft\OneDrive\logs\Common\FileCoAuth*.odlgz
C:\Program Files (x86)
C:\Users\Packager\AppData\Local\Microsoft\OneDrive\settings\PreSignInSettingsConfig.json
C:\Users\Packager\AppData\Local\Microsoft\OneDrive\logs\Common\FileCoAuth-2025-06-14.0434.4284.1.aodl
C:\Users\Packager\AppData\Local\Microsoft\OneDrive\logs\Common\FileCoAuth-2025-06-14.0434.4284.1.odl
C:\Windows\System32\wbem\en-US\cimwin32.dll.mui
C:\
C:\Windows\System32
C:\Windows\System32\
C:\Windows
C:
\??\MountPointManager
C:\$Extend\$Quota:$Q:$INDEX_ALLOCATION
\??\Volume{01989354-0000-0000-0000-100000000000}
\??\GLOBALROOT\Device\HarddiskVolume1
\??\Volume{01989354-0000-0000-0000-100000000000}\
\??\Volume{01989354-0000-0000-0000-100000000000}\$Extend\$Quota:$Q:$INDEX_ALLOCATION
\??\Volume{01989354-0000-0000-0000-300300000000}
\??\GLOBALROOT\Device\HarddiskVolume2
\??\Volume{01989354-0000-0000-0000-300300000000}\
\??\Volume{01989354-0000-0000-0000-300300000000}\$Extend\$Quota:$Q:$INDEX_ALLOCATION
\??\Volume{01989354-0000-0000-0000-10e03f000000}
\??\GLOBALROOT\Device\HarddiskVolume3
\??\Volume{01989354-0000-0000-0000-10e03f000000}\
\??\Volume{01989354-0000-0000-0000-10e03f000000}\$Extend\$Quota:$Q:$INDEX_ALLOCATION
\??\scsi#disk&ven_qemu&prod_harddisk#4&35424867&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}
\??\PHYSICALDRIVE0
C:\Windows\System32\clusapi.dll
C:\Windows\System32\dnsapi.dll
C:\Windows\System32\IPHLPAPI.DLL
\??\Nsi
\??\PIPE\wkssvc
C:\Windows\System32\iologmsg.dll
C:\Windows\System32\en-US\iologmsg.dll.mui
C:\Windows\System32\slc.dll
C:\Windows\System32\en-US\slc.dll.mui
C:\Windows\System32\sppc.dll
C:\Windows\System32\en-US\sppc.dll.mui
C:\Windows\System32\en-US\storagewmi.dll.mui
C:\Windows\System32\Syncreg.dll
C:\Windows\System32\en-US\Syncreg.dll.mui
C:\Windows\System32\tapi3.dll
C:\Windows\System32\en-US\tapi3.dll.mui
C:\Windows\System32\vdsutil.dll
C:\Windows\System32\en-US\vdsutil.dll.mui
C:\Windows\System32\vsstrace.dll
C:\Windows\System32\en-US\vsstrace.dll.mui
C:\Windows\System32\wbem\en-US\wmiutils.dll.mui
C:\Windows\System32\msasn1.dll
C:\Windows\System32\dhcpcsvc6.DLL
C:\Windows\System32\dhcpcsvc.dll
\DEVICE\NETBT_TCPIP_{CC6EEB36-5AE2-46BE-81A9-5F0B62ECF81F}
\DEVICE\NETBT_TCPIP_{27E3D6D8-A922-11EF-90C1-806E6F6E6963}
\Device\Afd\Endpoint
\Device\RasAcd
C:\Windows\System32\perfc009.dat
C:\Windows\System32\drivers\Synth3dVsc.sys
C:\Windows\System32\SystemResources\Synth3dVsc.sys.mun
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WorkflowServiceHostPerformanceCounters.dll
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\en-US\WorkflowServiceHostPerformanceCounters.dll.mui
C:\Windows\System32\lsm.dll
C:\Windows\System32\en-US\lsm.dll.mui
C:\Windows\System32\HvHostSvc.dll
C:\Windows\System32\en-US\HvHostSvc.dll.mui
C:\Windows\System32\drivers\pacer.sys
C:\Windows\System32\drivers\en-US\pacer.sys.mui
C:\Windows\System32\FWPUCLNT.DLL
C:\Windows\System32\en-US\fwpuclnt.dll.mui
C:\Windows\System32\pnrpsvc.dll
C:\Windows\System32\en-US\pnrpsvc.dll.mui
C:\Windows\System32\azroles.dll
C:\Windows\System32\en-US\AzRoles.dll.mui
C:\Windows\System32\FXSRESM.dll
C:\Windows\System32\en-US\fxsresm.dll.mui
C:\Windows\System32\drivers\afd.sys
C:\Windows\System32\drivers\en-US\afd.sys.mui
C:\Windows\System32\drivers\fvevol.sys
C:\Windows\System32\drivers\en-US\fvevol.sys.mui
C:\Windows\System32\drivers\spaceport.sys
C:\Windows\System32\drivers\en-US\spaceport.sys.mui
C:\Windows\System32\drivers\refs.sys
C:\Windows\System32\drivers\en-US\refs.sys.mui
C:\Windows\System32\mispace.dll
C:\Windows\System32\en-US\mispace.dll.mui
C:\Windows\System32\drivers\vmbkmcl.sys
C:\Windows\System32\drivers\en-US\vmbkmcl.sys.mui
C:\Windows\System32\drivers\en\vmbkmcl.sys.mui
C:\Windows\System32\drivers\smbdirect.sys
C:\Windows\System32\drivers\en-US\smbdirect.sys.mui
C:\Windows\System32\cscsvc.dll
C:\Windows\System32\en-US\cscsvc.dll.mui
C:\Windows\System32\iphlpsvc.dll
C:\Windows\System32\en-US\iphlpsvc.dll.mui
C:\Windows\System32\drivers\dmvsc.sys
C:\Windows\System32\drivers\en-US\dmvsc.sys.mui
C:\Windows\System32\bthserv.dll
C:\Windows\System32\en-US\bthserv.dll.mui
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelPerformanceCounters.dll
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\en-US\ServiceModelPerformanceCounters.dll.mui
C:\Windows\System32\umpoext.dll
C:\Windows\System32\en-US\umpoext.dll.mui
C:\Windows\System32\drivers\tcpip.sys
C:\Windows\System32\drivers\en-US\tcpip.sys.mui
C:\Windows\System32\drivers\winnat.sys
C:\Windows\System32\drivers\en-US\winnat.sys.mui
C:\Windows\System32\drivers\http.sys
C:\Windows\System32\drivers\en-US\http.sys.mui
C:\Windows\System32\WindowsPowerShell\v1.0\PSEvents.dll
C:\Windows\System32\WindowsPowerShell\v1.0\en-US\PSEvents.dll.mui
C:\Windows\System32\drivers\dxgmms2.sys
C:\Windows\System32\drivers\en-US\dxgmms2.sys.mui
C:\Windows\System32\drivers\en\dxgmms2.sys.mui
C:\Windows\System32\wmp.dll
C:\Windows\System32\rdpcorets.dll
C:\Windows\System32\en-US\rdpcorets.dll.mui
C:\Windows\System32\drivers\srv2.sys
C:\Windows\System32\drivers\en-US\srv2.sys.mui
C:\Windows\System32\netlogon.dll
C:\Windows\System32\en-US\NetLogon.dll.mui
C:\Windows\System32\drivers\USBXHCI.SYS
C:\Windows\System32\drivers\en-US\usbxhci.sys.mui
C:\Windows\System32\drt.dll
C:\Windows\System32\en-US\drt.dll.mui
C:\Windows\System32\drivers\ndis.sys
C:\Windows\System32\drivers\en-US\ndis.sys.mui
C:\Windows\System32\advapi32res.dll
C:\Windows\System32\en-US\advapi32res.dll.mui
C:\Windows\System32\w32time.dll
C:\Windows\System32\en-US\w32time.dll.mui
C:\Windows\System32\drivers\mrxsmb.sys
C:\Windows\System32\drivers\en-US\mrxsmb.sys.mui
C:\Windows\System32\appvetwclientres.dll
C:\Windows\System32\wevtsvc.dll
C:\Windows\System32\en-US\wevtsvc.dll.mui
C:\Windows\System32\PeerDistSvc.dll
C:\Windows\System32\en-US\PeerDistSvc.dll.mui
C:\Windows\System32\WsmRes.dll
C:\Windows\System32\en-US\WsmRes.dll.mui
C:\Windows\System32\vid.dll
C:\Windows\System32\en-US\vid.dll.mui
C:\Windows\System32\mprddm.dll
C:\Windows\System32\en-US\mprddm.dll.mui
C:\Windows\System32\perfh009.dat
\??\UNC\WORKGROUP*\MAILSLOT\NET\NETLOGON
C:\Windows\System32\en-US\ACTIVEDS.dll.mui
C:\Windows\System32\powrprof.dll
C:\Windows\System32\en-US\powrprof.dll.mui
C:\Users\Packager\AppData\Local\Microsoft\OneDrive\logs\Common\FileCoAuth-2025-06-14.0454.500.1.aodl
C:\Users\Packager\AppData\Local\Microsoft\OneDrive\logs\Common\FileCoAuth-2025-06-14.0454.500.1.odl

\??\pipe\PIPE_EVENTROOT\CIMV2PROVIDERSUBSYSTEM
\??\WMIDataDevice
\??\PIPE\lsarpc
\??\PIPE\srvsvc
C:\Users\Packager\AppData\Local\Microsoft\OneDrive\logs\Common
C:\Users\Packager\AppData\Local\Microsoft\OneDrive\logs\Common\FileCoAuth-2025-06-14.0434.3832.1.aodl
C:\Users\Packager\AppData\Local\Microsoft\OneDrive\logs\Common\FileCoAuth-2025-06-14.0434.3832.1.odl
C:\Users\Packager\AppData\Local\Microsoft\OneDrive\logs\Common\FileCoAuth-2025-06-14.0434.4284.1.aodl
C:\Users\Packager\AppData\Local\Microsoft\OneDrive\logs\Common\FileCoAuth-2025-06-14.0434.4284.1.odl
C:\$Extend\$Quota:$Q:$INDEX_ALLOCATION
\??\PIPE\wkssvc
\Device\Afd\Endpoint
\Device\RasAcd
\??\UNC\WORKGROUP*\MAILSLOT\NET\NETLOGON
C:\Users\Packager\AppData\Local\Microsoft\OneDrive\logs\Common\FileCoAuth-2025-06-14.0454.500.1.aodl
C:\Users\Packager\AppData\Local\Microsoft\OneDrive\logs\Common\FileCoAuth-2025-06-14.0454.500.1.odl

C:\Users\Packager\AppData\Local\Microsoft\OneDrive\logs\Common\FileCoAuth-2025-06-14.0434.3832.1.aodl
C:\Users\Packager\AppData\Local\Microsoft\OneDrive\logs\Common\FileCoAuth-2024-11-25.2133.5764.1.odl
C:\Users\Packager\AppData\Local\Microsoft\OneDrive\logs\Common\FileCoAuth-2024-11-25.2125.4072.1.odl
C:\Users\Packager\AppData\Local\Microsoft\OneDrive\logs\Common\FileCoAuth-2024-11-25.2052.6960.1.odl
C:\Users\Packager\AppData\Local\Microsoft\OneDrive\logs\Common\FileCoAuth-2024-11-25.2028.1120.1.odl
C:\Users\Packager\AppData\Local\Microsoft\OneDrive\logs\Common\FileCoAuth-2024-11-25.1913.1964.1.odl
C:\Users\Packager\AppData\Local\Microsoft\OneDrive\logs\Common\FileCoAuth-2024-11-25.1854.2316.1.odl
C:\Users\Packager\AppData\Local\Microsoft\OneDrive\logs\Common\FileCoAuth-2024-11-25.1845.6048.1.odl
C:\Users\Packager\AppData\Local\Microsoft\OneDrive\logs\Common\FileCoAuth-2024-11-25.1816.5756.1.odl
C:\Users\Packager\AppData\Local\Microsoft\OneDrive\logs\Common\FileCoAuth-2024-11-25.1741.6072.1.odl
C:\Users\Packager\AppData\Local\Microsoft\OneDrive\logs\Common\FileCoAuth-2025-06-14.0434.4284.1.aodl
C:\Users\Packager\AppData\Local\Microsoft\OneDrive\logs\Common\FileCoAuth-2025-06-14.0454.500.1.aodl

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\STE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\Enabled
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\MDMEnabled
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Policies\Microsoft\Cryptography\Configuration
HKEY_LOCAL_MACHINE\Software\Microsoft\OLE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\MaxSxSHashCount
HKEY_LOCAL_MACHINE\Software\Classes
HKEY_LOCAL_MACHINE\Software\Microsoft\COM3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\COM3\Com+Enabled
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.System.MemoryManager
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.System.MemoryManager\ActivationType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.System.MemoryManager\Server
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.System.MemoryManager\DllPath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.System.MemoryManager\Threading
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.System.MemoryManager\TrustLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.System.MemoryManager\CustomAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.System.MemoryManager\RemoteServer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.System.MemoryManager\ActivateAsUser
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.System.MemoryManager\ActivateInSharedBroker
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.System.MemoryManager\ActivateInBrokerForMediumILContainer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.System.MemoryManager\Permissions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.System.MemoryManager\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\Diagnosis
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Core.CoreApplication
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Core.CoreApplication\ActivationType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Core.CoreApplication\Server
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Core.CoreApplication\DllPath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Core.CoreApplication\Threading
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Core.CoreApplication\TrustLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Core.CoreApplication\CustomAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Core.CoreApplication\RemoteServer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Core.CoreApplication\ActivateAsUser
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Core.CoreApplication\ActivateInSharedBroker
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Core.CoreApplication\ActivateInBrokerForMediumILContainer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Core.CoreApplication\Permissions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Core.CoreApplication\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.Collections.PropertySet
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.Collections.PropertySet\ActivationType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.Collections.PropertySet\Server
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.Collections.PropertySet\DllPath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.Collections.PropertySet\Threading
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.Collections.PropertySet\TrustLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.Collections.PropertySet\CustomAttributes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.Collections.PropertySet\RemoteServer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.Collections.PropertySet\ActivateAsUser
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.Collections.PropertySet\ActivateInSharedBroker
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.Collections.PropertySet\ActivateInBrokerForMediumILContainer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.Collections.PropertySet\Permissions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.Collections.PropertySet\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\Software\Microsoft\XAML
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\XAML\OneCoreTransformsEnabledByDefault
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\StateSeparation\RedirectionMap\Keys
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Appx
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Appx\AllowDevelopmentWithoutDevLicense
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModelUnlock
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModelUnlock\AllowDevelopmentWithoutDevLicense
HKEY_LOCAL_MACHINE\Software\Microsoft\OLE\AppCompat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\RaiseActivationAuthenticationLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\RemindersServer.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\RaiseDefaultAuthnLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\DefaultAccessPermission
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{00000134-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{338579BF-1A35-5CC4-A622-A6F384FD892C}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{338579BF-1A35-5CC4-A622-A6F384FD892C}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{338579BF-1A35-5CC4-A622-A6F384FD892C}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\InProcServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\InProcServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\InprocHandler32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\InprocHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\AppID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\LocalServer
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\Elevation
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C50898F6-C536-5F47-8583-8B2C2438A13B}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{c50898f6-c536-5f47-8583-8b2c2438a13b}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{c50898f6-c536-5f47-8583-8b2c2438a13b}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11659A23-5884-4D1B-9CF6-67D6F4F90B36}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\InProcServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\InProcServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\InprocHandler32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\InprocHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\AppID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\LocalServer
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\Elevation
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\PLM
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\PLM\InProcBgTaskResumeOverride
HKEY_LOCAL_MACHINE\Software\Microsoft\LanguageOverlay\OverlayPackages\en-US
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLEAUT
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\CustomLocale
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-US
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\ExtendedLocale
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-US
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Versions\000603xx
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Sorting\Ids
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Ids\en-US
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Ids\en
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\GRE_Initialize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableUmpdBufferSizeCheck
HKEY_CURRENT_USER\Software\Classes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\LocalService
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\DllSurrogate
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\RunAs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\ActivateAtStorage
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\ROTFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\AppIDFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\MGOTFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\ProcessMitigationPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\LaunchPermission
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\LegacyAuthenticationLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\LegacyImpersonationLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\AuthenticationLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\RemoteServerName
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\SRPTrustLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\PreferredServerBitness
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\LoadUserSettings
HKEY_CURRENT_USER
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\ProtectionLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\AccessPermission
HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc\Extensions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\NdrOleExtDLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\InProcServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\InProcServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\InprocHandler32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\InprocHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\AppID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\LocalServer
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\Elevation
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DDA0424F-9478-40FF-9B21-099EC9FFCBAE}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DDA0424F-9478-40FF-9B21-099EC9FFCBAE}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DDA0424F-9478-40FF-9B21-099EC9FFCBAE}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A6FF50C0-56C0-71CA-5732-BED303A59628}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A6FF50C0-56C0-71CA-5732-BED303A59628}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A6FF50C0-56C0-71CA-5732-BED303A59628}\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A6FF50C0-56C0-71CA-5732-BED303A59628}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A6FF50C0-56C0-71CA-5732-BED303A59628}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A6FF50C0-56C0-71CA-5732-BED303A59628}\InProcServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A6FF50C0-56C0-71CA-5732-BED303A59628}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A6FF50C0-56C0-71CA-5732-BED303A59628}\InProcServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A6FF50C0-56C0-71CA-5732-BED303A59628}\InprocHandler32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A6FF50C0-56C0-71CA-5732-BED303A59628}\InprocHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A6FF50C0-56C0-71CA-5732-BED303A59628}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A6FF50C0-56C0-71CA-5732-BED303A59628}\AppID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A6FF50C0-56C0-71CA-5732-BED303A59628}\LocalServer
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A6FF50C0-56C0-71CA-5732-BED303A59628}\Elevation
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization\MajorVersion
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Config
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Settings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Local AppData
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-20
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-20\ProfileImagePath
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Config\UsagePolicy
HKEY_LOCAL_MACHINE\Software\Microsoft\PolicyManager\default\DeliveryOptimization\DODownloadMode
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DODownloadMode\PolicyType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DODownloadMode\Behavior
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DODownloadMode\MergeAlgorithm
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DODownloadMode\RegKeyPathRedirectMapped
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DODownloadMode\RegKeyPathRedirect
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DODownloadMode\grouppolicyname
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DODownloadMode\grouppolicypath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DODownloadMode\grouppolicyismultisz
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DODownloadMode\grouppolicymultiszSeparatorChar
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DODownloadMode\ADMXMetadataUser
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DODownloadMode\ADMXMetadataDevice
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DODownloadMode\ADMXMetadataBoth
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DODownloadMode\Value
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DeliveryOptimization
HKEY_LOCAL_MACHINE\Software\Microsoft\PolicyManager\current\Device\DeliveryOptimization
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Settings\DownloadMode
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Config\DownloadMode_BackCompat
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Config\DODownloadMode
HKEY_LOCAL_MACHINE\Software\Microsoft\PolicyManager\default\DeliveryOptimization\DOSetHoursToLimitForegroundDownloadBandwidth
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DOSetHoursToLimitForegroundDownloadBandwidth\PolicyType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DOSetHoursToLimitForegroundDownloadBandwidth\Behavior
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DOSetHoursToLimitForegroundDownloadBandwidth\MergeAlgorithm
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DOSetHoursToLimitForegroundDownloadBandwidth\RegKeyPathRedirectMapped
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DOSetHoursToLimitForegroundDownloadBandwidth\grouppolicyname
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DOSetHoursToLimitForegroundDownloadBandwidth\grouppolicypath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DOSetHoursToLimitForegroundDownloadBandwidth\grouppolicyismultisz
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DOSetHoursToLimitForegroundDownloadBandwidth\grouppolicymultiszSeparatorChar
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DOSetHoursToLimitForegroundDownloadBandwidth\ADMXMetadataUser
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DOSetHoursToLimitForegroundDownloadBandwidth\ADMXMetadataDevice
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DOSetHoursToLimitForegroundDownloadBandwidth\ADMXMetadataBoth
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DOSetHoursToLimitForegroundDownloadBandwidth\Value
HKEY_LOCAL_MACHINE\Software\Microsoft\PolicyManager\default\DeliveryOptimization\DOPercentageMaxForegroundBandwidth
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DOPercentageMaxForegroundBandwidth\PolicyType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DOPercentageMaxForegroundBandwidth\Behavior
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DOPercentageMaxForegroundBandwidth\MergeAlgorithm
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DOPercentageMaxForegroundBandwidth\RegKeyPathRedirectMapped
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DOPercentageMaxForegroundBandwidth\RegKeyPathRedirect
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DOPercentageMaxForegroundBandwidth\grouppolicyname
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DOPercentageMaxForegroundBandwidth\grouppolicypath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DOPercentageMaxForegroundBandwidth\grouppolicyismultisz
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DOPercentageMaxForegroundBandwidth\grouppolicymultiszSeparatorChar
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DOPercentageMaxForegroundBandwidth\ADMXMetadataUser
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DOPercentageMaxForegroundBandwidth\ADMXMetadataDevice
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DOPercentageMaxForegroundBandwidth\ADMXMetadataBoth
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DOPercentageMaxForegroundBandwidth\Value
HKEY_LOCAL_MACHINE\Software\Microsoft\PolicyManager\default\DeliveryOptimization\DOMaxForegroundDownloadBandwidth
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DOMaxForegroundDownloadBandwidth\PolicyType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DOMaxForegroundDownloadBandwidth\Behavior
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DOMaxForegroundDownloadBandwidth\MergeAlgorithm
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DOMaxForegroundDownloadBandwidth\RegKeyPathRedirectMapped
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DOMaxForegroundDownloadBandwidth\RegKeyPathRedirect
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DOMaxForegroundDownloadBandwidth\grouppolicyname
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DOMaxForegroundDownloadBandwidth\grouppolicypath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DOMaxForegroundDownloadBandwidth\grouppolicyismultisz
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DOMaxForegroundDownloadBandwidth\grouppolicymultiszSeparatorChar
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DOMaxForegroundDownloadBandwidth\ADMXMetadataUser
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DOMaxForegroundDownloadBandwidth\ADMXMetadataDevice
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DOMaxForegroundDownloadBandwidth\ADMXMetadataBoth
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DOMaxForegroundDownloadBandwidth\Value
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Settings\DownloadRateForegroundBps
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Settings\DownloadRateForegroundPct
HKEY_LOCAL_MACHINE\Software\Microsoft\PolicyManager\default\DeliveryOptimization\DOSetHoursToLimitBackgroundDownloadBandwidth
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DOSetHoursToLimitBackgroundDownloadBandwidth\PolicyType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DOSetHoursToLimitBackgroundDownloadBandwidth\Behavior
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DOSetHoursToLimitBackgroundDownloadBandwidth\MergeAlgorithm
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DOSetHoursToLimitBackgroundDownloadBandwidth\RegKeyPathRedirectMapped
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DOSetHoursToLimitBackgroundDownloadBandwidth\grouppolicyname
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DOSetHoursToLimitBackgroundDownloadBandwidth\grouppolicypath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DOSetHoursToLimitBackgroundDownloadBandwidth\grouppolicyismultisz
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DOSetHoursToLimitBackgroundDownloadBandwidth\grouppolicymultiszSeparatorChar
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DOSetHoursToLimitBackgroundDownloadBandwidth\ADMXMetadataUser
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DOSetHoursToLimitBackgroundDownloadBandwidth\ADMXMetadataDevice
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DOSetHoursToLimitBackgroundDownloadBandwidth\ADMXMetadataBoth
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DOSetHoursToLimitBackgroundDownloadBandwidth\Value
HKEY_LOCAL_MACHINE\Software\Microsoft\PolicyManager\default\DeliveryOptimization\DOPercentageMaxBackgroundBandwidth
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DOPercentageMaxBackgroundBandwidth\PolicyType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DOPercentageMaxBackgroundBandwidth\Behavior
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DOPercentageMaxBackgroundBandwidth\MergeAlgorithm
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DOPercentageMaxBackgroundBandwidth\RegKeyPathRedirectMapped
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DOPercentageMaxBackgroundBandwidth\RegKeyPathRedirect
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DOPercentageMaxBackgroundBandwidth\grouppolicyname
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DOPercentageMaxBackgroundBandwidth\grouppolicypath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DOPercentageMaxBackgroundBandwidth\grouppolicyismultisz
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DOPercentageMaxBackgroundBandwidth\grouppolicymultiszSeparatorChar
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DOPercentageMaxBackgroundBandwidth\ADMXMetadataUser
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DOPercentageMaxBackgroundBandwidth\ADMXMetadataDevice
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DOPercentageMaxBackgroundBandwidth\ADMXMetadataBoth
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DOPercentageMaxBackgroundBandwidth\Value
HKEY_LOCAL_MACHINE\Software\Microsoft\PolicyManager\default\DeliveryOptimization\DOMaxBackgroundDownloadBandwidth
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DOMaxBackgroundDownloadBandwidth\PolicyType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DOMaxBackgroundDownloadBandwidth\Behavior
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DOMaxBackgroundDownloadBandwidth\MergeAlgorithm
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DOMaxBackgroundDownloadBandwidth\RegKeyPathRedirectMapped
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DOMaxBackgroundDownloadBandwidth\RegKeyPathRedirect
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DOMaxBackgroundDownloadBandwidth\grouppolicyname
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DOMaxBackgroundDownloadBandwidth\grouppolicypath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DOMaxBackgroundDownloadBandwidth\grouppolicyismultisz
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DOMaxBackgroundDownloadBandwidth\grouppolicymultiszSeparatorChar
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DOMaxBackgroundDownloadBandwidth\ADMXMetadataUser
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DOMaxBackgroundDownloadBandwidth\ADMXMetadataDevice
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DOMaxBackgroundDownloadBandwidth\ADMXMetadataBoth
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DOMaxBackgroundDownloadBandwidth\Value
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Settings\DownloadRateBackgroundBps
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Settings\DownloadRateBackgroundPct
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Settings\UpRatePctBandwidth
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Config\UpRatePctBandwidth
HKEY_LOCAL_MACHINE\Software\Microsoft\PolicyManager\default\DeliveryOptimization\DOMonthlyUploadDataCap
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DOMonthlyUploadDataCap\PolicyType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DOMonthlyUploadDataCap\Behavior
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DOMonthlyUploadDataCap\MergeAlgorithm
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DOMonthlyUploadDataCap\RegKeyPathRedirectMapped
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DOMonthlyUploadDataCap\RegKeyPathRedirect
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DOMonthlyUploadDataCap\grouppolicyname
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DOMonthlyUploadDataCap\grouppolicypath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DOMonthlyUploadDataCap\grouppolicyismultisz
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DOMonthlyUploadDataCap\grouppolicymultiszSeparatorChar
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DOMonthlyUploadDataCap\ADMXMetadataUser
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DOMonthlyUploadDataCap\ADMXMetadataDevice
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DOMonthlyUploadDataCap\ADMXMetadataBoth
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DOMonthlyUploadDataCap\Value
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Settings\UploadLimitGBMonth
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Config\UploadLimitGBMonth
HKEY_CURRENT_USER\Software\Microsoft\OneDrive
HKEY_CURRENT_USER\SOFTWARE\Microsoft\OneDrive\FileCoAuthTelemetryRampStatus
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Time Zones\Pacific Standard Time\Dynamic DST
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Pacific Standard Time\Dynamic DST\FirstEntry
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Pacific Standard Time\Dynamic DST\LastEntry
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Pacific Standard Time\Dynamic DST\2025
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Pacific Standard Time\Dynamic DST\2007
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Pacific Standard Time\Dynamic DST\2024
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SystemInformation
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\Personalize
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\Personalize\AppsUseLightTheme
HKEY_CURRENT_USER\Software\Classes\CLSID\{94269C4E-071A-4116-90E6-52E557067E4E}
HKEY_CURRENT_USER\Software\Classes\WOW6432Node\CLSID\{94269C4E-071A-4116-90E6-52E557067E4E}\TreatAs
HKEY_LOCAL_MACHINE\Software\Classes\WOW6432Node\CLSID\{94269C4E-071A-4116-90E6-52E557067E4E}\TreatAs
HKEY_LOCAL_MACHINE\Software\Classes\WOW6432Node\CLSID\{94269C4E-071A-4116-90E6-52E557067E4E}
HKEY_CURRENT_USER\Software\Classes\WOW6432Node\CLSID\{94269C4E-071A-4116-90E6-52E557067E4E}\(Default)
HKEY_CURRENT_USER\Software\Classes\WOW6432Node\CLSID\{94269C4E-071A-4116-90E6-52E557067E4E}\InprocServer32
HKEY_LOCAL_MACHINE\Software\Classes\WOW6432Node\CLSID\{94269C4E-071A-4116-90E6-52E557067E4E}\InprocServer32
HKEY_CURRENT_USER\Software\Classes\WOW6432Node\CLSID\{94269C4E-071A-4116-90E6-52E557067E4E}\InprocHandler32
HKEY_LOCAL_MACHINE\Software\Classes\WOW6432Node\CLSID\{94269C4E-071A-4116-90E6-52E557067E4E}\InprocHandler32
HKEY_CURRENT_USER\Software\Classes\WOW6432Node\CLSID\{94269C4E-071A-4116-90E6-52E557067E4E}\InprocHandler
HKEY_LOCAL_MACHINE\Software\Classes\WOW6432Node\CLSID\{94269C4E-071A-4116-90E6-52E557067E4E}\InprocHandler
HKEY_CURRENT_USER\Software\Classes\AppID\FileCoAuth.exe
HKEY_LOCAL_MACHINE\Software\Classes\AppID\FileCoAuth.exe
HKEY_CURRENT_USER\Software\Classes\Interface\{00000134-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{00000134-0000-0000-C000-000000000046}
HKEY_CURRENT_USER\Software\Classes\WOW6432Node\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Classes\CLSID\{9489FEB2-1925-4D01-B788-6D912C70F7F2}
HKEY_CURRENT_USER\Software\Classes\WOW6432Node\CLSID\{9489FEB2-1925-4D01-B788-6D912C70F7F2}\TreatAs
HKEY_LOCAL_MACHINE\Software\Classes\WOW6432Node\CLSID\{9489FEB2-1925-4D01-B788-6D912C70F7F2}\TreatAs
HKEY_LOCAL_MACHINE\Software\Classes\WOW6432Node\CLSID\{9489FEB2-1925-4D01-B788-6D912C70F7F2}
HKEY_CURRENT_USER\Software\Classes\WOW6432Node\CLSID\{9489FEB2-1925-4D01-B788-6D912C70F7F2}\(Default)
HKEY_CURRENT_USER\Software\Classes\WOW6432Node\CLSID\{9489FEB2-1925-4D01-B788-6D912C70F7F2}\InprocServer32
HKEY_LOCAL_MACHINE\Software\Classes\WOW6432Node\CLSID\{9489FEB2-1925-4D01-B788-6D912C70F7F2}\InprocServer32
HKEY_CURRENT_USER\Software\Classes\WOW6432Node\CLSID\{9489FEB2-1925-4D01-B788-6D912C70F7F2}\InprocHandler32
HKEY_LOCAL_MACHINE\Software\Classes\WOW6432Node\CLSID\{9489FEB2-1925-4D01-B788-6D912C70F7F2}\InprocHandler32
HKEY_CURRENT_USER\Software\Classes\WOW6432Node\CLSID\{9489FEB2-1925-4D01-B788-6D912C70F7F2}\InprocHandler
HKEY_LOCAL_MACHINE\Software\Classes\WOW6432Node\CLSID\{9489FEB2-1925-4D01-B788-6D912C70F7F2}\InprocHandler
HKEY_CURRENT_USER\Software\Classes\CLSID\{A926714B-7BFC-4D08-A035-80021395FFA8}
HKEY_CURRENT_USER\Software\Classes\WOW6432Node\CLSID\{A926714B-7BFC-4D08-A035-80021395FFA8}\TreatAs
HKEY_LOCAL_MACHINE\Software\Classes\WOW6432Node\CLSID\{A926714B-7BFC-4D08-A035-80021395FFA8}\TreatAs
HKEY_LOCAL_MACHINE\Software\Classes\WOW6432Node\CLSID\{A926714B-7BFC-4D08-A035-80021395FFA8}
HKEY_CURRENT_USER\Software\Classes\WOW6432Node\CLSID\{A926714B-7BFC-4D08-A035-80021395FFA8}\(Default)
HKEY_CURRENT_USER\Software\Classes\WOW6432Node\CLSID\{A926714B-7BFC-4D08-A035-80021395FFA8}\InprocServer32
HKEY_LOCAL_MACHINE\Software\Classes\WOW6432Node\CLSID\{A926714B-7BFC-4D08-A035-80021395FFA8}\InprocServer32
HKEY_CURRENT_USER\Software\Classes\WOW6432Node\CLSID\{A926714B-7BFC-4D08-A035-80021395FFA8}\InprocHandler32
HKEY_LOCAL_MACHINE\Software\Classes\WOW6432Node\CLSID\{A926714B-7BFC-4D08-A035-80021395FFA8}\InprocHandler32
HKEY_CURRENT_USER\Software\Classes\WOW6432Node\CLSID\{A926714B-7BFC-4D08-A035-80021395FFA8}\InprocHandler
HKEY_LOCAL_MACHINE\Software\Classes\WOW6432Node\CLSID\{A926714B-7BFC-4D08-A035-80021395FFA8}\InprocHandler
HKEY_CURRENT_USER\Software\Classes\CLSID\{389510B7-9E58-40D7-98BF-60B911CB0EA9}
HKEY_CURRENT_USER\Software\Classes\WOW6432Node\CLSID\{389510b7-9e58-40d7-98bf-60b911cb0ea9}\TreatAs
HKEY_LOCAL_MACHINE\Software\Classes\WOW6432Node\CLSID\{389510b7-9e58-40d7-98bf-60b911cb0ea9}\TreatAs
HKEY_LOCAL_MACHINE\Software\Classes\WOW6432Node\CLSID\{389510b7-9e58-40d7-98bf-60b911cb0ea9}
HKEY_CURRENT_USER\Software\Classes\WOW6432Node\CLSID\{389510b7-9e58-40d7-98bf-60b911cb0ea9}\(Default)
HKEY_CURRENT_USER\Software\Classes\WOW6432Node\CLSID\{389510b7-9e58-40d7-98bf-60b911cb0ea9}\InprocServer32
HKEY_LOCAL_MACHINE\Software\Classes\WOW6432Node\CLSID\{389510b7-9e58-40d7-98bf-60b911cb0ea9}\InprocServer32
HKEY_CURRENT_USER\Software\Classes\WOW6432Node\CLSID\{389510b7-9e58-40d7-98bf-60b911cb0ea9}\InprocHandler32
HKEY_LOCAL_MACHINE\Software\Classes\WOW6432Node\CLSID\{389510b7-9e58-40d7-98bf-60b911cb0ea9}\InprocHandler32
HKEY_CURRENT_USER\Software\Classes\WOW6432Node\CLSID\{389510b7-9e58-40d7-98bf-60b911cb0ea9}\InprocHandler
HKEY_LOCAL_MACHINE\Software\Classes\WOW6432Node\CLSID\{389510b7-9e58-40d7-98bf-60b911cb0ea9}\InprocHandler
HKEY_CURRENT_USER\Software\Classes\CLSID\{021E4F06-9DCC-49AD-88CF-ECC2DA314C8A}
HKEY_CURRENT_USER\Software\Classes\WOW6432Node\CLSID\{021E4F06-9DCC-49AD-88CF-ECC2DA314C8A}\TreatAs
HKEY_LOCAL_MACHINE\Software\Classes\WOW6432Node\CLSID\{021E4F06-9DCC-49AD-88CF-ECC2DA314C8A}\TreatAs
HKEY_LOCAL_MACHINE\Software\Classes\WOW6432Node\CLSID\{021E4F06-9DCC-49AD-88CF-ECC2DA314C8A}
HKEY_CURRENT_USER\Software\Classes\WOW6432Node\CLSID\{021E4F06-9DCC-49AD-88CF-ECC2DA314C8A}\(Default)
HKEY_CURRENT_USER\Software\Classes\WOW6432Node\CLSID\{021E4F06-9DCC-49AD-88CF-ECC2DA314C8A}\InprocServer32
HKEY_LOCAL_MACHINE\Software\Classes\WOW6432Node\CLSID\{021E4F06-9DCC-49AD-88CF-ECC2DA314C8A}\InprocServer32
HKEY_CURRENT_USER\Software\Classes\WOW6432Node\CLSID\{021E4F06-9DCC-49AD-88CF-ECC2DA314C8A}\InprocHandler32
HKEY_LOCAL_MACHINE\Software\Classes\WOW6432Node\CLSID\{021E4F06-9DCC-49AD-88CF-ECC2DA314C8A}\InprocHandler32
HKEY_CURRENT_USER\Software\Classes\WOW6432Node\CLSID\{021E4F06-9DCC-49AD-88CF-ECC2DA314C8A}\InprocHandler
HKEY_LOCAL_MACHINE\Software\Classes\WOW6432Node\CLSID\{021E4F06-9DCC-49AD-88CF-ECC2DA314C8A}\InprocHandler
HKEY_CURRENT_USER\Software\Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}
HKEY_CURRENT_USER\Software\Classes\WOW6432Node\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\TreatAs
HKEY_LOCAL_MACHINE\Software\Classes\WOW6432Node\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\TreatAs
HKEY_LOCAL_MACHINE\Software\Classes\WOW6432Node\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}
HKEY_CURRENT_USER\Software\Classes\WOW6432Node\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\(Default)
HKEY_CURRENT_USER\Software\Classes\WOW6432Node\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\InprocServer32
HKEY_LOCAL_MACHINE\Software\Classes\WOW6432Node\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\InprocServer32
HKEY_CURRENT_USER\Software\Classes\WOW6432Node\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\InprocHandler32
HKEY_LOCAL_MACHINE\Software\Classes\WOW6432Node\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\InprocHandler32
HKEY_CURRENT_USER\Software\Classes\WOW6432Node\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\InprocHandler
HKEY_LOCAL_MACHINE\Software\Classes\WOW6432Node\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\InprocHandler
HKEY_CURRENT_USER\Software\Classes\Interface\{6A821279-AB49-48F8-9A27-F6C59B4FF024}
HKEY_CURRENT_USER\Software\Classes\WOW6432Node\Interface\{6A821279-AB49-48F8-9A27-F6C59B4FF024}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\Software\Classes\WOW6432Node\Interface\{6A821279-AB49-48F8-9A27-F6C59B4FF024}\ProxyStubClsid32
HKEY_CURRENT_USER\Software\Classes\WOW6432Node\Interface\{6A821279-AB49-48F8-9A27-F6C59B4FF024}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Classes\CLSID\{4410DC33-BC7C-496B-AA84-4AEA3EEE75F7}
HKEY_CURRENT_USER\Software\Classes\WOW6432Node\CLSID\{4410DC33-BC7C-496B-AA84-4AEA3EEE75F7}\TreatAs
HKEY_LOCAL_MACHINE\Software\Classes\WOW6432Node\CLSID\{4410DC33-BC7C-496B-AA84-4AEA3EEE75F7}\TreatAs
HKEY_LOCAL_MACHINE\Software\Classes\WOW6432Node\CLSID\{4410DC33-BC7C-496B-AA84-4AEA3EEE75F7}
HKEY_CURRENT_USER\Software\Classes\WOW6432Node\CLSID\{4410DC33-BC7C-496B-AA84-4AEA3EEE75F7}\(Default)
HKEY_CURRENT_USER\Software\Classes\WOW6432Node\CLSID\{4410DC33-BC7C-496B-AA84-4AEA3EEE75F7}\InprocServer32
HKEY_LOCAL_MACHINE\Software\Classes\WOW6432Node\CLSID\{4410DC33-BC7C-496B-AA84-4AEA3EEE75F7}\InProcServer32
HKEY_CURRENT_USER\Software\Classes\WOW6432Node\CLSID\{4410DC33-BC7C-496B-AA84-4AEA3EEE75F7}\InProcServer32\InprocServer32
HKEY_CURRENT_USER\Software\Classes\WOW6432Node\CLSID\{4410DC33-BC7C-496B-AA84-4AEA3EEE75F7}\InProcServer32\(Default)
HKEY_CURRENT_USER\Software\Classes\WOW6432Node\CLSID\{4410DC33-BC7C-496B-AA84-4AEA3EEE75F7}\InProcServer32\ThreadingModel
HKEY_CURRENT_USER\Software\Classes\WOW6432Node\CLSID\{4410DC33-BC7C-496B-AA84-4AEA3EEE75F7}\InprocHandler32
HKEY_LOCAL_MACHINE\Software\Classes\WOW6432Node\CLSID\{4410DC33-BC7C-496B-AA84-4AEA3EEE75F7}\InprocHandler32
HKEY_CURRENT_USER\Software\Classes\WOW6432Node\CLSID\{4410DC33-BC7C-496B-AA84-4AEA3EEE75F7}\InprocHandler
HKEY_LOCAL_MACHINE\Software\Classes\WOW6432Node\CLSID\{4410DC33-BC7C-496B-AA84-4AEA3EEE75F7}\InprocHandler
HKEY_CURRENT_USER\Software\Classes\WOW6432Node\CLSID\{4410DC33-BC7C-496B-AA84-4AEA3EEE75F7}\LocalServer32
HKEY_LOCAL_MACHINE\Software\Classes\WOW6432Node\CLSID\{4410DC33-BC7C-496B-AA84-4AEA3EEE75F7}\LocalServer32
HKEY_CURRENT_USER\Software\Classes\WOW6432Node\CLSID\{4410DC33-BC7C-496B-AA84-4AEA3EEE75F7}\AppID
HKEY_CURRENT_USER\Software\Classes\WOW6432Node\CLSID\{4410DC33-BC7C-496B-AA84-4AEA3EEE75F7}\LocalServer
HKEY_LOCAL_MACHINE\Software\Classes\WOW6432Node\CLSID\{4410DC33-BC7C-496B-AA84-4AEA3EEE75F7}\LocalServer
HKEY_CURRENT_USER\Software\Classes\WOW6432Node\CLSID\{4410DC33-BC7C-496B-AA84-4AEA3EEE75F7}\Elevation
HKEY_LOCAL_MACHINE\Software\Classes\WOW6432Node\CLSID\{4410DC33-BC7C-496B-AA84-4AEA3EEE75F7}\Elevation
HKEY_LOCAL_MACHINE\Software\Microsoft\OleAut
HKEY_CURRENT_USER\Software\Microsoft\OneDrive\Accounts
HKEY_CURRENT_USER\SOFTWARE\Microsoft\OneDrive\MainAccount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\OneDrive\Accounts\Personal
HKEY_CURRENT_USER\SOFTWARE\Microsoft\OneDrive\Accounts\Personal\UserFolder
HKEY_CURRENT_USER\SOFTWARE\Microsoft\OneDrive\Accounts\Personal\cid
HKEY_CURRENT_USER\SOFTWARE\Microsoft\OneDrive\Accounts\Personal\DisplayName
HKEY_CURRENT_USER\SOFTWARE\Microsoft\OneDrive\Accounts\Personal\UserEmail
HKEY_CURRENT_USER\SOFTWARE\Microsoft\OneDrive\Accounts\Personal\Business
HKEY_CURRENT_USER\SOFTWARE\Microsoft\OneDrive\Accounts\Personal\SharePointOnPrem
HKEY_CURRENT_USER\SOFTWARE\Microsoft\OneDrive\Accounts\Personal\FirstRun
HKEY_CURRENT_USER\SOFTWARE\Microsoft\OneDrive\Accounts\Personal\EdpManaged
HKEY_CURRENT_USER\SOFTWARE\Microsoft\OneDrive\Accounts\Personal\RootAddedToFavorites
HKEY_CURRENT_USER\SOFTWARE\Microsoft\OneDrive\Accounts\Personal\TenantAddedToFavorites
HKEY_CURRENT_USER\SOFTWARE\Microsoft\OneDrive\Accounts\Personal\HasMadeFirstUpload
HKEY_CURRENT_USER\SOFTWARE\Microsoft\OneDrive\Accounts\Personal\IsUpgradeAvailable
HKEY_CURRENT_USER\SOFTWARE\Microsoft\OneDrive\Accounts\Personal\CrashDetectionKey
HKEY_CURRENT_USER\SOFTWARE\Microsoft\OneDrive\Accounts\Personal\EnableADALForSilentBusinessConfig
HKEY_CURRENT_USER\SOFTWARE\Microsoft\OneDrive\Accounts\Personal\LastKnownCloudFilesEnabled
HKEY_CURRENT_USER\SOFTWARE\Microsoft\OneDrive\Accounts\Personal\WamWebAccountId
HKEY_CURRENT_USER\Software\Microsoft\OneDrive\Accounts\Personal\AuthenticationURLs
HKEY_CURRENT_USER\Software\Microsoft\OneDrive\Accounts\Personal\Tenants
HKEY_CURRENT_USER\Software\Microsoft\OneDrive\Accounts\Personal\ScopeIdToMountPointPathCache
HKEY_CURRENT_USER\Software\Microsoft\OneDrive\Accounts\Personal
HKEY_CURRENT_USER\SOFTWARE\Microsoft\OneDrive\Accounts\Personal\LastMigrationScanResult
HKEY_CURRENT_USER\Software\Microsoft\OneDrive\PreSignInRampOverrides
HKEY_CURRENT_USER\Software\Microsoft\OneDrive\PreSignInSettingsOverrides
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SQMClient
HKEY_LOCAL_MACHINE\Software\Microsoft\SQMClient
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\SQMClient\MSFTInternal
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\SQMClient\IsTest
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{905E63B6-C1BF-494E-B29C-65B732D3D21A}
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\DefinitionFlags
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\InitFolderHandler
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\PropertyBag
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ProgramFilesDir
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\DefinitionFlags
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\InitFolderHandler
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\PropertyBag
HKEY_CURRENT_USER\SOFTWARE\Microsoft\OneDrive\UpdateRingPostAuthConditions
HKEY_LOCAL_MACHINE\Software\Microsoft\Office\ClickToRun\Configuration
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsSelfHost\Applicability
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsSelfHost\Applicability\EnablePreviewBuilds
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\OneDrive
HKEY_CURRENT_USER\Software\Policies\Microsoft\OneDrive
HKEY_CURRENT_USER\SOFTWARE\Microsoft\OneDrive\EnableEnterpriseUpdate
HKEY_CURRENT_USER\SOFTWARE\Microsoft\OneDrive\EnableOrgInternalUpdate
HKEY_CURRENT_USER\SOFTWARE\Microsoft\OneDrive\EnableTeamTier_Internal
HKEY_CURRENT_USER\SOFTWARE\Microsoft\OneDrive\EnableFasterRingUpdate
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\MachineId
HKEY_LOCAL_MACHINE\Software\Microsoft\WBEM\CIMOM
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM\Sink Transmit Buffer Size
HKEY_LOCAL_MACHINE\Software\Microsoft\Wbem\Cimom
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM\DefaultRpcStackSize
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\wmiprvse.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D4781CD6-E5D3-44DF-AD94-930EFE48A887}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D4781CD6-E5D3-44DF-AD94-930EFE48A887}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D4781CD6-E5D3-44DF-AD94-930EFE48A887}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9F6C78EF-FCE5-42FA-ABEA-3E7DF91921DC}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9F6C78EF-FCE5-42FA-ABEA-3E7DF91921DC}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9F6C78EF-FCE5-42FA-ABEA-3E7DF91921DC}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9556DC99-828C-11CF-A37E-00AA003240C7}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9556DC99-828C-11CF-A37E-00AA003240C7}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9556DC99-828C-11CF-A37E-00AA003240C7}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocHandler32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\AppID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\LocalServer
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\Elevation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM\EnableObjectValidation
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\InprocHandler32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\InprocHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B7B31DF9-D515-11D3-A11C-00105A1F515A}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B7B31DF9-D515-11D3-A11C-00105A1F515A}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B7B31DF9-D515-11D3-A11C-00105A1F515A}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{07435309-D440-41B7-83F3-EB82DB6C622F}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{07435309-D440-41B7-83F3-EB82DB6C622F}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{07435309-D440-41B7-83F3-EB82DB6C622F}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{21CD80A2-B305-4F37-9D4C-4534A8D9B568}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{21CD80A2-B305-4F37-9D4C-4534A8D9B568}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{21CD80A2-B305-4F37-9D4C-4534A8D9B568}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{06413D98-405C-4A5A-8D6F-19B8B7C6ACF7}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{06413D98-405C-4A5A-8D6F-19B8B7C6ACF7}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{06413D98-405C-4A5A-8D6F-19B8B7C6ACF7}\ProxyStubClsid32\(Default)
HKEY_CLASSES_ROOT\CLSID\{6C683A5C-32B8-47cd-AC28-4B292414D032}\InProcServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6C683A5C-32B8-47cd-AC28-4B292414D032}\InprocServer32\(Default)
HKEY_CLASSES_ROOT\CLSID\{6C683A5C-32B8-47cd-AC28-4B292414D032}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6C683A5C-32B8-47cd-AC28-4B292414D032}\InprocServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6C683A5C-32B8-47cd-AC28-4B292414D032}\InprocServer32\Synchronization
HKEY_CLASSES_ROOT\CLSID\{6C683A5C-32B8-47cd-AC28-4B292414D032}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6C683A5C-32B8-47cd-AC28-4B292414D032}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6C683A5C-32B8-47cd-AC28-4B292414D032}\AppId
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{027947E1-D731-11CE-A357-000000000001}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{027947E1-D731-11CE-A357-000000000001}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{027947E1-D731-11CE-A357-000000000001}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocHandler32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\AppID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\LocalServer
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\Elevation
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1C1C45EE-4395-11D2-B60B-00104B703EFD}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1C1C45EE-4395-11D2-B60B-00104B703EFD}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1C1C45EE-4395-11D2-B60B-00104B703EFD}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{423EC01E-2E35-11D2-B604-00104B703EFD}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{423EC01E-2E35-11D2-B604-00104B703EFD}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{423EC01E-2E35-11D2-B604-00104B703EFD}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F50A28CF-5C9C-4F7E-9D80-E25E16E18C59}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F50A28CF-5C9C-4F7E-9D80-E25E16E18C59}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F50A28CF-5C9C-4F7E-9D80-E25E16E18C59}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E245105B-B06E-11D0-AD61-00C04FD8FDFF}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E245105B-B06E-11D0-AD61-00C04FD8FDFF}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E245105B-B06E-11D0-AD61-00C04FD8FDFF}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FD450835-CF1B-4C87-9FD2-5E0D42FDE081}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FD450835-CF1B-4C87-9FD2-5E0D42FDE081}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FD450835-CF1B-4C87-9FD2-5E0D42FDE081}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6B3FC272-BF37-4968-933A-6DF9222A2607}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6B3FC272-BF37-4968-933A-6DF9222A2607}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6B3FC272-BF37-4968-933A-6DF9222A2607}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0FC8C622-1728-4149-A57F-AD19D0970710}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0FC8C622-1728-4149-A57F-AD19D0970710}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0FC8C622-1728-4149-A57F-AD19D0970710}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FEC1B0AC-5808-4033-A915-C0185934581E}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FEC1B0AC-5808-4033-A915-C0185934581E}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FEC1B0AC-5808-4033-A915-C0185934581E}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{EB658B8A-7A64-4DDC-9B8D-A92610DB0206}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{EB658B8A-7A64-4DDC-9B8D-A92610DB0206}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{EB658B8A-7A64-4DDC-9B8D-A92610DB0206}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7C857801-7381-11CF-884D-00AA004B2E24}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7C857801-7381-11CF-884D-00AA004B2E24}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7C857801-7381-11CF-884D-00AA004B2E24}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71285C44-1DC0-11D2-B5FB-00104B703EFD}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71285C44-1DC0-11D2-B5FB-00104B703EFD}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71285C44-1DC0-11D2-B5FB-00104B703EFD}\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71285C44-1DC0-11D2-B5FB-00104B703EFD}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71285C44-1DC0-11D2-B5FB-00104B703EFD}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71285C44-1DC0-11D2-B5FB-00104B703EFD}\InprocServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71285C44-1DC0-11D2-B5FB-00104B703EFD}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71285C44-1DC0-11D2-B5FB-00104B703EFD}\InprocServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71285C44-1DC0-11D2-B5FB-00104B703EFD}\InprocHandler32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71285C44-1DC0-11D2-B5FB-00104B703EFD}\InprocHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71285C44-1DC0-11D2-B5FB-00104B703EFD}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71285C44-1DC0-11D2-B5FB-00104B703EFD}\AppID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71285C44-1DC0-11D2-B5FB-00104B703EFD}\LocalServer
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71285C44-1DC0-11D2-B5FB-00104B703EFD}\Elevation
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\MUI\StringCacheSettings
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\MUI\StringCacheSettings\StringCacheGeneration
HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\2\52C64B7E
HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\2\52C64B7E\@%SystemRoot%\system32\powrprof.dll,-15
HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\2\52C64B7E\@%SystemRoot%\system32\powrprof.dll,-14
HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\2\52C64B7E\@%SystemRoot%\system32\powrprof.dll,-13
HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\2\52C64B7E\@%SystemRoot%\system32\powrprof.dll,-12
HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\2\52C64B7E\@%SystemRoot%\system32\powrprof.dll,-11
HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\2\52C64B7E\@%SystemRoot%\system32\powrprof.dll,-10
HKEY_CURRENT_USER\Software\Classes\AppID\{A463FCB9-6B1C-4E0D-A80B-A2CA7999E25D}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{a463fcb9-6b1c-4e0d-a80b-a2ca7999e25d}\AuthenticationLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{a463fcb9-6b1c-4e0d-a80b-a2ca7999e25d}\AccessPermission
HKEY_CURRENT_USER\Software\Classes\CLSID\{A463FCB9-6B1C-4E0D-A80B-A2CA7999E25D}
HKEY_CURRENT_USER\Software\Classes\CLSID\{a463fcb9-6b1c-4e0d-a80b-a2ca7999e25d}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a463fcb9-6b1c-4e0d-a80b-a2ca7999e25d}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a463fcb9-6b1c-4e0d-a80b-a2ca7999e25d}\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a463fcb9-6b1c-4e0d-a80b-a2ca7999e25d}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a463fcb9-6b1c-4e0d-a80b-a2ca7999e25d}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a463fcb9-6b1c-4e0d-a80b-a2ca7999e25d}\InProcServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a463fcb9-6b1c-4e0d-a80b-a2ca7999e25d}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a463fcb9-6b1c-4e0d-a80b-a2ca7999e25d}\InProcServer32\ThreadingModel
HKEY_CURRENT_USER\Software\Classes\CLSID\{a463fcb9-6b1c-4e0d-a80b-a2ca7999e25d}\InprocHandler32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a463fcb9-6b1c-4e0d-a80b-a2ca7999e25d}\InprocHandler32
HKEY_CURRENT_USER\Software\Classes\CLSID\{a463fcb9-6b1c-4e0d-a80b-a2ca7999e25d}\InprocHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a463fcb9-6b1c-4e0d-a80b-a2ca7999e25d}\InprocHandler
HKEY_CURRENT_USER\Software\Classes\Interface\{29A3AB33-0FD7-44F5-9BFF-C0B6C081FBFB}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{29A3AB33-0FD7-44F5-9BFF-C0B6C081FBFB}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{29A3AB33-0FD7-44F5-9BFF-C0B6C081FBFB}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a463fcb9-6b1c-4e0d-a80b-a2ca7999e25d}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a463fcb9-6b1c-4e0d-a80b-a2ca7999e25d}\LocalServer32\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a463fcb9-6b1c-4e0d-a80b-a2ca7999e25d}\LocalServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a463fcb9-6b1c-4e0d-a80b-a2ca7999e25d}\LocalServer32\ServerExecutable
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a463fcb9-6b1c-4e0d-a80b-a2ca7999e25d}\AppID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{a463fcb9-6b1c-4e0d-a80b-a2ca7999e25d}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{a463fcb9-6b1c-4e0d-a80b-a2ca7999e25d}\LocalService
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{a463fcb9-6b1c-4e0d-a80b-a2ca7999e25d}\DllSurrogate
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{a463fcb9-6b1c-4e0d-a80b-a2ca7999e25d}\RunAs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{a463fcb9-6b1c-4e0d-a80b-a2ca7999e25d}\ActivateAtStorage
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{a463fcb9-6b1c-4e0d-a80b-a2ca7999e25d}\ROTFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{a463fcb9-6b1c-4e0d-a80b-a2ca7999e25d}\AppIDFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{a463fcb9-6b1c-4e0d-a80b-a2ca7999e25d}\MGOTFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{a463fcb9-6b1c-4e0d-a80b-a2ca7999e25d}\ProcessMitigationPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{a463fcb9-6b1c-4e0d-a80b-a2ca7999e25d}\LaunchPermission
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{a463fcb9-6b1c-4e0d-a80b-a2ca7999e25d}\RemoteServerName
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{a463fcb9-6b1c-4e0d-a80b-a2ca7999e25d}\SRPTrustLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{a463fcb9-6b1c-4e0d-a80b-a2ca7999e25d}\PreferredServerBitness
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{a463fcb9-6b1c-4e0d-a80b-a2ca7999e25d}\LoadUserSettings
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{a463fcb9-6b1c-4e0d-a80b-a2ca7999e25d}\ProtectionLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a463fcb9-6b1c-4e0d-a80b-a2ca7999e25d}\Elevation
HKEY_CURRENT_USER\Software\Classes\Interface\{AF86E2E0-B12D-4C6A-9C5A-D7AA65101E90}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AF86E2E0-B12D-4c6a-9C5A-D7AA65101E90}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AF86E2E0-B12D-4c6a-9C5A-D7AA65101E90}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Classes\Interface\{00000035-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{00000035-0000-0000-C000-000000000046}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{00000035-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Classes\Interface\{3474D734-3408-4471-A344-A3439343634A}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3474d734-3408-4471-a344-a3439343634a}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3474d734-3408-4471-a344-a3439343634a}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\Software\Microsoft\PolicyManager\default\Browser\AllowSmartScreen
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Browser\AllowSmartScreen\Behavior
HKEY_LOCAL_MACHINE\Software\Microsoft\PolicyManager\current\Device\Browser
HKEY_LOCAL_MACHINE\
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\MicrosoftEdge\PhishingFilter
HKEY_CURRENT_USER\Software\Policies\Microsoft\MicrosoftEdge\PhishingFilter
HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\PhishingFilter
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\AppHost
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost\EnableWebContentEvaluation

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\STE
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\Enabled
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\MDMEnabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\MaxSxSHashCount
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\COM3\Com+Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.System.MemoryManager\ActivationType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.System.MemoryManager\Server
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.System.MemoryManager\DllPath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.System.MemoryManager\Threading
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.System.MemoryManager\TrustLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.System.MemoryManager\RemoteServer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.System.MemoryManager\ActivateAsUser
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.System.MemoryManager\ActivateInSharedBroker
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.System.MemoryManager\ActivateInBrokerForMediumILContainer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.System.MemoryManager\Permissions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.System.MemoryManager\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Core.CoreApplication\ActivationType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Core.CoreApplication\Server
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Core.CoreApplication\DllPath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Core.CoreApplication\Threading
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Core.CoreApplication\TrustLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Core.CoreApplication\RemoteServer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Core.CoreApplication\ActivateAsUser
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Core.CoreApplication\ActivateInSharedBroker
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Core.CoreApplication\ActivateInBrokerForMediumILContainer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Core.CoreApplication\Permissions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Core.CoreApplication\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.Collections.PropertySet\ActivationType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.Collections.PropertySet\Server
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.Collections.PropertySet\DllPath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.Collections.PropertySet\Threading
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.Collections.PropertySet\TrustLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.Collections.PropertySet\RemoteServer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.Collections.PropertySet\ActivateAsUser
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.Collections.PropertySet\ActivateInSharedBroker
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.Collections.PropertySet\ActivateInBrokerForMediumILContainer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.Collections.PropertySet\Permissions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Foundation.Collections.PropertySet\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\XAML\OneCoreTransformsEnabledByDefault
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Appx\AllowDevelopmentWithoutDevLicense
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModelUnlock\AllowDevelopmentWithoutDevLicense
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\RaiseActivationAuthenticationLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\RaiseDefaultAuthnLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\DefaultAccessPermission
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{338579BF-1A35-5CC4-A622-A6F384FD892C}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\InProcServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\InProcServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\AppID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{c50898f6-c536-5f47-8583-8b2c2438a13b}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\InProcServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\InProcServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\AppID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\PLM\InProcBgTaskResumeOverride
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-US
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-US
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Versions\000603xx
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Ids\en-US
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Ids\en
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableUmpdBufferSizeCheck
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\LocalService
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\DllSurrogate
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\RunAs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\ActivateAtStorage
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\ROTFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\AppIDFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\MGOTFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\ProcessMitigationPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\LaunchPermission
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\LegacyAuthenticationLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\LegacyImpersonationLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\AuthenticationLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\RemoteServerName
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\SRPTrustLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\PreferredServerBitness
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\LoadUserSettings
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\ProtectionLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\AccessPermission
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\NdrOleExtDLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\InProcServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\InProcServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}\AppID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DDA0424F-9478-40FF-9B21-099EC9FFCBAE}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A6FF50C0-56C0-71CA-5732-BED303A59628}\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A6FF50C0-56C0-71CA-5732-BED303A59628}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A6FF50C0-56C0-71CA-5732-BED303A59628}\InProcServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A6FF50C0-56C0-71CA-5732-BED303A59628}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A6FF50C0-56C0-71CA-5732-BED303A59628}\InProcServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A6FF50C0-56C0-71CA-5732-BED303A59628}\AppID
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization\MajorVersion
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Local AppData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-20\ProfileImagePath
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Config\UsagePolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DODownloadMode\PolicyType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DODownloadMode\Behavior
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DODownloadMode\MergeAlgorithm
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DODownloadMode\RegKeyPathRedirectMapped
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DODownloadMode\RegKeyPathRedirect
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DODownloadMode\grouppolicyname
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DODownloadMode\grouppolicypath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DODownloadMode\grouppolicyismultisz
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DODownloadMode\grouppolicymultiszSeparatorChar
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DODownloadMode\ADMXMetadataUser
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DODownloadMode\ADMXMetadataDevice
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DODownloadMode\ADMXMetadataBoth
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DODownloadMode\Value
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Settings\DownloadMode
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Config\DownloadMode_BackCompat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DOSetHoursToLimitForegroundDownloadBandwidth\PolicyType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DOSetHoursToLimitForegroundDownloadBandwidth\Behavior
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DOSetHoursToLimitForegroundDownloadBandwidth\MergeAlgorithm
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DOSetHoursToLimitForegroundDownloadBandwidth\RegKeyPathRedirectMapped
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DOSetHoursToLimitForegroundDownloadBandwidth\grouppolicyname
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DOSetHoursToLimitForegroundDownloadBandwidth\grouppolicypath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DOSetHoursToLimitForegroundDownloadBandwidth\grouppolicyismultisz
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DOSetHoursToLimitForegroundDownloadBandwidth\grouppolicymultiszSeparatorChar
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DOSetHoursToLimitForegroundDownloadBandwidth\ADMXMetadataUser
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DOSetHoursToLimitForegroundDownloadBandwidth\ADMXMetadataDevice
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DOSetHoursToLimitForegroundDownloadBandwidth\ADMXMetadataBoth
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DOSetHoursToLimitForegroundDownloadBandwidth\Value
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DOPercentageMaxForegroundBandwidth\PolicyType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DOPercentageMaxForegroundBandwidth\Behavior
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DOPercentageMaxForegroundBandwidth\MergeAlgorithm
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DOPercentageMaxForegroundBandwidth\RegKeyPathRedirectMapped
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DOPercentageMaxForegroundBandwidth\RegKeyPathRedirect
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DOPercentageMaxForegroundBandwidth\grouppolicyname
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DOPercentageMaxForegroundBandwidth\grouppolicypath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DOPercentageMaxForegroundBandwidth\grouppolicyismultisz
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DOPercentageMaxForegroundBandwidth\grouppolicymultiszSeparatorChar
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DOPercentageMaxForegroundBandwidth\ADMXMetadataUser
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DOPercentageMaxForegroundBandwidth\ADMXMetadataDevice
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DOPercentageMaxForegroundBandwidth\ADMXMetadataBoth
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DOPercentageMaxForegroundBandwidth\Value
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DOMaxForegroundDownloadBandwidth\PolicyType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DOMaxForegroundDownloadBandwidth\Behavior
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DOMaxForegroundDownloadBandwidth\MergeAlgorithm
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DOMaxForegroundDownloadBandwidth\RegKeyPathRedirectMapped
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DOMaxForegroundDownloadBandwidth\RegKeyPathRedirect
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DOMaxForegroundDownloadBandwidth\grouppolicyname
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DOMaxForegroundDownloadBandwidth\grouppolicypath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DOMaxForegroundDownloadBandwidth\grouppolicyismultisz
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DOMaxForegroundDownloadBandwidth\grouppolicymultiszSeparatorChar
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DOMaxForegroundDownloadBandwidth\ADMXMetadataUser
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DOMaxForegroundDownloadBandwidth\ADMXMetadataDevice
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DOMaxForegroundDownloadBandwidth\ADMXMetadataBoth
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DOMaxForegroundDownloadBandwidth\Value
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Settings\DownloadRateForegroundBps
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Settings\DownloadRateForegroundPct
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DOSetHoursToLimitBackgroundDownloadBandwidth\PolicyType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DOSetHoursToLimitBackgroundDownloadBandwidth\Behavior
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DOSetHoursToLimitBackgroundDownloadBandwidth\MergeAlgorithm
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DOSetHoursToLimitBackgroundDownloadBandwidth\RegKeyPathRedirectMapped
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DOSetHoursToLimitBackgroundDownloadBandwidth\grouppolicyname
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DOSetHoursToLimitBackgroundDownloadBandwidth\grouppolicypath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DOSetHoursToLimitBackgroundDownloadBandwidth\grouppolicyismultisz
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DOSetHoursToLimitBackgroundDownloadBandwidth\grouppolicymultiszSeparatorChar
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DOSetHoursToLimitBackgroundDownloadBandwidth\ADMXMetadataUser
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DOSetHoursToLimitBackgroundDownloadBandwidth\ADMXMetadataDevice
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DOSetHoursToLimitBackgroundDownloadBandwidth\ADMXMetadataBoth
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DOSetHoursToLimitBackgroundDownloadBandwidth\Value
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DOPercentageMaxBackgroundBandwidth\PolicyType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DOPercentageMaxBackgroundBandwidth\Behavior
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DOPercentageMaxBackgroundBandwidth\MergeAlgorithm
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DOPercentageMaxBackgroundBandwidth\RegKeyPathRedirectMapped
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DOPercentageMaxBackgroundBandwidth\RegKeyPathRedirect
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DOPercentageMaxBackgroundBandwidth\grouppolicyname
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DOPercentageMaxBackgroundBandwidth\grouppolicypath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DOPercentageMaxBackgroundBandwidth\grouppolicyismultisz
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DOPercentageMaxBackgroundBandwidth\grouppolicymultiszSeparatorChar
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DOPercentageMaxBackgroundBandwidth\ADMXMetadataUser
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DOPercentageMaxBackgroundBandwidth\ADMXMetadataDevice
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DOPercentageMaxBackgroundBandwidth\ADMXMetadataBoth
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DOPercentageMaxBackgroundBandwidth\Value
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DOMaxBackgroundDownloadBandwidth\PolicyType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DOMaxBackgroundDownloadBandwidth\Behavior
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DOMaxBackgroundDownloadBandwidth\MergeAlgorithm
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DOMaxBackgroundDownloadBandwidth\RegKeyPathRedirectMapped
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DOMaxBackgroundDownloadBandwidth\RegKeyPathRedirect
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DOMaxBackgroundDownloadBandwidth\grouppolicyname
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DOMaxBackgroundDownloadBandwidth\grouppolicypath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DOMaxBackgroundDownloadBandwidth\grouppolicyismultisz
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DOMaxBackgroundDownloadBandwidth\grouppolicymultiszSeparatorChar
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DOMaxBackgroundDownloadBandwidth\ADMXMetadataUser
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DOMaxBackgroundDownloadBandwidth\ADMXMetadataDevice
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DOMaxBackgroundDownloadBandwidth\ADMXMetadataBoth
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DOMaxBackgroundDownloadBandwidth\Value
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Settings\DownloadRateBackgroundBps
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Settings\DownloadRateBackgroundPct
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Settings\UpRatePctBandwidth
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Config\UpRatePctBandwidth
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DOMonthlyUploadDataCap\PolicyType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DOMonthlyUploadDataCap\Behavior
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DOMonthlyUploadDataCap\MergeAlgorithm
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DOMonthlyUploadDataCap\RegKeyPathRedirectMapped
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DOMonthlyUploadDataCap\RegKeyPathRedirect
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DOMonthlyUploadDataCap\grouppolicyname
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DOMonthlyUploadDataCap\grouppolicypath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DOMonthlyUploadDataCap\grouppolicyismultisz
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DOMonthlyUploadDataCap\grouppolicymultiszSeparatorChar
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DOMonthlyUploadDataCap\ADMXMetadataUser
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DOMonthlyUploadDataCap\ADMXMetadataDevice
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DOMonthlyUploadDataCap\ADMXMetadataBoth
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\DeliveryOptimization\DOMonthlyUploadDataCap\Value
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Settings\UploadLimitGBMonth
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Config\UploadLimitGBMonth
HKEY_CURRENT_USER\SOFTWARE\Microsoft\OneDrive\FileCoAuthTelemetryRampStatus
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Pacific Standard Time\Dynamic DST\FirstEntry
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Pacific Standard Time\Dynamic DST\LastEntry
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Pacific Standard Time\Dynamic DST\2025
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Pacific Standard Time\Dynamic DST\2007
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Pacific Standard Time\Dynamic DST\2024
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\Personalize\AppsUseLightTheme
HKEY_CURRENT_USER\Software\Classes\WOW6432Node\CLSID\{94269C4E-071A-4116-90E6-52E557067E4E}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Classes\WOW6432Node\CLSID\{9489FEB2-1925-4D01-B788-6D912C70F7F2}\(Default)
HKEY_CURRENT_USER\Software\Classes\WOW6432Node\CLSID\{A926714B-7BFC-4D08-A035-80021395FFA8}\(Default)
HKEY_CURRENT_USER\Software\Classes\WOW6432Node\CLSID\{389510b7-9e58-40d7-98bf-60b911cb0ea9}\(Default)
HKEY_CURRENT_USER\Software\Classes\WOW6432Node\CLSID\{021E4F06-9DCC-49AD-88CF-ECC2DA314C8A}\(Default)
HKEY_CURRENT_USER\Software\Classes\WOW6432Node\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\(Default)
HKEY_CURRENT_USER\Software\Classes\WOW6432Node\Interface\{6A821279-AB49-48F8-9A27-F6C59B4FF024}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER\Software\Classes\WOW6432Node\CLSID\{4410DC33-BC7C-496B-AA84-4AEA3EEE75F7}\(Default)
HKEY_CURRENT_USER\Software\Classes\WOW6432Node\CLSID\{4410DC33-BC7C-496B-AA84-4AEA3EEE75F7}\InProcServer32\InprocServer32
HKEY_CURRENT_USER\Software\Classes\WOW6432Node\CLSID\{4410DC33-BC7C-496B-AA84-4AEA3EEE75F7}\InProcServer32\(Default)
HKEY_CURRENT_USER\Software\Classes\WOW6432Node\CLSID\{4410DC33-BC7C-496B-AA84-4AEA3EEE75F7}\InProcServer32\ThreadingModel
HKEY_CURRENT_USER\Software\Classes\WOW6432Node\CLSID\{4410DC33-BC7C-496B-AA84-4AEA3EEE75F7}\AppID
HKEY_CURRENT_USER\SOFTWARE\Microsoft\OneDrive\MainAccount
HKEY_CURRENT_USER\SOFTWARE\Microsoft\OneDrive\Accounts\Personal\UserFolder
HKEY_CURRENT_USER\SOFTWARE\Microsoft\OneDrive\Accounts\Personal\cid
HKEY_CURRENT_USER\SOFTWARE\Microsoft\OneDrive\Accounts\Personal\DisplayName
HKEY_CURRENT_USER\SOFTWARE\Microsoft\OneDrive\Accounts\Personal\UserEmail
HKEY_CURRENT_USER\SOFTWARE\Microsoft\OneDrive\Accounts\Personal\Business
HKEY_CURRENT_USER\SOFTWARE\Microsoft\OneDrive\Accounts\Personal\SharePointOnPrem
HKEY_CURRENT_USER\SOFTWARE\Microsoft\OneDrive\Accounts\Personal\FirstRun
HKEY_CURRENT_USER\SOFTWARE\Microsoft\OneDrive\Accounts\Personal\EdpManaged
HKEY_CURRENT_USER\SOFTWARE\Microsoft\OneDrive\Accounts\Personal\RootAddedToFavorites
HKEY_CURRENT_USER\SOFTWARE\Microsoft\OneDrive\Accounts\Personal\TenantAddedToFavorites
HKEY_CURRENT_USER\SOFTWARE\Microsoft\OneDrive\Accounts\Personal\HasMadeFirstUpload
HKEY_CURRENT_USER\SOFTWARE\Microsoft\OneDrive\Accounts\Personal\IsUpgradeAvailable
HKEY_CURRENT_USER\SOFTWARE\Microsoft\OneDrive\Accounts\Personal\CrashDetectionKey
HKEY_CURRENT_USER\SOFTWARE\Microsoft\OneDrive\Accounts\Personal\EnableADALForSilentBusinessConfig
HKEY_CURRENT_USER\SOFTWARE\Microsoft\OneDrive\Accounts\Personal\LastKnownCloudFilesEnabled
HKEY_CURRENT_USER\SOFTWARE\Microsoft\OneDrive\Accounts\Personal\WamWebAccountId
HKEY_CURRENT_USER\SOFTWARE\Microsoft\OneDrive\Accounts\Personal\LastMigrationScanResult
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\SQMClient\MSFTInternal
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\SQMClient\IsTest
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\DefinitionFlags
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{905e63b6-c1bf-494e-b29c-65b732d3d21a}\InitFolderHandler
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ProgramFilesDir
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\Category
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\Name
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\ParentFolder
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\Description
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\RelativePath
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\ParsingName
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\InfoTip
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\LocalizedName
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\Icon
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\Security
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\StreamResource
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\StreamResourceType
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\LocalRedirectOnly
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\Roamable
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\PreCreate
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\Stream
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\PublishExpandedPath
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\DefinitionFlags
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\Attributes
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\FolderTypeID
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\InitFolderHandler
HKEY_CURRENT_USER\SOFTWARE\Microsoft\OneDrive\UpdateRingPostAuthConditions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsSelfHost\Applicability\EnablePreviewBuilds
HKEY_CURRENT_USER\SOFTWARE\Microsoft\OneDrive\EnableEnterpriseUpdate
HKEY_CURRENT_USER\SOFTWARE\Microsoft\OneDrive\EnableOrgInternalUpdate
HKEY_CURRENT_USER\SOFTWARE\Microsoft\OneDrive\EnableTeamTier_Internal
HKEY_CURRENT_USER\SOFTWARE\Microsoft\OneDrive\EnableFasterRingUpdate
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\MachineId
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM\Sink Transmit Buffer Size
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM\DefaultRpcStackSize
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D4781CD6-E5D3-44DF-AD94-930EFE48A887}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9F6C78EF-FCE5-42FA-ABEA-3E7DF91921DC}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9556DC99-828C-11CF-A37E-00AA003240C7}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\AppID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM\EnableObjectValidation
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B7B31DF9-D515-11D3-A11C-00105A1F515A}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{07435309-D440-41B7-83F3-EB82DB6C622F}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{21CD80A2-B305-4F37-9D4C-4534A8D9B568}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{06413D98-405C-4A5A-8D6F-19B8B7C6ACF7}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6C683A5C-32B8-47cd-AC28-4B292414D032}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6C683A5C-32B8-47cd-AC28-4B292414D032}\InprocServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6C683A5C-32B8-47cd-AC28-4B292414D032}\InprocServer32\Synchronization
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6C683A5C-32B8-47cd-AC28-4B292414D032}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6C683A5C-32B8-47cd-AC28-4B292414D032}\AppId
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{027947E1-D731-11CE-A357-000000000001}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\AppID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1C1C45EE-4395-11D2-B60B-00104B703EFD}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{423EC01E-2E35-11D2-B604-00104B703EFD}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F50A28CF-5C9C-4F7E-9D80-E25E16E18C59}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E245105B-B06E-11D0-AD61-00C04FD8FDFF}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FD450835-CF1B-4C87-9FD2-5E0D42FDE081}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6B3FC272-BF37-4968-933A-6DF9222A2607}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0FC8C622-1728-4149-A57F-AD19D0970710}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FEC1B0AC-5808-4033-A915-C0185934581E}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{EB658B8A-7A64-4DDC-9B8D-A92610DB0206}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7C857801-7381-11CF-884D-00AA004B2E24}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71285C44-1DC0-11D2-B5FB-00104B703EFD}\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71285C44-1DC0-11D2-B5FB-00104B703EFD}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71285C44-1DC0-11D2-B5FB-00104B703EFD}\InprocServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71285C44-1DC0-11D2-B5FB-00104B703EFD}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71285C44-1DC0-11D2-B5FB-00104B703EFD}\InprocServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71285C44-1DC0-11D2-B5FB-00104B703EFD}\AppID
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\MUI\StringCacheSettings\StringCacheGeneration
HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\2\52C64B7E\@%SystemRoot%\system32\powrprof.dll,-15
HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\2\52C64B7E\@%SystemRoot%\system32\powrprof.dll,-14
HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\2\52C64B7E\@%SystemRoot%\system32\powrprof.dll,-13
HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\2\52C64B7E\@%SystemRoot%\system32\powrprof.dll,-12
HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\2\52C64B7E\@%SystemRoot%\system32\powrprof.dll,-11
HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\2\52C64B7E\@%SystemRoot%\system32\powrprof.dll,-10
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{a463fcb9-6b1c-4e0d-a80b-a2ca7999e25d}\AuthenticationLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{a463fcb9-6b1c-4e0d-a80b-a2ca7999e25d}\AccessPermission
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a463fcb9-6b1c-4e0d-a80b-a2ca7999e25d}\ActivateOnHostFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a463fcb9-6b1c-4e0d-a80b-a2ca7999e25d}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a463fcb9-6b1c-4e0d-a80b-a2ca7999e25d}\InProcServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a463fcb9-6b1c-4e0d-a80b-a2ca7999e25d}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a463fcb9-6b1c-4e0d-a80b-a2ca7999e25d}\InProcServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{29A3AB33-0FD7-44F5-9BFF-C0B6C081FBFB}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a463fcb9-6b1c-4e0d-a80b-a2ca7999e25d}\LocalServer32\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a463fcb9-6b1c-4e0d-a80b-a2ca7999e25d}\LocalServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a463fcb9-6b1c-4e0d-a80b-a2ca7999e25d}\LocalServer32\ServerExecutable
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a463fcb9-6b1c-4e0d-a80b-a2ca7999e25d}\AppID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{a463fcb9-6b1c-4e0d-a80b-a2ca7999e25d}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{a463fcb9-6b1c-4e0d-a80b-a2ca7999e25d}\LocalService
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{a463fcb9-6b1c-4e0d-a80b-a2ca7999e25d}\DllSurrogate
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{a463fcb9-6b1c-4e0d-a80b-a2ca7999e25d}\RunAs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{a463fcb9-6b1c-4e0d-a80b-a2ca7999e25d}\ActivateAtStorage
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{a463fcb9-6b1c-4e0d-a80b-a2ca7999e25d}\ROTFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{a463fcb9-6b1c-4e0d-a80b-a2ca7999e25d}\AppIDFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{a463fcb9-6b1c-4e0d-a80b-a2ca7999e25d}\MGOTFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{a463fcb9-6b1c-4e0d-a80b-a2ca7999e25d}\ProcessMitigationPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{a463fcb9-6b1c-4e0d-a80b-a2ca7999e25d}\LaunchPermission
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{a463fcb9-6b1c-4e0d-a80b-a2ca7999e25d}\RemoteServerName
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{a463fcb9-6b1c-4e0d-a80b-a2ca7999e25d}\SRPTrustLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{a463fcb9-6b1c-4e0d-a80b-a2ca7999e25d}\PreferredServerBitness
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{a463fcb9-6b1c-4e0d-a80b-a2ca7999e25d}\LoadUserSettings
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{a463fcb9-6b1c-4e0d-a80b-a2ca7999e25d}\ProtectionLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AF86E2E0-B12D-4c6a-9C5A-D7AA65101E90}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{00000035-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3474d734-3408-4471-a344-a3439343634a}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Browser\AllowSmartScreen\Behavior
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost\EnableWebContentEvaluation

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Config\DownloadMode_BackCompat
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\DeliveryOptimization\Config\DODownloadMode
HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\2\52C64B7E\@%SystemRoot%\system32\powrprof.dll,-15
HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\2\52C64B7E\@%SystemRoot%\system32\powrprof.dll,-14
HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\2\52C64B7E\@%SystemRoot%\system32\powrprof.dll,-13
HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\2\52C64B7E\@%SystemRoot%\system32\powrprof.dll,-12
HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\2\52C64B7E\@%SystemRoot%\system32\powrprof.dll,-11
HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\2\52C64B7E\@%SystemRoot%\system32\powrprof.dll,-10

ntdll.dll.RtlWow64GetCurrentMachine
ntdll.dll.RtlWow64IsWowGuestMachineSupported

C:\Windows\system32\DllHost.exe /Processid:{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}
C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
C:\Users\Packager\AppData\Local\Microsoft\OneDrive\19.043.0304.0013\FileCoAuth.exe -Embedding
C:\Windows\System32\SecurityHealthHost.exe {08728914-3F57-4D52-9E31-49DAECA5A80A} -Embedding
C:\Windows\system32\wbem\wmiprvse.exe -Embedding
C:\Windows\System32\smartscreen.exe -Embedding

Local\SM0:6208:304:WilStaging_02
Local\SM0:6208:120:WilError_03
Local\SM0:5816:304:WilStaging_02
Local\SM0:3832:168:WilStaging_02
Local\SM0:4284:168:WilStaging_02
Local\SM0:1416:304:WilStaging_02
Local\SM0:5152:304:WilStaging_02
Local\SM0:5152:120:WilError_03
Local\SM0:500:168:WilStaging_02

wuauserv
camsvc
wisvc
smphost

No results

Sorry! No behavior.

Sorry! No strace.

Sorry! No tracee.

No hosts contacted.

No TCP connections recorded.

No UDP connections recorded.

No domains contacted.

HTTP Requests

No HTTP(s) requests performed.

SMTP traffic

No SMTP traffic performed.

IRC traffic

No IRC requests performed.

No ICMP traffic performed.

CIF Results

No CIF Results

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Suricata HTTP

No Suricata HTTP

Sorry! No Suricata Extracted files.

Sorry! No dropped files.

Sorry! No CAPE files.

Sorry! No process dumps.