HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run |
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\ComputerName |
ActiveComputerName |
HKEY_USERS\ |
HKEY_USERS\\S-1-5-21-1547161642-507921405-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders |
HKEY_USERS\\S-1-5-21-1547161642-507921405-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Run |
HKEY_USERS\\S-1-5-21-1547161642-507921405-839522115-1004\Software\AppDataLow\Software\Microsoft\FD95D1E9-385F-3719-2A81-EC5BFE45E0BF |
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Applications\office.exe |
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System |
HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor |
HKEY_CURRENT_USER\Software\Microsoft\Command Processor |
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale |
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale\Alternate Sorts |
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Language Groups |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\LevelObjects |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers |
{dda3f824-d8cb-441b-834d-be2efd2c1a33} |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\UrlZones |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\4096\Paths |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\4096\Hashes |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\4096\UrlZones |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\65536\Paths |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\65536\Hashes |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\65536\UrlZones |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\131072\Paths |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\131072\Hashes |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\131072\UrlZones |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Hashes |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\UrlZones |
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths |
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes |
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\UrlZones |
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\4096\Paths |
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\4096\Hashes |
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\4096\UrlZones |
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\65536\Paths |
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\65536\Hashes |
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\65536\UrlZones |
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\131072\Paths |
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\131072\Hashes |
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\131072\UrlZones |
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Paths |
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\Hashes |
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\262144\UrlZones |
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders |
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SafeBoot\Option |
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Language Groups\S-1-5-21-1547161642-507921405-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders |
HKEY_CURRENT_USER\Software\AppDataLow\Software\Microsoft\FD95D1E9-385F-3719-2A81-EC5BFE45E0BF |
HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\RASAPI32 |
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings |
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004 |
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Microsoft\windows\CurrentVersion\Internet Settings |
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders |
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList |
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment |
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion |
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Microsoft\Windows NT\CurrentVersion\Winlogon |
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Environment |
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Volatile Environment |
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders |
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Microsoft\windows\CurrentVersion\Internet Settings\Connections |
HKEY_CURRENT_CONFIG\Software\Microsoft\windows\CurrentVersion\Internet Settings |
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ |
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings |
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl |
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl |
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl |
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl |
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VALIDATE_URLHOSTNAME |
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\\Domains\zedo.com |
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\zedo.com |
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\\ProtocolDefaults\ |
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 |
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache |
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache |
HKEY_LOCAL_MACHINE\Software\Microsoft\COM3 |
CLSID\{304CE942-6E39-40D8-943A-B913C40C9CD4} |
CLSID\{304CE942-6E39-40D8-943A-B913C40C9CD4}\TreatAs |
\CLSID\{304CE942-6E39-40D8-943A-B913C40C9CD4} |
\CLSID\{304CE942-6E39-40D8-943A-B913C40C9CD4}\InprocServer32 |
\CLSID\{304CE942-6E39-40D8-943A-B913C40C9CD4}\InprocServerX86 |
\CLSID\{304CE942-6E39-40D8-943A-B913C40C9CD4}\LocalServer32 |
\CLSID\{304CE942-6E39-40D8-943A-B913C40C9CD4}\InprocHandler32 |
\CLSID\{304CE942-6E39-40D8-943A-B913C40C9CD4}\InprocHandlerX86 |
\CLSID\{304CE942-6E39-40D8-943A-B913C40C9CD4}\LocalServer |
HKEY_CLASSES_ROOT\CLSID\{304CE942-6E39-40D8-943A-B913C40C9CD4} |
HKEY_CLASSES_ROOT\CLSID\{304CE942-6E39-40D8-943A-B913C40C9CD4}\TreatAs |
HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc\SecurityService |
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List |
CLSID\{EC9846B3-2762-4A6B-A214-6ACB603462D2} |
CLSID\{EC9846B3-2762-4A6B-A214-6ACB603462D2}\TreatAs |
\CLSID\{EC9846B3-2762-4A6B-A214-6ACB603462D2} |
\CLSID\{EC9846B3-2762-4A6B-A214-6ACB603462D2}\InprocServer32 |
\CLSID\{EC9846B3-2762-4A6B-A214-6ACB603462D2}\InprocServerX86 |
\CLSID\{EC9846B3-2762-4A6B-A214-6ACB603462D2}\LocalServer32 |
\CLSID\{EC9846B3-2762-4A6B-A214-6ACB603462D2}\InprocHandler32 |
\CLSID\{EC9846B3-2762-4A6B-A214-6ACB603462D2}\InprocHandlerX86 |
\CLSID\{EC9846B3-2762-4A6B-A214-6ACB603462D2}\LocalServer |
HKEY_CLASSES_ROOT\CLSID\{EC9846B3-2762-4A6B-A214-6ACB603462D2} |
HKEY_CLASSES_ROOT\CLSID\{EC9846B3-2762-4A6B-A214-6ACB603462D2}\TreatAs |
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{B83AF3AB-4FED-45D1-A8B8-9E66F3411813} |
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\MS TCP Loopback interface |
HKEY_CURRENT_USER\SOFTWARE\Microsoft\CTF |
HKEY_LOCAL_MACHINE\Software\Microsoft\CTF\SystemShared |