Results 1 to 6 of 6

Thread: [Extracted Values] Registry Tweaking

  1. #1

    [Extracted Values] Registry Tweaking

    Hello Guys,

    OS: Windows 10 1809 Pro [17751.1] 64bit

    TCPIP.sys
    Code:
    Address	Function	Instruction
    .rdata:00000001C01CAC98		                text "UTF-16LE", 8,0Ah,0
    .rdata:00000001C01CB870		                text "UTF-16LE", 'PsGetVersion',0
    .rdata:00000001C01CB890		                text "UTF-16LE", 'WmiTraceMessage',0
    .rdata:00000001C01CB8B0		                text "UTF-16LE", 'WmiQueryTraceInformation',0
    .rdata:00000001C01CB8E8		                text "UTF-16LE", 'EtwRegisterClassicProvider',0
    .rdata:00000001C01CB920		                text "UTF-16LE", 'EtwUnregister',0
    .rdata:00000001C01CB940		                text "UTF-16LE", 'ImagePath',0
    .rdata:00000001C01CB9B8		                text "UTF-16LE", 'Network QoS Policy',0
    .rdata:00000001C01CBA30		                text "UTF-16LE", 'TCPIP Performance Diagnostics (Per-CPU)',0
    .rdata:00000001C01CBB58		                text "UTF-16LE", 'TCPIP Performance Diagnostics',0
    .rdata:00000001C01CBBA0		                text "UTF-16LE", '\KernelObjects\HighNonPagedPoolCondition',0
    .rdata:00000001C01CBC00		                text "UTF-16LE", '\KernelObjects\LowNonPagedPoolCondition',0
    .rdata:00000001C01CBC50		                text "UTF-16LE", '\KernelObjects\HighMemoryCondition',0
    .rdata:00000001C01CBCA0		                text "UTF-16LE", '\KernelObjects\HighPagedPoolCondition',0
    .rdata:00000001C01CBCF0		                text "UTF-16LE", '\KernelObjects\LowMemoryCondition',0
    .rdata:00000001C01CBD40		                text "UTF-16LE", '\KernelObjects\LowPagedPoolCondition',0
    .rdata:00000001C01CBD90		                text "UTF-16LE", '\Callback\PowerState',0
    .rdata:00000001C01CBDE0		                text "UTF-16LE", 'Kernel-OneCore-DeviceFamilyID',0
    .rdata:00000001C01CBE30		                text "UTF-16LE", '\Registry\Machine\System\CurrentControlSet\Services'
    .rdata:00000001C01CBEB8		                text "UTF-16LE", '\DosDevices\IPSECDOSPDevice',0
    .rdata:00000001C01CBEF0		                text "UTF-16LE", '\Device\IPSECDOSP',0
    .rdata:00000001C01CBF18		                text "UTF-16LE", '\DosDevices\NXTIPSECDevice',0
    .rdata:00000001C01CBF50		                text "UTF-16LE", '\Device\NXTIPSEC',0
    .rdata:00000001C01CBF78		                text "UTF-16LE", '\DosDevices\WfpAle',0
    .rdata:00000001C01CBFA0		                text "UTF-16LE", '\Device\WfpAle',0
    .rdata:00000001C01CC168		                text "UTF-16LE", 'System',0
    .rdata:00000001C01CC180		                text "UTF-16LE", '\Registry\Machine\System\CurrentControlSet\Services'
    .rdata:00000001C01CC208		                text "UTF-16LE", 'SetNameOnSecureSocket',0
    .rdata:00000001C01CC240		                text "UTF-16LE", '\Registry\Machine\System\CurrentControlSet\Control\'
    .rdata:00000001C01CC2D8		                text "UTF-16LE", 'RNG',0
    .rdata:00000001C01CC2E0		                text "UTF-16LE", 'ObjectLength',0
    .rdata:00000001C01CC300		                text "UTF-16LE", 'ChainingMode',0
    .rdata:00000001C01CC320		                text "UTF-16LE", 'HashDigestLength',0
    .rdata:00000001C01CC348		                text "UTF-16LE", 'AES-GMAC',0
    .rdata:00000001C01CC360		                text "UTF-16LE", 'ChainingModeECB',0
    .rdata:00000001C01CC380		                text "UTF-16LE", 'KeyLength',0
    .rdata:00000001C01CC398		                text "UTF-16LE", 'AES',0
    .rdata:00000001C01CC800		                text "UTF-16LE", 'NTLM',0
    .rdata:00000001C01CCA60		                text "UTF-16LE", 'Port %u',0
    .rdata:00000001C01CCA70		                text "UTF-16LE", 'InternetPort',0
    .rdata:00000001C01CCA90		                text "UTF-16LE", 'TCP/IP',0
    .rdata:00000001C01CCAA0		                text "UTF-16LE", 'TcpFastopenKey',0
    .rdata:00000001C01CCAC0		                text "UTF-16LE", '\Registry\Machine\SYSTEM\CurrentControlSet\Services'
    .rdata:00000001C01CCB50		                text "UTF-16LE", 'DisabledComponents',0
    .rdata:00000001C01CCB78		                text "UTF-16LE", 'LedbatTargetDelay',0
    .rdata:00000001C01CCBA0		                text "UTF-16LE", '\Registry\Machine\SYSTEM\CurrentControlSet\Services'
    .rdata:00000001C01CCC30		                text "UTF-16LE", 'HystartLowSsthresh',0
    .rdata:00000001C01CCC58		                text "UTF-16LE", 'HystartNSampling',0
    .rdata:00000001C01CCC80		                text "UTF-16LE", 'HystartMaxEta',0
    .rdata:00000001C01CCCA0		                text "UTF-16LE", 'HystartMinEta',0
    .rdata:00000001C01CCCC0		                text "UTF-16LE", 'LimitedSlowStartDivisor',0
    .rdata:00000001C01CCCF0		                text "UTF-16LE", 'UdpExemptPortRange',0
    .rdata:00000001C01CCD18		                text "UTF-16LE", 'IpMaxBatchSize',0
    .rdata:00000001C01CCD38		                text "UTF-16LE", 'WolDebugEnabled',0
    .rdata:00000001C01CCD58		                text "UTF-16LE", 'MD5',0
    .rdata:00000001C01CCD60		                text "UTF-16LE", '\Device\eQoS',0
    .rdata:00000001C01CCD90		                text "UTF-16LE", 'EDP://EvaluationFlags',0
    .rdata:00000001C01CCDC0		                text "UTF-16LE", 'EDP://EnterpriseIds',0
    .rdata:00000001C01CCDE8		                text "UTF-16LE", 'EDP://PolicyFlags',0
    .rdata:00000001C01CCE10		                text "UTF-16LE", 'TCP V4 Packet',0
    .rdata:00000001C01CCEA0		                text "UTF-16LE", 'TCP V6 Packet',0
    .rdata:00000001C01CCF30		                text "UTF-16LE", 'ARP Offload',0
    .rdata:00000001C01CCFC0		                text "UTF-16LE", 'ND Offload',0
    .rdata:00000001C01CD070		                text "UTF-16LE", '\Registry\Machine\SYSTEM\CurrentControlSet\Services'
    .rdata:00000001C01CD120		                text "UTF-16LE", 'TcpGlobalObject',0
    .rdata:00000001C01CD280		                text "UTF-16LE", '\Callback\TcpTimerStarvationCallbackTemp',0
    .rdata:00000001C01CD2E0		                text "UTF-16LE", '\Callback\TcpConnectionCallbackTemp',0
    .rdata:00000001C01CDB60		                text "UTF-16LE", 'normal',0
    .rdata:00000001C01CDBE8		                text "UTF-16LE", 'Reassembly conflict',0
    .rdata:00000001C01CE0E8		                text "UTF-16LE", 'Unknown',0
    .rdata:00000001C01CE190		                text "UTF-16LE", 'qualifying route structure (IPNG)',0
    .rdata:00000001C01CE1E0		                text "UTF-16LE", 'path bandwidth direction (IPNG)',0
    .rdata:00000001C01CE220		                text "UTF-16LE", 'site prefix change notify workitem (IPNG)',0
    .rdata:00000001C01CE278		                text "UTF-16LE", 'route lookup context (IPNG)',0
    .rdata:00000001C01CE2C0		                text "UTF-16LE", 'NBL for strong clone packet (IPNG)',0
    .rdata:00000001C01CE318		                text "UTF-16LE", 'neighbor (IPNG)',0
    .rdata:00000001C01CE340		                text "UTF-16LE", 'neighbor change notify workitem',0
    .rdata:00000001C01CE380		                text "UTF-16LE", 'address identifier (IPNG)',0
    .rdata:00000001C01CE3C8		                text "UTF-16LE", 'control for copy packet (IPNG)',0
    .rdata:00000001C01CE408		                text "UTF-16LE", 'control for pend packet (IPNG)',0
    .rdata:00000001C01CE480		                text "UTF-16LE", 'IPv4 reassembly structure (IPNG)',0
    .rdata:00000001C01CE4D0		                text "UTF-16LE", 'shim for IPv4 reassembly (IPNG)',0
    .rdata:00000001C01CE510		                text "UTF-16LE", 'space for IPv4 reassembly unfragmentable data (IPNG'
    .rdata:00000001C01CE590		                text "UTF-16LE", 'site prefix entry (IPNG)',0
    .rdata:00000001C01CE5D0		                text "UTF-16LE", 'IPv6 reassembly structure (IPNG)',0
    .rdata:00000001C01CE620		                text "UTF-16LE", 'shim for IPv6 reassembly (IPNG)',0
    .rdata:00000001C01CE660		                text "UTF-16LE", 'space for IPv6 reassembly unfragmentable data (IPNG'
    .rdata:00000001C01D0030		                text "UTF-16LE", 'APPID://FQBN',0
    .rdata:00000001C01D004C		                text "UTF-16LE", '.',0
    .rdata:00000001C01D0B38		                text "UTF-16LE", 'SHA1',0
    .rdata:00000001C01D0B48		                text "UTF-16LE", 'SHA256',0
    .rdata:00000001C01D0B58		                text "UTF-16LE", 'DES',0
    .rdata:00000001C01D0B60		                text "UTF-16LE", 'ChainingModeCBC',0
    .rdata:00000001C01D0B80		                text "UTF-16LE", '3DES',0
    .rdata:00000001C01D0B90		                text "UTF-16LE", 'ChainingModeGCM',0
    .rdata:00000001C01D0EC8		                text "UTF-16LE", 'TCPIP6TUNNEL',0
    .rdata:00000001C01D1018		                text "UTF-16LE", 'InterfaceMetric',0
    .rdata:00000001C01D1038		                text "UTF-16LE", 'MTU',0
    .rdata:00000001C01D1040		                text "UTF-16LE", 'TypeOfInterface',0
    .rdata:00000001C01D1060		                text "UTF-16LE", 'UseZeroBroadcast',0
    .rdata:00000001C01D1088		                text "UTF-16LE", 'SolicitationAddressBcast',0
    .rdata:00000001C01D10C0		                text "UTF-16LE", 'PerformRouterDiscovery',0
    .rdata:00000001C01D10F0		                text "UTF-16LE", 'IPAutoconfigurationEnabled',0
    .rdata:00000001C01D1128		                text "UTF-16LE", 'IPAddress',0
    .rdata:00000001C01D1140		                text "UTF-16LE", 'DefaultGateway',0
    .rdata:00000001C01D1208		                text "UTF-16LE", 'TcpDelAckTicks',0
    .rdata:00000001C01D1228		                text "UTF-16LE", 'TcpAckFrequency',0
    .rdata:00000001C01D1388		                text "UTF-16LE", 'TCPIP6',0
    .rdata:00000001C01D1398		                text "UTF-16LE", 'TCPIP',0
    .rdata:00000001C01D13A8		                text "UTF-16LE", 'TCPIPTUNNEL',0
    .rdata:00000001C01D13C0		                text "UTF-16LE", 'RDMANDK',0
    .rdata:00000001C01D4620		                text "UTF-16LE", 'default',0
    .rdata:00000001C01D4630		                text "UTF-16LE", 'CPU%u',0
    .rdata:00000001C01D463C		                text "UTF-16LE", '\',0
    .rdata:00000001C01D46B0		                text "UTF-16LE", 'send-request pool (TCP)',0
    .rdata:00000001C01D46E0		                text "UTF-16LE", 'aggregate-NetBuffer pool (TCP)',0
    .rdata:00000001C01D4720		                text "UTF-16LE", 'aggregate NetBufferList pool (TCP)',0
    .rdata:00000001C01D4768		                text "UTF-16LE", 'inspect',0
    .rdata:00000001C01D4778		                text "UTF-16LE", 'injected',0
    .rdata:00000001C01D4790		                text "UTF-16LE", 'posted',0
    .rdata:00000001C01D47A0		                text "UTF-16LE", 'Send retransmit exiting loss recovery',0
    .rdata:00000001C01D47F0		                text "UTF-16LE", 'Tail Loss Probe NBL (TCP)',0
    .rdata:00000001C01D4828		                text "UTF-16LE", 'NULL',0
    .rdata:00000001C01D4870		                text "UTF-16LE", 'TCB allocation in TcpCreateAndAcceptTcb (TCP)',0
    .rdata:00000001C01D48D0		                text "UTF-16LE", 'Initializing Template Accept TCB',0
    .rdata:00000001C01D4920		                text "UTF-16LE", 'Initializing Template Accept from SYN_TCB',0
    .rdata:00000001C01D4978		                text "UTF-16LE", 'TCB allocation (TCP)',0
    .rdata:00000001C01D49A8		                text "UTF-16LE", 'TCB Connect Request Pool (TCP)',0
    .rdata:00000001C01D49F0		                text "UTF-16LE", 'Initializing Template Connect TCB',0
    .rdata:00000001C01D4A40		                text "UTF-16LE", 'Updating Template Connect Inspect completed.',0
    .rdata:00000001C01D4AA0		                text "UTF-16LE", 'normal-deferred',0
    .rdata:00000001C01D4AC0		                text "UTF-16LE", 'inspect-deferred',0
    .rdata:00000001C01D4AE8		                text "UTF-16LE", 'issued',0
    .rdata:00000001C01D4AF8		                text "UTF-16LE", 'Connection shutdown',0
    .rdata:00000001C01D4B20		                text "UTF-16LE", 'abort-request pool (TCP)',0
    .rdata:00000001C01D4B58		                text "UTF-16LE", 'connect-request pool (TCP)',0
    .rdata:00000001C01D4B90		                text "UTF-16LE", 'disconnect-request pool (TCP)',0
    .rdata:00000001C01D4BD0		                text "UTF-16LE", 'connection tuple pool (TCP)',0
    .rdata:00000001C01D4C08		                text "UTF-16LE", 'TCB cancel-queue (TCP)',0
    .rdata:00000001C01D4C38		                text "UTF-16LE", 'TCB rate-limiting queue (TCP)',0
    .rdata:00000001C01D4C78		                text "UTF-16LE", 'FIN injected',0
    .rdata:00000001C01D4C98		                text "UTF-16LE", 'receive-request pool (TCP)',0
    .rdata:00000001C01D4CD0		                text "UTF-16LE", 'Delayed Delivery NetBufferList pool (TCP)',0
    .rdata:00000001C01D4D30		                text "UTF-16LE", 'Delayed Delivery MDL pool (TCP)',0
    .rdata:00000001C01D4DB8		                text "UTF-16LE", 'listener work-queue pool (TCP)',0
    .rdata:00000001C01D4E18		                text "UTF-16LE", 'timer wheels (TCP)',0
    .rdata:00000001C01D4E50		                text "UTF-16LE", 'connection partitions (TCP)',0
    .rdata:00000001C01D4E88		                text "UTF-16LE", 'PartitionModule',0
    .rdata:00000001C01D4EC0		                text "UTF-16LE", 'FSB pool for receiver bandwidth estimation blocks ('
    .rdata:00000001C01D4F30		                text "UTF-16LE", 'bandwidth estimation bucket pools (TCP)',0
    .rdata:00000001C01D4F80		                text "UTF-16LE", 'Initializing Template SYNTCB',0
    .rdata:00000001C01D4FC0		                text "UTF-16LE", 'SYN-TCB pool (TCP)',0
    .rdata:00000001C01D4FE8		                text "UTF-16LE", 'TCP TIME-WAIT TCB pool (TCP)',0
    .rdata:00000001C01D5028		                text "UTF-16LE", 'endpoint pool (TCP)',0
    .rdata:00000001C01D5050		                text "UTF-16LE", 'work-queue context pool (TCP)',0
    .rdata:00000001C01D50A0		                text "UTF-16LE", 'drop-rate tracking work-item (TCP)',0
    .rdata:00000001C01D50F8		                text "UTF-16LE", 'NPP tracking work queue (TCP)',0
    .rdata:00000001C01D5158		                text "UTF-16LE", 'Large backlog/Slow progress',0
    .rdata:00000001C01D5190		                text "UTF-16LE", 'reassembly pool (TCP)',0
    .rdata:00000001C01D51C0		                text "UTF-16LE", 'Updating Template Accept TCB.',0
    .rdata:00000001C01D5200		                text "UTF-16LE", 'Updating Template Accept SYNTCB.',0
    .rdata:00000001C01D5248		                text "UTF-16LE", 'FIN received',0
    .rdata:00000001C01D5268		                text "UTF-16LE", 'delay-queues (TCP)',0
    .rdata:00000001C01D5290		                text "UTF-16LE", 'input-queue pool (TCP)',0
    .rdata:00000001C01D52C0		                text "UTF-16LE", 'rtt tracking pool (CTCP)',0
    .rdata:00000001C01D5320		                text "UTF-16LE", 'FSB pool for receive window tuning blocks (TCP)',0
    .rdata:00000001C01D5380		                text "UTF-16LE", 'SACK-block pool (TCP)',0
    .rdata:00000001C01D53F0		                text "UTF-16LE", 'Updating Template Automatic heuristic.',0
    .rdata:00000001C01D5440		                text "UTF-16LE", 'not enough data unacked',0
    .rdata:00000001C01D5470		                text "UTF-16LE", 'max data retransmission exceeded',0
    .rdata:00000001C01D54B8		                text "UTF-16LE", 'next hop change on TCB',0
    .rdata:00000001C01D54E8		                text "UTF-16LE", 'FULL ack received on TCB',0
    .rdata:00000001C01D5520		                text "UTF-16LE", 'timeout on TCB',0
    .rdata:00000001C01D5540		                text "UTF-16LE", 'full ack received',0
    .rdata:00000001C01D55B0		                text "UTF-16LE", 'port pool (UDP)',0
    .rdata:00000001C01D55D0		                text "UTF-16LE", 'work-queue context pool (UDP)',0
    .rdata:00000001C01D5610		                text "UTF-16LE", 'endpoint-creation work-queue',0
    .rdata:00000001C01D5650		                text "UTF-16LE", 'endpoint-binding work-queue',0
    .rdata:00000001C01D5688		                text "UTF-16LE", 'endpoint-close work-queue',0
    .rdata:00000001C01D56C0		                text "UTF-16LE", 'endpoint-cleanup work-queue',0
    .rdata:00000001C01D5700		                text "UTF-16LE", 'endpoint-query-security work-queue',0
    .rdata:00000001C01D5748		                text "UTF-16LE", 'endpoint-security work-queue',0
    .rdata:00000001C01D5788		                text "UTF-16LE", 'port-reservation work-queue',0
    .rdata:00000001C01D57C0		                text "UTF-16LE", 'notification channel work-queue',0
    .rdata:00000001C01D5800		                text "UTF-16LE", 'NetBufferList pool (UDP)',0
    .rdata:00000001C01D5838		                text "UTF-16LE", 'NetBuffer pool (UDP)',0
    .rdata:00000001C01D5870		                text "UTF-16LE", 'message-indication module (UDP)',0
    .rdata:00000001C01D58F0		                text "UTF-16LE", 'send-messages-request pool (RawIP)',0
    .rdata:00000001C01D5940		                text "UTF-16LE", 'send-messages-list pool (RawIP)',0
    .rdata:00000001C01D5990		                text "UTF-16LE", 'message-indication pool (RawIP)',0
    .rdata:00000001C01D5F38		                text "UTF-16LE", 'Windows Filtering Platform',0
    .rdata:00000001C01D66D0		                text "UTF-16LE", 'Secure Socket Filters',0
    .rdata:00000001C01D6700		                text "UTF-16LE", 'Secure Socket',0
    .rdata:00000001C01D6AD0		                text "UTF-16LE", 'App info not available',0
    .rdata:00000001C01D6B30		                text "UTF-16LE", '\windows\system32\bytecodegenerator.exe',0
    .rdata:00000001C01D74D8		                text "UTF-16LE", 'WFP',0
    .rdata:00000001C01D75A0		                text "UTF-16LE", '\Registry\User\%s\SOFTWARE\Policies\Microsoft\Windo'
    .rdata:00000001C01D7758		                text "UTF-16LE", 'http:',0
    .rdata:00000001C01D7768		                text "UTF-16LE", 'https:',0
    .rdata:00000001C01D77B0		                text "UTF-16LE", '\Registry\User\%s',0
    .rdata:00000001C01D77E0		                text "UTF-16LE", '\Registry\Machine\SOFTWARE\Policies\Microsoft\Windo'
    .rdata:00000001C01D7878		                text "UTF-16LE", 'Ignored',0
    .rdata:00000001C01D7888		                text "UTF-16LE", 'Allowed',0
    .rdata:00000001C01D7898		                text "UTF-16LE", 'Off',0
    .rdata:00000001C01D78A0		                text "UTF-16LE", 'Highly Restricted',0
    .rdata:00000001C01D78C8		                text "UTF-16LE", 'Restricted',0
    .rdata:00000001C01D78E0		                text "UTF-16LE", 'Normal',0
    .rdata:00000001C01D78F0		                text "UTF-16LE", 'Application DSCP Marking Request',0
    .rdata:00000001C01D7938		                text "UTF-16LE", 'Tcp Autotuning Level',0
    .rdata:00000001C01D7970		                text "UTF-16LE", '\Registry\Machine\SYSTEM\CurrentControlSet\Services'
    .rdata:00000001C01D79F0		                text "UTF-16LE", 'Do not use NLA',0
    .rdata:00000001C01D7A10		                text "UTF-16LE", '1',0
    .rdata:00000001C01D7A28		                text "UTF-16LE", 'Version',0
    .rdata:00000001C01D7A38		                text "UTF-16LE", 'Protocol',0
    .rdata:00000001C01D7A50		                text "UTF-16LE", 'Application Name',0
    .rdata:00000001C01D7A78		                text "UTF-16LE", 'Local Port',0
    .rdata:00000001C01D7A90		                text "UTF-16LE", 'Local IP',0
    .rdata:00000001C01D7AA8		                text "UTF-16LE", 'Local IP Prefix Length',0
    .rdata:00000001C01D7AD8		                text "UTF-16LE", 'Remote Port',0
    .rdata:00000001C01D7AF0		                text "UTF-16LE", 'Remote IP',0
    .rdata:00000001C01D7B08		                text "UTF-16LE", 'Remote IP Prefix Length',0
    .rdata:00000001C01D7B38		                text "UTF-16LE", 'DSCP Value',0
    .rdata:00000001C01D7B50		                text "UTF-16LE", 'Throttle Rate',0
    .rdata:00000001C01D7B70		                text "UTF-16LE", 'URL',0
    .rdata:00000001C01D7B78		                text "UTF-16LE", 'URL Recursive',0
    .rdata:00000001C01D7B98		                text "UTF-16LE", 'NetProfile',0
    .rdata:00000001C01D7BB0		                text "UTF-16LE", 'Precedence',0
    .rdata:00000001C01D7BC8		                text "UTF-16LE", 'ConditionTemplate',0
    .rdata:00000001C01D7BF0		                text "UTF-16LE", 'NetDirectPort',0
    .rdata:00000001C01D7C10		                text "UTF-16LE", 'AppName',0
    .rdata:00000001C01D7C20		                text "UTF-16LE", 'Port',0
    .rdata:00000001C01D7C30		                text "UTF-16LE", 'SrcPortLow',0
    .rdata:00000001C01D7C48		                text "UTF-16LE", 'SrcPortHigh',0
    .rdata:00000001C01D7C60		                text "UTF-16LE", 'SrcIP',0
    .rdata:00000001C01D7C70		                text "UTF-16LE", 'SrcIPPrefix',0
    .rdata:00000001C01D7C88		                text "UTF-16LE", 'DstPortLow',0
    .rdata:00000001C01D7CA0		                text "UTF-16LE", 'DstPortHigh',0
    .rdata:00000001C01D7CB8		                text "UTF-16LE", 'DstIP',0
    .rdata:00000001C01D7CC8		                text "UTF-16LE", 'DstIPPrefix',0
    .rdata:00000001C01D7CE0		                text "UTF-16LE", 'DSCP',0
    .rdata:00000001C01D7CF0		                text "UTF-16LE", '802.1p',0
    .rdata:00000001C01D7D00		                text "UTF-16LE", 'ThrottleRate',0
    .rdata:00000001C01D7D20		                text "UTF-16LE", 'PeakRate',0
    .rdata:00000001C01D7D38		                text "UTF-16LE", 'BurstRate',0
    .rdata:00000001C01D7D50		                text "UTF-16LE", 'MinWeight',0
    .rdata:00000001C01D7D68		                text "UTF-16LE", 'UserSID',0
    .rdata:00000001C01D7D78		                text "UTF-16LE", '*',0
    .rdata:00000001C01D7D80		                text "UTF-16LE", 'TCP',0
    .rdata:00000001C01D7D88		                text "UTF-16LE", 'UDP',0
    .rdata:00000001C01D7E70		                text "UTF-16LE", '0123456789ABCDEF',0
    .rdata:00000001C01D7E98		                text "UTF-16LE", 'https',0
    .rdata:00000001C01D7EA8		                text "UTF-16LE", 'http',0
    .rdata:00000001C01D80F8		                text "UTF-16LE", 'interface (IPNG)',0
    .rdata:00000001C01D8120		                text "UTF-16LE", 'multicast workitem for interface (IPNG)',0
    .rdata:00000001C01D8170		                text "UTF-16LE", 'per proc interface statistics',0
    .rdata:00000001C01D81B0		                text "UTF-16LE", 'notify interface change workitem (IPNG)',0
    .rdata:00000001C01D8200		                text "UTF-16LE", 'subinterface (IPNG)',0
    .rdata:00000001C01D8230		                text "UTF-16LE", 'per proc subinterface statistics',0
    .rdata:00000001C01D8278		                text "UTF-16LE", 'set wol workitem (IPNG)',0
    .rdata:00000001C01D82B0		                text "UTF-16LE", 'query real nexthop context (IPNG)',0
    .rdata:00000001C01D8300		                text "UTF-16LE", 'query real nexthop workitem (IPNG)',0
    .rdata:00000001C01D8348		                text "UTF-16LE", 'set offload context (IPNG)',0
    .rdata:00000001C01D8380		                text "UTF-16LE", 'set offload workitem (IPNG)',0
    .rdata:00000001C01D83C0		                text "UTF-16LE", 'validate interface settings context (IPNG)',0
    .rdata:00000001C01D8420		                text "UTF-16LE", 'validate interface settings workitem (IPNG)',0
    .rdata:00000001C01D8480		                text "UTF-16LE", 'update packet filter context (IPNG)',0
    .rdata:00000001C01D84C8		                text "UTF-16LE", 'subinterface statistics (IPNG)',0
    .rdata:00000001C01D8508		                text "UTF-16LE", 'interface statistics (IPNG)',0
    .rdata:00000001C01D8540		                text "UTF-16LE", 'bandwidth persist workitem (IPNG)',0
    .rdata:00000001C01D8670		                text "UTF-16LE", 'route (IPNG)',0
    .rdata:00000001C01D86C0		                text "UTF-16LE", 'update path notification context (IPNG)',0
    .rdata:00000001C01D8710		                text "UTF-16LE", 'update path notification workitem (IPNG)',0
    .rdata:00000001C01D8768		                text "UTF-16LE", 'fast open cookie (IPNG)',0
    .rdata:00000001C01D87A0		                text "UTF-16LE", 'neighbor list for gateway reachability (IPNG)',0
    .rdata:00000001C01D8820		                text "UTF-16LE", 'route change notify workitem (IPNG)',0
    .rdata:00000001C01D8868		                text "UTF-16LE", 'path (IPNG)',0
    .rdata:00000001C01D88A0		                text "UTF-16LE", 'forward path (IPNG)',0
    .rdata:00000001C01D8C40		                text "UTF-16LE", 'persistent route add workitem (IPNG)',0
    .rdata:00000001C01D8C90		                text "UTF-16LE", 'persistent route delete workitem (IPNG)',0
    .rdata:00000001C01D8D00		                text "UTF-16LE", 'WOL context (IPNG)',0
    .rdata:00000001C01D8D30		                text "UTF-16LE", 'address change notify workitem (IPNG)',0
    .rdata:00000001C01D8D80		                text "UTF-16LE", 'DAD notify context (IPNG)',0
    .rdata:00000001C01D8DB8		                text "UTF-16LE", 'DAD notify workitem (IPNG)',0
    .rdata:00000001C01D8E18		                text "UTF-16LE", 'local address (IPNG)',0
    .rdata:00000001C01D8E50		                text "UTF-16LE", 'local address identifier (IPNG)',0
    .rdata:00000001C01D8E90		                text "UTF-16LE", 'CAR object for local address (IPNG)',0
    .rdata:00000001C01D8F28		                text "UTF-16LE", 'local address array (IPNG)',0
    .rdata:00000001C01D8F60		                text "UTF-16LE", 'set session info context (IPNG)',0
    .rdata:00000001C01D8FA0		                text "UTF-16LE", 'Network address list for FL provider (IPNG)',0
    .rdata:00000001C01D9000		                text "UTF-16LE", 'link-local address change notify workitem (IPNG)',0
    .rdata:00000001C01D9078		                text "UTF-16LE", 'compartment (IPNG)',0
    .rdata:00000001C01D90A0		                text "UTF-16LE", 'compartment cleanup work item (IPNG)',0
    .rdata:00000001C01D90F0		                text "UTF-16LE", 'locality network table entry (IPNG)',0
    .rdata:00000001C01D9138		                text "UTF-16LE", 'locality data RW (IPNG)',0
    .rdata:00000001C01D9170		                text "UTF-16LE", 'network state update workitem (IPNG)',0
    .rdata:00000001C01D91C0		                text "UTF-16LE", 'network state update work queue item (IPNG)',0
    .rdata:00000001C01D9220		                text "UTF-16LE", 'network state update operation (IPNG)',0
    .rdata:00000001C01D9270		                text "UTF-16LE", 'batch proc state (IPNG)',0
    .rdata:00000001C01D92A0		                text "UTF-16LE", 'batch per proc state (IPNG)',0
    .rdata:00000001C01D92E0		                text "UTF-16LE", 'NBL clone for send batching (IPNG)',0
    .rdata:00000001C01D9330		                text "UTF-16LE", 'NBL clone for recv batching (IPNG)',0
    .rdata:00000001C01D9378		                text "UTF-16LE", 'loopback EC array (IPNG)',0
    .rdata:00000001C01D93B0		                text "UTF-16LE", 'loopback EC (IPNG)',0
    .rdata:00000001C01D93D8		                text "UTF-16LE", 'loopback callout stack (IPNG)',0
    .rdata:00000001C01D9418		                text "UTF-16LE", 'loopback workitem array (IPNG)',0
    .rdata:00000001C01D9458		                text "UTF-16LE", 'loopback workitem (IPNG)',0
    .rdata:00000001C01D94A0		                text "UTF-16LE", 'IPS client (IPNG)',0
    .rdata:00000001C01D94C8		                text "UTF-16LE", 'IPS client ndis pool (IPNG)',0
    .rdata:00000001C01D9500		                text "UTF-16LE", 'IPS client NBL pool (IPNG)',0
    .rdata:00000001C01D9538		                text "UTF-16LE", 'IPS client workitem (IPNG)',0
    .rdata:00000001C01D9570		                text "UTF-16LE", 'IPS client rundown object (IPNG)',0
    .rdata:00000001C01D95B8		                text "UTF-16LE", 'IPS service chain node (IPNG)',0
    .rdata:00000001C01D95F8		                text "UTF-16LE", 'IPS service chain (IPNG)',0
    .rdata:00000001C01D9630		                text "UTF-16LE", 'IPS service chain rundown object (IPNG)',0
    .rdata:00000001C01D9680		                text "UTF-16LE", 'IPS packet chain (IPNG)',0
    .rdata:00000001C01D96B0		                text "UTF-16LE", 'IPS route lookup context (IPNG)',0
    .rdata:00000001C01D96F0		                text "UTF-16LE", 'IPS clone NBL (IPNG)',0
    .rdata:00000001C01D9720		                text "UTF-16LE", 'IPS MDL (IPNG)',0
    .rdata:00000001C01D9740		                text "UTF-16LE", 'IPS injection context (IPNG)',0
    .rdata:00000001C01D97E0		                text "UTF-16LE", 'proxy neighbor (IPNG)',0
    .rdata:00000001C01D98F8		                text "UTF-16LE", 'Mfe (IPNG)',0
    .rdata:00000001C01D9938		                text "UTF-16LE", 'Mfe Next Hop (IPNG)',0
    .rdata:00000001C01D9980		                text "UTF-16LE", 'source address list for sorting (IPNG)',0
    .rdata:00000001C01D99D0		                text "UTF-16LE", 'address pair indices for sorting (IPNG)',0
    .rdata:00000001C01D9A20		                text "UTF-16LE", 'sort information (IPNG)',0
    .rdata:00000001C01D9A50		                text "UTF-16LE", 'qsort array (IPNG)',0
    .rdata:00000001C01D9A78		                text "UTF-16LE", 'input flat address list (IPNG)',0
    .rdata:00000001C01D9AB8		                text "UTF-16LE", 'input address list copy (IPNG)',0
    .rdata:00000001C01D9AF8		                text "UTF-16LE", 'NLA set (IPNG)',0
    .rdata:00000001C01D9B18		                text "UTF-16LE", 'destination usage (IPNG)',0
    .rdata:00000001C01D9B50		                text "UTF-16LE", 'source usage (IPNG)',0
    .rdata:00000001C01D9B78		                text "UTF-16LE", 'sort element (IPNG)',0
    .rdata:00000001C01D9BA0		                text "UTF-16LE", 'source index array (IPNG)',0
    .rdata:00000001C01D9BD4		                text "UTF-16LE", 'D',0
    .rdata:00000001C01D9BD8		                text "UTF-16LE", 'S',0
    .rdata:00000001C01D9CE0		                text "UTF-16LE", 'data for echo request (IPNG)',0
    .rdata:00000001C01D9D20		                text "UTF-16LE", 'MDL for echo request (IPNG)',0
    .rdata:00000001C01D9D58		                text "UTF-16LE", 'NB for echo request (IPNG)',0
    .rdata:00000001C01D9D90		                text "UTF-16LE", 'NBL for echo request (IPNG)',0
    .rdata:00000001C01D9DD0		                text "UTF-16LE", 'echo request notification context (IPNG)',0
    .rdata:00000001C01D9E28		                text "UTF-16LE", 'fallback (IPNG)',0
    .rdata:00000001C01D9E50		                text "UTF-16LE", 'prefix policy (IPNG)',0
    .rdata:00000001C01DB4B0		                text "UTF-16LE", 'EnableOffload',0
    .rdata:00000001C01DB4D0		                text "UTF-16LE", 'EnableIPsecLsoOffload',0
    .rdata:00000001C01DB500		                text "UTF-16LE", 'EnableHeuristics',0
    .rdata:00000001C01DB528		                text "UTF-16LE", 'L4XsumOffload',0
    .rdata:00000001C01DBCB8		                text "UTF-16LE", 'IPsec',0
    .rdata:00000001C01DC034		                text "UTF-16LE", 'IV',0
    .rdata:00000001C01DD678		                text "UTF-16LE", 'SubnetMask',0
    .rdata:00000001C01DD690		                text "UTF-16LE", 'DefaultGatewayMetric',0
    .rdata:00000001C01DD740		                text "UTF-16LE", 'IPv4 reassembly structures (IPNG)',0
    .rdata:00000001C01DD7A8		                text "UTF-16LE", 'RDNSS entry (IPNG)',0
    .rdata:00000001C01DD7D0		                text "UTF-16LE", 'DNSSL entry (IPNG)',0
    .rdata:00000001C01DD7F8		                text "UTF-16LE", 'IPv6 potential router (IPNG)',0
    .rdata:00000001C01DD840		                text "UTF-16LE", 'IPv6 potential router change workitem (IPNG)',0
    .rdata:00000001C01DD8A0		                text "UTF-16LE", 'IPv6 router information change workitem (IPNG)',0
    .rdata:00000001C01DD900		                text "UTF-16LE", 'IPv6 router context (IPNG)',0
    .rdata:00000001C01DD980		                text "UTF-16LE", 'IPv6 reassembly structures (IPNG)',0
    .rdata:00000001C01DDA38		                text "UTF-16LE", '%s (%d)',0
    .rdata:00000001C01DDA78		                text "UTF-16LE", 'UnicastEthernetWakeEnabled',0
    .rdata:00000001C01DDAB0		                text "UTF-16LE", 'IPv4',0
    .rdata:00000001C01DDAC0		                text "UTF-16LE", 'IPv6',0
    .rdata:00000001C01DDAD0		                text "UTF-16LE", '0x%08lx',0
    .rdata:00000001C01DDAE0		                text "UTF-16LE", '%lu',0
    .rdata:00000001C01DDAF0		                text "UTF-16LE", 'IPv4 UnicastEthernetWake',0
    .rdata:00000001C01DDBF0		                text "UTF-16LE", 'IPv6 UnicastEthernetWake',0
    .rdata:00000001C01DDCA0		                text "UTF-16LE", 'ARP Bitmap',0
    .rdata:00000001C01DDD40		                text "UTF-16LE", 'ND Bitmap',0
    .rdata:00000001C01DDDC8		                text "UTF-16LE", 'NetworkDirectDisable',0
    .rdata:00000001C01DDDF8		                text "UTF-16LE", 'NDIS\Parameters',0
    .rdata:00000001C01DDE48		                text "UTF-16LE", 'EDP://ExemptEnterpriseIds',0
    .rdata:00000001C01DDE80		                text "UTF-16LE", 'PEDP://IntentEnterpriseId',0
    .rdata:00000001C01DDEC8		                text "UTF-16LE", 'APPID://PATH',0
    .rdata:00000001C01DDEE8		                text "UTF-16LE", 'APPID://SHA256HASH',0
    .rdata:00000001C01DDF10		                text "UTF-16LE", '%02x',0
    .rdata:00000001C01DDF30		                text "UTF-16LE", 'TELASSERT',0
    .rdata:00000001C01DDF78		                text "UTF-16LE", 'Ports %u-%u',0
    .rdata:00000001C01DDF90		                text "UTF-16LE", 'InternetPortReservation',0
    .rdata:00000001C01DE010		                text "UTF-16LE", 'DL address allocation helper (FLNG)',0
    ADF.sys

    Code:
    Address	Function	Instruction
    .rdata:00000001C001DF70		                text "UTF-16LE", 'VolatileParameters',0
    .rdata:00000001C001DF98		                text "UTF-16LE", 'BufferAlignment',0
    .rdata:00000001C001DFB8		                text "UTF-16LE", 'IgnoreOrderlyRelease',0
    .rdata:00000001C001DFE8		                text "UTF-16LE", 'UseTdiSendAndDisconnect',0
    .rdata:00000001C001E018		                text "UTF-16LE", 'DisableChainedReceive',0
    .rdata:00000001C001E048		                text "UTF-16LE", 'DisableDirectAcceptEx',0
    .rdata:00000001C001E078		                text "UTF-16LE", 'DisableRawSecurity',0
    .rdata:00000001C001E0A0		                text "UTF-16LE", 'IgnorePushBitOnReceives',0
    .rdata:00000001C001E0D0		                text "UTF-16LE", 'PriorityBoost',0
    .rdata:00000001C001E0F0		                text "UTF-16LE", 'IrpStackSize',0
    .rdata:00000001C001E180		                text "UTF-16LE", 'Parameters',0
    .rdata:00000001C001E198		                text "UTF-16LE", '\Device\Afd',0
    .rdata:00000001C001E1C0		                text "UTF-16LE", 'EtwUnregister',0
    .rdata:00000001C001E1E0		                text "UTF-16LE", 'EtwRegisterClassicProvider',0
    .rdata:00000001C001E218		                text "UTF-16LE", 'WmiQueryTraceInformation',0
    .rdata:00000001C001E250		                text "UTF-16LE", 'WmiTraceMessage',0
    .rdata:00000001C001E270		                text "UTF-16LE", 'PsGetVersion',0
    .rdata:00000001C001E2B0		                text "UTF-16LE", 'Microsoft Winsock BSP',0
    .rdata:00000001C001E310		                text "UTF-16LE", 'MaxActiveTransmitFileCount',0
    .rdata:00000001C001E3B0		                text "UTF-16LE", '\BaseNamedObjects\Lmhosts_StartCompleted',0
    .rdata:00000001C001E408		                text "UTF-16LE", 'AFD',0
    .rdata:00000001C001E9D0		                text "UTF-16LE", '\Device\Tcp6',0
    .rdata:00000001C001E9F0		                text "UTF-16LE", '\Device\Udp6',0
    .rdata:00000001C001EA10		                text "UTF-16LE", '\Device\RawIp6',0
    .rdata:00000001C001EA30		                text "UTF-16LE", '\Device\Tcp',0
    .rdata:00000001C001EA48		                text "UTF-16LE", '\Device\Udp',0
    .rdata:00000001C001EA60		                text "UTF-16LE", '\Device\RawIp',0
    .rdata:00000001C001EA88		                text "UTF-16LE", 'StandardAddressLength',0
    .rdata:00000001C001EAB8		                text "UTF-16LE", 'DefaultReceiveWindow',0
    .rdata:00000001C001EAE8		                text "UTF-16LE", 'DefaultSendWindow',0
    .rdata:00000001C001EB10		                text "UTF-16LE", 'DynamicSendBufferDisable',0
    .rdata:00000001C001EB48		                text "UTF-16LE", 'HugeBufferSize',0
    .rdata:00000001C001EB68		                text "UTF-16LE", 'LargeBufferSize',0
    .rdata:00000001C001EB88		                text "UTF-16LE", 'MediumBufferSize',0
    .rdata:00000001C001EBB0		                text "UTF-16LE", 'SmallBufferSize',0
    .rdata:00000001C001EBD0		                text "UTF-16LE", 'DoNotHoldNICBuffers',0
    .rdata:00000001C001EBF8		                text "UTF-16LE", 'BlockingSendCopyThreshold',0
    .rdata:00000001C001EC30		                text "UTF-16LE", 'FastSendDatagramThreshold',0
    .rdata:00000001C001EC68		                text "UTF-16LE", 'PacketFragmentCopyThreshold',0
    .rdata:00000001C001ECA0		                text "UTF-16LE", 'TransmitIoLength',0
    .rdata:00000001C001ECC8		                text "UTF-16LE", 'MaxFastTransmit',0
    .rdata:00000001C001ECE8		                text "UTF-16LE", 'MaxFastCopyTransmit',0
    .rdata:00000001C001ED10		                text "UTF-16LE", 'DefaultPacketElementCount',0
    .rdata:00000001C001ED48		                text "UTF-16LE", 'TransmitWorker',0
    .rdata:00000001C001F828		                text "UTF-16LE", 'NULL',0
    .rdata:00000001C001F834		                text "UTF-16LE", 8,0
    .rdata:00000001C001F838		                text "UTF-16LE", '\Callback\AfdTdxCallback',0
    .rdata:00000001C001F920		                text "UTF-16LE", 'UDP',0
    .rdata:00000001C001F928		                text "UTF-16LE", 'RAW',0
    .rdata:00000001C001F930		                text "UTF-16LE", 'TCP',0
    .rdata:00000001C001F938		                text "UTF-16LE", '%hu',0
    .rdata:00000001C001F940		                text "UTF-16LE", '%lu',0
    .rdata:00000001C001F9E0		                text "UTF-16LE", '\Device\BTHMS_RFCOMM',0
    .rdata:00000001C001FD20		                text "UTF-16LE", '\ObjectTypes\IoCompletion',0
    .rdata:00000001C001FE00		                text "UTF-16LE", '(null)',0
    .rdata:00000001C001FE10		                text "UTF-16LE", '\Registry\Machine\Software\Policies\Microsoft\SQMCl'
    .rdata:00000001C001FE90		                text "UTF-16LE", 'CEIPEnable',0
    .rdata:00000001C001FEB0		                text "UTF-16LE", '\Registry\Machine\Software\Microsoft\SQMClient\Wind'
    .rdata:00000001C001FF20		                text "UTF-16LE", 'CEIPSampledIn',0
    .rdata:00000001C001FF40		                text "UTF-16LE", '%u.%u',0
    .rdata:00000001C001FFB8		                text "UTF-16LE", 'default',0
    TCPIPCFG.dll

    Code:
    Address	Function	Instruction
    .rdata:000000018002E4D8		text "UTF-16LE", 'Val',0
    .rdata:000000018002E4E0		text "UTF-16LE", 'ForceRemove',0
    .rdata:000000018002E4F8		text "UTF-16LE", 'NoRemove',0
    .rdata:000000018002E510		text "UTF-16LE", 'Delete',0
    .rdata:000000018002E520		text "UTF-16LE", 'CLSID',0
    .rdata:000000018002E530		text "UTF-16LE", 'TYPELIB',0
    .rdata:000000018002E540		text "UTF-16LE", 'HKCR',0
    .rdata:000000018002E550		text "UTF-16LE", 'HKCU',0
    .rdata:000000018002E560		text "UTF-16LE", 'HKLM',0
    .rdata:000000018002E570		text "UTF-16LE", 'HKU',0
    .rdata:000000018002E578		text "UTF-16LE", 'HKPD',0
    .rdata:000000018002E588		text "UTF-16LE", 'HKDD',0
    .rdata:000000018002E598		text "UTF-16LE", 'HKCC',0
    .rdata:000000018002E5A8		text "UTF-16LE", 'HKEY_CLASSES_ROOT',0
    .rdata:000000018002E5D0		text "UTF-16LE", 'HKEY_CURRENT_USER',0
    .rdata:000000018002E5F8		text "UTF-16LE", 'HKEY_LOCAL_MACHINE',0
    .rdata:000000018002E620		text "UTF-16LE", 'HKEY_USERS',0
    .rdata:000000018002E638		text "UTF-16LE", 'HKEY_PERFORMANCE_DATA'
    .rdata:000000018002E668		text "UTF-16LE", 'HKEY_DYN_DATA',0
    .rdata:000000018002E688		text "UTF-16LE", 'HKEY_CURRENT_CONFIG',0
    .rdata:000000018002E6B0		text "UTF-16LE", 'Module',0
    .rdata:000000018002E6C0		text "UTF-16LE", 'REGISTRY',0
    .rdata:000000018002E6E0		text "UTF-16LE", 'API-MS-Win-Core-Local'
    .rdata:000000018002E748		text "UTF-16LE", 'advapi32.dll',0
    .rdata:000000018002E800		text "UTF-16LE", 'Tcpip_',0
    .rdata:000000018002E810		text "UTF-16LE", 'EnableDHCP',0
    .rdata:000000018002E828		text "UTF-16LE", 'IPAddress',0
    .rdata:000000018002E840		text "UTF-16LE", 'SubnetMask',0
    .rdata:000000018002E858		text "UTF-16LE", 'DefaultGateway',0
    .rdata:000000018002E878		text "UTF-16LE", 'NameServer',0
    .rdata:000000018002E890		text "UTF-16LE", 'NV Domain',0
    .rdata:000000018002E8A8		text "UTF-16LE", 'NumInterfaces',0
    .rdata:000000018002E8C8		text "UTF-16LE", 'IpInterfaces',0
    .rdata:000000018002E8E8		text "UTF-16LE", 'DisableDhcpOnConnect',0
    .rdata:000000018002E918		text "UTF-16LE", 'Domain',0
    .rdata:000000018002E934		text "UTF-16LE", '%d',0
    .rdata:000000018002E940		text "UTF-16LE", 'EnableLMHOSTS',0
    .rdata:000000018002E960		text "UTF-16LE", 'NameServerList',0
    .rdata:000000018002E980		text "UTF-16LE", 'NetbiosOptions',0
    .rdata:000000018002E9A0		text "UTF-16LE", 'Hostname',0
    .rdata:000000018002E9B8		text "UTF-16LE", 'NV Hostname',0
    .rdata:000000018002E9D0		text "UTF-16LE", 'SearchList',0
    .rdata:000000018002E9E8		text "UTF-16LE", 'LLInterface',0
    .rdata:000000018002EA00		text "UTF-16LE", 'Tcpip\Parameters\Inte'
    .rdata:000000018002EA40		text "UTF-16LE", 'IpConfig',0
    .rdata:000000018002EA58		text "UTF-16LE", 'UseZeroBroadcast',0
    .rdata:000000018002EA80		text "UTF-16LE", 'System\CurrentControl'
    .rdata:000000018002EB00		text "UTF-16LE", 'VPNInterface',0
    .rdata:000000018002EB20		text "UTF-16LE", '0.0.0.0',0
    .rdata:000000018002EB38		text "UTF-16LE", 'www.microsoft.com',0
    .rdata:000000018002EB60		text "UTF-16LE", 'Dnscache',0
    .rdata:000000018002EB78		text "UTF-16LE", 'ndiswanip',0
    .rdata:000000018002EB90		text "UTF-16LE", 'ndis1394',0
    .rdata:000000018002EBB0		text "UTF-16LE", 'SYSTEM\CurrentControl'
    .rdata:000000018002EC20		text "UTF-16LE", 'Options',0
    .rdata:000000018002EC30		text "UTF-16LE", 'Alternate_',0
    .rdata:000000018002EC48		text "UTF-16LE", 'ActiveConfigurations',0
    .rdata:000000018002EC78		text "UTF-16LE", 'Ras connection',0
    .rdata:000000018002EC98		text "UTF-16LE", '\Parameters\Tcpip',0
    .rdata:000000018002ECC0		text "UTF-16LE", 'SYSTEM\CurrentControl'
    .rdata:000000018002ED08		text "UTF-16LE", 'UseDomainNameDevoluti'
    .rdata:000000018002ED38		text "UTF-16LE", 'SearchList',0
    .rdata:000000018002ED50		text "UTF-16LE", 'DontAddDefaultGateway'
    .rdata:000000018002ED80		text "UTF-16LE", 'EnableDeadGWDetect',0
    .rdata:000000018002EDA8		text "UTF-16LE", 'DontAddDefaultGateway'
    .rdata:000000018002EDE8		text "UTF-16LE", 'DeadGWDetectDefault',0
    .rdata:000000018002EE10		text "UTF-16LE", 'PerformRouterDiscover'
    .rdata:000000018002EE50		text "UTF-16LE", 'EnableICMPRedirect',0
    .rdata:000000018002EE78		text "UTF-16LE", 'PerformRouterDiscover'
    .rdata:000000018002EEA8		text "UTF-16LE", 'IPEnableRouter',0
    .rdata:000000018002EEC8		text "UTF-16LE", '255.255.255.0',0
    .rdata:000000018002EEE8		text "UTF-16LE", '255.255.0.0',0
    .rdata:000000018002EF00		text "UTF-16LE", '255.0.0.0',0
    .rdata:000000018002EF18		text "UTF-16LE", 'ARP1394',0
    .rdata:000000018002EF28		text "UTF-16LE", 'WANARP',0
    .rdata:000000018002EF38		text "UTF-16LE", 'Tcpip_',0
    .rdata:000000018002EF48		text "UTF-16LE", 'Interfaces',0
    .rdata:000000018002EF60		text "UTF-16LE", 'Adapters',0
    .rdata:000000018002EF78		text "UTF-16LE", 'NetBT',0
    .rdata:000000018002EF88		text "UTF-16LE", 'Tcpip',0
    .rdata:000000018002EF98		text "UTF-16LE", 'ms_tcpip',0
    .rdata:000000018002EFB0		text "UTF-16LE", '128',0
    .rdata:000000018002EFB8		text "UTF-16LE", '::/0',0
    .rdata:000000018002EFC8		text "UTF-16LE", 'www.microsoft.com',0
    .rdata:000000018002EFF0		text "UTF-16LE", 'Dnscache',0
    .rdata:000000018002F008		text "UTF-16LE", 'ndiswanip',0
    .rdata:000000018002F020		text "UTF-16LE", 'ndis1394',0
    .rdata:000000018002F038		text "UTF-16LE", 'Ras connection',0
    .rdata:000000018002F060		text "UTF-16LE", 'SYSTEM\CurrentControl'
    .rdata:000000018002F0C8		text "UTF-16LE", 'UseDomainNameDevoluti'
    .rdata:000000018002F0F8		text "UTF-16LE", 'SearchList',0
    .rdata:000000018002F110		text "UTF-16LE", 'Tcpip_',0
    .rdata:000000018002F120		text "UTF-16LE", 'Interfaces',0
    .rdata:000000018002F138		text "UTF-16LE", 'ndisatm',0
    .rdata:000000018002F148		text "UTF-16LE", 'ms_tcpip6',0
    .rdata:000000018002F160		text "UTF-16LE", 'ms_netbt_smb',0
    .rdata:000000018002F180		text "UTF-16LE", 'ms_netbt',0
    .rdata:000000018002F1A0		text "UTF-16LE", 'System\CurrentControl'
    .rdata:000000018002F210		text "UTF-16LE", 'ProviderOrder',0
    .rdata:000000018002F230		text "UTF-16LE", 'Tcpip',0
    .rdata:000000018002F240		text "UTF-16LE", 'DefaultGatewayMetric',0
    .rdata:000000018002F270		text "UTF-16LE", 'RawIPAllowedProtocols'
    .rdata:000000018002F2A0		text "UTF-16LE", 'TCPAllowedPorts',0
    .rdata:000000018002F2C0		text "UTF-16LE", 'UDPAllowedPorts',0
    .rdata:000000018002F2E0		text "UTF-16LE", 'InterfaceMetric',0
    .rdata:000000018002F300		text "UTF-16LE", 'Tcpip_',0
    .rdata:000000018002F310		text "UTF-16LE", 'Interfaces',0
    .rdata:000000018002F328		text "UTF-16LE", '64',0
    .rdata:000000018002F330		text "UTF-16LE", '\drivers\etc\lmhosts',0
    .rdata:000000018002F360		text "UTF-16LE", '\drivers\etc\lmhosts.'
    .rdata:000000018002F3A0		text "UTF-16LE", 'Software\Policies\Mic'
    .rdata:000000018002F408		text "UTF-16LE", 'system32\msdt.exe',0
    .rdata:000000018002F430		text "UTF-16LE", '-skip TRUE -path',0
    .rdata:000000018002F460		text "UTF-16LE", 'diagnostics\system\ne'
    .rdata:000000018002F4B0		text "UTF-16LE", '<Answers Version="1.0'
    .rdata:000000018002F610		text "UTF-16LE", '<Interaction ID="IT_H'
    .rdata:000000018002F6B0		text "UTF-16LE", '</HelperAttributes>]]'
    .rdata:000000018002F710		text "UTF-16LE", '<HelperAttribute>',0
    .rdata:000000018002F738		text "UTF-16LE", '</HelperAttribute>',0
    .rdata:000000018002F760		text "UTF-16LE", '</Answers>',0
    .rdata:000000018002F778		text "UTF-16LE", 'NDFDiag.tmp',0
    .rdata:000000018002F790		text "UTF-16LE", '%s%s',0
    .rdata:000000018002F7A0		text "UTF-16LE", '%s\%s',0
    .rdata:000000018002F7B0		text "UTF-16LE", ' %s %s%s %s',0
    .rdata:000000018002F7C8		text "UTF-16LE", ' %s %s\%s %s',0
    .rdata:000000018002F7E8		text "UTF-16LE", 'QueryName',0
    .rdata:000000018002F800		text "UTF-16LE", 'BehindProxy',0
    .rdata:000000018002F818		text "UTF-16LE", 'InterfaceIndex',0
    .rdata:000000018002F848		text "UTF-16LE", '0123456789ABCDEF',0
    .rdata:000000018002F888		text "UTF-16LE", 'NoPopupsInPnp=',0
    .rdata:000000018002F8A8		text "UTF-16LE", 'NameRegistration=',0
    .rdata:000000018002F8D0		text "UTF-16LE", 'DynamicUpdate=',0
    .rdata:000000018002F8F0		text "UTF-16LE", 'WINS=',0
    .rdata:000000018002F900		text "UTF-16LE", 'DNS=',0
    .rdata:000000018002F910		text "UTF-16LE", 'GwMetric=',0
    .rdata:000000018002F928		text "UTF-16LE", 'DefGw=',0
    .rdata:000000018002F938		text "UTF-16LE", 'IfMetric=',0
    .rdata:000000018002F94C		text "UTF-16LE", '%d',0
    .rdata:000000018002F958		text "UTF-16LE", '255.255.255.0',0
    .rdata:000000018002F978		text "UTF-16LE", '255.255.0.0',0
    .rdata:000000018002F990		text "UTF-16LE", '255.0.0.0',0
    .rdata:000000018002F9C0		text "UTF-16LE", 'netman.dll',0
    .rdata:000000018002F9D8		text "UTF-16LE", 'DNS',0
    .rdata:000000018002F9E0		text "UTF-16LE", '0.0.0.0',0
    .rdata:000000018002F9F0		text "UTF-16LE", 'DhcpIPAddress',0
    .rdata:000000018002FA10		text "UTF-16LE", '255.0.0.0',0
    .rdata:000000018002FA28		text "UTF-16LE", 'DhcpSubnetMask',0
    .rdata:000000018002FA58		text "UTF-16LE", 'dhcpcsvc.dll',0
    .rdata:000000018002FA98		text "UTF-16LE", '0.0.0.0/0',0
    .rdata:000000018002FAB0		text "UTF-16LE", 'Interfaces',0
    .rdata:000000018002FAC8		text "UTF-16LE", 'Tcpip',0
    .rdata:000000018002FAD8		text "UTF-16LE", '(A;CIIO;RC;;;S-1-3-4)'
    .rdata:000000018002FB20		text "UTF-16LE", 'AdapterSections',0
    .rdata:000000018002FB40		text "UTF-16LE", 'DontAddDefaultGateway'
    .rdata:000000018002FB70		text "UTF-16LE", 'Interfaces',0
    .rdata:000000018002FB88		text "UTF-16LE", '::',0
    .rdata:000000018002FB98		text "UTF-16LE", '::1',0
    .rdata:000000018002FBA0		text "UTF-16LE", '%u',0
    .rdata:000000018002FBA8		text "UTF-16LE", '*.*',0
    .rdata:000000018002FBB0		text "UTF-16LE", '%s|%s',0
    .rdata:000000018002FE78		text "UTF-16LE", 'System\Setup',0
    .rdata:000000018002FE98		text "UTF-16LE", 'SystemSetupInProgress'
    .rdata:000000018002FED0		text "UTF-16LE", 'System\CurrentControl'
    .rdata:000000018002FF20		text "UTF-16LE", ' ',0
    .rdata:000000018002FF28		text "UTF-16LE", 'Yes',0
    .rdata:000000018002FF30		text "UTF-16LE", 'No',0
    .rdata:000000018002FF40		text "UTF-16LE", 'EnableAdapterDomainNa'
    .rdata:000000018002FF88		text "UTF-16LE", 'DisableDynamicUpdate',0
    .rdata:000000018002FFB8		text "UTF-16LE", 'NetBIOSOptions',0
    .rdata:000000018002FFD8		text "UTF-16LE", 'WINSServerList',0
    .rdata:000000018002FFF8		text "UTF-16LE", 'UdpAllowedPorts',0
    .rdata:0000000180030018		text "UTF-16LE", 'TcpAllowedPorts',0
    .rdata:0000000180030038		text "UTF-16LE", 'SubnetMask',0
    .rdata:0000000180030050		text "UTF-16LE", 'IpAllowedProtocols',0
    .rdata:0000000180030078		text "UTF-16LE", 'DNSServerSearchOrder',0
    .rdata:00000001800300A8		text "UTF-16LE", 'IPAddress',0
    .rdata:00000001800300C0		text "UTF-16LE", 'DHCP',0
    .rdata:00000001800300D0		text "UTF-16LE", 'DNSDomain',0
    .rdata:00000001800300E8		text "UTF-16LE", 'Domain',0
    .rdata:00000001800300F8		text "UTF-16LE", 'DefaultGateway',0
    .rdata:0000000180030118		text "UTF-16LE", 'WINS',0
    .rdata:0000000180030128		text "UTF-16LE", 'SpecificTo',0
    .rdata:0000000180030140		text "UTF-16LE", 'UseDomainNameDevoluti'
    .rdata:0000000180030170		text "UTF-16LE", 'DontAddDefaultGateway'
    .rdata:00000001800301B0		text "UTF-16LE", 'DeadGWDetectDefault',0
    .rdata:00000001800301D8		text "UTF-16LE", 'EnableICMPRedirect',0
    .rdata:0000000180030200		text "UTF-16LE", 'EnableLMHosts',0
    .rdata:0000000180030220		text "UTF-16LE", 'DNSSuffixSearchOrder',0
    .rdata:0000000180030250		text "UTF-16LE", 'DNSHostName',0
    .rdata:0000000180030268		text "UTF-16LE", 'DhcpClassId',0
    .rdata:0000000180030280		text "UTF-16LE", 'BindToDhcpServer',0
    .rdata:00000001800302A8		text "UTF-16LE", 'PPTPFiltering',0
    .rdata:00000001800302C8		text "UTF-16LE", 'MaxForwardPending',0
    .rdata:00000001800302F0		text "UTF-16LE", 'UseZeroBroadcast',0
    .rdata:0000000180030318		text "UTF-16LE", 'MTU',0
    .rdata:0000000180030320		text "UTF-16LE", 'TcpUseRFC1122UrgentPo'
    .rdata:0000000180030358		text "UTF-16LE", 'TcpTimedWaitDelay',0
    .rdata:0000000180030380		text "UTF-16LE", 'TcpNumConnections',0
    .rdata:00000001800303A8		text "UTF-16LE", 'TCPMaxPortsExhausted',0
    .rdata:00000001800303D8		text "UTF-16LE", 'TCPMaxHalfOpenRetried'
    .rdata:0000000180030408		text "UTF-16LE", 'TCPMaxHalfOpen',0
    .rdata:0000000180030428		text "UTF-16LE", 'TcpMaxDupAcks',0
    .rdata:0000000180030448		text "UTF-16LE", 'TcpMaxDataRetransmiss'
    .rdata:0000000180030480		text "UTF-16LE", 'TcpMaxConnectRetransm'
    .rdata:00000001800304C0		text "UTF-16LE", 'SyncDomainWithMembers'
    .rdata:00000001800304F8		text "UTF-16LE", 'SynAttackProtect',0
    .rdata:0000000180030520		text "UTF-16LE", 'PPTPTcpMaxDataRetrans'
    .rdata:0000000180030560		text "UTF-16LE", 'PersistentRoutes',0
    .rdata:0000000180030588		text "UTF-16LE", 'NumForwardPackets',0
    .rdata:00000001800305B0		text "UTF-16LE", 'MaxUserPort',0
    .rdata:00000001800305C8		text "UTF-16LE", 'MaxNumForwardPackets',0
    .rdata:00000001800305F8		text "UTF-16LE", 'MaxHashTableSize',0
    .rdata:0000000180030620		text "UTF-16LE", 'MaxForwardBufferMemor'
    .rdata:0000000180030650		text "UTF-16LE", 'KeepAliveTime',0
    .rdata:0000000180030670		text "UTF-16LE", 'KeepAliveInterval',0
    .rdata:0000000180030698		text "UTF-16LE", 'IGMPLevel',0
    .rdata:00000001800306B0		text "UTF-16LE", 'ForwardBufferMemory',0
    .rdata:00000001800306D8		text "UTF-16LE", 'ForwardBroadcasts',0
    .rdata:0000000180030700		text "UTF-16LE", 'EnablePMTUDiscovery',0
    .rdata:0000000180030728		text "UTF-16LE", 'EnablePMTUBHDetect',0
    .rdata:0000000180030750		text "UTF-16LE", 'EnableDeadGWDetect',0
    .rdata:0000000180030778		text "UTF-16LE", 'EnableAddrMaskReply',0
    .rdata:00000001800307A0		text "UTF-16LE", 'DefaultTOS',0
    .rdata:00000001800307B8		text "UTF-16LE", 'ArpUseEtherSNAP',0
    .rdata:00000001800307D8		text "UTF-16LE", 'ArpTRSingleRoute',0
    .rdata:0000000180030800		text "UTF-16LE", 'ArpRetryCount',0
    .rdata:0000000180030820		text "UTF-16LE", 'ArpCacheMinReferenced'
    .rdata:0000000180030858		text "UTF-16LE", 'ArpCacheLife',0
    .rdata:0000000180030878		text "UTF-16LE", 'ArpAlwaysSourceRoute',0
    .rdata:00000001800308A8		text "UTF-16LE", 'WinsDownTimeout',0
    .rdata:00000001800308C8		text "UTF-16LE", 'Size/Small/Medium/Lar'
    .rdata:00000001800308F8		text "UTF-16LE", 'SingleResponse',0
    .rdata:0000000180030918		text "UTF-16LE", 'SessionKeepAlive',0
    .rdata:0000000180030940		text "UTF-16LE", 'ScopeID',0
    .rdata:0000000180030950		text "UTF-16LE", 'RefreshOpCode',0
    .rdata:0000000180030970		text "UTF-16LE", 'RandomAdapter',0
    .rdata:0000000180030990		text "UTF-16LE", 'NodeType',0
    .rdata:00000001800309A8		text "UTF-16LE", 'NameSrvQueryTimeout',0
    .rdata:00000001800309D0		text "UTF-16LE", 'NameSrvQueryCount',0
    .rdata:00000001800309F8		text "UTF-16LE", 'NameServerPort',0
    .rdata:0000000180030A18		text "UTF-16LE", 'MaxDgramBuffering',0
    .rdata:0000000180030A40		text "UTF-16LE", 'LmhostsTimeout',0
    .rdata:0000000180030A60		text "UTF-16LE", 'InitialRefreshTimeout'
    .rdata:0000000180030A90		text "UTF-16LE", 'EnableProxyRegCheck',0
    .rdata:0000000180030AB8		text "UTF-16LE", 'EnableProxy',0
    .rdata:0000000180030AD0		text "UTF-16LE", 'CacheTimeout',0
    .rdata:0000000180030AF0		text "UTF-16LE", 'BroadcastAddress',0
    .rdata:0000000180030B18		text "UTF-16LE", 'BcastQueryTimeout',0
    .rdata:0000000180030B40		text "UTF-16LE", 'BcastNameQueryCount',0
    .rdata:0000000180030B68		text "UTF-16LE", 'SYSTEM\Setup\AnswerFi'
    MSWSOCK.dll
    Code:
    Address	Function	Instruction
    .rdata:0000000180051010		                text "UTF-16LE", 'TV',0
    .rdata:0000000180051DB0		                text "UTF-16LE", 'HelperDllName',0
    .rdata:0000000180051EC8		                text "UTF-16LE", 'localhost',0
    .rdata:0000000180051EE0		                text "UTF-16LE", 'loopback',0
    .rdata:0000000180051EF8		                text "UTF-16LE", 'Transports',0
    .rdata:0000000180051F10		                text "UTF-16LE", 'SYSTEM\CurrentControlSet\Services\Winsock\Parameter'
    .rdata:0000000180051F80		                text "UTF-16LE", 'Microsoft Windows Sockets Version 2.',0
    .rdata:0000000180051FD0		                text "UTF-16LE", 'MinSockaddrLength',0
    .rdata:0000000180051FF8		                text "UTF-16LE", 'MaxSockaddrLength',0
    .rdata:0000000180052020		                text "UTF-16LE", 'UseDelayedAcceptance',0
    .rdata:0000000180052060		                text "UTF-16LE", 'WinSock 2.0 Provider ID',0
    .rdata:0000000180052090		                text "UTF-16LE", 'ration\Providers',0
    .rdata:0000000180052128		                text "UTF-16LE", 'Mapping',0
    .rdata:0000000180052138		                text "UTF-16LE", '\Parameters\Winsock',0
    .rdata:0000000180052160		                text "UTF-16LE", 'System\CurrentControlSet\Services\',0
    .rdata:00000001800521A8		                text "UTF-16LE", '\Device\Afd\Endpoint',0
    .rdata:00000001800521D8		                text "UTF-16LE", '\Device\Afd\AsyncConnectHlp',0
    .rdata:0000000180052210		                text "UTF-16LE", '\Device\Afd\AsyncSelectHlp',0
    .rdata:0000000180052330		                text "UTF-16LE", '%SystemRoot%\system32\mswsock.dll',0
    .rdata:0000000180052380		                text "UTF-16LE", '\Registry\Machine\System\CurrentControlSet\Services'
    .rdata:0000000180052500		                text "UTF-16LE", 'UdpPort',0
    .rdata:0000000180052510		                text "UTF-16LE", 'TcpPort',0
    .rdata:0000000180052540		                text "UTF-16LE", 'Provider List',0
    .rdata:0000000180052560		                text "UTF-16LE", 'Setup Version',0
    .rdata:0000000180052580		                text "UTF-16LE", 'Known Static Providers',0
    .rdata:00000001800525B0		                text "UTF-16LE", 'WinSock 1.1 Provider Data',0
    .rdata:0000000180052690		                text "UTF-16LE", 'NULL',0
    .rdata:00000001800526A8		                text "UTF-16LE", 'SanTcpBypass',0
    .rdata:00000001800526C8		                text "UTF-16LE", 'SanResizeDisable',0
    .rdata:00000001800526F0		                text "UTF-16LE", 'SanRecvPollCount',0
    .rdata:0000000180052728		                text "UTF-16LE", 'Global\SC_AutoStartComplete',0
    .rdata:0000000180052760		                text "UTF-16LE", 'ReceiveBuffers',0
    .rdata:0000000180052780		                text "UTF-16LE", 'SendBuffers',0
    .rdata:00000001800527A0		                text "UTF-16LE", 'System\CurrentControlSet\Services\Winsock\Parameter'
    .rdata:0000000180052A18		                text "UTF-16LE", '\Device\Afd\SanHelper',0
    .rdata:0000000180052AA0		                text "UTF-16LE", '\Registry\Machine\System\CurrentControlSet\Services'
    .rdata:0000000180052ED0		                text "UTF-16LE", '\Device\Afd\RioRegDomain',0
    .rdata:0000000180052FC0		                text "UTF-16LE", '..DnsServers',0
    .rdata:0000000180053350		                text "UTF-16LE", 'SYSTEM\CurrentControlSet\Control\ServiceProvider\Se'
    .rdata:00000001800533D0		                text "UTF-16LE", 'GUID',0
    .rdata:00000001800533DC		                text "UTF-16LE", '{',0
    .rdata:00000001800533E0		                text "UTF-16LE", '}',0
    .rdata:00000001800533E8		                text "UTF-16LE", '> %S:%s',0Ah,0
    .rdata:0000000180053400		                text "UTF-16LE", 'System\CurrentControlSet\Services\Tcpip\ServiceProv'
    .rdata:0000000180053470		aLocalpriority:
    .rdata:0000000180053490		aHostspriority:
    .rdata:00000001800534B0		aDnspriority:
    .rdata:00000001800534C8		aNetbtpriority:
    .rdata:00000001800534E8		aMaxhostentcach:
    .rdata:0000000180053510		text "UTF-16LE", 'SYSTEM\CurrentControl'
    .rdata:0000000180053590		text "UTF-16LE", 'SYSTEM\CurrentControl'
    .rdata:0000000180053600		text "UTF-16LE", 'ProviderOrder',0
    .rdata:0000000180053620		text "UTF-16LE", '\ServiceProvider',0
    .rdata:0000000180053648		aClass:
    .rdata:0000000180053658		aProviderpath:
    .rdata:0000000180053690		text "UTF-16LE", 'ExcludedProviders',0
    .rdata:0000000180053710		text "UTF-16LE", 'Target information mu'
    .rdata:0000000180053760		text "UTF-16LE", 'OpenServicesRoot fail'
    .rdata:0000000180053790		text "UTF-16LE", 'OpenWinsockRoot faile'
    .rdata:00000001800537C0		text "UTF-16LE", 'OpenSetupMigrationRoo'
    .rdata:0000000180053800		text "UTF-16LE", 'ReadNewProviderList f'
    .rdata:0000000180053838		text "UTF-16LE", 'ReadOldProviderList f'
    .rdata:0000000180053870		text "UTF-16LE", 'ReadKnownStaticProvid'
    .rdata:00000001800538C0		text "UTF-16LE", 'Enumerating old provi'
    .rdata:0000000180053928		text "UTF-16LE", 'Removing old provider'
    .rdata:0000000180053958		text "UTF-16LE", 'Failed to remove old '
    .rdata:00000001800539A0		text "UTF-16LE", 'Successfully removed '
    .rdata:00000001800539E8		text "UTF-16LE", 'Keeping old provider',0
    .rdata:0000000180053A18		text "UTF-16LE", 'Done enumerating old '
    .rdata:0000000180053A60		text "UTF-16LE", 'Enumerating new provi'
    .rdata:0000000180053AB0		text "UTF-16LE", 'A new provider has be'
    .rdata:0000000180053B20		text "UTF-16LE", 'This new provider is '
    .rdata:0000000180053B70		text "UTF-16LE", 'This new provider is '
    .rdata:0000000180053BD0		text "UTF-16LE", 'rovider failed',0
    .rdata:0000000180053C20		text "UTF-16LE", 'Non-offline-capable p'
    .rdata:0000000180053CA0		text "UTF-16LE", 'Successfully installe'
    .rdata:0000000180053D30		text "UTF-16LE", 'Unable to add newly i'
    .rdata:0000000180053DB0		text "UTF-16LE", 'Cannot install provid'
    .rdata:0000000180053DF8		text "UTF-16LE", 'Done enumerating new '
    .rdata:0000000180053E40		text "UTF-16LE", 'Updating the updated '
    .rdata:0000000180053EA0		text "UTF-16LE", 'Adding static provide'
    .rdata:0000000180053EF0		text "UTF-16LE", 'Failed to add provide'
    .rdata:0000000180053F40		text "UTF-16LE", 'Adding offline-capabl'
    .rdata:0000000180053FA0		text "UTF-16LE", 'Updating dynamic prov'
    .rdata:0000000180053FE0		text "UTF-16LE", 'Failed to find protoc'
    .rdata:0000000180054050		text "UTF-16LE", 'ReadProtocolDataFromR'
    .rdata:00000001800540A0		text "UTF-16LE", 'Provider returned no '
    .rdata:00000001800540F0		text "UTF-16LE", 'AppendStringToMultiSz'
    .rdata:0000000180054130		text "UTF-16LE", 'RemoveProviderByName '
    .rdata:0000000180054170		text "UTF-16LE", 'Successfully installe'
    .rdata:00000001800541F8		text "UTF-16LE", 'Failed to add to upda'
    .rdata:0000000180054240		text "UTF-16LE", 'Failed to install dyn'
    .rdata:00000001800542A0		text "UTF-16LE", 'Successfully updated '
    .rdata:00000001800542F0		text "UTF-16LE", 'Done populating the u'
    .rdata:0000000180054340		text "UTF-16LE", 'Failed to write updat'
    .rdata:00000001800543C0		text "UTF-16LE", 'Exiting MigrateWinsoc'
    .rdata:0000000180054420		text "UTF-16LE", 'Exiting MigrateWinsoc'
    .rdata:0000000180054488		text "UTF-16LE", 'Failed to get value',0
    .rdata:00000001800544B0		text "UTF-16LE", 'Expected DWORD value,'
    .rdata:0000000180054520		text "UTF-16LE", 'Failed to determine v'
    .rdata:0000000180054590		text "UTF-16LE", 'Failed to allocate me'
    .rdata:0000000180054600		text "UTF-16LE", 'Failed to read the st'
    .rdata:0000000180054640		text "UTF-16LE", 'Expected REG_MULTI_SZ'
    .rdata:00000001800546B8		text "UTF-16LE", 'Failed to read string'
    .rdata:0000000180054700		text "UTF-16LE", 'Failed to allocate sp'
    .rdata:0000000180054760		text "UTF-16LE", 'Failed to read the st'
    .rdata:00000001800547C0		text "UTF-16LE", 'Expected REG_SZ or RE'
    .rdata:0000000180054850		text "UTF-16LE", 'Failed to determine b'
    .rdata:00000001800548A0		text "UTF-16LE", 'Failed to allocate sp'
    .rdata:0000000180054900		text "UTF-16LE", 'Failed to read the bi'
    .rdata:0000000180054970		text "UTF-16LE", 'alue, and got a diffe'
    .rdata:00000001800549F0		text "UTF-16LE", 'Failed to ready the G'
    .rdata:0000000180054A50		text "UTF-16LE", 'HKEY_LOCAL_MACHINE\Sy'
    .rdata:0000000180054AC0		text "UTF-16LE", 'Could not translate p'
    .rdata:0000000180054AF8		SubStr:
    .rdata:0000000180054B20		aHkeyCurrentUse:
    .rdata:0000000180054B48		aHkeyClassesRoo:
    .rdata:0000000180054B70		aHkeyUsers:
    .rdata:0000000180054B88		text "UTF-16LE", 'Unknown registry root'
    .rdata:0000000180054BB8		text "UTF-16LE", 'Could not open key',0
    .rdata:0000000180054BE0		text "UTF-16LE", 'WinSock',0
    .rdata:0000000180054BF0		text "UTF-16LE", 'Setup Migration',0
    .rdata:0000000180054C10		text "UTF-16LE", 'Could not open Migrat'
    .rdata:0000000180054C50		text "UTF-16LE", 'The migration subkey '
    .rdata:0000000180054CA0		text "UTF-16LE", 'Providers',0
    .rdata:0000000180054CC0		text "UTF-16LE", 'Could not open provid'
    .rdata:0000000180054D00		text "UTF-16LE", 'The migration provide'
    .rdata:0000000180054D60		text "UTF-16LE", 'Well Known Guids',0
    .rdata:0000000180054D90		text "UTF-16LE", 'Could not open well k'
    .rdata:0000000180054DE0		text "UTF-16LE", 'The well known GUIDs '
    .rdata:0000000180054E50		text "UTF-16LE", 'Failed to read setup '
    .rdata:0000000180054EA0		text "UTF-16LE", 'WARNING: Could not pa'
    .rdata:0000000180054F70		text "UTF-16LE", 'Failed to remove all '
    .rdata:0000000180054FD0		text "UTF-16LE", 'Failed to recursively'
    .rdata:0000000180055030		text "UTF-16LE", 'Failed to create defa'
    .rdata:0000000180055090		text "UTF-16LE", 'Successfully created '
    .rdata:00000001800550F8		text "UTF-16LE", 'Parameters\WinSock',0
    .rdata:0000000180055120		text "UTF-16LE", 'Parameters',0
    .rdata:0000000180055140		text "UTF-16LE", 'Failed to open parame'
    .rdata:0000000180055190		text "UTF-16LE", 'Failed to read Transp'
    .rdata:00000001800551D0		text "UTF-16LE", 'WARNING: Failed to op'
    .rdata:0000000180055220		text "UTF-16LE", 'Failed to read provid'
    .rdata:0000000180055260		text "UTF-16LE", 'Failed to create setu'
    .rdata:00000001800552B0		text "UTF-16LE", 'Failed to set default'
    .rdata:0000000180055310		text "UTF-16LE", 'Failed to set default'
    .rdata:0000000180055370		text "UTF-16LE", 'Failed to set known s'
    .rdata:00000001800553D0		text "UTF-16LE", 'Failed to create prov'
    .rdata:0000000180055420		text "UTF-16LE", 'Failed to create well'
    .rdata:0000000180055478		text "UTF-16LE", 'Failed to write GUID',0
    .rdata:00000001800554A8		text "UTF-16LE", 'Root key does not exi'
    .rdata:00000001800554D8		text "UTF-16LE", 'Could not open key to'
    .rdata:0000000180055520		text "UTF-16LE", 'Failed to recursively'
    .rdata:0000000180055570		text "UTF-16LE", 'Failed to close targe'
    .rdata:00000001800555A8		text "UTF-16LE", 'Failed to delete targ'
    .rdata:00000001800555E0		text "UTF-16LE", 'Attempting to remove '
    .rdata:0000000180055620		text "UTF-16LE", ' found for deinstalla'
    .rdata:0000000180055680		text "UTF-16LE", 'Failed to deinstall p'
    .rdata:00000001800556C0		text "UTF-16LE", 'Failed to recursively'
    .rdata:0000000180055720		text "UTF-16LE", 'OfflineCapable',0
    .rdata:0000000180055740		text "UTF-16LE", 'Failed to open provid'
    .rdata:0000000180055770		text "UTF-16LE", 'Failed to read provid'
    .rdata:00000001800557B0		text "UTF-16LE", 'Failed to open servic'
    .rdata:0000000180055810		text "UTF-16LE", 'Failed to open servic'
    .rdata:0000000180055880		aNetbios:
    .rdata:0000000180055890		text "UTF-16LE", 'Failed to read suppor'
    .rdata:0000000180055900		text "UTF-16LE", 'Failed to read helper'
    .rdata:0000000180055960		text "UTF-16LE", 'Translator failed',0
    .rdata:0000000180055990		text "UTF-16LE", 'Expanded length excee'
    .rdata:00000001800559E0		text "UTF-16LE", 'Expanded length is ze'
    .rdata:0000000180055A10		text "UTF-16LE", 'Could not load helper'
    .rdata:0000000180055A50		text "UTF-16LE", 'Could not enumerate a'
    .rdata:0000000180055B20		text "UTF-16LE", 'No protocols to enume'
    .rdata:0000000180055B60		text "UTF-16LE", 'Failed to allocate me'
    .rdata:0000000180055BC0		text "UTF-16LE", 'rotocols',0
    .rdata:0000000180055C00		text "UTF-16LE", 'Failed to read mappin'
    .rdata:0000000180055C38		text "UTF-16LE", 'Mapping data is inval'
    .rdata:0000000180055C68		text "UTF-16LE", 'Failed to open protoc'
    .rdata:0000000180055C98		text "UTF-16LE", 'ServiceFlags',0
    .rdata:0000000180055CC0		text "UTF-16LE", 'Failed to read the se'
    .rdata:0000000180055D10		text "UTF-16LE", 'ProviderFlags',0
    .rdata:0000000180055D30		text "UTF-16LE", 'Failed to read the pr'
    .rdata:0000000180055D80		text "UTF-16LE", 'Version',0
    .rdata:0000000180055D90		text "UTF-16LE", 'Failed to read the ve'
    .rdata:0000000180055DD8		text "UTF-16LE", 'AddressFamily',0
    .rdata:0000000180055E00		text "UTF-16LE", 'Failed to read the ad'
    .rdata:0000000180055E50		text "UTF-16LE", 'MaxSockAddrLength',0
    .rdata:0000000180055E80		text "UTF-16LE", 'Failed to read the ma'
    .rdata:0000000180055EE8		text "UTF-16LE", 'MinSockAddrLength',0
    .rdata:0000000180055F10		text "UTF-16LE", 'Failed to read the mi'
    .rdata:0000000180055F78		text "UTF-16LE", 'SocketType',0
    .rdata:0000000180055F90		text "UTF-16LE", 'Failed to read the so'
    .rdata:0000000180055FE0		text "UTF-16LE", 'Protocol',0
    .rdata:0000000180056000		text "UTF-16LE", 'Failed to read the pr'
    .rdata:0000000180056048		text "UTF-16LE", 'ProtocolMaxOffset',0
    .rdata:0000000180056070		text "UTF-16LE", 'Failed to read the pr'
    .rdata:00000001800560D0		text "UTF-16LE", 'ByteOrder',0
    .rdata:00000001800560F0		text "UTF-16LE", 'Failed to read the ne'
    .rdata:0000000180056148		text "UTF-16LE", 'MessageSize',0
    .rdata:0000000180056160		text "UTF-16LE", 'Failed to read the me'
    .rdata:00000001800561B0		aSzprotocol:
    .rdata:00000001800561D0		text "UTF-16LE", 'Failed to read the pr'
    .rdata:0000000180056230		text "UTF-16LE", 'er parameters key',0
    .rdata:0000000180056280		text "UTF-16LE", 'Failed to read number'
    .rdata:00000001800562D0		text "UTF-16LE", 'Failed to fill protoc'
    .rdata:00000001800563C0		text "UTF-16LE", 'ace for protocolInfo2'
    .rdata:0000000180056488		text "UTF-16LE", 'TcpIp',0
    .rdata:0000000180056498		text "UTF-16LE", ' [Pseudo Stream]',0
    .rdata:00000001800564C0		text "UTF-16LE", 'RAW/IP',0
    .rdata:00000001800564D0		text "UTF-16LE", 'MSAFD %s [%s]',0
    .rdata:00000001800564F0		aDevice:
    .rdata:0000000180056508		text "UTF-16LE", 'STREAM',0
    .rdata:0000000180056518		text "UTF-16LE", 'DATAGRAM',0
    .rdata:0000000180056530		text "UTF-16LE", 'RAW',0
    .rdata:0000000180056538		text "UTF-16LE", 'RDM',0
    .rdata:0000000180056540		text "UTF-16LE", 'SEQPACKET',0
    .rdata:0000000180056554		text "UTF-16LE", '%d',0
    .rdata:0000000180056560		text "UTF-16LE", 'MSAFD %s [%s] %s %d',0
    .rdata:0000000180056590		text "UTF-16LE", 'Failed to get number '
    .rdata:0000000180056600		text "UTF-16LE", 'Failed to allocate sp'
    .rdata:0000000180056670		text "UTF-16LE", 'Failed to allocate sp'
    .rdata:00000001800566E0		text "UTF-16LE", 'Failed to write the r'
    .rdata:0000000180056730		text "UTF-16LE", 'Retrying reodering th'
    .rdata:0000000180056770		text "UTF-16LE", 'BuildWinsock2Protocol'
    .rdata:00000001800567C0		text "UTF-16LE", 'DetermineGuidForProvi'
    .rdata:0000000180056800		text "UTF-16LE", 'CreateMigrationRegist'
    .rdata:0000000180056860		text "UTF-16LE", 'Failed to install pro'
    .rdata:0000000180056930		text "UTF-16LE", 'Retrying installation'
    .rdata:0000000180056960		text "UTF-16LE", '2nd attempt to instal'
    .rdata:00000001800569B0		text "UTF-16LE", 'SanitizeWinsock2Confi'
    .rdata:0000000180056A08		text "UTF-16LE", 'Tcpip',0
    .rdata:0000000180056A18		text "UTF-16LE", 'Tcpip6',0
    .rdata:0000000180056A28		text "UTF-16LE", 'Psched',0
    .rdata:0000000180056A40		text "UTF-16LE", 'Uninstalling provider'
    .rdata:0000000180056AA0		text "UTF-16LE", 'Failed to open provid'
    .rdata:0000000180056AE0		text "UTF-16LE", 'Failed to write proto'
    .rdata:0000000180056B30		text "UTF-16LE", 'Failed to write Winso'
    .rdata:0000000180056B80		text "UTF-16LE", 'Failed to get subkey '
    .rdata:0000000180056BE0		text "UTF-16LE", 'Failed to remove prov'
    .rdata:0000000180056C40		text "UTF-16LE", 'Failed to allocate sp'
    .rdata:0000000180056CA0		text "UTF-16LE", 'Deinstall failed for '
    .rdata:0000000180056D50		text "UTF-16LE", 'Cannot sanitize provi'
    .rdata:0000000180056DE0		text "UTF-16LE", 'Deinstall failed for '
    .rdata:0000000180056E90		text "UTF-16LE", 'Cannot sanitize provi'
    .rdata:0000000180056F10		text "UTF-16LE", 'ProviderGUID',0
    .rdata:0000000180056F30		text "UTF-16LE", 'Failed to read provid'
    .rdata:0000000180057030		text "UTF-16LE", 'Failed to create GUID'
    .rdata:0000000180057080		text "UTF-16LE", 'ace for provider path'
    .rdata:00000001800570D8		text "UTF-16LE", 'r path',0
    .rdata:0000000180057110		text "UTF-16LE", 'ed because WSCEnumPro'
    .rdata:0000000180057180		text "UTF-16LE", 'Failed to allocate sp'
    .rdata:00000001800571D0		text "UTF-16LE", 'Failed to update LSP',0
    .rdata:0000000180057200		text "UTF-16LE", 'Failed to allocate sp'
    .rdata:0000000180057258		text "UTF-16LE", '\Device\Tcp',0
    .rdata:0000000180057270		text "UTF-16LE", '\Device\Udp',0
    .rdata:0000000180057288		text "UTF-16LE", '\Device\RawIp',0
    .rdata:00000001800572A8		text "UTF-16LE", 'TCP/IP',0
    .rdata:00000001800572B8		text "UTF-16LE", 'UDP/IP',0
    .rdata:0000000180057A30		text "UTF-16LE", '\Device\Tcp6',0
    .rdata:0000000180057A50		text "UTF-16LE", '\Device\Udp6',0
    .rdata:0000000180057A70		text "UTF-16LE", '\Device\RawIp6',0
    .rdata:0000000180057A90		text "UTF-16LE", 'TCP/IPv6',0
    .rdata:0000000180057AA8		text "UTF-16LE", 'UDP/IPv6',0
    .rdata:0000000180058348		text "UTF-16LE", '%u.%u.%u.%u.in-addr.a'
    .rdata:0000000180058380		text "UTF-16LE", '%x.%x.',0
    .rdata:0000000180058390		text "UTF-16LE", 'ip6.arpa.',0
    .rdata:00000001800583A8		aInAddrArpa:
    .rdata:00000001800583C8		aIp6Arpa_0:
    .rdata:00000001800584C0		text "UTF-16LE", 'WinsockDatabase',0
    .rdata:00000001800584F8		text "UTF-16LE", '\Device\Afd\SQMHelper'
    .rdata:0000000180058530		LibFileName:
    .data:000000018005FA10		text "UTF-16LE", 'Tcpip',0
    Usefull to Check what DWORDS etc. is working.

    Greetings St1cky

  2. #2
    wkssvc.dll LanmanWorkstation

    Code:
    Address	Function	Instruction
    .rdata:000000018003A8BC		text "UTF-16LE", 'NO',0
    .rdata:000000018003A8B0		text "UTF-16LE", 'FALSE',0
    .rdata:000000018003A8A8		text "UTF-16LE", 'YES',0
    .rdata:000000018003A898		text "UTF-16LE", 'TRUE',0
    .rdata:000000018003A880		text "UTF-16LE", '0123456789',0
    .rdata:000000018003A874		text "UTF-16LE", '0x',0
    .rdata:000000018003A858		text "UTF-16LE", 'ComputerName',0
    .rdata:000000018003A7E0		text "UTF-16LE", 'System\CurrentControl'
    .rdata:000000018003A790		text "UTF-16LE", 'CIFS',0
    .rdata:000000018003A740		text "UTF-16LE", 'ccd8c074-d0e5-4a40-92'
    .rdata:000000018003A718		text "UTF-16LE", 'ncacn_ip_tcp',0
    .rdata:000000018003A6C8		text "UTF-16LE", 'Witness Client Upcall'
    .rdata:000000018003A5C0		text "UTF-16LE", 'WitnessKeepAliveInSec'
    .rdata:000000018003A5A0		text "UTF-16LE", 'WitnessFlags',0
    .rdata:000000018003A3C0		text "UTF-16LE", 'NULL',0
    .rdata:000000018003A2F0		text "UTF-16LE", 'Witness Client Test I'
    .rdata:000000018003A2E0		text "UTF-16LE", '1.1.1.1',0
    .rdata:00000001800383F8		text "UTF-16LE", '.SMB-GlobalMapping-Ta'
    .rdata:00000001800383D0		text "UTF-16LE", 'limitmessagesend',0
    .rdata:0000000180038350		text "UTF-16LE", 'System\CurrentControl'
    .rdata:00000001800382D0		text "UTF-16LE", 'System\CurrentControl'
    .rdata:00000001800382A8		text "UTF-16LE", 'CredentialType',0
    .rdata:0000000180038288		text "UTF-16LE", 'ProviderFlags',0
    .rdata:0000000180038260		text "UTF-16LE", 'SecurityDescriptor',0
    .rdata:0000000180038238		text "UTF-16LE", 'DeferredParameters',0
    .rdata:0000000180038220		text "UTF-16LE", 'RemotePath',0
    .rdata:00000001800381E8		text "UTF-16LE", 'Microsoft Windows Net'
    .rdata:00000001800381C8		text "UTF-16LE", 'ProviderName',0
    .rdata:0000000180038118		text "UTF-16LE", '\PIPE\wkssvc',0
    .rdata:0000000180038050		text "UTF-16LE", 'O:NSG:NSD:(A;;0x12019'
    .rdata:0000000180037E90		text "UTF-16LE", 'RestrictAnonymous',0
    .rdata:0000000180037E40		text "UTF-16LE", 'SYSTEM\CurrentControl'
    .rdata:0000000180037DF0		text "UTF-16LE", 'DfsDcNameDelay',0
    .rdata:0000000180037D90		text "UTF-16LE", 'Software\Policies\Mic'
    .rdata:0000000180037D38		text "UTF-16LE", '\\.\VDRVROOT',0
    .rdata:0000000180037D18		text "UTF-16LE", 'LastLoadStatus',0
    .rdata:0000000180037CC0		text "UTF-16LE", 'System\CurrentControl'
    .rdata:0000000180037C80		text "UTF-16LE", '\Device\LanmanDatagra'
    .rdata:0000000180037B88		text "UTF-16LE", 'redirector',0
    .rdata:0000000180037B30		text "UTF-16LE", 'datagram receiver',0
    .rdata:0000000180037A08		text "UTF-16LE", 'LogElectionPackets',0
    .rdata:00000001800379D0		text "UTF-16LE", 'IllegalDatagramResetT'
    .rdata:0000000180037998		text "UTF-16LE", 'NumIllegalDatagramEve'
    .rdata:0000000180037968		text "UTF-16LE", 'ServerAnnounceBuffers'
    .rdata:0000000180037948		text "UTF-16LE", 'MailslotBuffers',0
    .rdata:0000000180037938		text "UTF-16LE", 'MaxCmds',0
    .rdata:00000001800378E0		text "UTF-16LE", 'WJFinalizeWorkplaceJo'
    .rdata:00000001800378A0		text "UTF-16LE", 'WJFinalizeRegistryNot'
    .rdata:0000000180037870		text "UTF-16LE", 'WJShutdownWorkplaceJo'
    .rdata:00000001800377F0		text "UTF-16LE", 'AutoJoinSvc/%s: AAD C'
    .rdata:0000000180037720		text "UTF-16LE", 'AutoJoinSvc/%s: Faile'
    .rdata:00000001800376C0		text "UTF-16LE", 'WJComputeCloudDomainJ'
    .rdata:0000000180037650		text "UTF-16LE", 'AutoJoinSvc/%s: Machi'
    .rdata:00000001800375C0		text "UTF-16LE", 'AutoJoinSvc/%s: DsrWr'
    .rdata:0000000180037550		text "UTF-16LE", 'AutoJoinSvc/%s: Globa'
    .rdata:00000001800374E0		text "UTF-16LE", 'AutoJoinSvc/%s: Local'
    .rdata:0000000180037460		text "UTF-16LE", 'AutoJoinSvc/%s: Globa'
    .rdata:0000000180037390		text "UTF-16LE", 'AutoJoinSvc/%s: Faile'
    .rdata:00000001800372C0		text "UTF-16LE", 'AutoJoinSvc/%s: Faile'
    .rdata:0000000180037280		text "UTF-16LE", 'WJComputeWorkplaceJoi'
    .rdata:0000000180037220		text "UTF-16LE", 'AutoJoinSvc/%s: Faile'
    .rdata:00000001800371F0		text "UTF-16LE", 'WJIsDomainJoined',0
    .rdata:0000000180037190		text "UTF-16LE", 'AutoJoinSvc/%s: Succe'
    .rdata:0000000180037130		text "UTF-16LE", 'AutoJoinSvc/%s: Succe'
    .rdata:00000001800370B0		text "UTF-16LE", 'AutoJoinSvc/%s: IRegi'
    .rdata:0000000180037060		text "UTF-16LE", 'AutoJoinSvc/%s: Runni'
    .rdata:0000000180036FE0		text "UTF-16LE", 'AutoJoinSvc/%s: Faile'
    .rdata:0000000180036F70		text "UTF-16LE", 'AutoJoinSvc/%s: Faile'
    .rdata:0000000180036EF0		text "UTF-16LE", 'AutoJoinSvc/%s: ITask'
    .rdata:0000000180036E90		text "UTF-16LE", 'AutoJoinSvc/%s: Faile'
    .rdata:0000000180036E00		text "UTF-16LE", 'AutoJoinSvc/%s: ITask'
    .rdata:0000000180036D90		text "UTF-16LE", 'AutoJoinSvc/%s: Faile'
    .rdata:0000000180036D10		text "UTF-16LE", 'AutoJoinSvc/%s: ITask'
    .rdata:0000000180036C70		text "UTF-16LE", 'AutoJoinSvc/%s: Faile'
    .rdata:0000000180036BE0		text "UTF-16LE", 'AutoJoinSvc/%s: Faile'
    .rdata:0000000180036BB0		text "UTF-16LE", 'WJSetScheduledTaskSta'
    .rdata:0000000180036AF0		text "UTF-16LE", 'AutoJoinSvc/%s: Faile'
    .rdata:0000000180036A50		text "UTF-16LE", 'AutoJoinSvc/%s: Faile'
    .rdata:00000001800369F0		text "UTF-16LE", 'WJCloudDomainJoinRunR'
    .rdata:00000001800369A0		text "UTF-16LE", 'AutoJoinSvc/%s: Local'
    .rdata:0000000180036940		text "UTF-16LE", 'WJWorkplaceJoinLocalP'
    .rdata:0000000180036900		text "UTF-16LE", 'AutoJoinSvc/%s: finis'
    .rdata:00000001800368B0		text "UTF-16LE", 'AutoJoinSvc/%s: Globa'
    .rdata:0000000180036850		text "UTF-16LE", 'WJWorkplaceJoinGlobal'
    .rdata:0000000180036790		text "UTF-16LE", 'AutoJoinSvc/%s: Faile'
    .rdata:0000000180036710		text "UTF-16LE", 'AutoJoinSvc/%s: Faile'
    .rdata:00000001800366C0		text "UTF-16LE", 'WJWorkplaceJoinPolicy'
    .rdata:0000000180036610		text "UTF-16LE", 'AutoJoinSvc/%s: Faile'
    .rdata:0000000180036560		text "UTF-16LE", 'AutoJoinSvc/%s: Faile'
    .rdata:0000000180036520		text "UTF-16LE", 'WJRegisterWorkplaceJo'
    .rdata:0000000180036460		text "UTF-16LE", 'AutoJoinSvc/%s: Faile'
    .rdata:00000001800363C0		text "UTF-16LE", 'AutoJoinSvc/%s: GetPe'
    .rdata:0000000180036388		text "UTF-16LE", 'IDStoreLoadParameters'
    .rdata:0000000180036330		text "UTF-16LE", 'WJRegisterCloudDomain'
    .rdata:0000000180036270		text "UTF-16LE", 'AutoJoinSvc/%s: Faile'
    .rdata:00000001800361C0		text "UTF-16LE", 'AutoJoinSvc/%s: Faile'
    .rdata:0000000180036120		text "UTF-16LE", 'AutoJoinSvc/%s: Faile'
    .rdata:0000000180036080		text "UTF-16LE", 'AutoJoinSvc/%s: Faile'
    .rdata:0000000180036040		text "UTF-16LE", 'WJRegisterKeyNotifica'
    .rdata:0000000180035FF0		text "UTF-16LE", 'AutoJoinSvc/%s: finis'
    .rdata:0000000180035F50		text "UTF-16LE", 'AutoJoinSvc/%s: Faile'
    .rdata:0000000180035EA0		text "UTF-16LE", 'AutoJoinSvc/%s: Faile'
    .rdata:0000000180035E00		text "UTF-16LE", 'AutoJoinSvc/%s: PC is'
    .rdata:0000000180035D50		text "UTF-16LE", 'AutoJoinSvc/%s: Faile'
    .rdata:0000000180035CA0		text "UTF-16LE", 'AutoJoinSvc/%s: Faile'
    .rdata:0000000180035C00		text "UTF-16LE", 'AutoJoinSvc/%s: Faile'
    .rdata:0000000180035B80		text "UTF-16LE", 'AutoJoinSvc/%s: Windo'
    .rdata:0000000180035B00		text "UTF-16LE", 'AutoJoinSvc/%s: Error'
    .rdata:0000000180035AD0		text "UTF-16LE", 'AutoJoinSvc/%s: start'
    .rdata:0000000180035A98		text "UTF-16LE", 'WJInitializeWorkplace'
    .rdata:0000000180035A70		text "UTF-16LE", 'ReadAheadThroughput',0
    .rdata:0000000180035A40		text "UTF-16LE", 'Use512ByteMaxTransfer'
    .rdata:0000000180035A18		text "UTF-16LE", 'ForceCoreCreateMode',0
    .rdata:00000001800359F0		text "UTF-16LE", 'BufReadOnlyFiles',0
    .rdata:00000001800359C8		text "UTF-16LE", 'BufFilesDenyWrite',0
    .rdata:00000001800359A8		text "UTF-16LE", 'UseEncryption',0
    .rdata:0000000180035988		text "UTF-16LE", 'UseWriteRawData',0
    .rdata:0000000180035970		text "UTF-16LE", 'UseRawWrite',0
    .rdata:0000000180035958		text "UTF-16LE", 'UseRawRead',0
    .rdata:0000000180035930		text "UTF-16LE", 'UtilizeNtCaching',0
    .rdata:0000000180035908		text "UTF-16LE", 'UseLockReadUnlock',0
    .rdata:00000001800358E8		text "UTF-16LE", 'BufNamedPipes',0
    .rdata:00000001800358C8		text "UTF-16LE", 'UseCloseBehind',0
    .rdata:00000001800358A8		text "UTF-16LE", 'UseUnlockBehind',0
    .rdata:0000000180035878		text "UTF-16LE", 'UseOpportunisticLocki'
    .rdata:0000000180035850		text "UTF-16LE", 'CacheFileTimeout',0
    .rdata:0000000180035828		text "UTF-16LE", 'DormantFileLimit',0
    .rdata:0000000180035810		text "UTF-16LE", 'PipeMaximum',0
    .rdata:00000001800357F0		text "UTF-16LE", 'PipeIncrement',0
    .rdata:00000001800357D8		text "UTF-16LE", 'LockMaximum',0
    .rdata:00000001800357B8		text "UTF-16LE", 'LockIncrement',0
    .rdata:00000001800357A0		text "UTF-16LE", 'LockQuota',0
    .rdata:0000000180035788		text "UTF-16LE", 'MaxThreads',0
    .rdata:0000000180035770		text "UTF-16LE", 'SizCharBuf',0
    .rdata:0000000180035758		text "UTF-16LE", 'SessTimeout',0
    .rdata:0000000180035740		text "UTF-16LE", 'KeepConn',0
    .rdata:0000000180035718		text "UTF-16LE", 'MaxCollectionCount',0
    .rdata:00000001800356F8		text "UTF-16LE", 'CollectionTime',0
    .rdata:00000001800356E0		text "UTF-16LE", 'CharWait',0
    .rdata:0000000180034700		text "UTF-16LE", '\??\',0
    .rdata:00000001800346FC		text "UTF-16LE", ':',0
    .rdata:00000001800346F4		text "UTF-16LE", '\;',0
    .rdata:00000001800346E0		text "UTF-16LE", '%08x%08x',0
    .rdata:00000001800346D0		text "UTF-16LE", 'GLOBAL',0
    .rdata:0000000180034698		text "UTF-16LE", '\Device\LanmanRedirec'
    .rdata:0000000180034678		text "UTF-16LE", 'OtherDomains',0
    .rdata:0000000180034620		text "UTF-16LE", 'COM',0
    .rdata:0000000180034618		text "UTF-16LE", 'AUX',0
    .rdata:0000000180034610		text "UTF-16LE", 'LPT',0
    .rdata:0000000180034608		text "UTF-16LE", 'PRN',0
    .rdata:00000001800345B0		text "UTF-16LE", 'NetrEnumerateComputer'
    .rdata:0000000180034550		text "UTF-16LE", 'NetrEnumerateComputer'
    .rdata:0000000180034540		text "UTF-16LE", ' %wZ',0
    .rdata:00000001800344E0		text "UTF-16LE", 'NetrEnumerateComputer'
    .rdata:0000000180034440		text "UTF-16LE", 'NetrEnumerateComputer'
    .rdata:00000001800343B0		text "UTF-16LE", 'NetrEnumerateComputer'
    .rdata:0000000180034330		text "UTF-16LE", 'NetrEnumerateComputer'
    .rdata:00000001800342B0		text "UTF-16LE", 'NetrEnumerateComputer'
    .rdata:0000000180034240		text "UTF-16LE", 'NetrEnumerateComputer'
    .rdata:00000001800341C0		text "UTF-16LE", 'NetrEnumerateComputer'
    .rdata:0000000180034130		text "UTF-16LE", 'NetrEnumerateComputer'
    .rdata:00000001800340A0		text "UTF-16LE", 'NetpManageAltComputer'
    .rdata:0000000180033FE0		text "UTF-16LE", 'NetpManageAltComputer'
    .rdata:0000000180033F40		text "UTF-16LE", 'NetpManageAltComputer'
    .rdata:0000000180033E90		text "UTF-16LE", 'NetpManageAltComputer'
    .rdata:0000000180033DE0		text "UTF-16LE", 'NetpManageAltComputer'
    .rdata:0000000180033CB0		text "UTF-16LE", 'NetpManageAltComputer'
    .rdata:0000000180033C20		text "UTF-16LE", 'NetpManageAltComputer'
    .rdata:0000000180033BE8		text "UTF-16LE", 'msDS-AdditionalDnsHos'
    .rdata:0000000180033BD0		text "UTF-16LE", 'DnsHostName',0
    .rdata:0000000180033B50		text "UTF-16LE", 'NetpManageAltComputer'
    .rdata:0000000180033AD0		text "UTF-16LE", 'NetpManageAltComputer'
    .rdata:0000000180033AB0		text "UTF-16LE", 'NETLOGON',0
    .rdata:0000000180033A20		text "UTF-16LE", 'NetpManageAltComputer'
    .rdata:0000000180033990		text "UTF-16LE", 'NetpManageAltComputer'
    .rdata:0000000180033900		text "UTF-16LE", 'NetpManageAltComputer'
    .rdata:00000001800338F0		text "UTF-16LE", '%ws\%ws',0
    .rdata:0000000180033850		text "UTF-16LE", 'NetpManageAltComputer'
    .rdata:00000001800337D0		text "UTF-16LE", 'NetpManageAltComputer'
    .rdata:0000000180033710		text "UTF-16LE", 'NetpManageAltComputer'
    .rdata:0000000180033660		text "UTF-16LE", 'NetpManageAltComputer'
    .rdata:00000001800335E0		text "UTF-16LE", 'NetpManageAltComputer'
    .rdata:0000000180033550		text "UTF-16LE", 'NetpManageAltComputer'
    .rdata:00000001800334C0		text "UTF-16LE", 'NetpManageAltComputer'
    .rdata:0000000180033430		text "UTF-16LE", 'NetpManageAltComputer'
    .rdata:00000001800333A0		text "UTF-16LE", 'NetpManageAltComputer'
    .rdata:0000000180033310		text "UTF-16LE", 'NetpManageAltComputer'
    .rdata:0000000180033270		text "UTF-16LE", 'NetpManageAltComputer'
    .rdata:00000001800331E0		text "UTF-16LE", 'NetpManageAltComputer'
    .rdata:0000000180033160		text "UTF-16LE", 'NetpManageAltComputer'
    .rdata:00000001800330D0		text "UTF-16LE", 'NetpManageAltComputer'
    .rdata:0000000180033060		text "UTF-16LE", 'NetpManageAltComputer'
    .rdata:0000000180032FD0		text "UTF-16LE", 'NetpManageAltComputer'
    .rdata:0000000180032F40		text "UTF-16LE", 'NetpManageAltComputer'
    .rdata:0000000180032E90		text "UTF-16LE", 'NetpManageAltComputer'
    .rdata:0000000180032E10		text "UTF-16LE", 'NetpManageAltComputer'
    .rdata:0000000180032D80		text "UTF-16LE", 'NetpManageAltComputer'
    .rdata:0000000180032D00		text "UTF-16LE", 'NetpManageAltComputer'
    .rdata:0000000180032C70		text "UTF-16LE", 'NetpGetComputerObject'
    .rdata:0000000180032BE0		text "UTF-16LE", 'NetpManageAltComputer'
    .rdata:0000000180032B60		text "UTF-16LE", 'NetpManageAltComputer'
    .rdata:0000000180032AF0		text "UTF-16LE", 'NetpManageAltComputer'
    .rdata:0000000180032A80		text "UTF-16LE", 'NetpManageAltComputer'
    .rdata:0000000180032A60		text "UTF-16LE", ' Flags = 0x%lx',0Ah,0
    .rdata:0000000180032A38		text "UTF-16LE", ' Action = 0x%lx',0Ah,0
    .rdata:0000000180032A08		text "UTF-16LE", ' DomainAccount = %ws',0Ah
    .rdata:00000001800329D8		text "UTF-16LE", ' AlternateName = %ws',0Ah
    .rdata:0000000180032990		text "UTF-16LE", 'NetpManageAltComputer'
    .rdata:0000000180032958		text "UTF-16LE", '1.2.840.113556.1.4.14'
    .rdata:0000000180032948		text "UTF-16LE", '%ws:%ws',0
    .rdata:0000000180032928		text "UTF-16LE", '(objectClass=*)',0
    .rdata:00000001800328F8		text "UTF-16LE", 'replicateSingleObject'
    .rdata:00000001800328C8		text "UTF-16LE", '1.2.840.113556.1.4.52'
    .rdata:00000001800328A0		text "UTF-16LE", 'serverReferenceBL',0
    .rdata:0000000180032878		text "UTF-16LE", 'distinguishedName',0
    .rdata:0000000180032858		text "UTF-16LE", 'dsServiceName',0
    .rdata:00000001800327A0		text "UTF-16LE", 'NetpSetPrimarySamAcco'
    .rdata:00000001800326F0		text "UTF-16LE", 'NetpSetPrimarySamAcco'
    .rdata:0000000180032640		text "UTF-16LE", 'NetpSetPrimarySamAcco'
    .rdata:00000001800325B0		text "UTF-16LE", 'NetpSetPrimarySamAcco'
    .rdata:0000000180032500		text "UTF-16LE", 'NetpSetPrimarySamAcco'
    .rdata:0000000180032490		text "UTF-16LE", 'NetrJoinDomain2: WJIn'
    .rdata:0000000180032410		text "UTF-16LE", 'NetrJoinDomain2: WJIn'
    .rdata:0000000180032110		text "UTF-16LE", 'DfsDs service',0
    .rdata:0000000180031FD8		text "UTF-16LE", 'ServicesActive',0
    .rdata:0000000180031F90		text "UTF-16LE", 'System\CurrentControl'
    .rdata:0000000180031AC0		text "UTF-16LE", '\Device\DfsClient',0
    .rdata:0000000180031564		text "UTF-16LE", 'Microsoft JhengHei UI'
    .rdata:0000000180031530		text "UTF-16LE", 'icrosoft JhengHei UI '
    .rdata:00000001800314F8		text "UTF-16LE", 'icrosoft JhengHei UI '
    .rdata:00000001800314D0		text "UTF-16LE", 'Microsoft YaHei UI',0
    .rdata:00000001800314A0		text "UTF-16LE", 'Microsoft YaHei UI Bo'
    .rdata:0000000180031470		text "UTF-16LE", 'icrosoft YaHei UI Lig'
    .rdata:0000000180031454		text "UTF-16LE", 'eelawadee UI',0
    .rdata:000000018003142C		text "UTF-16LE", 'Leelawadee UI Bold',0
    .rdata:00000001800313FC		text "UTF-16LE", 'Leelawadee UI Semilig'
    .rdata:00000001800313E0		text "UTF-16LE", 'Malgun Gothic',0
    .rdata:00000001800313BC		text "UTF-16LE", 'algun Gothic Bold',0
    .rdata:000000018003138C		text "UTF-16LE", 'algun Gothic Semiligh'
    .rdata:0000000180031370		text "UTF-16LE", 'Yu Gothic UI',0
    .rdata:0000000180031344		text "UTF-16LE", 'Yu Gothic UI Semibold'
    .rdata:0000000180031320		text "UTF-16LE", 'u Gothic UI Light',0
    .rdata:0000000180031304		text "UTF-16LE", 'Segoe Pseudo',0
    .rdata:00000001800312F4		text "UTF-16LE", 'egoe UI',0
    .rdata:00000001800312D0		text "UTF-16LE", 'egoe UI SemiBold',0
    .rdata:00000001800312B0		text "UTF-16LE", 'Segoe UI Light',0
    .rdata:0000000180030F58		text "UTF-16LE", 'Default',0
    .rdata:0000000180030F48		text "UTF-16LE", 'WinSta0',0
    .rdata:0000000180030F30		text "UTF-16LE", 'ntdll.dll',0
    .rdata:0000000180030EF0		text "UTF-16LE", 'deviceregistration-Ma'
    .rdata:0000000180030E58		text "UTF-16LE", 'LanmanWorkstation',0
    .rdata:0000000180030E00		text "UTF-16LE", 'wkssvc:  MUP finished'
    .rdata:0000000180030DF0		text "UTF-16LE", 'ncalrpc',0
    .rdata:0000000180030DD8		text "UTF-16LE", 'Parameters',0
    .rdata:0000000180030D10		text "UTF-16LE", 'ext-ms-win-domainjoin'
    .rdata:0000000180030B58		text "UTF-16LE", 'WkstaConfigurationInf'
    .rdata:0000000180030B38		text "UTF-16LE", 'ncacn_nb_tcp',0
    .rdata:0000000180030B20		text "UTF-16LE", 'ncacn_np',0
    .rdata:0000000180030B08		text "UTF-16LE", 'Workstation',0
    .rdata:0000000180030AF8		text "UTF-16LE", 'NetAPI',0
    .rdata:000000018002C010		text "UTF-16LE", 'HJ',0
    .data:0000000180041CA0		text "UTF-16LE", 'WkssvcToAgentStartEve'
    .data:0000000180041C78		text "UTF-16LE", 'AgentExistsEvent',0
    .data:0000000180041C50		text "UTF-16LE", 'AgentToWkssvcEvent',0
    .data:0000000180041C20		text "UTF-16LE", 'WkssvcToAgentStopEven'
    .data:0000000180041B70		text "UTF-16LE", 'Software\Microsoft\Id'
    .data:0000000180041B40		text "UTF-16LE", 'Automatic-Device-Join'
    .data:0000000180041B20		text "UTF-16LE", 'RunRecovery',0
    .data:0000000180041AC0		text "UTF-16LE", 'SYSTEM\CurrentControl'
    .data:0000000180041A98		text "UTF-16LE", 'Recovery-Check',0
    .data:0000000180041A50		text "UTF-16LE", '\Microsoft\Windows\Wo'
    .data:0000000180041A28		text "UTF-16LE", 'autoWorkplaceJoin',0
    .data:00000001800419C0		text "UTF-16LE", 'Software\Policies\Mic'
    .data:0000000180041170		text "UTF-16LE", '""',0
    srvsvc.dll LanmanServer

    Code:
    Address	Function	Instruction
    .rdata:000000018002E130		text "UTF-16LE", 'DF',0
    .rdata:000000018002E140		text "UTF-16LE", 'PR',0
    .rdata:00000001800366E0		text "UTF-16LE", '\BaseNamedObjects\Srv'
    .rdata:0000000180036728		text "UTF-16LE", '\LanmanServerAnnounce'
    .rdata:0000000180036760		text "UTF-16LE", 'IdSegSrv service',0
    .rdata:0000000180036788		text "UTF-16LE", 'ncalrpc',0
    .rdata:0000000180036798		text "UTF-16LE", 'XactSrv service',0
    .rdata:00000001800367B8		text "UTF-16LE", '\Device\SrvNet',0
    .rdata:00000001800367E0		text "UTF-16LE", 'RESUTILS.DLL',0
    .rdata:0000000180036860		text "UTF-16LE", 'CLUSAPI.DLL',0
    .rdata:00000001800369E8		text "UTF-16LE", 'SSCORE.DLL',0
    .rdata:0000000180036B60		text "UTF-16LE", 'SYSTEM\CurrentControl'
    .rdata:0000000180036C08		text "UTF-16LE", 'LanmanServer\Aliases',0
    .rdata:0000000180036C38		text "UTF-16LE", 'LmCompatibilityLevel',0
    .rdata:0000000180036C70		text "UTF-16LE", 'SYSTEM\CurrentControl'
    .rdata:0000000180036CBC		text "UTF-16LE", '\',0
    .rdata:0000000180036CC0		text "UTF-16LE", 'Debug',0
    .rdata:0000000180036CD0		text "UTF-16LE", 'FirewallAPI.DLL',0
    .rdata:0000000180036D30		text "UTF-16LE", 'SrvsvcConfigInfo',0
    .rdata:0000000180036D58		text "UTF-16LE", 'SrvsvcTransportEnum',0
    .rdata:0000000180036D80		text "UTF-16LE", 'SrvsvcConnection',0
    .rdata:0000000180036DA8		text "UTF-16LE", 'SrvsvcServerDiskEnum',0
    .rdata:0000000180036DD8		text "UTF-16LE", 'SrvsvcFile',0
    .rdata:0000000180036DF0		text "UTF-16LE", 'SrvsvcSessionInfo',0
    .rdata:0000000180036E18		text "UTF-16LE", 'SrvsvcDefaultShareInf'
    .rdata:0000000180036E48		text "UTF-16LE", 'SrvsvcShareFileInfo',0
    .rdata:0000000180036E70		text "UTF-16LE", 'SrvsvcSharePrintInfo',0
    .rdata:0000000180036EA0		text "UTF-16LE", 'SrvsvcShareAdminInfo',0
    .rdata:0000000180036ED0		text "UTF-16LE", 'SrvsvcShareChange',0
    .rdata:0000000180036EF8		text "UTF-16LE", 'SrvsvcShareConnect',0
    .rdata:0000000180036F20		text "UTF-16LE", 'SrvsvcShareAdminConne'
    .rdata:0000000180036F50		text "UTF-16LE", 'SrvsvcStatisticsInfo',0
    .rdata:0000000180036F80		text "UTF-16LE", 'SMBServer',0
    .rdata:0000000180036F98		text "UTF-16LE", '\Device\LanmanRedirec'
    .rdata:0000000180036FD0		text "UTF-16LE", 'LanmanServer\Linkage',0
    .rdata:0000000180037000		text "UTF-16LE", 'LanmanServer\SharePro'
    .rdata:0000000180037038		text "UTF-16LE", 'LanmanServer\DefaultS'
    .rdata:0000000180037080		text "UTF-16LE", 'SYSTEM\CurrentControl'
    .rdata:0000000180037100		text "UTF-16LE", 'LanmanServer\Autotune'
    .rdata:0000000180037178		text "UTF-16LE", 'LanmanServer\Shares',0
    .rdata:00000001800371A0		text "UTF-16LE", 'LanmanServer\Shares\S'
    .rdata:00000001800371E0		text "UTF-16LE", 'ShareName',0
    .rdata:00000001800371F8		text "UTF-16LE", 'ServerName',0
    .rdata:0000000180037210		text "UTF-16LE", 'CSCFlags',0
    .rdata:0000000180037228		text "UTF-16LE", 'MaxUses',0
    .rdata:0000000180037238		text "UTF-16LE", 'CATimeout',0
    .rdata:0000000180037250		text "UTF-16LE", 'Permissions',0
    .rdata:0000000180037268		text "UTF-16LE", 'Type',0
    .rdata:0000000180037278		text "UTF-16LE", 'Remark',0
    .rdata:0000000180037288		text "UTF-16LE", 'Path',0
    .rdata:0000000180037298		text "UTF-16LE", '\Device\Srv2',0
    .rdata:00000001800372B8		text "UTF-16LE", '\Device\SrvAdmin',0
    .rdata:00000001800372E0		text "UTF-16LE", '\Device\LanmanServer',0
    .rdata:0000000180037310		text "UTF-16LE", 'SRV Config Info',0
    .rdata:0000000180037330		text "UTF-16LE", 'SRV Share Info',0
    .rdata:0000000180037360		text "UTF-16LE", 'SRV Server Info',0
    .rdata:0000000180037380		text "UTF-16LE", 'Server',0
    .rdata:0000000180037390		text "UTF-16LE", 'LanmanServer\Paramete'
    .rdata:00000001800373C0		text "UTF-16LE", 'NullSessionPipes',0
    .rdata:00000001800373E8		text "UTF-16LE", 'NullSessionShares',0
    .rdata:0000000180037410		text "UTF-16LE", 'Size',0
    .rdata:0000000180037420		text "UTF-16LE", 'Guid',0
    .rdata:0000000180037430		text "UTF-16LE", 'ErrorLogIgnore',0
    .rdata:0000000180037450		text "UTF-16LE", 'PipesNeedLicense',0
    .rdata:0000000180037478		text "UTF-16LE", 'ServiceDll',0
    .rdata:0000000180037490		text "UTF-16LE", 'NoRemapPipes',0
    .rdata:00000001800374B0		text "UTF-16LE", 'OptionalNames',0
    .rdata:00000001800374D0		text "UTF-16LE", 'ServiceDllUnloadOnSto'
    .rdata:0000000180037500		text "UTF-16LE", 'Comment',0
    .rdata:0000000180037510		text "UTF-16LE", 'Disc',0
    .rdata:0000000180037520		text "UTF-16LE", 'CAPRequiresS4U2SelfFo'
    .rdata:0000000180037560		text "UTF-16LE", 'EnableS4U2SelfForClai'
    .rdata:0000000180037590		text "UTF-16LE", '.',0
    .rdata:0000000180037598		text "UTF-16LE", 'ntdll.dll',0
    .rdata:00000001800375E8		text "UTF-16LE", '\Device\LanmanDatagra'
    .rdata:0000000180037630		text "UTF-16LE", '\Registry\Machine\SYS'
    .rdata:00000001800376C8		text "UTF-16LE", 'ADMIN$',0
    .rdata:00000001800376D8		text "UTF-16LE", 'IPC$',0
    .rdata:00000001800376E8		text "UTF-16LE", 'mailslot',0
    .rdata:0000000180037700		text "UTF-16LE", 'pipe',0
    .rdata:0000000180037710		text "UTF-16LE", '\\?\GlobalRoot\Device'
    .rdata:0000000180037740		text "UTF-16LE", 'SMBServer-WindowsMaxI'
    .rdata:0000000180037780		text "UTF-16LE", 'EnforceNonClusteredSh'
    .rdata:00000001800377D0		text "UTF-16LE", 'EnableIpV6LinkLocal',0
    .rdata:00000001800377F8		text "UTF-16LE", 'EnableIpV4LinkLocal',0
    .rdata:0000000180037820		text "UTF-16LE", 'EnableCaAlways',0
    .rdata:0000000180037840		text "UTF-16LE", 'LanmanServer',0
    .rdata:0000000180037860		text "UTF-16LE", '\Registry\Machine\Sys'
    .rdata:0000000180037918		text "UTF-16LE", '\DfsServer',0
    .rdata:0000000180037930		text "UTF-16LE", 'SessionSecurityDescri'
    .rdata:0000000180037980		text "UTF-16LE", 'InteractiveDescriptor'
    .rdata:00000001800379C8		text "UTF-16LE", 'PreviousAnonymousRest'
    .rdata:0000000180037A08		text "UTF-16LE", 'AnonymousDescriptorsU'
    .rdata:0000000180037A48		text "UTF-16LE", 'RestrictAnonymous',0
    .rdata:0000000180037A70		text "UTF-16LE", '\Registry\Machine\Sys'
    .rdata:0000000180037AE0		text "UTF-16LE", 'SMBServer-AllowHashPu'
    .rdata:0000000180037B20		text "UTF-16LE", 'ncacn_np',0
    .rdata:0000000180037B38		text "UTF-16LE", '\PIPE\srvsvc',0
    .rdata:0000000180037B60		text "UTF-16LE", 'O:SYG:SYD:(A;;0x12019'
    .rdata:0000000180037C20		text "UTF-16LE", '@FirewallAPI.dll,-327'
    .rdata:0000000180037C50		text "UTF-16LE", '@FirewallAPI.dll,-285'
    .rdata:0000000180037C80		text "UTF-16LE", 'MpsSvc',0
    .rdata:0000000180037C90		text "UTF-16LE", 'SRV Transport Info',0
    .rdata:0000000180037CC0		text "UTF-16LE", 'NETMSG.DLL',0
    .rdata:0000000180037CE0		text "UTF-16LE", '\BaseNamedObjects\Lan'
    .rdata:0000000180037D48		text "UTF-16LE", 'O:SYG:SYD:(A;;0x10000'
    .rdata:0000000180037FC0		text "UTF-16LE", 'ext-ms-win-smbshare-b'
    .rdata:0000000180038040		text "UTF-16LE", 'ext-ms-win-smbshare-b'
    .rdata:0000000180038150		text "UTF-16LE", '0123456789',0
    .rdata:000000018003AAD0		text "UTF-16LE", 'NULL',0
    .rdata:000000018003AAE0		text "UTF-16LE", '/debug',0
    .rdata:000000018003AAF0		text "UTF-16LE", 'TriggerStarted',0
    .rdata:000000018003AB20		text "UTF-16LE", 'SRV Connection Info',0
    .rdata:000000018003AB48		text "UTF-16LE", 'SRV Disk Info',0
    .rdata:000000018003AB68		text "UTF-16LE", 'SRV File Close',0
    .rdata:000000018003AB88		text "UTF-16LE", 'SRV File Info',0
    .rdata:000000018003ABA8		text "UTF-16LE", 'SRVSVC.DLL',0
    .rdata:000000018003ABC0		text "UTF-16LE", 'SRV Local File Info',0
    .rdata:000000018003ABE8		text "UTF-16LE", 'SRV Local File Close',0
    .rdata:000000018003AC28		text "UTF-16LE", 'SmbHash',0
    .rdata:000000018003AC48		text "UTF-16LE", 'File Server',0
    .rdata:000000018003AC60		text "UTF-16LE", 'MajorSequence',0
    .rdata:000000018003AC80		text "UTF-16LE", 'Scale Out File Server'
    .rdata:000000018003AD70		text "UTF-16LE", 'Target',0
    .rdata:000000018003AD80		text "UTF-16LE", 'Alias',0
    .rdata:000000018003AD90		text "UTF-16LE", 'Default',0
    .rdata:000000018003ADE0		text "UTF-16LE", 'ClusterAccountSecurit'
    .rdata:000000018003AE20		text "UTF-16LE", 'SRV Session Del',0
    .rdata:000000018003AE40		text "UTF-16LE", 'SRV Session Info',0
    .rdata:000000018003AE68		text "UTF-16LE", 'SRV Local Session Inf'
    .rdata:000000018003AE98		text "UTF-16LE", 'SRV Local Session Del'
    .rdata:000000018003AED0		text "UTF-16LE", 'System\CurrentControl'
    .rdata:000000018003AF20		text "UTF-16LE", 'feature /featurename:'
    .rdata:000000018003B010		text "UTF-16LE", 'SRV Alias Add',0
    .rdata:000000018003B030		text "UTF-16LE", 'SRV Alias Info',0
    .rdata:000000018003B050		text "UTF-16LE", 'SRV Alias Del',0
    .rdata:000000018003B070		text "UTF-16LE", 'SRV Server Set Info',0
    .rdata:000000018003B0A8		text "UTF-16LE", 'platform_id',0
    .rdata:000000018003B0C0		text "UTF-16LE", 'name',0
    .rdata:000000018003B0D0		text "UTF-16LE", 'NTSERVER',0
    .rdata:000000018003B0E8		text "UTF-16LE", 'version_major',0
    .rdata:000000018003B108		text "UTF-16LE", 'version_minor',0
    .rdata:000000018003B128		text "UTF-16LE", 'type',0
    .rdata:000000018003B138		text "UTF-16LE", 'srvcomment',0
    .rdata:000000018003B150		text "UTF-16LE", 'comment',0
    .rdata:000000018003B160		text "UTF-16LE", 'users',0
    .rdata:000000018003B170		text "UTF-16LE", 'disc',0
    .rdata:000000018003B180		text "UTF-16LE", 'autodisconnect',0
    .rdata:000000018003B1A0		text "UTF-16LE", 'hidden',0
    .rdata:000000018003B1B0		text "UTF-16LE", 'announce',0
    .rdata:000000018003B1C8		text "UTF-16LE", 'anndelta',0
    .rdata:000000018003B1E0		text "UTF-16LE", 'userpath',0
    .rdata:000000018003B1F8		text "UTF-16LE", 'c:\',0
    .rdata:000000018003B200		text "UTF-16LE", 'sessopens',0
    .rdata:000000018003B218		text "UTF-16LE", 'sessvcs',0
    .rdata:000000018003B228		text "UTF-16LE", 'opensearch',0
    .rdata:000000018003B240		text "UTF-16LE", 'sizreqbuf',0
    .rdata:000000018003B258		text "UTF-16LE", 'initworkitems',0
    .rdata:000000018003B278		text "UTF-16LE", 'maxworkitems',0
    .rdata:000000018003B298		text "UTF-16LE", 'rawworkitems',0
    .rdata:000000018003B2B8		text "UTF-16LE", 'irpstacksize',0
    .rdata:000000018003B2D8		text "UTF-16LE", 'maxrawbuflen',0
    .rdata:000000018003B2F8		text "UTF-16LE", 'sessusers',0
    .rdata:000000018003B310		text "UTF-16LE", 'sessconns',0
    .rdata:000000018003B328		text "UTF-16LE", 'maxpagedmemoryusage',0
    .rdata:000000018003B350		text "UTF-16LE", 'maxnonpagedmemoryusag'
    .rdata:000000018003B380		text "UTF-16LE", 'enablesoftcompat',0
    .rdata:000000018003B3A8		text "UTF-16LE", 'enableforcedlogoff',0
    .rdata:000000018003B3D0		text "UTF-16LE", 'timesource',0
    .rdata:000000018003B3E8		text "UTF-16LE", 'acceptdownlevelapis',0
    .rdata:000000018003B410		text "UTF-16LE", 'lmannounce',0
    .rdata:000000018003B428		text "UTF-16LE", 'domain',0
    .rdata:000000018003B438		text "UTF-16LE", 'DOMAIN',0
    .rdata:000000018003B448		text "UTF-16LE", 'maxcopyreadlen',0
    .rdata:000000018003B468		text "UTF-16LE", 'maxcopywritelen',0
    .rdata:000000018003B488		text "UTF-16LE", 'minkeepsearch',0
    .rdata:000000018003B4A8		text "UTF-16LE", 'maxkeepsearch',0
    .rdata:000000018003B4C8		text "UTF-16LE", 'minkeepcomplsearch',0
    .rdata:000000018003B4F0		text "UTF-16LE", 'maxkeepcomplsearch',0
    .rdata:000000018003B518		text "UTF-16LE", 'threadcountadd',0
    .rdata:000000018003B538		text "UTF-16LE", 'numblockthreads',0
    .rdata:000000018003B558		text "UTF-16LE", 'scavtimeout',0
    .rdata:000000018003B570		text "UTF-16LE", 'minrcvqueue',0
    .rdata:000000018003B588		text "UTF-16LE", 'minfreeworkitems',0
    .rdata:000000018003B5B0		text "UTF-16LE", 'xactmemsize',0
    .rdata:000000018003B5C8		text "UTF-16LE", 'threadpriority',0
    .rdata:000000018003B5E8		text "UTF-16LE", 'maxmpxct',0
    .rdata:000000018003B600		text "UTF-16LE", 'oplockbreakwait',0
    .rdata:000000018003B620		text "UTF-16LE", 'oplockbreakresponsewa'
    .rdata:000000018003B650		text "UTF-16LE", 'enableoplocks',0
    .rdata:000000018003B670		text "UTF-16LE", 'enableoplockforceclos'
    .rdata:000000018003B6A0		text "UTF-16LE", 'enablefcbopens',0
    .rdata:000000018003B6C0		text "UTF-16LE", 'enableraw',0
    .rdata:000000018003B6D8		text "UTF-16LE", 'enablesharednetdrives'
    .rdata:000000018003B708		text "UTF-16LE", 'minfreeconnections',0
    .rdata:000000018003B730		text "UTF-16LE", 'maxfreeconnections',0
    .rdata:000000018003B758		text "UTF-16LE", 'initsesstable',0
    .rdata:000000018003B778		text "UTF-16LE", 'initconntable',0
    .rdata:000000018003B798		text "UTF-16LE", 'initfiletable',0
    .rdata:000000018003B7B8		text "UTF-16LE", 'initsearchtable',0
    .rdata:000000018003B7D8		text "UTF-16LE", 'alertschedule',0
    .rdata:000000018003B7F8		text "UTF-16LE", 'errorthreshold',0
    .rdata:000000018003B818		text "UTF-16LE", 'networkerrorthreshold'
    .rdata:000000018003B848		text "UTF-16LE", 'diskspacethreshold',0
    .rdata:000000018003B870		text "UTF-16LE", 'maxlinkdelay',0
    .rdata:000000018003B890		text "UTF-16LE", 'minlinkthroughput',0
    .rdata:000000018003B8B8		text "UTF-16LE", 'linkinfovalidtime',0
    .rdata:000000018003B8E0		text "UTF-16LE", 'scavqosinfoupdatetime'
    .rdata:000000018003B910		text "UTF-16LE", 'maxworkitemidletime',0
    .rdata:000000018003B938		text "UTF-16LE", 'maxrawworkitems',0
    .rdata:000000018003B958		text "UTF-16LE", 'maxthreadsperqueue',0
    .rdata:000000018003B980		text "UTF-16LE", 'connectionlessautodis'
    .rdata:000000018003B9B0		text "UTF-16LE", 'sharingviolationretri'
    .rdata:000000018003B9E0		text "UTF-16LE", 'sharingviolationdelay'
    .rdata:000000018003BA10		text "UTF-16LE", 'maxglobalopensearch',0
    .rdata:000000018003BA38		text "UTF-16LE", 'removeduplicatesearch'
    .rdata:000000018003BA68		text "UTF-16LE", 'lockviolationoffset',0
    .rdata:000000018003BA90		text "UTF-16LE", 'lockviolationdelay',0
    .rdata:000000018003BAB8		text "UTF-16LE", 'mdlreadswitchover',0
    .rdata:000000018003BAE0		text "UTF-16LE", 'cachedopenlimit',0
    .rdata:000000018003BB00		text "UTF-16LE", 'cacheddirectorylimit',0
    .rdata:000000018003BB30		text "UTF-16LE", 'maxcopylength',0
    .rdata:000000018003BB50		text "UTF-16LE", 'restrictnullsessacces'
    .rdata:000000018003BB80		text "UTF-16LE", 'enablewfw311directipx'
    .rdata:000000018003BBB0		text "UTF-16LE", 'otherqueueaffinity',0
    .rdata:000000018003BBD8		text "UTF-16LE", 'queuesamplesecs',0
    .rdata:000000018003BBF8		text "UTF-16LE", 'balancecount',0
    .rdata:000000018003BC18		text "UTF-16LE", 'preferredaffinity',0
    .rdata:000000018003BC40		text "UTF-16LE", 'maxfreerfcbs',0
    .rdata:000000018003BC60		text "UTF-16LE", 'maxfreemfcbs',0
    .rdata:000000018003BC80		text "UTF-16LE", 'maxfreelfcbs',0
    .rdata:000000018003BCA0		text "UTF-16LE", 'maxfreepagedpoolchunk'
    .rdata:000000018003BCD0		text "UTF-16LE", 'minpagedpoolchunksize'
    .rdata:000000018003BD00		text "UTF-16LE", 'maxpagedpoolchunksize'
    .rdata:000000018003BD30		text "UTF-16LE", 'sendsfrompreferredpro'
    .rdata:000000018003BD68		text "UTF-16LE", 'enablecompression',0
    .rdata:000000018003BD90		text "UTF-16LE", 'autosharewks',0
    .rdata:000000018003BDB0		text "UTF-16LE", 'autoshareserver',0
    .rdata:000000018003BDD0		text "UTF-16LE", 'enablesecuritysignatu'
    .rdata:000000018003BE00		text "UTF-16LE", 'requiresecuritysignat'
    .rdata:000000018003BE38		text "UTF-16LE", 'minclientbuffersize',0
    .rdata:000000018003BE60		text "UTF-16LE", 'ConnectionNoSessionsT'
    .rdata:000000018003BE98		text "UTF-16LE", 'IdleThreadTimeOut',0
    .rdata:000000018003BEC0		text "UTF-16LE", 'enableW9xsecuritysign'
    .rdata:000000018003BF00		text "UTF-16LE", 'enforcekerberosreauth'
    .rdata:000000018003BF40		text "UTF-16LE", 'disabledos',0
    .rdata:000000018003BF58		text "UTF-16LE", 'lowdiskspaceminimum',0
    .rdata:000000018003BF80		text "UTF-16LE", 'disablestrictnamechec'
    .rdata:000000018003BFB8		text "UTF-16LE", 'enableauthenticateuse'
    .rdata:000000018003BFF8		text "UTF-16LE", '????',0
    .rdata:000000018003C018		text "UTF-16LE", 'SRV Stat Info',0
    .rdata:000000018003C048		text "UTF-16LE", 'SRV Transport Add',0
    .rdata:000000018003C070		text "UTF-16LE", 'SRV Transport Del',0
    .rdata:000000018003C098		text "UTF-16LE", '               ',0
    .rdata:000000018003C0D8		text "UTF-16LE", 'winspool.drv',0
    .rdata:000000018003C160		text "UTF-16LE", '\??\%s',0
    TCPIPREG.sys

    Code:
    Address	Function	Instruction
    .rdata:00000001C00091C0		                text "UTF-16LE", 'MaxUserPort',0
    .rdata:00000001C0009260		                text "UTF-16LE", 'IPAddress',0
    .rdata:00000001C0009278		                text "UTF-16LE", 'SubnetMask',0
    .rdata:00000001C00092F0		                text "UTF-16LE", 'DefaultTTL',0
    .rdata:00000001C0009308		                text "UTF-16LE", 'DisableIPSourceRouting',0
    .rdata:00000001C0009338		                text "UTF-16LE", 'ArpRetryCount',0
    .rdata:00000001C0009358		                text "UTF-16LE", 'IGMPLevel',0
    .rdata:00000001C0009370		                text "UTF-16LE", 'IGMPVersion',0
    .rdata:00000001C0009388		                text "UTF-16LE", 'EnableICMPRedirect',0
    .rdata:00000001C00093B0		                text "UTF-16LE", 'EnableAddrMaskReply',0
    .rdata:00000001C00093D8		                text "UTF-16LE", 'DisableTaskOffload',0
    .rdata:00000001C0009400		                text "UTF-16LE", 'EnableBcastArpReply',0
    .rdata:00000001C0009428		                text "UTF-16LE", 'DisableDHCPMediaSense',0
    .rdata:00000001C0009458		                text "UTF-16LE", 'DisableMediaSenseEventLog',0
    .rdata:00000001C0009490		                text "UTF-16LE", 'EnableMulticastForwarding',0
    .rdata:00000001C00094C8		                text "UTF-16LE", 'EnablePMTUDiscovery',0
    .rdata:00000001C00094F0		                text "UTF-16LE", 'TcpUseRFC1122UrgentPointer',0
    .rdata:00000001C0009528		                text "UTF-16LE", 'TcpMaxDataRetransmissions',0
    .rdata:00000001C0009560		                text "UTF-16LE", 'KeepAliveTime',0
    .rdata:00000001C0009580		                text "UTF-16LE", 'KeepAliveInterval',0
    .rdata:00000001C00095A8		                text "UTF-16LE", 'TcpTimedWaitDelay',0
    .rdata:00000001C00095D0		                text "UTF-16LE", 'TcpFinWait2Delay',0
    .rdata:00000001C00095F8		                text "UTF-16LE", 'EnablePMTUBHDetect',0
    .rdata:00000001C0009620		                text "UTF-16LE", 'Tcp1323Opts',0
    .rdata:00000001C0009638		                text "UTF-16LE", 'EnableConnectionRateLimiting',0
    .rdata:00000001C0009678		                text "UTF-16LE", 'IPAutoconfigurationEnabled',0
    .rdata:00000001C00096B0		                text "UTF-16LE", 'IPAutoconfigurationSubnet',0
    .rdata:00000001C00096E8		                text "UTF-16LE", 'IPAutoconfigurationMask',0
    .rdata:00000001C0009718		                text "UTF-16LE", 'IPEnableRouter',0
    .rdata:00000001C0009738		                text "UTF-16LE", 'ArpUseEtherSNAP',0
    .rdata:00000001C0009760		                text "UTF-16LE", 'OverrideDefaultAddressSelection',0
    .rdata:00000001C00097A0		                text "UTF-16LE", 'EnableIPAutoConfigurationLimits',0
    .rdata:00000001C00097E0		                text "UTF-16LE", 'IPAutoconfigurationAddress',0
    .rdata:00000001C0009818		                text "UTF-16LE", 'PerformRouterDiscovery',0
    .rdata:00000001C0009848		                text "UTF-16LE", 'DefaultGateway',0
    .rdata:00000001C0009868		                text "UTF-16LE", 'DefaultGatewayMetric',0
    .rdata:00000001C0009898		                text "UTF-16LE", 'SolicitationAddressBcast',0
    .rdata:00000001C00098D0		                text "UTF-16LE", 'UseZeroBroadcast',0
    .rdata:00000001C00098F8		                text "UTF-16LE", 'TypeOfInterface',0
    .rdata:00000001C0009918		                text "UTF-16LE", 'MTU',0
    .rdata:00000001C0009920		                text "UTF-16LE", 'InterfaceMetric',0
    .rdata:00000001C0009940		                text "UTF-16LE", 'TcpAckFrequency',0
    .rdata:00000001C0009960		                text "UTF-16LE", 'TcpDelAckTicks',0
    .rdata:00000001C00099B0		                text "UTF-16LE", 'PsGetVersion',0
    .rdata:00000001C00099D0		                text "UTF-16LE", 'WmiTraceMessage',0
    .rdata:00000001C00099F0		                text "UTF-16LE", 'WmiQueryTraceInformation',0
    .rdata:00000001C0009A28		                text "UTF-16LE", 'EtwRegisterClassicProvider',0
    .rdata:00000001C0009A60		                text "UTF-16LE", 'EtwUnregister',0
    .rdata:00000001C0009A80		                text "UTF-16LE", '%ls\%ls',0
    .rdata:00000001C0009A90		                text "UTF-16LE", '\Registry\Machine\SYSTEM\CurrentControlSet\Services'
    .rdata:00000001C0009B40		                text "UTF-16LE", '\Registry\Machine\SYSTEM\CurrentControlSet\Services'
    .rdata:00000001C0009BE0		                text "UTF-16LE", '\Tcpip\Parameters',0
    .rdata:00000001C0009C90		                text "UTF-16LE", '%d',0
    .rdata:00000001C0009C98		                text "UTF-16LE", '0.0.0.0',0
    .rdata:00000001C0009CA8		                text "UTF-16LE", '%s,%s,%s,%u',0
    Last edited by st1cky; 10-27-18 at 08:49 AM.

  3. #3
    Source: Microsoft Technet DDOS Vader
    Code:
    HKLM\System\CurrentControlSet\Services\Afd\Parameters\BufferAlignment 
    HKLM\System\CurrentControlSet\Services\Afd\Parameters\BufferTagListDepth 
    HKLM\System\CurrentControlSet\Services\Afd\Parameters\DefaultPacketElementCount 
    HKLM\System\CurrentControlSet\Services\Afd\Parameters\DefaultReceiveWindow 
    HKLM\System\CurrentControlSet\Services\Afd\Parameters\DefaultSendWindow 
    HKLM\System\CurrentControlSet\Services\Afd\Parameters\DisableChainedReceive 
    HKLM\System\CurrentControlSet\Services\Afd\Parameters\DisableDirectAcceptEx 
    HKLM\System\CurrentControlSet\Services\Afd\Parameters\DisableRawSecurity 
    HKLM\System\CurrentControlSet\Services\Afd\Parameters\DynamicBacklogGrowthDelta 
    HKLM\System\CurrentControlSet\Services\Afd\Parameters\FastSendDatagramThreshold 
    HKLM\System\CurrentControlSet\Services\Afd\Parameters\LargeBufferListDepth 
    HKLM\System\CurrentControlSet\Services\Afd\Parameters\LargeBufferSize 
    HKLM\System\CurrentControlSet\Services\Afd\Parameters\MaxFastCopyTransmit 
    HKLM\System\CurrentControlSet\Services\Afd\Parameters\MaxFastTransmit 
    HKLM\System\CurrentControlSet\Services\Afd\Parameters\MaximumDynamicBacklog 
    HKLM\System\CurrentControlSet\Services\Afd\Parameters\MediumBufferListDepth 
    HKLM\System\CurrentControlSet\Services\Afd\Parameters\MediumBufferSize 
    HKLM\System\CurrentControlSet\Services\Afd\Parameters\MinimumDynamicBacklog 
    HKLM\System\CurrentControlSet\Services\Afd\Parameters\PacketFragmentCopyThreshold 
    HKLM\System\CurrentControlSet\Services\Afd\Parameters\SmallBufferListDepth 
    HKLM\System\CurrentControlSet\Services\Afd\Parameters\SmallBufferSize 
    HKLM\System\CurrentControlSet\Services\Afd\Parameters\StandardAddressLength 
    HKLM\System\CurrentControlSet\Services\Afd\Parameters\TransmitIoLength 
    HKLM\System\CurrentControlSet\Services\Afd\Parameters\TransmitWorker 
    HKLM\System\CurrentControlSet\Services\Afd\Parameters\UseTdiSendAndDisconnect 
    HKLM\System\CurrentControlSet\Services\Afd\Parameters\VolatileParameters 
    HKLM\System\CurrentControlSet\Services\atapi\Parameters\MasterDeviceDetectionTimeout 
    HKLM\System\CurrentControlSet\Services\atapi\Parameters\SlaveOnMask 
    HKLM\System\CurrentControlSet\Services\atapi\Parameters\UserMasterDeviceTimingModeAllowed 
    HKLM\System\CurrentControlSet\Services\atapi\Parameters\UserMasterDeviceType 
    HKLM\System\CurrentControlSet\Services\atapi\Parameters\UserMasterDeviceType2 
    HKLM\System\CurrentControlSet\Services\atapi\Parameters\WaitOnBusyOnPowerUp 
    HKLM\System\CurrentControlSet\Services\DnsCache\Parameters\AppendToMultiLabelName 
    HKLM\System\CurrentControlSet\Services\DnsCache\Parameters\DnsTest 
    HKLM\System\CurrentControlSet\Services\DnsCache\Parameters\FilterClusterIp 
    HKLM\System\CurrentControlSet\Services\DnsCache\Parameters\MaxCacheSize 
    HKLM\System\CurrentControlSet\Services\DnsCache\Parameters\MulticastOnNameError 
    HKLM\System\CurrentControlSet\Services\DnsCache\Parameters\QueryAdapterName 
    HKLM\System\CurrentControlSet\Services\DnsCache\Parameters\RegisterAdapterName 
    HKLM\System\CurrentControlSet\Services\DnsCache\Parameters\RegisterPrimaryName 
    HKLM\System\CurrentControlSet\Services\DnsCache\Parameters\RegisterReverseLookup 
    HKLM\System\CurrentControlSet\Services\DnsCache\Parameters\RegisterWanAdapters 
    HKLM\System\CurrentControlSet\Services\DnsCache\Parameters\RegistrationEnabled 
    HKLM\System\CurrentControlSet\Services\DnsCache\Parameters\RegistrationMaxAddressCount 
    HKLM\System\CurrentControlSet\Services\DnsCache\Parameters\RegistrationOverwritesInConflict 
    HKLM\System\CurrentControlSet\Services\DnsCache\Parameters\RegistrationRefreshInterval 
    HKLM\System\CurrentControlSet\Services\DnsCache\Parameters\ScreenBadTlds 
    HKLM\System\CurrentControlSet\Services\DnsCache\Parameters\ScreenUnreachableServers 
    HKLM\System\CurrentControlSet\Services\DnsCache\Parameters\UpdateTopLevelDomainZones 
    HKLM\System\CurrentControlSet\Services\DnsCache\Parameters\UpdateZoneExcludeFile 
    HKLM\System\CurrentControlSet\Services\DnsCache\Parameters\UseDotLocalDomain 
    HKLM\System\CurrentControlSet\Services\DnsCache\Parameters\UseEdns 
    HKLM\System\CurrentControlSet\Services\DnsCache\Parameters\UseMulticast 
    HKLM\System\CurrentControlSet\Services\DnsCache\Parameters\WaitForNameErrorOnAll 
    HKLM\System\CurrentControlSet\Services\Eventlog\Application\ LogFullPopup 
    HKLM\System\CurrentControlSet\Services\Eventlog\Environment 
    HKLM\System\CurrentControlSet\Services\Ftdisk\GptAttributeRe vertEntries 
    HKLM\System\CurrentControlSet\Services\IPSEC\CacheSize 
    HKLM\System\CurrentControlSet\Services\IPSEC\EnableDiagnosti cs 
    HKLM\System\CurrentControlSet\Services\IPSEC\EnableOffload 
    HKLM\System\CurrentControlSet\Services\IPSEC\EventQueueSize 
    HKLM\System\CurrentControlSet\Services\IPSEC\LogInterval 
    HKLM\System\CurrentControlSet\Services\IPSEC\NoDefaultExempt 
    HKLM\System\CurrentControlSet\Services\IPSEC\OperationMode 
    HKLM\System\CurrentControlSet\Services\IPSEC\RekeyTime 
    HKLM\System\CurrentControlSet\Services\IPSEC\SAHashSize 
    HKLM\System\CurrentControlSet\Services\IPSEC\SAIdleTime 
    HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters\DontNotifyIcf 
    HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters\DontPropagateIcfFailure 
    HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters\DontStartBrowserOnIcfOpen 
    HKLM\System\CurrentControlSet\Services\LanmanWorkStation\Parameters\DisableByteRangeLockingOnReadOnlyFiles 
    HKLM\System\CurrentControlSet\Services\LanmanWorkStation\Parameters\DisableFlushOnCleanup 
    HKLM\System\CurrentControlSet\Services\LanmanWorkStation\Parameters\EnableCachingOnWriteOnlyOpens 
    HKLM\System\CurrentControlSet\Services\LanmanWorkStation\Parameters\EnableDownLevelLogOff 
    HKLM\System\CurrentControlSet\Services\LanmanWorkStation\Parameters\ExtendedSessTimeout 
    HKLM\System\CurrentControlSet\Services\LanmanWorkStation\Parameters\MaxNumOfExchangesForPipelineReadWrite 
    HKLM\System\CurrentControlSet\Services\LanmanWorkStation\Parameters\OffLineFileTimeoutIntervalInSeconds 
    HKLM\System\CurrentControlSet\Services\LanmanWorkStation\Parameters\ServersWithExtendedSessTimeout 
    HKLM\System\CurrentControlSet\Services\LanmanWorkStation\Parameters\UniqueFileNames 
    HKLM\System\CurrentControlSet\Services\LanmanWorkStation\Parameters\Win9xSessionRestriction 
    HKLM\System\CurrentControlSet\Services\MRxSmb\Parameters\CscEnableAutoDial 
    HKLM\System\CurrentControlSet\Services\MRxSmb\Parameters\CscEnabledDCON 
    HKLM\System\CurrentControlSet\Services\MRxSmb\Parameters\CscEnableTransitionByDefault 
    HKLM\System\CurrentControlSet\Services\MRxSmb\Parameters\DeferredOpensEnabled 
    HKLM\System\CurrentControlSet\Services\MRxSmb\Parameters\EnableCompression 
    HKLM\System\CurrentControlSet\Services\MRxSmb\Parameters\IgnoreBindingOrder 
    HKLM\System\CurrentControlSet\Services\MRxSmb\Parameters\MaximumMasterAnnouncementsQueueSize 
    HKLM\System\CurrentControlSet\Services\Mup\DisableDfs 
    HKLM\System\CurrentControlSet\Services\Mup\EnableDeviceNameCreateRetry 
    HKLM\System\CurrentControlSet\Services\Mup\Parameters\EnableDfsLoopbackTargets 
    HKLM\System\CurrentControlSet\Services\Mup\ProviderCacheTimeoutInMinutes 
    HKLM\System\CurrentControlSet\Services\NDIS\Parameters\Packe tStackSize 
    HKLM\System\CurrentControlSet\Services\NdisWan\Parameters\AtmUseLLCOnPVC 
    HKLM\System\CurrentControlSet\Services\NdisWan\Parameters\AtmUseLLCOnSVC 
    HKLM\System\CurrentControlSet\Services\NdisWan\Parameters\CachedKeyCount 
    HKLM\System\CurrentControlSet\Services\NdisWan\Parameters\DebugLevel 
    HKLM\System\CurrentControlSet\Services\NdisWan\Parameters\DebugMask 
    HKLM\System\CurrentControlSet\Services\NdisWan\Parameters\Historyless 
    HKLM\System\CurrentControlSet\Services\NdisWan\Parameters\IGMPIdle 
    HKLM\System\CurrentControlSet\Services\NdisWan\Parameters\MaximumFragmentSize 
    HKLM\System\CurrentControlSet\Services\NdisWan\Parameters\MaxOutOfOrderDepth 
    HKLM\System\CurrentControlSet\Services\NdisWan\Parameters\MinimumFragmentSize 
    HKLM\System\CurrentControlSet\Services\NdisWan\Parameters\MinimumLinkBandwidth 
    HKLM\System\CurrentControlSet\Services\NdisWan\Parameters\MRRU 
    HKLM\System\CurrentControlSet\Services\NdisWan\Parameters\MRU 
    HKLM\System\CurrentControlSet\Services\NdisWan\Parameters\NdisPacketPoolCount 
    HKLM\System\CurrentControlSet\Services\NdisWan\Parameters\NdisPacketPoolOverflow 
    HKLM\System\CurrentControlSet\Services\NdisWan\Parameters\NumberOfPorts 
    HKLM\System\CurrentControlSet\Services\NdisWan\Parameters\ProtocolMaxSendPackets 
    HKLM\System\CurrentControlSet\Services\NdisWan\Parameters\SendQueueDepth 
    HKLM\System\CurrentControlSet\Services\NdisWan\Parameters\SniffLink 
    HKLM\System\CurrentControlSet\Services\NdisWan\Parameters\TunnelMTU 
    HKLM\System\CurrentControlSet\Services\Parport\ModeCheckedStalled 
    HKLM\System\CurrentControlSet\Services\RasAcd\Parameters\EnableRedirNotifications 
    HKLM\System\CurrentControlSet\Services\RpcSs\Parameters\ServiceDllUnloadOnStop 
    HKLM\System\CurrentControlSet\Services\SAMSS\PostPromoteBoot 
    HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\BootTime Security 
    HKLM\System\CurrentControlSet\Services\Tapisrv\Parameters\Se rviceDllUnloadOnStop 
    HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DisableAdapterDomainName 
    HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DisableWanDynamicUpdate 
    HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\EnableAdapterDomainNameRegistration 
    HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\EnableAddrMaskReply 
    HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\EnableBcastArpReply 
    HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\EnablePMTUBHDetect 
    HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\GlobalMaxTcpWindowSize 
    HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\IsnStoreSize 
    HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\MaxEqualCostRoutes 
    HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\MaxForwardBufferMemory 
    HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\MaxHashTableSize 
    HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\MaxNormLookupMemory 
    HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\MaxNumberOfAddressesToRegister 
    HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\MaxNumForwardPackets 
    HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\NetHashTableSize 
    HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\NumForwardPackets 
    HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\NumTcbTablePartitions 
    HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\TcpNumConnections 
    HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\TcpWindowSize 
    HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\TrFunctionalMcastAddress 
    HKLM\System\CurrentControlSet\Services\usb\DisableCcDetect 
    HKLM\System\CurrentControlSet\Services\usb\DisableSelectiveS uspend 
    HKLM\System\CurrentControlSet\Services\usb\EnIdleEndpointSup port 
    HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\W s2_32NumHandleBuckets

  4. #4
    Administrator Philip's Avatar
    Join Date
    May 1999
    Location
    Jacksonville, Florida, United States
    Posts
    10,085
    Blog Entries
    6
    Interesting... Thanks for sharing, some interesting values for testing in there
    Linux is user friendly, it's just picky about its friends...
    Disclaimer: Please use caution when opening messages, my grasp on reality may have shaken loose during transmission (going on rusty memory circuits).
    ๑۩۞۩๑

  5. #5
    iObit Advanced SystemCare v10 Pro

    ( Registry Changes - When Apply Tweaks & Boosting Performance )

    SystemCare_Values_modified.txt

    Example:
    Old -> HKLM\SOFTWARE\WOW6432Node\IObit\Advanced SystemCare\HealthLevel: 0x00000001
    New -> HKLM\SOFTWARE\WOW6432Node\IObit\Advanced SystemCare\HealthLevel: 0x00000000
    ( Values are in Hex-Format )
    Code:
    ----------------------------------
    Values modified: 96
    ----------------------------------
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPER1_0SERVER\explorer.exe: 0x00000004
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPER1_0SERVER\explorer.exe: 0x0000000A
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPERSERVER\explorer.exe: 0x00000002
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPERSERVER\explorer.exe: 0x0000000A
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Notifications\Data\418A073AA3BC1C75:  A3 00 00 00 00 00 00 00 04 00 04 00 01 00 01 00 01 01 00 00 14 66 C3 00 D8 00 02 00 00 00 01 31 8E 00 02 83 8B 00 02 AB AF 00 06 69 0A 00 06 DA 0F 01 08 68 E3 00 09 92 F8 00 09 EF 7D 00 0D 37 C6 00 0D 78 79 00 0D A1 81 00 0E BA CD 00 10 96 86 00 11 23 A8 00 12 E5 F8 00 13 E9 78 00 14 66 C3 00 15 8A A2 00 15 8F C5 00 17 5F C3 00 19 C0 E2 00 1B 42 78 00 1B F6 0B 00 1C 95 5C 00 1C C7 B8 00 1D 97 A9 00 1D A8 AA 00 1E 8D 52 00 1F 4E A8 00 1F F7 7B 00 20 18 F2 00 21 4C C8 00 24 AC C7 00 25 3A D5 00 25 99 60 00 27 E8 CF 00 29 22 55 00 2A 68 A9 00 2B 24 99 00 2B D8 BE 00 2C 17 DA 00 2C 3D 81 00 2D D8 F4 00 2F 34 FB 00 31 17 5D 00 31 48 4F 00 32 D1 A7 00 33 99 A9 00 36 AC 52 00 36 E9 D2 00 37 E7 65 00 39 D3 79 00 3A 35 D8 00 3A 5D 93 00 3A C1 B8 00 3C B3 52 00 3D 7F E6 00 3D DA CA 00 3D E7 43 00 3F 9A C7 00 40 56 F1 00 40 A5 6A 00 41 A8 76 00 42 26 4A 00 43 AD F4 00 45 4E D3 00 45 6D B6 00 46 79 D1 00 48 C2 
    4F 00 48 F9 A6 00 49 E5 7D 00 4A AA 81 00 4C 37 FA 00 4C 51 C1 00 4C A7 70 00 4E 3F A3 00 4E BF 72 00 4E E7 C1 00 4F D5 EC 00 50 34 A5 00 54 7A 52 00 54 B7 DC 00 56 24 52 00 56 93 DA 00 56 D1 84 00 57 D6 75 00 58 05 FE 00 5A 5E B5 00 5B 3A F5 00 60 41 AE 00 60 47 8F 00 60 D7 D3 00 65 A6 9E 00 65 D3 68 00 6A C9 DA 00 6B EE 38 00 6C B9 F4 00 6D 2E D0 00 70 6D A8 00 71 40 A3 00 71 47 D5 00 71 6A AE 00 72 6E 4A 00 74 77 AD 00 75 7C 86 00 75 A3 7E 00 78 EF 64 00 79 9C 39 00 7B 45 D5 00 7B A8 D1 00 7C DB 98 00 7E 62 C1 00 7F 88 CA 00 82 27 73 00 83 F1 60 00 84 E6 83 00 85 B9 F4 00 85 CA A9 00 88 A2 6A 00 8A 3D 83 00 8A 80 93 00 8B 51 88 00 8B EE F2 00 8D 87 98 00 8E 78 A2 00 8E B9 F4 00 90 D5 D0 00 91 23 D3 00 93 86 61 00 94 47 6A 00 95 9B 51 00 95 E1 DB 00 96 5D D2 00 97 6A B6 00 97 74 8D 00 99 B9 F4 00 9B 2B DB 00 9B 4D 87 00 9C E0 A8 00 9D 14 F2 00 9D 9D 92 00 9E B9 F4 00 A0 86 61 00 A1 84 BF 00 A1 89 C7 00 A2 05 06 00 A3 32 B1 00 A4 58 02 00 A6 44 A6 00 A6 D6 9A 00 A7 36 A8 00 A7 B8 AD 0
    0 AA 1B AA 00 AD 73 BF 00 AE 5C D2 00 AE 7C 8D 00 B1 CE 98 00 B2 91 DD 00 B3 92 FB 00 B6 21 C9 00 B8 02 97 00 BA F9 E9 00 BB 8E 8B 00 BB AE 7E 00 BC FA 8D 00 BD 38 8F 00 BD 53 98 00 BF 05 C0 00 C0 07 9A 00 C3 3E A3 00 C3 6D 81 00 C5 35 C9 00 C9 38 97 00 C9 53 F1 00 CA 23 B7 00 CA 63 7F 00 CC 49 56 00 CC C1 01 01 CD BD 8C 00 D0 17 56 00 D0 D0 EF 00 D1 D2 A7 00 D3 82 61 00 D6 8E FB 00 D6 F6 DE 00 D7 4F F8 00 D8 20 EA 00 D9 3D AA 00 DA BB D8 00 DA FF 0E 00 DB 6E A1 00 DE 3C DA 00 E1 7E 8C 00 E2 1B 56 00 E4 2A 5E 00 E8 9A FD 00 E8 9E FA 00 EB BF 84 00 EC 5F CE 00 EF 79 8B 00 F0 51 A5 00 F0 E0 B6 00 F1 7D 5F 00 F1 D2 D6 00 F2 B4 FA 00 F3 67 04 01 F3 8B B5 00 F5 48 B1 00 F5 50 0D 01 F6 AE 8F 00 F6 D5 D0 00 F7 12 5E 00 F7 ED 6A 00 F8 FE 82 00 F9 21 55 00 F9 77 8C 00 01 00 02 01 00 00 14 66 C3 00 01 00 03 01 00 00 14 66 C3 00 01 00 04 01 00 00 14 66 C3 00 9B 00 06 00 00 00 00 47 F1 00 02 A4 15 01 05 2A D1 00 05 37 C6 00 08 58 71 00 0A 29 D8 00 0B FF 5C 00 0C D5 89 00 0C E9 C2 00 0E 4D 7E 00 0F
     BA 9E 00 11 0F AA 00 12 A5 C7 00 13 19 83 00 14 AA FD 00 15 9A DB 00 17 86 A7 00 19 C3 98 00 1A FA 99 00 1D 49 12 01 21 6D B6 00 22 D3 89 00 24 6F 16 00 27 4D A7 00 27 9B CE 00 27 A2 A2 00 28 0C 0E 01 28 8B B4 00 29 00 D8 00 2A E9 D4 00 2C 21 D7 00 2D 4A DD 00 2D 85 BA 00 2D B1 A3 00 2E F9 AF 00 31 C2 E1 00 32 56 AE 00 32 E9 83 00 33 64 EF 00 34 B3 77 00 34 BB EF 00 36 A6 AC 00 37 22 C7 00 37 BF E1 00 37 FB EA 00 39 5E A7 00 3B 6B 9F 00 3F 1C EA 00 42 7F 7A 00 42 B3 AE 00 42 C4 6A 00 42 FA 58 00 48 C6 F5 00 49 B7 C6 00 4C 29 FB 00 4C AF 71 00 50 8F C4 00 52 22 13 01 53 D8 8F 00 5B C7 F7 00 5C C0 05 01 5C E1 7D 00 5D 77 F7 00 62 4F 98 00 63 3E 99 00 63 63 81 00 65 7F 0E 01 67 68 A7 00 69 D2 81 00 6C 52 0D 01 6F 51 EB 00 72 3C 12 00 73 D3 A7 00 77 10 DA 00 7B 9F EB 00 7C 22 B8 00 82 0D A8 00 82 1A BA 00 82 E6 F4 00 83 60 A9 00 85 A4 0C 01 88 3B C9 00 8A D2 D2 00 8E 83 7E 00 8F 3C F3 00 91 3C 08 01 91 67 C8 00 91 D3 A3 00 92 59 16 00 93 69 C7 00 94 96 D4 00 99 69 8A 00 9B 56 A4 00 9B CE 
    5C 00 9C 95 EC 00 9F 37 D5 00 9F 60 C3 00 9F 8F 6E 00 A0 2A AB 00 A0 B5 0A 01 A1 D7 B3 00 A2 A6 F8 00 A3 36 FB 00 A3 F7 6A 00 A4 DB CF 00 A5 04 03 01 A5 22 A0 00 A5 22 A4 00 A5 8F 60 00 A6 38 DA 00 A9 A4 C2 00 AB D2 61 00 AF EF C9 00 B0 75 5E 00 B4 F9 EA 00 B6 51 5D 00 B7 E2 BF 00 BC 8A A7 00 BD C3 98 00 BE 55 82 00 BF 8E CE 00 BF F1 A9 00 C1 98 60 00 C2 68 E4 00 C4 5F 7F 00 C5 C0 05 01 C7 0B C2 00 C8 2B FC 00 C9 77 D7 00 C9 D7 CA 00 CA 8F 52 00 D0 FE 62 00 D1 58 96 00 D6 B7 9A 00 D8 F0 7C 00 DA 19 D7 00 DC 30 D1 00 E4 69 C9 00 E6 19 9B 00 E8 66 C7 00 E9 8A A7 00 E9 8C 0A 01 E9 D1 F5 00 EA B9 4F 00 ED 0C AD 00 EE 02 E6 00 F0 3A DD 00 F0 EA EC 00 F3 EF F4 00 F4 74 5E 00 F4 AD 7A 00 F6 D9 EC 00 F8 71 9A 00 FA 67 CB 00 FB 08 06 01 09 00 40 01 00 00 06 DA 0F 01 14 66 C3 00 2D D8 F4 00 35 95 61 00 4B 11 B4 00 60 41 AE 00 7B A8 D1 00 9F 27 FF 00 D7 4F F8 00 01 00 43 01 00 00 C0 EC 7C 00
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Notifications\Data\418A073AA3BC1C75:  A4 00 00 00 00 00 00 00 04 00 04 00 01 00 01 00 01 01 00 00 14 66 C3 00 D8 00 02 00 00 00 01 31 8E 00 02 83 8B 00 02 AB AF 00 06 69 0A 00 06 DA 0F 01 08 68 E3 00 09 92 F8 00 09 EF 7D 00 0D 37 C6 00 0D 78 79 00 0D A1 81 00 0E BA CD 00 10 96 86 00 11 23 A8 00 12 E5 F8 00 13 E9 78 00 14 66 C3 00 15 8A A2 00 15 8F C5 00 17 5F C3 00 19 C0 E2 00 1B 42 78 00 1B F6 0B 00 1C 95 5C 00 1C C7 B8 00 1D 97 A9 00 1D A8 AA 00 1E 8D 52 00 1F 4E A8 00 1F F7 7B 00 20 18 F2 00 21 4C C8 00 24 AC C7 00 25 3A D5 00 25 99 60 00 27 E8 CF 00 29 22 55 00 2A 68 A9 00 2B 24 99 00 2B D8 BE 00 2C 17 DA 00 2C 3D 81 00 2D D8 F4 00 2F 34 FB 00 31 17 5D 00 31 48 4F 00 32 D1 A7 00 33 99 A9 00 36 AC 52 00 36 E9 D2 00 37 E7 65 00 39 D3 79 00 3A 35 D8 00 3A 5D 93 00 3A C1 B8 00 3C B3 52 00 3D 7F E6 00 3D DA CA 00 3D E7 43 00 3F 9A C7 00 40 56 F1 00 40 A5 6A 00 41 A8 76 00 42 26 4A 00 43 AD F4 00 45 4E D3 00 45 6D B6 00 46 79 D1 00 48 C2 
    4F 00 48 F9 A6 00 49 E5 7D 00 4A AA 81 00 4C 37 FA 00 4C 51 C1 00 4C A7 70 00 4E 3F A3 00 4E BF 72 00 4E E7 C1 00 4F D5 EC 00 50 34 A5 00 54 7A 52 00 54 B7 DC 00 56 24 52 00 56 93 DA 00 56 D1 84 00 57 D6 75 00 58 05 FE 00 5A 5E B5 00 5B 3A F5 00 60 41 AE 00 60 47 8F 00 60 D7 D3 00 65 A6 9E 00 65 D3 68 00 6A C9 DA 00 6B EE 38 00 6C B9 F4 00 6D 2E D0 00 70 6D A8 00 71 40 A3 00 71 47 D5 00 71 6A AE 00 72 6E 4A 00 74 77 AD 00 75 7C 86 00 75 A3 7E 00 78 EF 64 00 79 9C 39 00 7B 45 D5 00 7B A8 D1 00 7C DB 98 00 7E 62 C1 00 7F 88 CA 00 82 27 73 00 83 F1 60 00 84 E6 83 00 85 B9 F4 00 85 CA A9 00 88 A2 6A 00 8A 3D 83 00 8A 80 93 00 8B 51 88 00 8B EE F2 00 8D 87 98 00 8E 78 A2 00 8E B9 F4 00 90 D5 D0 00 91 23 D3 00 93 86 61 00 94 47 6A 00 95 9B 51 00 95 E1 DB 00 96 5D D2 00 97 6A B6 00 97 74 8D 00 99 B9 F4 00 9B 2B DB 00 9B 4D 87 00 9C E0 A8 00 9D 14 F2 00 9D 9D 92 00 9E B9 F4 00 A0 86 61 00 A1 84 BF 00 A1 89 C7 00 A2 05 06 00 A3 32 B1 00 A4 58 02 00 A6 44 A6 00 A6 D6 9A 00 A7 36 A8 00 A7 B8 AD 0
    0 AA 1B AA 00 AD 73 BF 00 AE 5C D2 00 AE 7C 8D 00 B1 CE 98 00 B2 91 DD 00 B3 92 FB 00 B6 21 C9 00 B8 02 97 00 BA F9 E9 00 BB 8E 8B 00 BB AE 7E 00 BC FA 8D 00 BD 38 8F 00 BD 53 98 00 BF 05 C0 00 C0 07 9A 00 C3 3E A3 00 C3 6D 81 00 C5 35 C9 00 C9 38 97 00 C9 53 F1 00 CA 23 B7 00 CA 63 7F 00 CC 49 56 00 CC C1 01 01 CD BD 8C 00 D0 17 56 00 D0 D0 EF 00 D1 D2 A7 00 D3 82 61 00 D6 8E FB 00 D6 F6 DE 00 D7 4F F8 00 D8 20 EA 00 D9 3D AA 00 DA BB D8 00 DA FF 0E 00 DB 6E A1 00 DE 3C DA 00 E1 7E 8C 00 E2 1B 56 00 E4 2A 5E 00 E8 9A FD 00 E8 9E FA 00 EB BF 84 00 EC 5F CE 00 EF 79 8B 00 F0 51 A5 00 F0 E0 B6 00 F1 7D 5F 00 F1 D2 D6 00 F2 B4 FA 00 F3 67 04 01 F3 8B B5 00 F5 48 B1 00 F5 50 0D 01 F6 AE 8F 00 F6 D5 D0 00 F7 12 5E 00 F7 ED 6A 00 F8 FE 82 00 F9 21 55 00 F9 77 8C 00 01 00 02 01 00 00 14 66 C3 00 01 00 03 00 00 00 7D 98 C5 00 01 00 03 01 00 00 14 66 C3 00 01 00 04 01 00 00 14 66 C3 00 9B 00 06 00 00 00 00 47 F1 00 02 A4 15 01 05 2A D1 00 05 37 C6 00 08 58 71 00 0A 29 D8 00 0B FF 5C 00 0C D5 89
     00 0C E9 C2 00 0E 4D 7E 00 0F BA 9E 00 11 0F AA 00 12 A5 C7 00 13 19 83 00 14 AA FD 00 15 9A DB 00 17 86 A7 00 19 C3 98 00 1A FA 99 00 1D 49 12 01 21 6D B6 00 22 D3 89 00 24 6F 16 00 27 4D A7 00 27 9B CE 00 27 A2 A2 00 28 0C 0E 01 28 8B B4 00 29 00 D8 00 2A E9 D4 00 2C 21 D7 00 2D 4A DD 00 2D 85 BA 00 2D B1 A3 00 2E F9 AF 00 31 C2 E1 00 32 56 AE 00 32 E9 83 00 33 64 EF 00 34 B3 77 00 34 BB EF 00 36 A6 AC 00 37 22 C7 00 37 BF E1 00 37 FB EA 00 39 5E A7 00 3B 6B 9F 00 3F 1C EA 00 42 7F 7A 00 42 B3 AE 00 42 C4 6A 00 42 FA 58 00 48 C6 F5 00 49 B7 C6 00 4C 29 FB 00 4C AF 71 00 50 8F C4 00 52 22 13 01 53 D8 8F 00 5B C7 F7 00 5C C0 05 01 5C E1 7D 00 5D 77 F7 00 62 4F 98 00 63 3E 99 00 63 63 81 00 65 7F 0E 01 67 68 A7 00 69 D2 81 00 6C 52 0D 01 6F 51 EB 00 72 3C 12 00 73 D3 A7 00 77 10 DA 00 7B 9F EB 00 7C 22 B8 00 82 0D A8 00 82 1A BA 00 82 E6 F4 00 83 60 A9 00 85 A4 0C 01 88 3B C9 00 8A D2 D2 00 8E 83 7E 00 8F 3C F3 00 91 3C 08 01 91 67 C8 00 91 D3 A3 00 92 59 16 00 93 69 C7 00 94 96 D4 00 
    99 69 8A 00 9B 56 A4 00 9B CE 5C 00 9C 95 EC 00 9F 37 D5 00 9F 60 C3 00 9F 8F 6E 00 A0 2A AB 00 A0 B5 0A 01 A1 D7 B3 00 A2 A6 F8 00 A3 36 FB 00 A3 F7 6A 00 A4 DB CF 00 A5 04 03 01 A5 22 A0 00 A5 22 A4 00 A5 8F 60 00 A6 38 DA 00 A9 A4 C2 00 AB D2 61 00 AF EF C9 00 B0 75 5E 00 B4 F9 EA 00 B6 51 5D 00 B7 E2 BF 00 BC 8A A7 00 BD C3 98 00 BE 55 82 00 BF 8E CE 00 BF F1 A9 00 C1 98 60 00 C2 68 E4 00 C4 5F 7F 00 C5 C0 05 01 C7 0B C2 00 C8 2B FC 00 C9 77 D7 00 C9 D7 CA 00 CA 8F 52 00 D0 FE 62 00 D1 58 96 00 D6 B7 9A 00 D8 F0 7C 00 DA 19 D7 00 DC 30 D1 00 E4 69 C9 00 E6 19 9B 00 E8 66 C7 00 E9 8A A7 00 E9 8C 0A 01 E9 D1 F5 00 EA B9 4F 00 ED 0C AD 00 EE 02 E6 00 F0 3A DD 00 F0 EA EC 00 F3 EF F4 00 F4 74 5E 00 F4 AD 7A 00 F6 D9 EC 00 F8 71 9A 00 FA 67 CB 00 FB 08 06 01 09 00 40 01 00 00 06 DA 0F 01 14 66 C3 00 2D D8 F4 00 35 95 61 00 4B 11 B4 00 60 41 AE 00 7B A8 D1 00 9F 27 FF 00 D7 4F F8 00 01 00 43 01 00 00 C0 EC 7C 00
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Notifications\Data\418A073AA3BC3475:  B9 00 00 00 00 00 00 00 04 00 04 00 01 02 04 00 00 00 00 00 06 00 00 00 6B 50 7E 00 04 00 00 00 99 CB DC 00 EE 01 00 00 A1 9F 5E 00 05 00 00 00 DB B4 EF 00 06 00 01 00 00 00 18 01 00 00 56 73 7D 00 43 00 00 00 6B 50 7E 00 06 00 00 00 90 D5 D0 00 0D 00 00 00 98 29 B7 00 01 00 00 00 B0 87 B4 00 43 00 00 00 E6 C5 31 00 01 00 05 00 00 00 13 00 00 00 96 39 0B 01 07 00 65 00 00 00 41 00 00 00 1C 95 5C 00 B8 00 00 00 65 A6 9E 00 06 00 00 00 90 D5 D0 00 13 00 00 00 9C A6 B4 00 5B 01 00 00 A2 05 06 00 80 4F 00 00 E6 C5 31 00 F1 0B 00 00 F0 E0 B6 00 02 00 66 00 00 00 F3 00 00 00 65 A6 9E 00 59 00 00 00 A2 05 06 00 01 00 67 00 00 00 E3 00 00 00 A2 05 06 00 02 00 68 00 00 00 01 00 00 00 9C A6 B4 00 E1 00 00 00 A2 05 06 00 01 00 69 00 00 00 64 17 00 00 65 A6 9E 00 01 00 6B 00 00 00 0C 00 00 00 65 A6 9E 00 01 00 70 00 00 00 18 00 00 00 65 A6 9E 00 01 00 71 00 00 00 07 00 00 00 65 A6 9E 00 01 00 72 00 00 00 4F 07 
    00 00 A2 05 06 00 01 00 73 00 00 00 F2 00 00 00 65 A6 9E 00 01 00 76 00 00 00 2F 00 00 00 65 A6 9E 00 01 00 77 00 00 00 1A 00 00 00 65 A6 9E 00 01 00 7D 00 00 00 9D 00 00 00 65 A6 9E 00 01 00 7F 00 00 00 B7 00 00 00 65 A6 9E 00 01 00 97 00 00 00 44 00 00 00 BE B3 EF 00
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Notifications\Data\418A073AA3BC3475:  C1 00 00 00 00 00 00 00 04 00 04 00 01 02 04 00 00 00 00 00 06 00 00 00 6B 50 7E 00 04 00 00 00 99 CB DC 00 F2 01 00 00 A1 9F 5E 00 05 00 00 00 DB B4 EF 00 06 00 01 00 00 00 7F 01 00 00 56 73 7D 00 43 00 00 00 6B 50 7E 00 06 00 00 00 90 D5 D0 00 0D 00 00 00 98 29 B7 00 01 00 00 00 B0 87 B4 00 43 00 00 00 E6 C5 31 00 01 00 05 00 00 00 13 00 00 00 96 39 0B 01 07 00 65 00 00 00 41 00 00 00 1C 95 5C 00 B8 00 00 00 65 A6 9E 00 06 00 00 00 90 D5 D0 00 13 00 00 00 9C A6 B4 00 5C 01 00 00 A2 05 06 00 80 4F 00 00 E6 C5 31 00 02 0C 00 00 F0 E0 B6 00 02 00 66 00 00 00 F4 00 00 00 65 A6 9E 00 59 00 00 00 A2 05 06 00 01 00 67 00 00 00 E4 00 00 00 A2 05 06 00 02 00 68 00 00 00 01 00 00 00 9C A6 B4 00 E2 00 00 00 A2 05 06 00 01 00 69 00 00 00 79 17 00 00 65 A6 9E 00 01 00 6B 00 00 00 0C 00 00 00 65 A6 9E 00 01 00 70 00 00 00 18 00 00 00 65 A6 9E 00 01 00 71 00 00 00 07 00 00 00 65 A6 9E 00 01 00 72 00 00 00 61 07 
    00 00 A2 05 06 00 01 00 73 00 00 00 F2 00 00 00 65 A6 9E 00 01 00 76 00 00 00 2F 00 00 00 65 A6 9E 00 01 00 77 00 00 00 1A 00 00 00 65 A6 9E 00 01 00 7D 00 00 00 9D 00 00 00 65 A6 9E 00 01 00 7F 00 00 00 B7 00 00 00 65 A6 9E 00 01 00 97 00 00 00 44 00 00 00 BE B3 EF 00
    HKLM\SOFTWARE\WOW6432Node\IObit\Advanced SystemCare\HealthLevel: 0x00000001
    HKLM\SOFTWARE\WOW6432Node\IObit\Advanced SystemCare\HealthLevel: 0x00000000
    HKLM\SOFTWARE\WOW6432Node\IObit\Advanced SystemCare\LastUseDate: "43411,9296628588"
    HKLM\SOFTWARE\WOW6432Node\IObit\Advanced SystemCare\LastUseDate: "43411,9325246065"
    HKLM\SOFTWARE\WOW6432Node\IObit\Advanced SystemCare\LastWrite: "43411,9296628588"
    HKLM\SOFTWARE\WOW6432Node\IObit\Advanced SystemCare\LastWrite: "43411,9325246065"
    HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\GlobalAssocChangedCounter: 0x00000005
    HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\GlobalAssocChangedCounter: 0x00000006
    HKLM\SYSTEM\ControlSet001\Control\WaitToKillServiceTimeout: "5000"
    HKLM\SYSTEM\ControlSet001\Control\WaitToKillServiceTimeout: "8000"
    HKLM\SYSTEM\ControlSet001\Control\FileSystem\NtfsDisable8dot3NameCreation: 0x00000002
    HKLM\SYSTEM\ControlSet001\Control\FileSystem\NtfsDisable8dot3NameCreation: 0x00000001
    HKLM\SYSTEM\ControlSet001\Control\FileSystem\NtfsDisableLastAccessUpdate: 0x80000003
    HKLM\SYSTEM\ControlSet001\Control\FileSystem\NtfsDisableLastAccessUpdate: 0x00000001
    HKLM\SYSTEM\ControlSet001\Control\Nsi\{eb004a00-9b1a-11d4-9123-0050047759bc}\6\:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FF
    HKLM\SYSTEM\ControlSet001\Control\Nsi\{eb004a00-9b1a-11d4-9123-0050047759bc}\6\:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FF FF FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FF
    HKLM\SYSTEM\ControlSet001\Control\Session Manager\AutoChkTimeout: 0x0000000A
    HKLM\SYSTEM\ControlSet001\Control\Session Manager\AutoChkTimeout: 0x00000005
    HKLM\SYSTEM\ControlSet001\Control\Session Manager\Memory Management\DisablePagingExecutive: 0x00000000
    HKLM\SYSTEM\ControlSet001\Control\Session Manager\Memory Management\DisablePagingExecutive: 0x00000001
    HKLM\SYSTEM\ControlSet001\Services\AppMgmt\Start: 0x00000003
    HKLM\SYSTEM\ControlSet001\Services\AppMgmt\Start: 0x00000004
    HKLM\SYSTEM\ControlSet001\Services\AxInstSV\Start: 0x00000003
    HKLM\SYSTEM\ControlSet001\Services\AxInstSV\Start: 0x00000004
    HKLM\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-3036636556-1317084106-3327442082-500\SequenceNumber: 0x00000024
    HKLM\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-3036636556-1317084106-3327442082-500\SequenceNumber: 0x00000025
    HKLM\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-3036636556-1317084106-3327442082-500\\Device\HarddiskVolume5\Windows\System32\dllhost.exe:  BD E0 02 D8 DF 76 D4 01 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00
    HKLM\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-3036636556-1317084106-3327442082-500\\Device\HarddiskVolume5\Windows\System32\dllhost.exe:  7B 4B 9C 6E E0 76 D4 01 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00
    HKLM\SYSTEM\ControlSet001\Services\CertPropSvc\Start: 0x00000003
    HKLM\SYSTEM\ControlSet001\Services\CertPropSvc\Start: 0x00000004
    HKLM\SYSTEM\ControlSet001\Services\NetBT\Parameters\NameSrvQueryTimeout: 0x000005DC
    HKLM\SYSTEM\ControlSet001\Services\NetBT\Parameters\NameSrvQueryTimeout: 0x00000BB8
    HKLM\SYSTEM\ControlSet001\Services\Netlogon\Start: 0x00000003
    HKLM\SYSTEM\ControlSet001\Services\Netlogon\Start: 0x00000004
    HKLM\SYSTEM\ControlSet001\Services\p2pimsvc\Start: 0x00000003
    HKLM\SYSTEM\ControlSet001\Services\p2pimsvc\Start: 0x00000004
    HKLM\SYSTEM\ControlSet001\Services\PNRPsvc\Start: 0x00000003
    HKLM\SYSTEM\ControlSet001\Services\PNRPsvc\Start: 0x00000004
    HKLM\SYSTEM\ControlSet001\Services\SCPolicySvc\Start: 0x00000003
    HKLM\SYSTEM\ControlSet001\Services\SCPolicySvc\Start: 0x00000004
    HKLM\SYSTEM\ControlSet001\Services\SNMPTRAP\Start: 0x00000003
    HKLM\SYSTEM\ControlSet001\Services\SNMPTRAP\Start: 0x00000004
    HKLM\SYSTEM\ControlSet001\Services\Tcpip\ServiceProvider\DnsPriority: 0x000007D0
    HKLM\SYSTEM\ControlSet001\Services\Tcpip\ServiceProvider\DnsPriority: 0x00000006
    HKLM\SYSTEM\ControlSet001\Services\Tcpip\ServiceProvider\HostsPriority: 0x000001F4
    HKLM\SYSTEM\ControlSet001\Services\Tcpip\ServiceProvider\HostsPriority: 0x00000005
    HKLM\SYSTEM\ControlSet001\Services\Tcpip\ServiceProvider\LocalPriority: 0x000001F3
    HKLM\SYSTEM\ControlSet001\Services\Tcpip\ServiceProvider\LocalPriority: 0x00000004
    HKLM\SYSTEM\ControlSet001\Services\Tcpip\ServiceProvider\NetbtPriority: 0x000007D1
    HKLM\SYSTEM\ControlSet001\Services\Tcpip\ServiceProvider\NetbtPriority: 0x00000007
    HKLM\SYSTEM\ControlSet001\Services\W32Time\Config\LastKnownGoodTime:  A7 05 FC D3 DF 76 D4 01
    HKLM\SYSTEM\ControlSet001\Services\W32Time\Config\LastKnownGoodTime:  20 90 EE 3D E0 76 D4 01
    HKLM\SYSTEM\ControlSet001\Services\WerSvc\Start: 0x00000003
    HKLM\SYSTEM\ControlSet001\Services\WerSvc\Start: 0x00000004
    HKLM\SYSTEM\ControlSet001\Services\WinHttpAutoProxySvc\Start: 0x00000003
    HKLM\SYSTEM\ControlSet001\Services\WinHttpAutoProxySvc\Start: 0x00000004
    HKLM\SYSTEM\ControlSet001\Services\WinRM\Start: 0x00000003
    HKLM\SYSTEM\ControlSet001\Services\WinRM\Start: 0x00000004
    HKLM\SYSTEM\CurrentControlSet\Control\WaitToKillServiceTimeout: "5000"
    HKLM\SYSTEM\CurrentControlSet\Control\WaitToKillServiceTimeout: "8000"
    HKLM\SYSTEM\CurrentControlSet\Control\FileSystem\NtfsDisable8dot3NameCreation: 0x00000002
    HKLM\SYSTEM\CurrentControlSet\Control\FileSystem\NtfsDisable8dot3NameCreation: 0x00000001
    HKLM\SYSTEM\CurrentControlSet\Control\FileSystem\NtfsDisableLastAccessUpdate: 0x80000003
    HKLM\SYSTEM\CurrentControlSet\Control\FileSystem\NtfsDisableLastAccessUpdate: 0x00000001
    HKLM\SYSTEM\CurrentControlSet\Control\Nsi\{eb004a00-9b1a-11d4-9123-0050047759bc}\6\:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FF
    HKLM\SYSTEM\CurrentControlSet\Control\Nsi\{eb004a00-9b1a-11d4-9123-0050047759bc}\6\:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FF FF FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FF
    HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\AutoChkTimeout: 0x0000000A
    HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\AutoChkTimeout: 0x00000005
    HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\DisablePagingExecutive: 0x00000000
    HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\DisablePagingExecutive: 0x00000001
    HKLM\SYSTEM\CurrentControlSet\Services\AppMgmt\Start: 0x00000003
    HKLM\SYSTEM\CurrentControlSet\Services\AppMgmt\Start: 0x00000004
    HKLM\SYSTEM\CurrentControlSet\Services\AxInstSV\Start: 0x00000003
    HKLM\SYSTEM\CurrentControlSet\Services\AxInstSV\Start: 0x00000004
    HKLM\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-3036636556-1317084106-3327442082-500\SequenceNumber: 0x00000024
    HKLM\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-3036636556-1317084106-3327442082-500\SequenceNumber: 0x00000026
    HKLM\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-3036636556-1317084106-3327442082-500\\Device\HarddiskVolume5\Windows\System32\mmc.exe:  52 FA 59 4E DF 76 D4 01 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00
    HKLM\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-3036636556-1317084106-3327442082-500\\Device\HarddiskVolume5\Windows\System32\mmc.exe:  0A 9C 6F 88 E0 76 D4 01 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00
    HKLM\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-3036636556-1317084106-3327442082-500\\Device\HarddiskVolume5\Windows\System32\dllhost.exe:  BD E0 02 D8 DF 76 D4 01 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00
    HKLM\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-3036636556-1317084106-3327442082-500\\Device\HarddiskVolume5\Windows\System32\dllhost.exe:  7B 4B 9C 6E E0 76 D4 01 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00
    HKLM\SYSTEM\CurrentControlSet\Services\CertPropSvc\Start: 0x00000003
    HKLM\SYSTEM\CurrentControlSet\Services\CertPropSvc\Start: 0x00000004
    HKLM\SYSTEM\CurrentControlSet\Services\NetBT\Parameters\NameSrvQueryTimeout: 0x000005DC
    HKLM\SYSTEM\CurrentControlSet\Services\NetBT\Parameters\NameSrvQueryTimeout: 0x00000BB8
    HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Start: 0x00000003
    HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Start: 0x00000004
    HKLM\SYSTEM\CurrentControlSet\Services\p2pimsvc\Start: 0x00000003
    HKLM\SYSTEM\CurrentControlSet\Services\p2pimsvc\Start: 0x00000004
    HKLM\SYSTEM\CurrentControlSet\Services\PNRPsvc\Start: 0x00000003
    HKLM\SYSTEM\CurrentControlSet\Services\PNRPsvc\Start: 0x00000004
    HKLM\SYSTEM\CurrentControlSet\Services\SCPolicySvc\Start: 0x00000003
    HKLM\SYSTEM\CurrentControlSet\Services\SCPolicySvc\Start: 0x00000004
    HKLM\SYSTEM\CurrentControlSet\Services\SNMPTRAP\Start: 0x00000003
    HKLM\SYSTEM\CurrentControlSet\Services\SNMPTRAP\Start: 0x00000004
    HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\ServiceProvider\DnsPriority: 0x000007D0
    HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\ServiceProvider\DnsPriority: 0x00000006
    HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\ServiceProvider\HostsPriority: 0x000001F4
    HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\ServiceProvider\HostsPriority: 0x00000005
    HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\ServiceProvider\LocalPriority: 0x000001F3
    HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\ServiceProvider\LocalPriority: 0x00000004
    HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\ServiceProvider\NetbtPriority: 0x000007D1
    HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\ServiceProvider\NetbtPriority: 0x00000007
    HKLM\SYSTEM\CurrentControlSet\Services\W32Time\Config\LastKnownGoodTime:  90 64 A1 F1 DF 76 D4 01
    HKLM\SYSTEM\CurrentControlSet\Services\W32Time\Config\LastKnownGoodTime:  20 90 EE 3D E0 76 D4 01
    HKLM\SYSTEM\CurrentControlSet\Services\WerSvc\Start: 0x00000003
    HKLM\SYSTEM\CurrentControlSet\Services\WerSvc\Start: 0x00000004
    HKLM\SYSTEM\CurrentControlSet\Services\WinHttpAutoProxySvc\Start: 0x00000003
    HKLM\SYSTEM\CurrentControlSet\Services\WinHttpAutoProxySvc\Start: 0x00000004
    HKLM\SYSTEM\CurrentControlSet\Services\WinRM\Start: 0x00000003
    HKLM\SYSTEM\CurrentControlSet\Services\WinRM\Start: 0x00000004
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Control Panel\Desktop\ForegroundLockTimeout: 0x00030D40
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Control Panel\Desktop\ForegroundLockTimeout: 0x00000000
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Control Panel\Desktop\MenuShowDelay: "400"
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Control Panel\Desktop\MenuShowDelay: "0"
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Control Panel\Mouse\MouseHoverTime: "400"
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Control Panel\Mouse\MouseHoverTime: "100"
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Microsoft\Microsoft Management Console\Recent File List\File1: "C:\Windows\System32\services.msc"
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Microsoft\Microsoft Management Console\Recent File List\File1: "C:\Windows\system32\devmgmt.msc"
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Microsoft\Microsoft Management Console\Recent File List\File2: "C:\Windows\system32\devmgmt.msc"
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Microsoft\Microsoft Management Console\Recent File List\File2: "C:\Windows\System32\services.msc"
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Microsoft\Windows\CurrentVersion\CloudStore\Store\Cache\DefaultAccount\$de${2c2d8bd9-9643-4e2a-9b3c-3c10ed229da4}$$windows.data.unifiedtile.localstartvolatiletilepropertiesmap\Current\Data:  02 00 00 00 AF 7D 49 73 DF 76 D4 01 00 00 00 00 43 42 01 00 0D 12 0A 0D 39 50 00 7E 00 4D 00 49 00 43 00 52 00 4F 00 53 00 4F 00 46 00 54 00 2E 00 57 00 49 00 4E 00 44 00 4F 00 57 00 53 00 2E 00 53 00 45 00 43 00 48 00 45 00 41 00 4C 00 54 00 48 00 55 00 49 00 5F 00 43 00 57 00 35 00 4E 00 31 00 48 00 32 00 54 00 58 00 59 00 45 00 57 00 59 00 21 00 53 00 45 00 43 00 48 00 45 00 41 00 4C 00 54 00 48 00 55 00 49 00 C7 0A 8A 07 FE 3A C5 14 01 C6 1E 80 C9 C7 A2 B4 DB 9D EA 01 00 55 50 00 7E 00 57 00 49 00 4E 00 44 00 4F 00 57 00 53 00 2E 00 49 00 4D 00 4D 00 45 00 52 00 53 00 49 00 56 00 45 00 43 00 4F 00 4E 00 54 00 52 00 4F 00 4C 00 50 00 41 00 4E 00 45 00 4C 00 5F 00 43 00 57 00 35 00 4E 00 31 00 48 00 32 00 54 00 58 00 59 00 45 00 57 00 59 
    00 21 00 4D 00 49 00 43 00 52 00 4F 00 53 00 4F 00 46 00 54 00 2E 00 57 00 49 00 4E 00 44 00 4F 00 57 00 53 00 2E 00 49 00 4D 00 4D 00 45 00 52 00 53 00 49 00 56 00 45 00 43 00 4F 00 4E 00 54 00 52 00 4F 00 4C 00 50 00 41 00 4E 00 45 00 4C 00 C7 0A 0A C8 22 3C C5 14 04 C6 1E F0 CE BB 97 A8 DB 9D EA 01 00 08 57 00 7E 00 43 00 48 00 52 00 4F 00 4D 00 45 00 C7 0A DE B0 C9 3B C5 14 01 C6 1E D0 81 BD C6 D6 DB 9D EA 01 00 34 57 00 7E 00 43 00 4F 00 4D 00 2E 00 53 00 51 00 55 00 49 00 52 00 52 00 45 00 4C 00 2E 00 53 00 49 00 44 00 45 00 42 00 41 00 52 00 44 00 49 00 41 00 47 00 4E 00 4F 00 53 00 54 00 49 00 43 00 53 00 2E 00 53 00 49 00 44 00 45 00 42 00 41 00 52 00 44 00 49 00 41 00 47 00 4E 00 4F 00 53 00 54 00 49 00 43 00 53 00 C7 0A 89 B2 BC 39 C5 14 01 C6 1E F0 88 AD 96 BF DB 9D EA 01 00 40 57 00 7E 00 4D 00 49 00 43 00 52 00 4F 00 53 00 4F 00 46 00 54 00 2E 00 41 00 55 00 54 00 4F 00 47 00 45 00 4E 00 45 00 52 00 41 00 54 00 45 00 44 00 2E 00 7B 00 38 00 41 00 37 00 32 00 35 00 31 00 4
    4 00 34 00 2D 00 34 00 36 00 33 00 46 00 2D 00 39 00 36 00 46 00 33 00 2D 00 34 00 31 00 35 00 41 00 2D 00 32 00 31 00 34 00 35 00 44 00 32 00 34 00 35 00 43 00 41 00 35 00 41 00 7D 00 C7 0A 89 B2 BC 39 C5 14 01 C6 1E 90 DA C9 B5 DE DB 9D EA 01 00 24 57 00 7E 00 4D 00 49 00 43 00 52 00 4F 00 53 00 4F 00 46 00 54 00 2E 00 49 00 4E 00 54 00 45 00 52 00 4E 00 45 00 54 00 45 00 58 00 50 00 4C 00 4F 00 52 00 45 00 52 00 2E 00 44 00 45 00 46 00 41 00 55 00 4C 00 54 00 C7 0A 25 74 31 3A C5 14 01 C6 1E 90 C4 F2 9C 86 DB 9D EA 01 00 1C 57 00 7E 00 4D 00 49 00 43 00 52 00 4F 00 53 00 4F 00 46 00 54 00 2E 00 57 00 49 00 4E 00 44 00 4F 00 57 00 53 00 2E 00 45 00 58 00 50 00 4C 00 4F 00 52 00 45 00 52 00 C7 0A 83 BE 8B 3C C5 14 0E C6 1E B0 CF E9 AF DE DB 9D EA 01 00 30 57 00 7E 00 7B 00 31 00 41 00 43 00 31 00 34 00 45 00 37 00 37 00 2D 00 30 00 32 00 45 00 37 00 2D 00 34 00 45 00 35 00 44 00 2D 00 42 00 37 00 34 00 34 00 2D 00 32 00 45 00 42 00 31 00 41 00 45 00 35 00 31 00 39 00 38 00 42 00 37 00
     7D 00 5C 00 43 00 4D 00 44 00 2E 00 45 00 58 00 45 00 C7 0A 74 70 C7 39 C5 14 01 C6 1E D0 A7 EA E7 E5 DB 9D EA 01 00 34 57 00 7E 00 7B 00 31 00 41 00 43 00 31 00 34 00 45 00 37 00 37 00 2D 00 30 00 32 00 45 00 37 00 2D 00 34 00 45 00 35 00 44 00 2D 00 42 00 37 00 34 00 34 00 2D 00 32 00 45 00 42 00 31 00 41 00 45 00 35 00 31 00 39 00 38 00 42 00 37 00 7D 00 5C 00 4E 00 4F 00 54 00 45 00 50 00 41 00 44 00 2E 00 45 00 58 00 45 00 C7 0A CD 7C 8F 3B C5 14 04 C6 1E E0 B1 9F 9A F7 DB 9D EA 01 00 3A 57 00 7E 00 7B 00 31 00 41 00 43 00 31 00 34 00 45 00 37 00 37 00 2D 00 30 00 32 00 45 00 37 00 2D 00 34 00 45 00 35 00 44 00 2D 00 42 00 37 00 34 00 34 00 2D 00 32 00 45 00 42 00 31 00 41 00 45 00 35 00 31 00 39 00 38 00 42 00 37 00 7D 00 5C 00 53 00 45 00 52 00 56 00 45 00 52 00 4D 00 41 00 4E 00 41 00 47 00 45 00 52 00 2E 00 45 00 58 00 45 00 C7 0A 43 47 20 3C C5 14 03 C6 1E D0 EB 87 E2 D8 DB 9D EA 01 00 3E 57 00 7E 00 7B 00 36 00 44 00 38 00 30 00 39 00 33 00 37 00 37 00 2D 00 36 00 41 00 46 
    00 30 00 2D 00 34 00 34 00 34 00 42 00 2D 00 38 00 39 00 35 00 37 00 2D 00 41 00 33 00 37 00 37 00 33 00 46 00 30 00 32 00 32 00 30 00 30 00 45 00 7D 00 5C 00 4C 00 41 00 54 00 45 00 4E 00 43 00 59 00 4D 00 4F 00 4E 00 5C 00 4C 00 41 00 54 00 4D 00 4F 00 4E 00 2E 00 45 00 58 00 45 00 C7 0A C4 C0 44 3A C5 14 01 C6 1E B0 C3 B7 92 C4 DB 9D EA 01 00 38 57 00 7E 00 7B 00 37 00 43 00 35 00 41 00 34 00 30 00 45 00 46 00 2D 00 41 00 30 00 46 00 42 00 2D 00 34 00 42 00 46 00 43 00 2D 00 38 00 37 00 34 00 41 00 2D 00 43 00 30 00 46 00 32 00 45 00 30 00 42 00 39 00 46 00 41 00 38 00 45 00 7D 00 5C 00 53 00 54 00 45 00 41 00 4D 00 5C 00 53 00 54 00 45 00 41 00 4D 00 2E 00 45 00 58 00 45 00 C7 0A 89 B2 BC 39 C5 14 01 C6 1E D0 F5 8A A9 BC DB 9D EA 01 00 34 57 00 7E 00 7B 00 46 00 33 00 38 00 42 00 46 00 34 00 30 00 34 00 2D 00 31 00 44 00 34 00 33 00 2D 00 34 00 32 00 46 00 32 00 2D 00 39 00 33 00 30 00 35 00 2D 00 36 00 37 00 44 00 45 00 30 00 42 00 32 00 38 00 46 00 43 00 32 00 33 00 7D 00 5C 00 5
    2 00 45 00 47 00 45 00 44 00 49 00 54 00 2E 00 45 00 58 00 45 00 C7 0A 4C 15 11 3B C5 14 02 C6 1E 80 C6 92 80 EF DB 9D EA 01 00 00
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Microsoft\Windows\CurrentVersion\CloudStore\Store\Cache\DefaultAccount\$de${2c2d8bd9-9643-4e2a-9b3c-3c10ed229da4}$$windows.data.unifiedtile.localstartvolatiletilepropertiesmap\Current\Data:  02 00 00 00 D9 00 91 87 E0 76 D4 01 00 00 00 00 43 42 01 00 0D 12 0A 0D 39 50 00 7E 00 4D 00 49 00 43 00 52 00 4F 00 53 00 4F 00 46 00 54 00 2E 00 57 00 49 00 4E 00 44 00 4F 00 57 00 53 00 2E 00 53 00 45 00 43 00 48 00 45 00 41 00 4C 00 54 00 48 00 55 00 49 00 5F 00 43 00 57 00 35 00 4E 00 31 00 48 00 32 00 54 00 58 00 59 00 45 00 57 00 59 00 21 00 53 00 45 00 43 00 48 00 45 00 41 00 4C 00 54 00 48 00 55 00 49 00 C7 0A 3C 8C FD 3A C5 14 01 C6 1E 80 C9 C7 A2 B4 DB 9D EA 01 00 55 50 00 7E 00 57 00 49 00 4E 00 44 00 4F 00 57 00 53 00 2E 00 49 00 4D 00 4D 00 45 00 52 00 53 00 49 00 56 00 45 00 43 00 4F 00 4E 00 54 00 52 00 4F 00 4C 00 50 00 41 00 4E 00 45 00 4C 00 5F 00 43 00 57 00 35 00 4E 00 31 00 48 00 32 00 54 00 58 00 59 00 45 00 57 00 59 
    00 21 00 4D 00 49 00 43 00 52 00 4F 00 53 00 4F 00 46 00 54 00 2E 00 57 00 49 00 4E 00 44 00 4F 00 57 00 53 00 2E 00 49 00 4D 00 4D 00 45 00 52 00 53 00 49 00 56 00 45 00 43 00 4F 00 4E 00 54 00 52 00 4F 00 4C 00 50 00 41 00 4E 00 45 00 4C 00 C7 0A 8B D9 21 3C C5 14 04 C6 1E F0 CE BB 97 A8 DB 9D EA 01 00 08 57 00 7E 00 43 00 48 00 52 00 4F 00 4D 00 45 00 C7 0A 05 EF C3 3B C5 14 01 C6 1E D0 81 BD C6 D6 DB 9D EA 01 00 34 57 00 7E 00 43 00 4F 00 4D 00 2E 00 53 00 51 00 55 00 49 00 52 00 52 00 45 00 4C 00 2E 00 53 00 49 00 44 00 45 00 42 00 41 00 52 00 44 00 49 00 41 00 47 00 4E 00 4F 00 53 00 54 00 49 00 43 00 53 00 2E 00 53 00 49 00 44 00 45 00 42 00 41 00 52 00 44 00 49 00 41 00 47 00 4E 00 4F 00 53 00 54 00 49 00 43 00 53 00 C7 0A 3C DF C6 39 C5 14 01 C6 1E F0 88 AD 96 BF DB 9D EA 01 00 40 57 00 7E 00 4D 00 49 00 43 00 52 00 4F 00 53 00 4F 00 46 00 54 00 2E 00 41 00 55 00 54 00 4F 00 47 00 45 00 4E 00 45 00 52 00 41 00 54 00 45 00 44 00 2E 00 7B 00 38 00 41 00 37 00 32 00 35 00 31 00 4
    4 00 34 00 2D 00 34 00 36 00 33 00 46 00 2D 00 39 00 36 00 46 00 33 00 2D 00 34 00 31 00 35 00 41 00 2D 00 32 00 31 00 34 00 35 00 44 00 32 00 34 00 35 00 43 00 41 00 35 00 41 00 7D 00 C7 0A 69 C2 40 3A C5 14 02 C6 1E F0 93 BE BC 88 DC 9D EA 01 00 24 57 00 7E 00 4D 00 49 00 43 00 52 00 4F 00 53 00 4F 00 46 00 54 00 2E 00 49 00 4E 00 54 00 45 00 52 00 4E 00 45 00 54 00 45 00 58 00 50 00 4C 00 4F 00 52 00 45 00 52 00 2E 00 44 00 45 00 46 00 41 00 55 00 4C 00 54 00 C7 0A 23 B8 33 3A C5 14 01 C6 1E 90 C4 F2 9C 86 DB 9D EA 01 00 1C 57 00 7E 00 4D 00 49 00 43 00 52 00 4F 00 53 00 4F 00 46 00 54 00 2E 00 57 00 49 00 4E 00 44 00 4F 00 57 00 53 00 2E 00 45 00 58 00 50 00 4C 00 4F 00 52 00 45 00 52 00 C7 0A E1 AC 9F 3C C5 14 10 C6 1E 90 BC D0 B5 88 DC 9D EA 01 00 30 57 00 7E 00 7B 00 31 00 41 00 43 00 31 00 34 00 45 00 37 00 37 00 2D 00 30 00 32 00 45 00 37 00 2D 00 34 00 45 00 35 00 44 00 2D 00 42 00 37 00 34 00 34 00 2D 00 32 00 45 00 42 00 31 00 41 00 45 00 35 00 31 00 39 00 38 00 42 00 37 00
     7D 00 5C 00 43 00 4D 00 44 00 2E 00 45 00 58 00 45 00 C7 0A 3B 34 D1 39 C5 14 01 C6 1E D0 A7 EA E7 E5 DB 9D EA 01 00 34 57 00 7E 00 7B 00 31 00 41 00 43 00 31 00 34 00 45 00 37 00 37 00 2D 00 30 00 32 00 45 00 37 00 2D 00 34 00 45 00 35 00 44 00 2D 00 42 00 37 00 34 00 34 00 2D 00 32 00 45 00 42 00 31 00 41 00 45 00 35 00 31 00 39 00 38 00 42 00 37 00 7D 00 5C 00 4E 00 4F 00 54 00 45 00 50 00 41 00 44 00 2E 00 45 00 58 00 45 00 C7 0A 6B 81 94 3B C5 14 04 C6 1E E0 B1 9F 9A F7 DB 9D EA 01 00 3A 57 00 7E 00 7B 00 31 00 41 00 43 00 31 00 34 00 45 00 37 00 37 00 2D 00 30 00 32 00 45 00 37 00 2D 00 34 00 45 00 35 00 44 00 2D 00 42 00 37 00 34 00 34 00 2D 00 32 00 45 00 42 00 31 00 41 00 45 00 35 00 31 00 39 00 38 00 42 00 37 00 7D 00 5C 00 53 00 45 00 52 00 56 00 45 00 52 00 4D 00 41 00 4E 00 41 00 47 00 45 00 52 00 2E 00 45 00 58 00 45 00 C7 0A 44 9E 1C 3C C5 14 03 C6 1E D0 EB 87 E2 D8 DB 9D EA 01 00 3E 57 00 7E 00 7B 00 36 00 44 00 38 00 30 00 39 00 33 00 37 00 37 00 2D 00 36 00 41 00 46 
    00 30 00 2D 00 34 00 34 00 34 00 42 00 2D 00 38 00 39 00 35 00 37 00 2D 00 41 00 33 00 37 00 37 00 33 00 46 00 30 00 32 00 32 00 30 00 30 00 45 00 7D 00 5C 00 4C 00 41 00 54 00 45 00 4E 00 43 00 59 00 4D 00 4F 00 4E 00 5C 00 4C 00 41 00 54 00 4D 00 4F 00 4E 00 2E 00 45 00 58 00 45 00 C7 0A 3A 48 46 3A C5 14 01 C6 1E B0 C3 B7 92 C4 DB 9D EA 01 00 38 57 00 7E 00 7B 00 37 00 43 00 35 00 41 00 34 00 30 00 45 00 46 00 2D 00 41 00 30 00 46 00 42 00 2D 00 34 00 42 00 46 00 43 00 2D 00 38 00 37 00 34 00 41 00 2D 00 43 00 30 00 46 00 32 00 45 00 30 00 42 00 39 00 46 00 41 00 38 00 45 00 7D 00 5C 00 53 00 54 00 45 00 41 00 4D 00 5C 00 53 00 54 00 45 00 41 00 4D 00 2E 00 45 00 58 00 45 00 C7 0A 3C DF C6 39 C5 14 01 C6 1E D0 F5 8A A9 BC DB 9D EA 01 00 34 57 00 7E 00 7B 00 46 00 33 00 38 00 42 00 46 00 34 00 30 00 34 00 2D 00 31 00 44 00 34 00 33 00 2D 00 34 00 32 00 46 00 32 00 2D 00 39 00 33 00 30 00 35 00 2D 00 36 00 37 00 44 00 45 00 30 00 42 00 32 00 38 00 46 00 43 00 32 00 33 00 7D 00 5C 00 5
    2 00 45 00 47 00 45 00 44 00 49 00 54 00 2E 00 45 00 58 00 45 00 C7 0A DD 53 10 3B C5 14 02 C6 1E 80 C6 92 80 EF DB 9D EA 01 00 00
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ListviewAlphaSelect: 0x00000001
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ListviewAlphaSelect: 0x00000000
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\MRUListEx:  17 00 00 00 16 00 00 00 15 00 00 00 0A 00 00 00 06 00 00 00 04 00 00 00 02 00 00 00 14 00 00 00 13 00 00 00 12 00 00 00 0D 00 00 00 11 00 00 00 0E 00 00 00 01 00 00 00 00 00 00 00 10 00 00 00 0F 00 00 00 03 00 00 00 0C 00 00 00 0B 00 00 00 07 00 00 00 05 00 00 00 09 00 00 00 08 00 00 00 FF FF FF FF
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\MRUListEx:  06 00 00 00 04 00 00 00 02 00 00 00 17 00 00 00 16 00 00 00 15 00 00 00 0A 00 00 00 14 00 00 00 13 00 00 00 12 00 00 00 0D 00 00 00 11 00 00 00 0E 00 00 00 01 00 00 00 00 00 00 00 10 00 00 00 0F 00 00 00 03 00 00 00 0C 00 00 00 0B 00 00 00 07 00 00 00 05 00 00 00 09 00 00 00 08 00 00 00 FF FF FF FF
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\0:  5F 00 46 00 4F 00 52 00 53 00 45 00 52 00 56 00 45 00 52 00 5F 00 42 00 43 00 44 00 45 00 44 00 49 00 54 00 2E 00 74 00 78 00 74 00 00 00 84 00 32 00 00 00 00 00 00 00 00 00 00 00 5F 46 4F 52 53 45 52 56 45 52 5F 42 43 44 45 44 49 54 2E 6C 6E 6B 00 00 5E 00 09 00 04 00 EF BE 00 00 00 00 00 00 00 00 2E 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 5F 00 46 00 4F 00 52 00 53 00 45 00 52 00 56 00 45 00 52 00 5F 00 42 00 43 00 44 00 45 00 44 00 49 00 54 00 2E 00 6C 00 6E 00 6B 00 00 00 26 00 00 00
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\0:  3A 00 3A 00 7B 00 37 00 34 00 32 00 34 00 36 00 42 00 46 00 43 00 2D 00 34 00 43 00 39 00 36 00 2D 00 31 00 31 00 44 00 30 00 2D 00 41 00 42 00 45 00 46 00 2D 00 30 00 30 00 32 00 30 00 41 00 46 00 36 00 42 00 30 00 42 00 37 00 41 00 7D 00 00 00 8A 00 36 00 00 00 00 00 00 00 00 00 00 00 47 00 65 00 72 00 E4 00 74 00 65 00 2D 00 4D 00 61 00 6E 00 61 00 67 00 65 00 72 00 2E 00 6C 00 6E 00 6B 00 00 00 56 00 09 00 04 00 EF BE 00 00 00 00 00 00 00 00 2E 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 47 00 65 00 72 00 E4 00 74 00 65 00 2D 00 4D 00 61 00 6E 00 61 00 67 00 65 00 72 00 2E 00 6C 00 6E 00 6B 00 00 00 34 00 00 00
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\Folder\MRUListEx:  08 00 00 00 07 00 00 00 01 00 00 00 05 00 00 00 00 00 00 00 06 00 00 00 04 00 00 00 02 00 00 00 03 00 00 00 FF FF FF FF
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\Folder\MRUListEx:  01 00 00 00 08 00 00 00 07 00 00 00 05 00 00 00 00 00 00 00 06 00 00 00 04 00 00 00 02 00 00 00 03 00 00 00 FF FF FF FF
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU\MRUList: "edcba"
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU\MRUList: "fedcba"
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\HRZR_PGYFRFFVBA:  00 00 00 00 5D 00 00 00 98 00 00 00 EF 92 2F 00 17 00 00 00 1C 00 00 00 DF 08 05 00 4D 00 69 00 63 00 72 00 6F 00 73 00 6F 00 66 00 74 00 2E 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00 2E 00 45 00 78 00 70 00 6C 00 6F 00 72 00 65 00 72 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 17 00 00 00 1C 00 00 00 DF 08 05 00 4D 00 69 00 63 00 72 00 6F 00 73 00 6F 00 66 00 74 00 2E 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00 2E 00 45 00 78 00 70 00 6C 00 6F 00 72 00 6
    5 00 72 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
     00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 17 00 00 00 1C 00 00 00 DF 08 05 00 4D 00 69 00 63 00 72 00 6F 00 73 00 6F 00 66 00 74 00 2E 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00 2E 00 45 00 78 00 70 00 6C 00 6F 00 72 00 65 00 72 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
    0 00 00 00
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\HRZR_PGYFRFFVBA:  00 00 00 00 60 00 00 00 A3 00 00 00 C6 6C 33 00 19 00 00 00 1E 00 00 00 05 8A 05 00 4D 00 69 00 63 00 72 00 6F 00 73 00 6F 00 66 00 74 00 2E 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00 2E 00 45 00 78 00 70 00 6C 00 6F 00 72 00 65 00 72 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 19 00 00 00 1E 00 00 00 05 8A 05 00 4D 00 69 00 63 00 72 00 6F 00 73 00 6F 00 66 00 74 00 2E 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00 2E 00 45 00 78 00 70 00 6C 00 6F 00 72 00 6
    5 00 72 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
     00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 19 00 00 00 1E 00 00 00 05 8A 05 00 4D 00 69 00 63 00 72 00 6F 00 73 00 6F 00 66 00 74 00 2E 00 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00 2E 00 45 00 78 00 70 00 6C 00 6F 00 72 00 65 00 72 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
    0 00 00 00
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\Zvpebfbsg.Jvaqbjf.Rkcybere:  00 00 00 00 17 00 00 00 1C 00 00 00 DF 08 05 00 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF FF FF FF FF B0 67 FA E5 DD 76 D4 01 00 00 00 00
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\Zvpebfbsg.Jvaqbjf.Rkcybere:  00 00 00 00 19 00 00 00 1E 00 00 00 05 8A 05 00 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF FF FF FF FF 10 1E B4 86 E0 76 D4 01 00 00 00 00
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\Zvpebfbsg.Jvaqbjf.Furyy.EhaQvnybt:  00 00 00 00 00 00 00 00 01 00 00 00 DA 2F 00 00 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF FF FF FF FF 00 00 00 00 00 00 00 00 00 00 00 00
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\Zvpebfbsg.Jvaqbjf.Furyy.EhaQvnybt:  00 00 00 00 00 00 00 00 02 00 00 00 C8 59 00 00 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF FF FF FF FF 00 00 00 00 00 00 00 00 00 00 00 00
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\Zvpebfbsg.Jvaqbjf.PbagebyCnary:  00 00 00 00 00 00 00 00 09 00 00 00 66 C8 01 00 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF FF FF FF FF 00 00 00 00 00 00 00 00 00 00 00 00
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\Zvpebfbsg.Jvaqbjf.PbagebyCnary:  00 00 00 00 00 00 00 00 09 00 00 00 55 D0 01 00 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF FF FF FF FF 00 00 00 00 00 00 00 00 00 00 00 00
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\Zvpebfbsg.NhgbTrarengrq.{8N7251Q4-463S-96S3-415N-2145Q245PN5N}:  00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF FF FF FF FF 10 6D B2 E6 DD 76 D4 01 00 00 00 00
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\Zvpebfbsg.NhgbTrarengrq.{8N7251Q4-463S-96S3-415N-2145Q245PN5N}:  00 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF FF FF FF FF F0 89 8F 87 E0 76 D4 01 00 00 00 00
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\Zvpebfbsg.NhgbTrarengrq.{NP63S5SQ-7R46-823Q-QS46-42P2866O34N7}:  00 00 00 00 00 00 00 00 02 00 00 00 A1 F6 01 00 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF FF FF FF FF 00 00 00 00 00 00 00 00 00 00 00 00
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\Zvpebfbsg.NhgbTrarengrq.{NP63S5SQ-7R46-823Q-QS46-42P2866O34N7}:  00 00 00 00 00 00 00 00 05 00 00 00 38 CB 02 00 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF FF FF FF FF 00 00 00 00 00 00 00 00 00 00 00 00
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\P:\Hfref\Nqzvavfgengbe\Qrfxgbc\Ertfubg-1.9.0\Ertfubg-k64-NAFV.rkr:  00 00 00 00 01 00 00 00 01 00 00 00 00 00 00 00 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF FF FF FF FF E0 11 84 DA DF 76 D4 01 00 00 00 00
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\P:\Hfref\Nqzvavfgengbe\Qrfxgbc\Ertfubg-1.9.0\Ertfubg-k64-NAFV.rkr:  00 00 00 00 01 00 00 00 05 00 00 00 F5 C6 01 00 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF FF FF FF FF E0 11 84 DA DF 76 D4 01 00 00 00 00
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\CursorShadow\DefaultApplied: 0x00000001
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\CursorShadow\DefaultApplied: 0x00000000
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\DropShadow\DefaultApplied: 0x00000001
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\DropShadow\DefaultApplied: 0x00000000
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\MenuAnimation\DefaultApplied: 0x00000001
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\MenuAnimation\DefaultApplied: 0x00000000
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\TaskbarAnimations\DefaultApplied: 0x00000001
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects\TaskbarAnimations\DefaultApplied: 0x00000000
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Microsoft\Windows\CurrentVersion\Search\InstalledWin32AppsRevision: "{EE4E1160-7542-4F69-8FDB-BEDBF66A7236}"
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Microsoft\Windows\CurrentVersion\Search\InstalledWin32AppsRevision: "{6144CD44-FF39-41A2-97B7-93F8B19C60CC}"
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Microsoft\Windows\CurrentVersion\Search\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppsConstraintIndex\LatestConstraintIndexFolder: "C:\Users\Administrator\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{348ffd9e-c1aa-446e-908f-9397fa77b72b}"
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Microsoft\Windows\CurrentVersion\Search\Microsoft.Windows.Cortana_cw5n1h2txyewy\AppsConstraintIndex\LatestConstraintIndexFolder: "C:\Users\Administrator\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{ed300f60-cb1b-45cd-b7a7-1fc1dea70f39}"
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Microsoft\Windows\Shell\Bags\1\Desktop\IconLayouts:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 00 01 00 01 00 01 00 08 00 00 00 00 00 00 00 29 00 00 00 00 00 00 00 3A 00 3A 00 7B 00 36 00 34 00 35 00 46 00 46 00 30 00 34 00 30 00 2D 00 35 00 30 00 38 00 31 00 2D 00 31 00 30 00 31 00 42 00 2D 00 39 00 46 00 30 00 38 00 2D 00 30 00 30 00 41 00 41 00 30 00 30 00 32 00 46 00 39 00 35 00 34 00 45 00 7D 00 00 00 17 00 00 00 00 00 00 00 47 00 65 00 46 00 6F 00 72 00 63 00 65 00 20 00 45 00 78 00 70 00 65 00 72 00 69 00 65 00 6E 00 63 00 65 00 2E 00 6C 00 6E 00 6B 00 00 00 17 00 00 00 00 00 00 00 54 00 65 00 61 00 6D 00 53 00 70 00 65 00 61 00 6B 00 20 00 33 00 20 00 43 00 6C 00 69 00 65 00 6E 00 74 00 2E 00 6C 00 6E 00 6B 00 00 00 18 00 00 00 00 00 00 00 53 00 69 00 64 00 65 00 62 00 61 00 72 00 20 00 44 00 69 00 61 00 67 00 6E 00 6F 00 73 00 74 00 69 00 63 00 73 00 2E 00 6C 00 6E 00 6B 00 00 00 0F 00 00 00 00 00 00 00 4C 00 
    61 00 74 00 65 00 6E 00 63 00 79 00 4D 00 6F 00 6E 00 2E 00 6C 00 6E 00 6B 00 00 00 1B 00 00 00 00 00 00 00 41 00 64 00 76 00 61 00 6E 00 63 00 65 00 64 00 20 00 53 00 79 00 73 00 74 00 65 00 6D 00 43 00 61 00 72 00 65 00 20 00 31 00 30 00 2E 00 6C 00 6E 00 6B 00 00 00 16 00 00 00 00 00 00 00 49 00 4F 00 62 00 69 00 74 00 20 00 55 00 6E 00 69 00 6E 00 73 00 74 00 61 00 6C 00 6C 00 65 00 72 00 2E 00 6C 00 6E 00 6B 00 00 00 0E 00 00 00 00 00 00 00 52 00 65 00 67 00 73 00 68 00 6F 00 74 00 2D 00 31 00 2E 00 39 00 2E 00 30 00 00 00 01 00 00 00 00 00 00 00 02 00 01 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 02 00 01 00 00 00 00 00 00 00 00 00 08 00 00 00 07 00 00 00 01 00 00 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 07 00 00 00 00 00 00 00 C0 40 06 00 00 00 00 00 00 00 A0 40 05 00 00 00 00 00 00 00 80 3F 01 00 00 00 00 00 00 00 00 40 02 00 00 00 00 00 00 00 40 40 03 00 00 00 00 00 00 00 80 40 04 00
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Microsoft\Windows\Shell\Bags\1\Desktop\IconLayouts:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 00 01 00 01 00 01 00 09 00 00 00 00 00 00 00 29 00 00 00 00 00 00 00 3A 00 3A 00 7B 00 36 00 34 00 35 00 46 00 46 00 30 00 34 00 30 00 2D 00 35 00 30 00 38 00 31 00 2D 00 31 00 30 00 31 00 42 00 2D 00 39 00 46 00 30 00 38 00 2D 00 30 00 30 00 41 00 41 00 30 00 30 00 32 00 46 00 39 00 35 00 34 00 45 00 7D 00 00 00 17 00 00 00 00 00 00 00 47 00 65 00 46 00 6F 00 72 00 63 00 65 00 20 00 45 00 78 00 70 00 65 00 72 00 69 00 65 00 6E 00 63 00 65 00 2E 00 6C 00 6E 00 6B 00 00 00 17 00 00 00 00 00 00 00 54 00 65 00 61 00 6D 00 53 00 70 00 65 00 61 00 6B 00 20 00 33 00 20 00 43 00 6C 00 69 00 65 00 6E 00 74 00 2E 00 6C 00 6E 00 6B 00 00 00 18 00 00 00 00 00 00 00 53 00 69 00 64 00 65 00 62 00 61 00 72 00 20 00 44 00 69 00 61 00 67 00 6E 00 6F 00 73 00 74 00 69 00 63 00 73 00 2E 00 6C 00 6E 00 6B 00 00 00 0F 00 00 00 00 00 00 00 4C 00 
    61 00 74 00 65 00 6E 00 63 00 79 00 4D 00 6F 00 6E 00 2E 00 6C 00 6E 00 6B 00 00 00 1B 00 00 00 00 00 00 00 41 00 64 00 76 00 61 00 6E 00 63 00 65 00 64 00 20 00 53 00 79 00 73 00 74 00 65 00 6D 00 43 00 61 00 72 00 65 00 20 00 31 00 30 00 2E 00 6C 00 6E 00 6B 00 00 00 16 00 00 00 00 00 00 00 49 00 4F 00 62 00 69 00 74 00 20 00 55 00 6E 00 69 00 6E 00 73 00 74 00 61 00 6C 00 6C 00 65 00 72 00 2E 00 6C 00 6E 00 6B 00 00 00 0D 00 00 00 00 00 00 00 4E 00 65 00 75 00 65 00 72 00 20 00 4F 00 72 00 64 00 6E 00 65 00 72 00 00 00 0E 00 00 00 00 00 00 00 52 00 65 00 67 00 73 00 68 00 6F 00 74 00 2D 00 31 00 2E 00 39 00 2E 00 30 00 00 00 02 00 00 00 00 00 00 00 02 00 01 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 02 00 01 00 00 00 00 00 00 00 00 00 08 00 00 00 07 00 00 00 01 00 00 00 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 08 00 00 00 00 00 00 00 C0 40 06 00 00 00 00 00 00 00 A0 40 05 00 00 00 00 00 00 00 80 3F 01 00 00 00 00 00 00 00 00 40 02 00 00 0
    0 00 00 00 00 40 40 03 00 00 00 00 00 00 00 80 40 04 00 00 00 80 3F 00 00 80 40 07 00 02 00 01 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 02 00 01 00 00 00 00 00 00 00 00 00 10 00 00 00 0A 00 00 00 01 00 00 00 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 08 00 00 00 00 00 00 00 C0 40 06 00 00 00 00 00 00 00 A0 40 05 00 00 00 00 00 00 00 80 3F 01 00 00 00 00 00 00 00 00 40 02 00 00 00 00 00 00 00 40 40 03 00 00 00 00 00 00 00 80 40 04 00 00 00 00 00 00 00 E0 40 07 00
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots:  02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots:  02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx:  04 00 00 00 03 00 00 00 02 00 00 00 01 00 00 00 00 00 00 00 FF FF FF FF
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx:  02 00 00 00 04 00 00 00 03 00 00 00 06 00 00 00 05 00 00 00 01 00 00 00 00 00 00 00 FF FF FF FF
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\WinPos1920x1080x96(1).left: 0x0000038C
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\WinPos1920x1080x96(1).left: 0x0000002B
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\WinPos1920x1080x96(1).top: 0x0000019B
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\WinPos1920x1080x96(1).top: 0x0000015B
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\WinPos1920x1080x96(1).right: 0x000006AC
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\WinPos1920x1080x96(1).right: 0x0000034B
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\WinPos1920x1080x96(1).bottom: 0x000003F3
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\WinPos1920x1080x96(1).bottom: 0x000003B3
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots:  02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots:  02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02 02
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx:  04 00 00 00 03 00 00 00 02 00 00 00 01 00 00 00 00 00 00 00 FF FF FF FF
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx:  02 00 00 00 04 00 00 00 03 00 00 00 06 00 00 00 05 00 00 00 01 00 00 00 00 00 00 00 FF FF FF FF
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\WinPos1920x1080x96(1).left: 0x0000038C
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\WinPos1920x1080x96(1).left: 0x0000002B
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\WinPos1920x1080x96(1).top: 0x0000019B
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\WinPos1920x1080x96(1).top: 0x0000015B
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\WinPos1920x1080x96(1).right: 0x000006AC
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\WinPos1920x1080x96(1).right: 0x0000034B
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\WinPos1920x1080x96(1).bottom: 0x000003F3
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\WinPos1920x1080x96(1).bottom: 0x000003B3

  6. #6
    SystemCare_Values_added.txt
    Code:
    ----------------------------------
    Values added: 338
    ----------------------------------
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPER1_0SERVER\iexplore.exe: 0x0000000A
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPERSERVER\iexplore.exe: 0x0000000A
    HKLM\SOFTWARE\Microsoft\PCHealth\ErrorReporting\DoReport: 0x00000000
    HKLM\SOFTWARE\Microsoft\PCHealth\ErrorReporting\ShowUI: 0x00000000
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Max Cached Icons: 0x000007D0
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\OptimalLayout\EnableAutoLayout: 0x00000000
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AeDebug\Auto: "0"
    HKLM\SOFTWARE\Policies\Microsoft\Windows\Psched\NonBestEffortLimit: 0x00000000
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions\NoUpdateCheck: 0x00000001
    HKLM\SOFTWARE\WOW6432Node\IObit\Advanced SystemCare\LastFix: "43411,932518287"
    HKLM\SOFTWARE\WOW6432Node\IObit\Advanced SystemCare\LastScan: "11/07/2018 22:22:49"
    HKLM\SOFTWARE\WOW6432Node\Microsoft\Dfrg\BootOptimizeFunction\Enable: "Y"
    HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPER1_0SERVER\iexplore.exe: 0x0000000A
    HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPERSERVER\iexplore.exe: 0x0000000A
    HKLM\SOFTWARE\WOW6432Node\Microsoft\PCHealth\ErrorReporting\DoReport: 0x00000000
    HKLM\SOFTWARE\WOW6432Node\Microsoft\PCHealth\ErrorReporting\ShowUI: 0x00000000
    HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Max Cached Icons: 0x000007D0
    HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\AeDebug\Auto: "0"
    HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\AutoRestartShell: 0x00000001
    HKLM\SOFTWARE\WOW6432Node\Policies\Microsoft\Windows\Psched\NonBestEffortLimit: 0x00000000
    HKLM\SOFTWARE\WOW6432Node\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions\NoUpdateCheck: 0x00000001
    HKLM\SYSTEM\ControlSet001\Control\Nsi\{eb004a03-9b1a-11d4-9123-0050047759bc}\0\0200:  01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1E 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FF 00 00 FF 00 FF FF 00 00 00 00 00 00 00 00 00 FF FF FF FF 00 00 00 00 00 00 00 00 00 FF 00 00 FF FF FF FF 00 00 00 00 00 00 00 00 00 00 00 00
    HKLM\SYSTEM\ControlSet001\Control\Nsi\{eb004a03-9b1a-11d4-9123-0050047759bc}\0\1700:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1E 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FF FF 00 00 00 00 00 00 00 00 00 FF FF FF FF 00 00 00 00 00 00 00 00 00 00 00 00 FF FF FF FF 00 00 00 00 00 00 00 00 00 00 00 00
    HKLM\SYSTEM\ControlSet001\Control\SecurePipeServers\winreg\remoteregaccess: 0x00000001
    HKLM\SYSTEM\ControlSet001\Control\Session Manager\PendingFileRenameOperations:  5C 3F 3F 5C 43 3A 5C 55 73 65 72 73 5C 41 64 6D 69 6E 69 73 74 72 61 74 6F 72 5C 41 70 70 44 61 74 61 5C 4C 6F 63 61 6C 5C 54 65 6D 70 5C 61 73 63 31 30 5F 73 74 61 72 74 75 70 42 6C 61 63 6B 2E 64 62 00 00 5C 3F 3F 5C 43 3A 5C 55 73 65 72 73 5C 41 64 6D 69 6E 69 73 74 72 61 74 6F 72 5C 41 70 70 44 61 74 61 5C 4C 6F 63 61 6C 5C 54 65 6D 70 5C 61 73 63 31 30 5F 73 74 61 72 74 75 70 57 68 69 74 65 2E 64 62 00 00 5C 3F 3F 5C 43 3A 5C 57 69 6E 64 6F 77 73 5C 44 65 62 75 67 5C 50 41 53 53 57 44 2E 4C 4F 47 00 00 5C 3F 3F 5C 43 3A 5C 57 69 6E 64 6F 77 73 5C 53 6F 66 74 77 61 72 65 44 69 73 74 72 69 62 75 74 69 6F 6E 5C 52 65 70 6F 72 74 69 6E 67 45 76 65 6E 74 73 2E 6C 6F 67 00 00 5C 3F 3F 5C 43 3A 5C 57 69 6E 64 6F 77 73 5C 4C 6F 67 73 5C 43 42 53 5C 43 42 53 2E 6C 6F 67 00 00 5C 3F 3F 5C 43 3A 5C 55 73 65 72 73 5C 41 64 6D 69 6E 69 73 74 72 61 74 6F 72 5C 41 70 70 44 61 74 61 5C 4C 6F 63 61 6C 5C 4D 69 63 72 6F
     73 6F 66 74 5C 57 69 6E 64 6F 77 73 5C 57 65 62 43 61 63 68 65 5C 56 30 31 2E 6C 6F 67 00 00 5C 3F 3F 5C 43 3A 5C 55 73 65 72 73 5C 41 64 6D 69 6E 69 73 74 72 61 74 6F 72 5C 41 70 70 44 61 74 61 5C 4C 6F 63 61 6C 5C 4D 69 63 72 6F 73 6F 66 74 5C 57 69 6E 64 6F 77 73 5C 45 78 70 6C 6F 72 65 72 5C 74 68 75 6D 62 63 61 63 68 65 5F 31 36 2E 64 62 00 00 5C 3F 3F 5C 43 3A 5C 55 73 65 72 73 5C 41 64 6D 69 6E 69 73 74 72 61 74 6F 72 5C 41 70 70 44 61 74 61 5C 4C 6F 63 61 6C 5C 4D 69 63 72 6F 73 6F 66 74 5C 57 69 6E 64 6F 77 73 5C 45 78 70 6C 6F 72 65 72 5C 74 68 75 6D 62 63 61 63 68 65 5F 32 35 36 2E 64 62 00 00 5C 3F 3F 5C 43 3A 5C 55 73 65 72 73 5C 41 64 6D 69 6E 69 73 74 72 61 74 6F 72 5C 41 70 70 44 61 74 61 5C 4C 6F 63 61 6C 5C 4D 69 63 72 6F 73 6F 66 74 5C 57 69 6E 64 6F 77 73 5C 45 78 70 6C 6F 72 65 72 5C 74 68 75 6D 62 63 61 63 68 65 5F 34 38 2E 64 62 00 00 5C 3F 3F 5C 43 3A 5C 55 73 65 72 73 5C 41 64 6D 69 6E 69 73 74 72 61 74 6F 72 5C 41 70 70 44 61 74 61 5C 4C 6F 63 61 6C 5C 4D 69 
    63 72 6F 73 6F 66 74 5C 57 69 6E 64 6F 77 73 5C 45 78 70 6C 6F 72 65 72 5C 74 68 75 6D 62 63 61 63 68 65 5F 69 64 78 2E 64 62 00 00 00
    HKLM\SYSTEM\ControlSet001\Control\Session Manager\Memory Management\IoPageLockLimit: 0x08000000
    HKLM\SYSTEM\ControlSet001\Services\bam\State\UserSettings\S-1-5-21-3036636556-1317084106-3327442082-500\\Device\HarddiskVolume5\Program Files (x86)\IObit\Advanced SystemCare\Suo11_InternetBooster.exe:  42 68 30 2A E0 76 D4 01 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00
    HKLM\SYSTEM\ControlSet001\Services\Dnscache\Parameters\negativesoacachetime: 0x00000000
    HKLM\SYSTEM\ControlSet001\Services\Dnscache\Parameters\netfailurecachetime: 0x00000000
    HKLM\SYSTEM\ControlSet001\Services\Dnscache\Parameters\maxcacheentryttllimit: 0x00002A30
    HKLM\SYSTEM\ControlSet001\Services\Dnscache\Parameters\maxcachettl: 0x00002A30
    HKLM\SYSTEM\ControlSet001\Services\Dnscache\Parameters\maxnegativecachettl: 0x00000000
    HKLM\SYSTEM\ControlSet001\Services\LanmanServer\Parameters\SizReqBuf: 0x00004000
    HKLM\SYSTEM\ControlSet001\Services\LanmanWorkstation\Parameters\MaxCmds: 0x0000001E
    HKLM\SYSTEM\ControlSet001\Services\LanmanWorkstation\Parameters\MaxThreads: 0x0000001E
    HKLM\SYSTEM\ControlSet001\Services\LanmanWorkstation\Parameters\MaxCollectionCount: 0x00000020
    HKLM\SYSTEM\ControlSet001\Services\SysMain\DelayedAutoStart: 0x00000001
    HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Tcp1323Opts: 0x00000001
    HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters\MaxUserPort: 0x0000FFFE
    HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters\TCPTimedWaitDelay: 0x0000001E
    HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters\MaxConnectionsPerServer: 0x00000000
    HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters\SackOpts: 0x00000001
    HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters\TcpMaxDupAcks: 0x00000002
    HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters\EnablePMTUDiscovery: 0x00000001
    HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters\EnablePMTUBHDetect: 0x00000000
    HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters\DefaultTTL: 0x00000040
    HKLM\SYSTEM\CurrentControlSet\Control\Nsi\{eb004a03-9b1a-11d4-9123-0050047759bc}\0\0200:  01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1E 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FF 00 00 FF 00 FF FF 00 00 00 00 00 00 00 00 00 FF FF FF FF 00 00 00 00 00 00 00 00 00 FF 00 00 FF FF FF FF 00 00 00 00 00 00 00 00 00 00 00 00
    HKLM\SYSTEM\CurrentControlSet\Control\Nsi\{eb004a03-9b1a-11d4-9123-0050047759bc}\0\1700:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1E 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FF FF 00 00 00 00 00 00 00 00 00 FF FF FF FF 00 00 00 00 00 00 00 00 00 00 00 00 FF FF FF FF 00 00 00 00 00 00 00 00 00 00 00 00
    HKLM\SYSTEM\CurrentControlSet\Control\SecurePipeServers\winreg\remoteregaccess: 0x00000001
    HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\PendingFileRenameOperations:  5C 3F 3F 5C 43 3A 5C 55 73 65 72 73 5C 41 64 6D 69 6E 69 73 74 72 61 74 6F 72 5C 41 70 70 44 61 74 61 5C 4C 6F 63 61 6C 5C 54 65 6D 70 5C 61 73 63 31 30 5F 73 74 61 72 74 75 70 42 6C 61 63 6B 2E 64 62 00 00 5C 3F 3F 5C 43 3A 5C 55 73 65 72 73 5C 41 64 6D 69 6E 69 73 74 72 61 74 6F 72 5C 41 70 70 44 61 74 61 5C 4C 6F 63 61 6C 5C 54 65 6D 70 5C 61 73 63 31 30 5F 73 74 61 72 74 75 70 57 68 69 74 65 2E 64 62 00 00 5C 3F 3F 5C 43 3A 5C 57 69 6E 64 6F 77 73 5C 44 65 62 75 67 5C 50 41 53 53 57 44 2E 4C 4F 47 00 00 5C 3F 3F 5C 43 3A 5C 57 69 6E 64 6F 77 73 5C 53 6F 66 74 77 61 72 65 44 69 73 74 72 69 62 75 74 69 6F 6E 5C 52 65 70 6F 72 74 69 6E 67 45 76 65 6E 74 73 2E 6C 6F 67 00 00 5C 3F 3F 5C 43 3A 5C 57 69 6E 64 6F 77 73 5C 4C 6F 67 73 5C 43 42 53 5C 43 42 53 2E 6C 6F 67 00 00 5C 3F 3F 5C 43 3A 5C 55 73 65 72 73 5C 41 64 6D 69 6E 69 73 74 72 61 74 6F 72 5C 41 70 70 44 61 74 61 5C 4C 6F 63 61 6C 5C 4D 69 63 7
    2 6F 73 6F 66 74 5C 57 69 6E 64 6F 77 73 5C 57 65 62 43 61 63 68 65 5C 56 30 31 2E 6C 6F 67 00 00 5C 3F 3F 5C 43 3A 5C 55 73 65 72 73 5C 41 64 6D 69 6E 69 73 74 72 61 74 6F 72 5C 41 70 70 44 61 74 61 5C 4C 6F 63 61 6C 5C 4D 69 63 72 6F 73 6F 66 74 5C 57 69 6E 64 6F 77 73 5C 45 78 70 6C 6F 72 65 72 5C 74 68 75 6D 62 63 61 63 68 65 5F 31 36 2E 64 62 00 00 5C 3F 3F 5C 43 3A 5C 55 73 65 72 73 5C 41 64 6D 69 6E 69 73 74 72 61 74 6F 72 5C 41 70 70 44 61 74 61 5C 4C 6F 63 61 6C 5C 4D 69 63 72 6F 73 6F 66 74 5C 57 69 6E 64 6F 77 73 5C 45 78 70 6C 6F 72 65 72 5C 74 68 75 6D 62 63 61 63 68 65 5F 32 35 36 2E 64 62 00 00 5C 3F 3F 5C 43 3A 5C 55 73 65 72 73 5C 41 64 6D 69 6E 69 73 74 72 61 74 6F 72 5C 41 70 70 44 61 74 61 5C 4C 6F 63 61 6C 5C 4D 69 63 72 6F 73 6F 66 74 5C 57 69 6E 64 6F 77 73 5C 45 78 70 6C 6F 72 65 72 5C 74 68 75 6D 62 63 61 63 68 65 5F 34 38 2E 64 62 00 00 5C 3F 3F 5C 43 3A 5C 55 73 65 72 73 5C 41 64 6D 69 6E 69 73 74 72 61 74 6F 72 5C 41 70 70 44 61 74 61 5C 4C 6F 63 61 6C 5C 4D
     69 63 72 6F 73 6F 66 74 5C 57 69 6E 64 6F 77 73 5C 45 78 70 6C 6F 72 65 72 5C 74 68 75 6D 62 63 61 63 68 65 5F 69 64 78 2E 64 62 00 00 00
    HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\IoPageLockLimit: 0x08000000
    HKLM\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-3036636556-1317084106-3327442082-500\\Device\HarddiskVolume5\Program Files (x86)\IObit\Advanced SystemCare\Suo11_InternetBooster.exe:  42 68 30 2A E0 76 D4 01 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00
    HKLM\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\negativesoacachetime: 0x00000000
    HKLM\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\netfailurecachetime: 0x00000000
    HKLM\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\maxcacheentryttllimit: 0x00002A30
    HKLM\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\maxcachettl: 0x00002A30
    HKLM\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\maxnegativecachettl: 0x00000000
    HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters\SizReqBuf: 0x00004000
    HKLM\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters\MaxCmds: 0x0000001E
    HKLM\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters\MaxThreads: 0x0000001E
    HKLM\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters\MaxCollectionCount: 0x00000020
    HKLM\SYSTEM\CurrentControlSet\Services\SysMain\DelayedAutoStart: 0x00000001
    HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Tcp1323Opts: 0x00000001
    HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\MaxUserPort: 0x0000FFFE
    HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\TCPTimedWaitDelay: 0x0000001E
    HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\MaxConnectionsPerServer: 0x00000000
    HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\SackOpts: 0x00000001
    HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\TcpMaxDupAcks: 0x00000002
    HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\EnablePMTUDiscovery: 0x00000001
    HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\EnablePMTUBHDetect: 0x00000000
    HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DefaultTTL: 0x00000040
    HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\MaxConnectionsPerServer: 0x0000000A
    HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\MaxConnectionsPer1_0Server: 0x0000000A
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Control Panel\Desktop\AutoEndTasks: "1"
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Control Panel\Desktop\HungAppTimeout: "4000"
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Control Panel\Desktop\WaitToKillAppTimeout: "5000"
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Microsoft\Internet Explorer\Main\NoUpdateCheck: 0x00000001
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Microsoft\Windows\CurrentVersion\Explorer\link:  00 00 00 00
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Microsoft\Windows\CurrentVersion\Explorer\DesktopProcess: 0x00000001
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Browse For Folder Width: 0x0000013E
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Browse For Folder Height: 0x0000015A
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\nonetcrawling: 0x00000001
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU\f: "%AppData%\1"
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\{7P5N40RS-N0SO-4OSP-874N-P0S2R0O9SN8R}\VBovg\Nqinaprq FlfgrzPner\Fhb11_VagreargObbfgre.rkr:  00 00 00 00 00 00 00 00 01 00 00 00 48 8B 00 00 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF 00 00 80 BF FF FF FF FF 00 00 00 00 00 00 00 00 00 00 00 00
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:0000000000020888\VirtualDesktop:  10 00 00 00 30 30 44 56 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:00000000000208F4\VirtualDesktop:  10 00 00 00 30 30 44 56 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:00000000000308AC\VirtualDesktop:  10 00 00 00 30 30 44 56 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:0000000000050876\VirtualDesktop:  10 00 00 00 30 30 44 56 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:0000000000050882\VirtualDesktop:  10 00 00 00 30 30 44 56 B8 A9 4E 6C FD 1B 83 4E B8 AF E0 BC 04 C3 2C 3D
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:0000000000050920\VirtualDesktop:  10 00 00 00 30 30 44 56 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:000000000006067C\VirtualDesktop:  10 00 00 00 30 30 44 56 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:0000000000060938\VirtualDesktop:  10 00 00 00 30 30 44 56 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:000000000007089A\VirtualDesktop:  10 00 00 00 30 30 44 56 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:00000000000708DC\VirtualDesktop:  10 00 00 00 30 30 44 56 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:0000000000080654\VirtualDesktop:  10 00 00 00 30 30 44 56 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:00000000000807E2\VirtualDesktop:  10 00 00 00 30 30 44 56 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:0000000000090872\VirtualDesktop:  10 00 00 00 30 30 44 56 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:00000000000A058E\VirtualDesktop:  10 00 00 00 30 30 44 56 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:00000000000A0874\VirtualDesktop:  10 00 00 00 30 30 44 56 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:00000000000A0884\VirtualDesktop:  10 00 00 00 30 30 44 56 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:00000000000A094C\VirtualDesktop:  10 00 00 00 30 30 44 56 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\MaxConnectionsPerServer: 0x0000000A
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\MaxConnectionsPer1_0Server: 0x0000000A
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSimpleNetIDList: 0x00000001
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun: 0x000000DD
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NolowDiskSpaceChecks: 0x00000001
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Microsoft\Windows\CurrentVersion\Search\JumplistData\Microsoft.Windows.ControlPanel:  D0 42 B4 86 E0 76 D4 01
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} {AC60F6A0-0FD9-11D0-99CB-00C04FD64497} 0xFFFF:  01 00 00 00 00 00 00 00 E3 B2 CD 55 E0 76 D4 01
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{7EFA68C6-086B-43E1-A2D2-55A113531240} {000214E9-0000-0000-C000-000000000046} 0xFFFF:  01 00 00 00 00 00 00 00 EA 17 EB 81 E0 76 D4 01
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{F81E9010-6EA4-11CE-A7FF-00AA003CA9F6} {000214E9-0000-0000-C000-000000000046} 0xFFFF:  01 00 00 00 00 00 00 00 2B 7A ED 81 E0 76 D4 01
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{1F2E5C40-9550-11CE-99D2-00AA006E086C} {000214E9-0000-0000-C000-000000000046} 0xFFFF:  01 00 00 00 00 00 00 00 2B 7A ED 81 E0 76 D4 01
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{4A7DED0A-AD25-11D0-98A8-0800361B1103} {000214E9-0000-0000-C000-000000000046} 0xFFFF:  01 00 00 00 00 00 00 00 2B 7A ED 81 E0 76 D4 01
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{596AB062-B4D2-4215-9F74-E9109B0A8153} {000214E9-0000-0000-C000-000000000046} 0xFFFF:  01 00 00 00 00 00 00 00 2B 7A ED 81 E0 76 D4 01
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6} {000214E9-0000-0000-C000-000000000046} 0xFFFF:  01 00 00 00 00 00 00 00 2B 7A ED 81 E0 76 D4 01
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{748F920F-FB24-4D09-B360-BAF6F199AD6D} {000214E9-0000-0000-C000-000000000046} 0xFFFF:  01 00 00 00 00 00 00 00 59 DC EF 81 E0 76 D4 01
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Microsoft\Windows\CurrentVersion\UFH\SHC\13:  43 3A 5C 50 72 6F 67 72 61 6D 44 61 74 61 5C 4D 69 63 72 6F 73 6F 66 74 5C 57 69 6E 64 6F 77 73 5C 53 74 61 72 74 20 4D 65 6E 75 5C 50 72 6F 67 72 61 6D 73 5C 41 64 76 61 6E 63 65 64 20 53 79 73 74 65 6D 43 61 72 65 5C 41 64 76 61 6E 63 65 64 20 53 79 73 74 65 6D 43 61 72 65 20 31 30 2E 6C 6E 6B 00 43 3A 5C 50 72 6F 67 72 61 6D 20 46 69 6C 65 73 20 28 78 38 36 29 5C 49 4F 62 69 74 5C 41 64 76 61 6E 63 65 64 20 53 79 73 74 65 6D 43 61 72 65 5C 41 53 43 2E 65 78 65 00 2F 6D 61 6E 75 61 6C 00 00
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Classes\Local Settings\MuiCache\15\67BDC06\@%SystemRoot%\System32\ndfapi.dll,-40001: "Windows-Netzwerkdiagnose"
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Classes\Local Settings\MuiCache\15\67BDC06\@C:\Windows\System32\msxml3r.dll,-1: "XML-Dokument"
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Classes\Local Settings\MuiCache\15\67BDC06\@%systemroot%\system32\rshx32.DLL,-59: "Berechtigungs-Editor für Dateien und Ordner"
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Classes\Local Settings\MuiCache\15\67BDC06\@AppWiz.cpl,-2001: "Programme und Features"
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Classes\Local Settings\MuiCache\15\67BDC06\@AutoPlay.dll,-1: "Automatische Wiedergabe"
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Classes\Local Settings\MuiCache\15\67BDC06\@ActionCenterCPL.dll,-1: "Sicherheit und Wartung"
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Classes\Local Settings\MuiCache\15\67BDC06\@HGCpl.dll,-1: "Heimnetzgruppe"
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Classes\Local Settings\MuiCache\15\67BDC06\@PowerCPL.dll,-1: "Energieoptionen"
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\5:  14 00 1F 44 47 1A 03 59 72 3F A7 44 89 C5 55 95 FE 6B 30 EE 00 00
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\6:  44 00 31 00 00 00 00 00 67 4D 32 AB 10 00 44 00 34 00 09 00 04 00 EF BE 67 4D 32 AB 67 4D 32 AB 2E 00 00 00 44 56 01 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 56 85 91 00 44 00 00 00 10 00 00 00
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\5\0:  82 00 74 00 1C 00 43 46 53 46 16 00 31 00 00 00 00 00 00 00 00 00 10 00 41 70 70 44 61 74 61 00 00 00 74 1A 59 5E 96 DF D3 48 8D 67 17 33 BC EE 28 BA C5 CD FA DF 9F 67 56 41 89 47 C5 C7 6B C0 B6 7F 40 00 09 00 04 00 EF BE 00 00 00 00 00 00 00 00 2E 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 41 00 70 00 70 00 44 00 61 00 74 00 61 00 00 00 42 00 00 00
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\5\MRUListEx:  00 00 00 00 FF FF FF FF
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\5\0\0:  56 00 31 00 00 00 00 00 67 4D 4B AA 10 00 52 6F 61 6D 69 6E 67 00 40 00 09 00 04 00 EF BE 67 4D 8C A2 67 4D 4B AA 2E 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2C C3 16 01 52 00 6F 00 61 00 6D 00 69 00 6E 00 67 00 00 00 16 00 00 00
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\5\0\MRUListEx:  01 00 00 00 00 00 00 00 FF FF FF FF
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\5\0\NodeSlot: 0x00000054
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\5\0\1:  50 00 31 00 00 00 00 00 67 4D D4 AA 10 00 4C 6F 63 61 6C 00 3C 00 09 00 04 00 EF BE 67 4D 8C A2 67 4D D4 AA 2E 00 00 00 73 59 01 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 37 06 10 00 4C 00 6F 00 63 00 61 00 6C 00 00 00 14 00 00 00
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\5\0\0\NodeSlot: 0x00000053
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\5\0\0\MRUListEx:  FF FF FF FF
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\5\0\1\NodeSlot: 0x00000055
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\5\0\1\MRUListEx:  00 00 00 00 FF FF FF FF
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\5\0\1\0:  4E 00 31 00 00 00 00 00 67 4D D4 AA 10 00 54 65 6D 70 00 00 3A 00 09 00 04 00 EF BE 67 4D 8C A2 67 4D D4 AA 2E 00 00 00 74 59 01 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 79 68 12 00 54 00 65 00 6D 00 70 00 00 00 14 00 00 00
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\5\0\1\0\NodeSlot: 0x00000056
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\5\0\1\0\MRUListEx:  00 00 00 00 FF FF FF FF
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\5\0\1\0\0:  4E 00 31 00 00 00 00 00 67 4D 63 AA 10 00 54 65 6D 70 00 00 3A 00 09 00 04 00 EF BE 67 4D 63 AA 67 4D 63 AA 2E 00 00 00 EF A9 01 00 00 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 9A 40 1C 01 54 00 65 00 6D 00 70 00 00 00 14 00 00 00
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\5\0\1\0\0\NodeSlot: 0x00000057
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\5\0\1\0\0\MRUListEx:  FF FF FF FF
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\6\NodeSlot: 0x00000058
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\6\MRUListEx:  FF FF FF FF
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\83\Shell\KnownFolderDerivedFolderType: "{57807898-8C4F-4462-BB63-71042380B109}"
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\83\Shell\SniffedFolderType: "Documents"
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\83\Shell\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Rev: 0x00000000
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\83\Shell\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags: 0x41200011
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\83\Shell\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Vid: "{137E7700-3573-11CF-AE69-08002B2E1262}"
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\83\Shell\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Mode: 0x00000004
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\83\Shell\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\LogicalViewMode: 0x00000001
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\83\Shell\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\IconSize: 0x00000010
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\83\Shell\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Sort:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 30 F1 25 B7 EF 47 1A 10 A5 F1 02 60 8C 9E EB AC 0A 00 00 00 01 00 00 00
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\83\Shell\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\ColInfo:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FD DF DF FD 10 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00 18 00 00 00 30 F1 25 B7 EF 47 1A 10 A5 F1 02 60 8C 9E EB AC 0A 00 00 00 10 01 00 00 30 F1 25 B7 EF 47 1A 10 A5 F1 02 60 8C 9E EB AC 0E 00 00 00 78 00 00 00 30 F1 25 B7 EF 47 1A 10 A5 F1 02 60 8C 9E EB AC 04 00 00 00 78 00 00 00 30 F1 25 B7 EF 47 1A 10 A5 F1 02 60 8C 9E EB AC 0C 00 00 00 50 00 00 00
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\83\Shell\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupView: 0x00000000
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\83\Shell\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:FMTID: "{00000000-0000-0000-0000-000000000000}"
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\83\Shell\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:PID: 0x00000000
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\83\Shell\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByDirection: 0x00000001
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\84\Shell\KnownFolderDerivedFolderType: "{57807898-8C4F-4462-BB63-71042380B109}"
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\84\Shell\SniffedFolderType: "Documents"
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\84\Shell\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Rev: 0x00000000
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\84\Shell\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags: 0x41200001
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\84\Shell\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Vid: "{137E7700-3573-11CF-AE69-08002B2E1262}"
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\84\Shell\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Mode: 0x00000004
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\84\Shell\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\LogicalViewMode: 0x00000001
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\84\Shell\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\IconSize: 0x00000010
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\84\Shell\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Sort:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 30 F1 25 B7 EF 47 1A 10 A5 F1 02 60 8C 9E EB AC 0A 00 00 00 01 00 00 00
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\84\Shell\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\ColInfo:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FD DF DF FD 10 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00 18 00 00 00 30 F1 25 B7 EF 47 1A 10 A5 F1 02 60 8C 9E EB AC 0A 00 00 00 10 01 00 00 30 F1 25 B7 EF 47 1A 10 A5 F1 02 60 8C 9E EB AC 0E 00 00 00 78 00 00 00 30 F1 25 B7 EF 47 1A 10 A5 F1 02 60 8C 9E EB AC 04 00 00 00 78 00 00 00 30 F1 25 B7 EF 47 1A 10 A5 F1 02 60 8C 9E EB AC 0C 00 00 00 50 00 00 00
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\84\Shell\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupView: 0x00000000
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\84\Shell\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:FMTID: "{00000000-0000-0000-0000-000000000000}"
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\84\Shell\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:PID: 0x00000000
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\84\Shell\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByDirection: 0x00000001
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\85\Shell\KnownFolderDerivedFolderType: "{57807898-8C4F-4462-BB63-71042380B109}"
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\85\Shell\SniffedFolderType: "Documents"
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\85\Shell\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Rev: 0x00000000
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\85\Shell\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags: 0x41200001
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\85\Shell\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Vid: "{137E7700-3573-11CF-AE69-08002B2E1262}"
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\85\Shell\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Mode: 0x00000004
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\85\Shell\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\LogicalViewMode: 0x00000001
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\85\Shell\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\IconSize: 0x00000010
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\85\Shell\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Sort:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 30 F1 25 B7 EF 47 1A 10 A5 F1 02 60 8C 9E EB AC 0A 00 00 00 01 00 00 00
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\85\Shell\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\ColInfo:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FD DF DF FD 10 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00 18 00 00 00 30 F1 25 B7 EF 47 1A 10 A5 F1 02 60 8C 9E EB AC 0A 00 00 00 10 01 00 00 30 F1 25 B7 EF 47 1A 10 A5 F1 02 60 8C 9E EB AC 0E 00 00 00 78 00 00 00 30 F1 25 B7 EF 47 1A 10 A5 F1 02 60 8C 9E EB AC 04 00 00 00 78 00 00 00 30 F1 25 B7 EF 47 1A 10 A5 F1 02 60 8C 9E EB AC 0C 00 00 00 50 00 00 00
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\85\Shell\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupView: 0x00000000
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\85\Shell\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:FMTID: "{00000000-0000-0000-0000-000000000000}"
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\85\Shell\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:PID: 0x00000000
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\85\Shell\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByDirection: 0x00000001
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\86\Shell\KnownFolderDerivedFolderType: "{57807898-8C4F-4462-BB63-71042380B109}"
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\86\Shell\SniffedFolderType: "Documents"
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\86\Shell\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Rev: 0x00000000
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\86\Shell\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags: 0x41200001
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\86\Shell\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Vid: "{137E7700-3573-11CF-AE69-08002B2E1262}"
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\86\Shell\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Mode: 0x00000004
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\86\Shell\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\LogicalViewMode: 0x00000001
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\86\Shell\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\IconSize: 0x00000010
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\86\Shell\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Sort:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 30 F1 25 B7 EF 47 1A 10 A5 F1 02 60 8C 9E EB AC 0E 00 00 00 01 00 00 00
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\86\Shell\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\ColInfo:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FD DF DF FD 10 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00 18 00 00 00 30 F1 25 B7 EF 47 1A 10 A5 F1 02 60 8C 9E EB AC 0A 00 00 00 10 01 00 00 30 F1 25 B7 EF 47 1A 10 A5 F1 02 60 8C 9E EB AC 0E 00 00 00 78 00 00 00 30 F1 25 B7 EF 47 1A 10 A5 F1 02 60 8C 9E EB AC 04 00 00 00 78 00 00 00 30 F1 25 B7 EF 47 1A 10 A5 F1 02 60 8C 9E EB AC 0C 00 00 00 50 00 00 00
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\86\Shell\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupView: 0x00000000
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\86\Shell\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:FMTID: "{00000000-0000-0000-0000-000000000000}"
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\86\Shell\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:PID: 0x00000000
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\86\Shell\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByDirection: 0x00000001
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\87\Shell\KnownFolderDerivedFolderType: "{57807898-8C4F-4462-BB63-71042380B109}"
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\87\Shell\SniffedFolderType: "Generic"
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\87\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Rev: 0x00000000
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\87\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags: 0x41200001
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\87\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Vid: "{137E7700-3573-11CF-AE69-08002B2E1262}"
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\87\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode: 0x00000004
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\87\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode: 0x00000001
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\87\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize: 0x00000010
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\87\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 30 F1 25 B7 EF 47 1A 10 A5 F1 02 60 8C 9E EB AC 0A 00 00 00 01 00 00 00
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\87\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FD DF DF FD 10 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00 18 00 00 00 30 F1 25 B7 EF 47 1A 10 A5 F1 02 60 8C 9E EB AC 0A 00 00 00 10 01 00 00 30 F1 25 B7 EF 47 1A 10 A5 F1 02 60 8C 9E EB AC 0E 00 00 00 78 00 00 00 30 F1 25 B7 EF 47 1A 10 A5 F1 02 60 8C 9E EB AC 04 00 00 00 78 00 00 00 30 F1 25 B7 EF 47 1A 10 A5 F1 02 60 8C 9E EB AC 0C 00 00 00 50 00 00 00
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\87\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView: 0x00000000
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\87\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID: "{00000000-0000-0000-0000-000000000000}"
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\87\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID: 0x00000000
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\87\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection: 0x00000001
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\88\Shell\KnownFolderDerivedFolderType: "{57807898-8C4F-4462-BB63-71042380B109}"
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\88\Shell\SniffedFolderType: "Generic"
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\88\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode: 0x00000004
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\88\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode: 0x00000001
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\88\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags: 0x41200011
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\88\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize: 0x00000010
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\88\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 30 F1 25 B7 EF 47 1A 10 A5 F1 02 60 8C 9E EB AC 0A 00 00 00 01 00 00 00
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\88\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FD DF DF FD 10 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00 18 00 00 00 30 F1 25 B7 EF 47 1A 10 A5 F1 02 60 8C 9E EB AC 0A 00 00 00 10 01 00 00 30 F1 25 B7 EF 47 1A 10 A5 F1 02 60 8C 9E EB AC 0E 00 00 00 78 00 00 00 30 F1 25 B7 EF 47 1A 10 A5 F1 02 60 8C 9E EB AC 04 00 00 00 78 00 00 00 30 F1 25 B7 EF 47 1A 10 A5 F1 02 60 8C 9E EB AC 0C 00 00 00 50 00 00 00
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\88\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView: 0x00000000
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\88\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID: "{00000000-0000-0000-0000-000000000000}"
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\88\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID: 0x00000000
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\88\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection: 0x00000001
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500_Classes\Local Settings\MuiCache\15\67BDC06\@%SystemRoot%\System32\ndfapi.dll,-40001: "Windows-Netzwerkdiagnose"
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500_Classes\Local Settings\MuiCache\15\67BDC06\@C:\Windows\System32\msxml3r.dll,-1: "XML-Dokument"
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500_Classes\Local Settings\MuiCache\15\67BDC06\@%systemroot%\system32\rshx32.DLL,-59: "Berechtigungs-Editor für Dateien und Ordner"
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500_Classes\Local Settings\MuiCache\15\67BDC06\@AppWiz.cpl,-2001: "Programme und Features"
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500_Classes\Local Settings\MuiCache\15\67BDC06\@AutoPlay.dll,-1: "Automatische Wiedergabe"
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500_Classes\Local Settings\MuiCache\15\67BDC06\@ActionCenterCPL.dll,-1: "Sicherheit und Wartung"
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500_Classes\Local Settings\MuiCache\15\67BDC06\@HGCpl.dll,-1: "Heimnetzgruppe"
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500_Classes\Local Settings\MuiCache\15\67BDC06\@PowerCPL.dll,-1: "Energieoptionen"
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\5:  14 00 1F 44 47 1A 03 59 72 3F A7 44 89 C5 55 95 FE 6B 30 EE 00 00
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\6:  44 00 31 00 00 00 00 00 67 4D 32 AB 10 00 44 00 34 00 09 00 04 00 EF BE 67 4D 32 AB 67 4D 32 AB 2E 00 00 00 44 56 01 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 56 85 91 00 44 00 00 00 10 00 00 00
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\5\0:  82 00 74 00 1C 00 43 46 53 46 16 00 31 00 00 00 00 00 00 00 00 00 10 00 41 70 70 44 61 74 61 00 00 00 74 1A 59 5E 96 DF D3 48 8D 67 17 33 BC EE 28 BA C5 CD FA DF 9F 67 56 41 89 47 C5 C7 6B C0 B6 7F 40 00 09 00 04 00 EF BE 00 00 00 00 00 00 00 00 2E 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 41 00 70 00 70 00 44 00 61 00 74 00 61 00 00 00 42 00 00 00
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\5\MRUListEx:  00 00 00 00 FF FF FF FF
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\5\0\0:  56 00 31 00 00 00 00 00 67 4D 4B AA 10 00 52 6F 61 6D 69 6E 67 00 40 00 09 00 04 00 EF BE 67 4D 8C A2 67 4D 4B AA 2E 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2C C3 16 01 52 00 6F 00 61 00 6D 00 69 00 6E 00 67 00 00 00 16 00 00 00
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\5\0\MRUListEx:  01 00 00 00 00 00 00 00 FF FF FF FF
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\5\0\NodeSlot: 0x00000054
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\5\0\1:  50 00 31 00 00 00 00 00 67 4D D4 AA 10 00 4C 6F 63 61 6C 00 3C 00 09 00 04 00 EF BE 67 4D 8C A2 67 4D D4 AA 2E 00 00 00 73 59 01 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 37 06 10 00 4C 00 6F 00 63 00 61 00 6C 00 00 00 14 00 00 00
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\5\0\0\NodeSlot: 0x00000053
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\5\0\0\MRUListEx:  FF FF FF FF
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\5\0\1\NodeSlot: 0x00000055
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\5\0\1\MRUListEx:  00 00 00 00 FF FF FF FF
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\5\0\1\0:  4E 00 31 00 00 00 00 00 67 4D D4 AA 10 00 54 65 6D 70 00 00 3A 00 09 00 04 00 EF BE 67 4D 8C A2 67 4D D4 AA 2E 00 00 00 74 59 01 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 79 68 12 00 54 00 65 00 6D 00 70 00 00 00 14 00 00 00
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\5\0\1\0\NodeSlot: 0x00000056
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\5\0\1\0\MRUListEx:  00 00 00 00 FF FF FF FF
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\5\0\1\0\0:  4E 00 31 00 00 00 00 00 67 4D 63 AA 10 00 54 65 6D 70 00 00 3A 00 09 00 04 00 EF BE 67 4D 63 AA 67 4D 63 AA 2E 00 00 00 EF A9 01 00 00 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 9A 40 1C 01 54 00 65 00 6D 00 70 00 00 00 14 00 00 00
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\5\0\1\0\0\NodeSlot: 0x00000057
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\5\0\1\0\0\MRUListEx:  FF FF FF FF
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\6\NodeSlot: 0x00000058
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\6\MRUListEx:  FF FF FF FF
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\83\Shell\KnownFolderDerivedFolderType: "{57807898-8C4F-4462-BB63-71042380B109}"
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\83\Shell\SniffedFolderType: "Documents"
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\83\Shell\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Rev: 0x00000000
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\83\Shell\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags: 0x41200011
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\83\Shell\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Vid: "{137E7700-3573-11CF-AE69-08002B2E1262}"
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\83\Shell\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Mode: 0x00000004
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\83\Shell\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\LogicalViewMode: 0x00000001
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\83\Shell\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\IconSize: 0x00000010
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\83\Shell\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Sort:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 30 F1 25 B7 EF 47 1A 10 A5 F1 02 60 8C 9E EB AC 0A 00 00 00 01 00 00 00
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\83\Shell\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\ColInfo:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FD DF DF FD 10 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00 18 00 00 00 30 F1 25 B7 EF 47 1A 10 A5 F1 02 60 8C 9E EB AC 0A 00 00 00 10 01 00 00 30 F1 25 B7 EF 47 1A 10 A5 F1 02 60 8C 9E EB AC 0E 00 00 00 78 00 00 00 30 F1 25 B7 EF 47 1A 10 A5 F1 02 60 8C 9E EB AC 04 00 00 00 78 00 00 00 30 F1 25 B7 EF 47 1A 10 A5 F1 02 60 8C 9E EB AC 0C 00 00 00 50 00 00 00
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\83\Shell\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupView: 0x00000000
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\83\Shell\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:FMTID: "{00000000-0000-0000-0000-000000000000}"
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\83\Shell\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:PID: 0x00000000
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\83\Shell\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByDirection: 0x00000001
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\84\Shell\KnownFolderDerivedFolderType: "{57807898-8C4F-4462-BB63-71042380B109}"
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\84\Shell\SniffedFolderType: "Documents"
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\84\Shell\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Rev: 0x00000000
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\84\Shell\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags: 0x41200001
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\84\Shell\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Vid: "{137E7700-3573-11CF-AE69-08002B2E1262}"
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\84\Shell\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Mode: 0x00000004
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\84\Shell\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\LogicalViewMode: 0x00000001
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\84\Shell\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\IconSize: 0x00000010
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\84\Shell\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Sort:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 30 F1 25 B7 EF 47 1A 10 A5 F1 02 60 8C 9E EB AC 0A 00 00 00 01 00 00 00
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\84\Shell\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\ColInfo:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FD DF DF FD 10 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00 18 00 00 00 30 F1 25 B7 EF 47 1A 10 A5 F1 02 60 8C 9E EB AC 0A 00 00 00 10 01 00 00 30 F1 25 B7 EF 47 1A 10 A5 F1 02 60 8C 9E EB AC 0E 00 00 00 78 00 00 00 30 F1 25 B7 EF 47 1A 10 A5 F1 02 60 8C 9E EB AC 04 00 00 00 78 00 00 00 30 F1 25 B7 EF 47 1A 10 A5 F1 02 60 8C 9E EB AC 0C 00 00 00 50 00 00 00
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\84\Shell\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupView: 0x00000000
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\84\Shell\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:FMTID: "{00000000-0000-0000-0000-000000000000}"
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\84\Shell\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:PID: 0x00000000
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\84\Shell\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByDirection: 0x00000001
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\85\Shell\KnownFolderDerivedFolderType: "{57807898-8C4F-4462-BB63-71042380B109}"
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\85\Shell\SniffedFolderType: "Documents"
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\85\Shell\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Rev: 0x00000000
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\85\Shell\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags: 0x41200001
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\85\Shell\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Vid: "{137E7700-3573-11CF-AE69-08002B2E1262}"
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\85\Shell\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Mode: 0x00000004
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\85\Shell\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\LogicalViewMode: 0x00000001
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\85\Shell\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\IconSize: 0x00000010
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\85\Shell\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Sort:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 30 F1 25 B7 EF 47 1A 10 A5 F1 02 60 8C 9E EB AC 0A 00 00 00 01 00 00 00
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\85\Shell\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\ColInfo:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FD DF DF FD 10 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00 18 00 00 00 30 F1 25 B7 EF 47 1A 10 A5 F1 02 60 8C 9E EB AC 0A 00 00 00 10 01 00 00 30 F1 25 B7 EF 47 1A 10 A5 F1 02 60 8C 9E EB AC 0E 00 00 00 78 00 00 00 30 F1 25 B7 EF 47 1A 10 A5 F1 02 60 8C 9E EB AC 04 00 00 00 78 00 00 00 30 F1 25 B7 EF 47 1A 10 A5 F1 02 60 8C 9E EB AC 0C 00 00 00 50 00 00 00
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\85\Shell\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupView: 0x00000000
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\85\Shell\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:FMTID: "{00000000-0000-0000-0000-000000000000}"
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\85\Shell\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:PID: 0x00000000
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\85\Shell\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByDirection: 0x00000001
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\86\Shell\KnownFolderDerivedFolderType: "{57807898-8C4F-4462-BB63-71042380B109}"
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\86\Shell\SniffedFolderType: "Documents"
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\86\Shell\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Rev: 0x00000000
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\86\Shell\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags: 0x41200001
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\86\Shell\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Vid: "{137E7700-3573-11CF-AE69-08002B2E1262}"
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\86\Shell\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Mode: 0x00000004
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\86\Shell\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\LogicalViewMode: 0x00000001
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\86\Shell\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\IconSize: 0x00000010
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\86\Shell\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Sort:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 30 F1 25 B7 EF 47 1A 10 A5 F1 02 60 8C 9E EB AC 0E 00 00 00 01 00 00 00
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\86\Shell\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\ColInfo:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FD DF DF FD 10 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00 18 00 00 00 30 F1 25 B7 EF 47 1A 10 A5 F1 02 60 8C 9E EB AC 0A 00 00 00 10 01 00 00 30 F1 25 B7 EF 47 1A 10 A5 F1 02 60 8C 9E EB AC 0E 00 00 00 78 00 00 00 30 F1 25 B7 EF 47 1A 10 A5 F1 02 60 8C 9E EB AC 04 00 00 00 78 00 00 00 30 F1 25 B7 EF 47 1A 10 A5 F1 02 60 8C 9E EB AC 0C 00 00 00 50 00 00 00
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\86\Shell\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupView: 0x00000000
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\86\Shell\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:FMTID: "{00000000-0000-0000-0000-000000000000}"
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\86\Shell\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:PID: 0x00000000
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\86\Shell\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByDirection: 0x00000001
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\87\Shell\KnownFolderDerivedFolderType: "{57807898-8C4F-4462-BB63-71042380B109}"
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\87\Shell\SniffedFolderType: "Generic"
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\87\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Rev: 0x00000000
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\87\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags: 0x41200001
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\87\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Vid: "{137E7700-3573-11CF-AE69-08002B2E1262}"
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\87\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode: 0x00000004
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\87\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode: 0x00000001
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\87\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize: 0x00000010
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\87\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 30 F1 25 B7 EF 47 1A 10 A5 F1 02 60 8C 9E EB AC 0A 00 00 00 01 00 00 00
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\87\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FD DF DF FD 10 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00 18 00 00 00 30 F1 25 B7 EF 47 1A 10 A5 F1 02 60 8C 9E EB AC 0A 00 00 00 10 01 00 00 30 F1 25 B7 EF 47 1A 10 A5 F1 02 60 8C 9E EB AC 0E 00 00 00 78 00 00 00 30 F1 25 B7 EF 47 1A 10 A5 F1 02 60 8C 9E EB AC 04 00 00 00 78 00 00 00 30 F1 25 B7 EF 47 1A 10 A5 F1 02 60 8C 9E EB AC 0C 00 00 00 50 00 00 00
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\87\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView: 0x00000000
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\87\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID: "{00000000-0000-0000-0000-000000000000}"
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\87\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID: 0x00000000
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\87\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection: 0x00000001
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\88\Shell\KnownFolderDerivedFolderType: "{57807898-8C4F-4462-BB63-71042380B109}"
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\88\Shell\SniffedFolderType: "Generic"
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\88\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode: 0x00000004
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\88\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode: 0x00000001
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\88\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags: 0x41200011
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\88\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize: 0x00000010
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\88\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 30 F1 25 B7 EF 47 1A 10 A5 F1 02 60 8C 9E EB AC 0A 00 00 00 01 00 00 00
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\88\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo:  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FD DF DF FD 10 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00 18 00 00 00 30 F1 25 B7 EF 47 1A 10 A5 F1 02 60 8C 9E EB AC 0A 00 00 00 10 01 00 00 30 F1 25 B7 EF 47 1A 10 A5 F1 02 60 8C 9E EB AC 0E 00 00 00 78 00 00 00 30 F1 25 B7 EF 47 1A 10 A5 F1 02 60 8C 9E EB AC 04 00 00 00 78 00 00 00 30 F1 25 B7 EF 47 1A 10 A5 F1 02 60 8C 9E EB AC 0C 00 00 00 50 00 00 00
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\88\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView: 0x00000000
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\88\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID: "{00000000-0000-0000-0000-000000000000}"
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\88\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID: 0x00000000
    HKU\S-1-5-21-3036636556-1317084106-3327442082-500_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\88\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection: 0x00000001
    HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\MaxConnectionsPerServer: 0x0000000A
    HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\MaxConnectionsPer1_0Server: 0x0000000A
    Greetings
    St1cky

Similar Threads

  1. I'm still confused with some tweaking values. Please help !
    By ttn328 in forum Broadband Tweaks Help
    Replies: 17
    Last Post: 08-05-10, 08:59 PM
  2. Help with Tweaking Values
    By Marx226 in forum Broadband Tweaks Help
    Replies: 1
    Last Post: 01-10-07, 09:05 PM
  3. RWIN for Win98SE Cable 7mbs and registry values needed
    By JMedley1 in forum General Broadband Forum
    Replies: 8
    Last Post: 10-22-05, 09:34 AM
  4. Registry values
    By SAC1 in forum Broadband Tweaks Help
    Replies: 13
    Last Post: 07-04-01, 12:11 PM
  5. DSL Tweaks, Can't Find Registry Values
    By TonyMan in forum General Broadband Forum
    Replies: 5
    Last Post: 01-06-01, 12:37 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •