Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help

User Tag List

Chromium Virus

This is a discussion on Chromium Virus within the Virus/Trojan/Spyware Help forums, part of the Tech Support Forum category. Cannot open Chrome In addition, every time I try to uninstall chromium, i can't even find the program in my


Like Tree2Likes
Closed Thread
 
Thread Tools Search this Thread
Old 01-03-2020, 11:26 PM   #1
Registered Member
 
Join Date: Jul 2009
Posts: 33
OS: Windows 7



Cannot open Chrome

In addition, every time I try to uninstall chromium, i can't even find the program in my add/remove programs tool.

Really frustrating.

In addition, I don't know why but it won't allow me to upload the addition for some reason.
Attached Files
File Type: txt FRST.txt (50.5 KB, 17 views)
aiemgahd is offline  
Sponsored Links
Advertisement
 
Old 01-04-2020, 12:34 PM   #2
Security Team
Moderator
 
Join Date: Jan 2011
Location: Bulgaria
Posts: 152
OS: win 10 Pro 1903



Hi , aiemgahd..!


Revo Uninstaller

Download Revo Uninstaller Portable and save it to your desktop.
  • Right-click RevoUninstaller_Portable.zip and select Extract All.
  • When prompted, select Browse and select Desktop to extract the files to your desktop.
  • Right-click RevoUPort.exe and select Run as Administrator.
  • Read and accept the End User License Agreement.
  • Right-click the following program and select Uninstall:
Quote:
Chromium
  • Revo Uninstaller will create a System Restore point. Once complete, the program's uninstaller will open.
  • Follow the prompts to uninstall the program.
    Note: Do not restart the computer if prompted.
  • In the Scanning Modes dialog box, select Advanced > Scan.
  • On the Found leftover registry entries dialog box (if present) click Select All > Delete > Yes.
  • On the Found leftover files and folders dialog box (if present) click Select All > Delete > Yes.
  • Click OK if prompted, then Finish.


---------------------------------------------------
ESET Online Scanner

Download ESET Online Scanner and save it to your desktop.
  • Right-click on esetonlinescanner_enu.exe and select Run as Administrator.
  • When the tool opens, click Get Started.
  • Read and accept the license agreement.
  • At the Welcome to ESET Online Scanner window, click Get Started.
  • Select whether you would like to send anonymous data to ESET.
  • Note: if you see the "Welcome Back to ESET Online Scanner" screen, click Computer Scan > Full Scan.
  • Click on the Full Scan option.
  • Select Enable ESET to detect and remove potentially unwanted applications, then click Start scan.
  • ESET will now begin scanning your computer. This may take some time.
  • When the scan is finished and if threats have been detected, select Save scan log. Save it to your desktop as eset.txt. Click on Continue.
  • ESET Online Scanner may ask if you'd like to turn on the Periodic Scan feature. Click on Continue.
  • On the next screen, you can leave feedback about the program if you wish. Check the box for Delete application data on closing. If you left feedback, click Submit and continue. If not, Close without feedback.
  • Open the scan log on your desktop (eset.txt) and copy and paste its contents into your next reply.
---------------------------------------------------
Re-scan with FRST
  • Double-click FRST64.exe to run it.
  • Press the Scan button.
  • When finished, it will produce logs called FRST.txt and Addition.txt in the same directory the tool was run from.
  • Please copy and paste the logs in your next reply.
---------------------------------------------------

In your next reply, please include:
  • eset.txt
  • FRST.txt
  • Addition.txt
icotonev is offline  
Old 01-04-2020, 02:30 PM   #3
Registered Member
 
Join Date: Jul 2009
Posts: 33
OS: Windows 7



Hi icotonev, thank you so much for taking the time to post this detailed response.

I have successfully extracted Revo Uninstaller but Chromium is not anywhere to be found and even when I search it in the search bar in Revo Uninstaller, you just can't locate it anywhere even though I double and triple checked.

That being said, Chromium still prevents my Google chrome from opening and is located in my taskbar so it's still there even though it's not showing up in any uninstaller programs lists.

Should I still run ESET and re-scan with FRST without removing Chromium with Revo Uninstaller or await further instructions?
aiemgahd is offline  
Sponsored Links
Advertisement
 
Old 01-05-2020, 12:10 AM   #4
Security Team
Moderator
 
Join Date: Jan 2011
Location: Bulgaria
Posts: 152
OS: win 10 Pro 1903



Quote:
Originally Posted by aiemgahd View Post

Should I still run ESET and re-scan with FRST without removing Chromium with Revo Uninstaller or await further instructions?

Good morning, aiemgahd..! Yes..! Take the other steps from my post. Then we will think about what to do ..!

Regards
Ico
icotonev is offline  
Old 01-05-2020, 11:57 AM   #5
Registered Member
 
Join Date: Jul 2009
Posts: 33
OS: Windows 7



Here you go icotonev! As I said, I wasn't able to follow all the steps for the Revo Uninstaller because Chromium doesn't even show up but I followed all the other steps and attached the necessary logs for your review.

Like before, my Addition is blocked from uploading correctly to Tech Support Forum for some reason. I get the following error message:

"Why have I been blocked?
This website is using a security service to protect itself from online attacks. The action you just performed triggered the security solution. There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data."
Attached Files
File Type: txt ESET.txt (2.9 KB, 9 views)
File Type: txt FRST.txt (55.4 KB, 6 views)
aiemgahd is offline  
Old 01-09-2020, 08:37 AM   #6
Security Team
Moderator
 
Join Date: Jan 2011
Location: Bulgaria
Posts: 152
OS: win 10 Pro 1903



Hi ,aiemgahd ...! Excuse me for the delay.. Business engagements...!

Farbar Recovery Scan Tool - Fix
  • Highlight the contents of the below code box and press Ctrl + C on your keyboard
Code:
Start::
CreateRestorePoint:
CloseProcesses:
(Chromium.) [File not signed] C:\Program Files (x86)\Chromium\Update\ChromiumUpdate.exe
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {15FCA797-6588-432D-9439-E62ABADD49BD} - System32\Tasks\ChromiumUpdateTaskMachineUA => C:\Program Files (x86)\Chromium\Update\ChromiumUpdate.exe [102400 2019-12-01] (Chromium.) [File not signed]
Task: {3D0BE474-7726-44E0-A288-36934B69C6CD} - System32\Tasks\ChromiumUpdateTaskMachineCore => C:\Program Files (x86)\Chromium\Update\ChromiumUpdate.exe [102400 2019-12-01] (Chromium.) [File not signed]
S2 chromium; C:\Program Files (x86)\Chromium\Update\ChromiumUpdate.exe [102400 2019-12-01] (Chromium.) [File not signed]
S3 chromiumm; C:\Program Files (x86)\Chromium\Update\ChromiumUpdate.exe [102400 2019-12-01] (Chromium.) [File not signed]
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =  SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1350030688-3982378959-1933083795-1001 -> DefaultScope {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = 
S3 WsDrvInst; "C:\Program Files (x86)\Wondershare\Video Converter Ultimate\Transfer\DriverInstall.exe" [X]
Hosts:
EmptyTemp: 
End::
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Double-click FRST.exe/FRST64.exe to run it.
  • Press the Fix button just once and wait.
    Note: No need to paste the script into FRST.
  • Restart the computer if prompted.
  • When the fix is complete FRST will generate a log in the same location it was run from (Fixlog.txt)
  • Please copy and paste its contents into your reply.


n your next reply, please include:
  • Fixlog.txt
icotonev is offline  
Old 01-09-2020, 03:28 PM   #7
Registered Member
 
Join Date: Jul 2009
Posts: 33
OS: Windows 7



Hi iconotev, I just finished performing the fix but the problem still persists! Chromium is still there and the real chrome won't start.

In addition, I can't post the fixlog either because I get the same error message which is incredibly frustrating

https://gyazo.com/f2509fd01a79a583f8c8d2633a2c7680
aiemgahd is offline  
Old 01-09-2020, 03:37 PM   #8
Registered Member
 
Join Date: Jul 2009
Posts: 33
OS: Windows 7



If it helps, I posted stuff on Reddit that can be shared without being blocked by the site!

https://www.reddit.com/user/Will_Lin...hromium_virus/
aiemgahd is offline  
Old 01-10-2020, 07:49 AM   #9
Security Team
Moderator
 
Join Date: Jan 2011
Location: Bulgaria
Posts: 152
OS: win 10 Pro 1903



Hi ,aiemgahd ...!

Farbar Recovery Scan Tool - Search
  • Double-click FRST.exe/FRST64.exe to run it.
  • Copy and paste the following into the Search: box:
Code:
Chromium
  • Press the Search Files button.
  • When complete, FRST will generate a log in the same location it was run from (Search.txt)
  • Please copy and paste its contents into your reply.
---------------------------------------------------------------------------------

Re-scan with FRST
  • Double-click FRST64.exe to run it.
  • Press the Scan button.
  • When finished, it will produce logs called FRST.txt and Addition.txt in the same directory the tool was run from.
  • Please copy and paste the logs in your next reply.


Post to Reddit , please include:
  • Search.txt
  • FRST.txt
  • Addition.txt
icotonev is offline  
Old 01-10-2020, 08:00 AM   #10
Security Team
Moderator
 
Join Date: Jan 2011
Location: Bulgaria
Posts: 152
OS: win 10 Pro 1903



+


Run Malwarebytes Anti-Malware
  • run the program
  • click on the ‘Dashboard’ to make sure everything is up to date, (it is not necessary to upgrade to the premium version of MBAM)
  • click on the ‘Scan’ tab, (directly below the Dashboard tab)
  • select the Threat Scan option
  • click the Scan Now button
  • ’Threat Scan’ will begin
  • when the scan has completed and if malware was found, click the Quarantine Selected button to allow MBAM to quarantine what was found
  • if prompted to restart the computer, close all other programs and click Yes to restart your computer
  • once you are back at your desktop, open MBAM once more
  • click on the ‘Reports’ tab
  • double-click on the most recent Scan Report
  • click on Export, then Copy to Clipboard


Post to Reddit , please include:

  • Mbam.txt
icotonev is offline  
Old 01-10-2020, 09:52 AM   #11
Registered Member
 
Join Date: Jul 2009
Posts: 33
OS: Windows 7



Hi iconotev!

Here are the results of all the scans. I saved everything on Reddit except for the FRST file since that wouldn't fit the 10,000 character limit, so I've attached it here instead. Sorry for any inconvenience!

Here are the Search, Addition. and MBAM Files: https://www.reddit.com/user/Will_Lin...m_virus_files/
Attached Files
File Type: txt FRST.txt (41.0 KB, 5 views)
aiemgahd is offline  
Old 01-10-2020, 11:45 PM   #12
Security Team
Moderator
 
Join Date: Jan 2011
Location: Bulgaria
Posts: 152
OS: win 10 Pro 1903



Hi ,aiemgahd ...!

Farbar Recovery Scan Tool - Search All
  • Double-click FRST.exe/FRST64.exe to run it.
  • Copy and paste the following into the Search: box:
Code:
SearchAll: Chromium
  • Press the Search Files button.
  • When complete, FRST will generate a log in the same location it was run from (Search.txt)
  • Please copy and paste its contents into your reply.
-----------------------------------------------------------------


In your next reply, please include:
  • Search.txt
icotonev is offline  
Old 01-11-2020, 08:58 AM   #13
Registered Member
 
Join Date: Jul 2009
Posts: 33
OS: Windows 7



Farbar Recovery Scan Tool (x64) Version: 08-01-2020
Ran by wling (11-01-2020 10:54:31)
Running from C:\Users\wling\OneDrive\Desktop\Farbar
Boot Mode: Normal

================== Search Files: "SearchAll: Chromium" =============

File:
========
C:\Users\wling\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chromium.lnk
[2019-12-01 20:13][2019-12-01 20:13] 000002383 _____ () F41F189ACBAB2B829FB953645A93AB78 [File not signed]

C:\Users\wling\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Chromium.lnk
[2019-12-01 20:13][2019-12-01 20:13] 000002377 _____ () 9A226E22B4352D943BAF05144AAE4DDA [File not signed]

C:\Users\wling\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\Chromium_W2AHQLOLJBJMZAESKDCQ4HVPHI
[2020-01-09 05:42][2020-01-09 05:42] 000037014 _____ () 497C0038868AA7F65A47013CE5109886 [File not signed]

C:\Users\wling\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\K8SX0MMU\chromium-virus-1239820[1].htm
[2020-01-11 10:54][2020-01-11 10:54] 000129066 _____ () C35CC283FB1D06700505A22E0B11ECEE [File not signed]

C:\Program Files (x86)\Chromium\Update\ChromiumUpdate.exe
[2019-12-01 20:13][2019-12-01 20:13] 000102400 ____T (Chromium.) A52BAB1306319119B874B506BD32EFA2 [File not signed]

C:\Program Files (x86)\Chromium\Update\1.3.99.0\ChromiumCrashHandler.exe
[2019-12-01 20:13][2019-12-01 20:13] 000279040 ____T (Chromium.) 9F8EDAB2A74E94A7CCE8C7AF64E46EE1 [File not signed]

C:\Program Files (x86)\Chromium\Update\1.3.99.0\ChromiumCrashHandler64.exe
[2019-12-01 20:13][2019-12-01 20:13] 000355840 ____T (Chromium.) BD86AE6B733F19530396836F15975A73 [File not signed]

C:\Program Files (x86)\Chromium\Update\1.3.99.0\chromiumpdate.dll
[2019-12-01 20:13][2019-12-01 20:13] 001742336 ____T (Chromium.) A106B26FDC08C6976730BC2BA6BDD871 [File not signed]

C:\Program Files (x86)\Chromium\Update\1.3.99.0\chromiumpdateres_en.dll
[2019-12-01 20:13][2019-12-01 20:13] 000032256 ____T (Chromium.) 4BF910A2716D2C9C52739A7FFBA6CA9E [File not signed]

C:\Program Files (x86)\Chromium\Update\1.3.99.0\ChromiumUpdate.exe
[2019-12-01 20:13][2019-12-01 20:13] 000102400 ____T (Chromium.) A52BAB1306319119B874B506BD32EFA2 [File not signed]

C:\Program Files (x86)\Chromium\Update\1.3.99.0\ChromiumUpdateBroker.exe
[2019-12-01 20:13][2019-12-01 20:13] 000088064 ____T (Chromium.) C7CD9FB06E149EB0D0FE680848DC1DBC [File not signed]

C:\Program Files (x86)\Chromium\Update\1.3.99.0\ChromiumUpdateComRegisterShell64.exe
[2019-12-01 20:13][2019-12-01 20:13] 000168960 ____T () 4C3F5861A85F9D40B38E1065891490C7 [File not signed]

C:\Program Files (x86)\Chromium\Update\1.3.99.0\ChromiumUpdateCore.exe
[2019-12-01 20:13][2019-12-01 20:13] 000591872 ____T (Chromium.) A4692899B12463EE4947E5FFAC97E9C9 [File not signed]

C:\Program Files (x86)\Chromium\Update\1.3.99.0\ChromiumUpdateHelper.msi
[2019-12-01 20:13][2019-12-01 20:13] 000040960 ____T () 90CCA547E47C3C91BF8FE3D010FB0853 [File not signed]

C:\Program Files (x86)\Chromium\Update\1.3.99.0\ChromiumUpdateOnDemand.exe
[2019-12-01 20:13][2019-12-01 20:13] 000088064 ____T (Chromium.) D1882A802116482D4EAA9A4D26C67261 [File not signed]

C:\Program Files (x86)\Chromium\Update\1.3.99.0\ChromiumUpdateSetup.exe
[2019-12-01 20:13][2019-12-01 20:13] 000916992 _____ (Chromium.) 39E2E475110C48DB8E1EA5C389B45508 [File not signed]

C:\Program Files (x86)\Chromium\Update\1.3.99.0\ChromiumUpdateWebPlugin.exe
[2019-12-01 20:13][2019-12-01 20:13] 000088064 ____T (Chromium.) 7101C0C10A3B84DA852A32B4DF9BA05D [File not signed]

C:\Program Files (x86)\Chromium\Update\1.3.99.0\npChromiumUpdate3.dll
[2019-12-01 20:13][2019-12-01 20:13] 000620544 ____T (Chromium.) 0835952CC0133BC22E7AB57101EFBEA2 [File not signed]

C:\FRST\Quarantine\C\Windows\System32\Tasks\ChromiumUpdateTaskMachineCore.xBAD
[2019-12-01 20:13][2020-01-08 14:16] 000003144 _____ () E1130FBFE3209F3F726215BAB4A7F96B [File not signed]

C:\FRST\Quarantine\C\Windows\System32\Tasks\ChromiumUpdateTaskMachineUA.xBAD
[2019-12-01 20:13][2020-01-08 14:16] 000003368 _____ () A9700E40AEBDEA32656ACB33E0C4CF1F [File not signed]


folder:
========
2019-12-01 20:13 - 2019-12-01 20:13 _____ C:\Users\wling\AppData\Local\chromium
2019-12-01 20:13 - 2019-12-01 20:13 _____ C:\Program Files (x86)\Chromium

Registry:
========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\ChromiumUpdate.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{25F4C062-6C05-4539-8B9C-66CC6687F83C}]
"LocalService"="chromium"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{495FF6FA-8176-4E15-B5A7-A6FA694DC755}]
"LocalService"="chromiumm"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Chromium.OneClickCtrl.9]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Chromium.OneClickCtrl.9]
""="Chromium Update Plugin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Chromium.OneClickProcessLauncherMachine]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Chromium.OneClickProcessLauncherMachine]
""="Chromium.OneClickProcessLauncher"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Chromium.OneClickProcessLauncherMachine\CurVer]
""="Chromium.OneClickProcessLauncherMachine.1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Chromium.OneClickProcessLauncherMachine.1.0]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Chromium.OneClickProcessLauncherMachine.1.0]
""="Chromium.OneClickProcessLauncher"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Chromium.Update3WebControl.3]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Chromium.Update3WebControl.3]
""="Chromium Update Plugin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ChromiumUpdate.CoCreateAsync]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ChromiumUpdate.CoCreateAsync\CurVer]
""="ChromiumUpdate.CoCreateAsync.1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ChromiumUpdate.CoCreateAsync.1.0]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ChromiumUpdate.CoreClass]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ChromiumUpdate.CoreClass\CurVer]
""="ChromiumUpdate.CoreClass.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ChromiumUpdate.CoreClass.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ChromiumUpdate.CoreMachineClass]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ChromiumUpdate.CoreMachineClass\CurVer]
""="ChromiumUpdate.CoreMachineClass.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ChromiumUpdate.CoreMachineClass.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ChromiumUpdate.CredentialDialogMachine]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ChromiumUpdate.CredentialDialogMachine\CurVer]
""="ChromiumUpdate.CredentialDialogMachine.1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ChromiumUpdate.CredentialDialogMachine.1.0]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ChromiumUpdate.OnDemandCOMClassMachine]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ChromiumUpdate.OnDemandCOMClassMachine\CurVer]
""="ChromiumUpdate.OnDemandCOMClassMachine.1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ChromiumUpdate.OnDemandCOMClassMachine.1.0]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ChromiumUpdate.OnDemandCOMClassMachineFallback]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ChromiumUpdate.OnDemandCOMClassMachineFallback\CurVer]
""="ChromiumUpdate.OnDemandCOMClassMachineFallback.1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ChromiumUpdate.OnDemandCOMClassMachineFallback.1.0]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ChromiumUpdate.OnDemandCOMClassSvc]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ChromiumUpdate.OnDemandCOMClassSvc\CurVer]
""="ChromiumUpdate.OnDemandCOMClassSvc.1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ChromiumUpdate.OnDemandCOMClassSvc.1.0]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ChromiumUpdate.ProcessLauncher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ChromiumUpdate.ProcessLauncher\CurVer]
""="ChromiumUpdate.ProcessLauncher.1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ChromiumUpdate.ProcessLauncher.1.0]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ChromiumUpdate.Update3COMClassService]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ChromiumUpdate.Update3COMClassService\CurVer]
""="ChromiumUpdate.Update3COMClassService.1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ChromiumUpdate.Update3COMClassService.1.0]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ChromiumUpdate.Update3WebMachine]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ChromiumUpdate.Update3WebMachine\CurVer]
""="ChromiumUpdate.Update3WebMachine.1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ChromiumUpdate.Update3WebMachine.1.0]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ChromiumUpdate.Update3WebMachineFallback]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ChromiumUpdate.Update3WebMachineFallback\CurVer]
""="ChromiumUpdate.Update3WebMachineFallback.1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ChromiumUpdate.Update3WebMachineFallback.1.0]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ChromiumUpdate.Update3WebSvc]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ChromiumUpdate.Update3WebSvc\CurVer]
""="ChromiumUpdate.Update3WebSvc.1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ChromiumUpdate.Update3WebSvc.1.0]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{46C93FEB-DAEB-43F1-B275-3374820DA5A9}\InprocHandler32]
""="C:\Program Files (x86)\Chromium\Update\1.3.99.0\psmachine_64.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6BC1E857-E2AC-4787-91AD-8D23D871496D}\InProcServer32]
""="C:\Program Files (x86)\Chromium\Update\1.3.99.0\psmachine_64.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A5ABF82-C52B-4E27-B50B-BA833648E9DE}\InprocServer32]
""="C:\Program Files (x86)\Chromium\Update\1.3.99.0\psmachine_64.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\93BAD29AC2E44034A96BCB446EB8552E\SourceList]
"PackageName"="ChromiumUpdateHelper.msi"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\93BAD29AC2E44034A96BCB446EB8552E\SourceList]
"LastUsedSource"="n;1;C:\Program Files (x86)\Chromium\Update\1.3.99.0\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\93BAD29AC2E44034A96BCB446EB8552E\SourceList\Net]
"1"="C:\Program Files (x86)\Chromium\Update\1.3.99.0\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{25F4C062-6C05-4539-8B9C-66CC6687F83C}\ProgID]
""="ChromiumUpdate.Update3COMClassService.1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{25F4C062-6C05-4539-8B9C-66CC6687F83C}\VersionIndependentProgID]
""="ChromiumUpdate.Update3COMClassService"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2D38058A-29DC-4608-B481-DDF3748F0B10}]
""="Chromium Update Plugin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2D38058A-29DC-4608-B481-DDF3748F0B10}\InprocServer32]
""="C:\Program Files (x86)\Chromium\Update\1.3.99.0\npChromiumUpdate3.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2D38058A-29DC-4608-B481-DDF3748F0B10}\ProgID]
""="Chromium.OneClickCtrl.9"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{46C93FEB-DAEB-43F1-B275-3374820DA5A9}\InprocHandler32]
""="C:\Program Files (x86)\Chromium\Update\1.3.99.0\psmachine.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{495FF6FA-8176-4E15-B5A7-A6FA694DC755}\ProgID]
""="ChromiumUpdate.OnDemandCOMClassSvc.1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{495FF6FA-8176-4E15-B5A7-A6FA694DC755}\VersionIndependentProgID]
""="ChromiumUpdate.OnDemandCOMClassSvc"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6BC1E857-E2AC-4787-91AD-8D23D871496D}\InProcServer32]
""="C:\Program Files (x86)\Chromium\Update\1.3.99.0\psmachine.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79B6B3FC-3F6E-4DA6-92B3-3C6E30739A43}\LocalServer32]
""=""C:\Program Files (x86)\Chromium\Update\1.3.99.0\ChromiumUpdateOnDemand.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79B6B3FC-3F6E-4DA6-92B3-3C6E30739A43}\ProgID]
""="ChromiumUpdate.CredentialDialogMachine.1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79B6B3FC-3F6E-4DA6-92B3-3C6E30739A43}\VersionIndependentProgID]
""="ChromiumUpdate.CredentialDialogMachine"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{815D57E9-76E0-4FF1-99BE-44BC4BD5D08A}]
"LocalizedString"="@C:\Program Files (x86)\Chromium\Update\1.3.99.0\chromiumpdate.dll,-3000"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{815D57E9-76E0-4FF1-99BE-44BC4BD5D08A}\Elevation]
"IconReference"="@C:\Program Files (x86)\Chromium\Update\1.3.99.0\chromiumpdate.dll,-1004"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{815D57E9-76E0-4FF1-99BE-44BC4BD5D08A}\LocalServer32]
""=""C:\Program Files (x86)\Chromium\Update\1.3.99.0\ChromiumUpdateOnDemand.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{815D57E9-76E0-4FF1-99BE-44BC4BD5D08A}\ProgID]
""="ChromiumUpdate.OnDemandCOMClassMachineFallback.1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{815D57E9-76E0-4FF1-99BE-44BC4BD5D08A}\VersionIndependentProgID]
""="ChromiumUpdate.OnDemandCOMClassMachineFallback"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{850D40FF-4B7D-4E9B-B6CA-3E94F4137E29}]
"LocalizedString"="@C:\Program Files (x86)\Chromium\Update\1.3.99.0\chromiumpdate.dll,-3000"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{850D40FF-4B7D-4E9B-B6CA-3E94F4137E29}\Elevation]
"IconReference"="@C:\Program Files (x86)\Chromium\Update\1.3.99.0\chromiumpdate.dll,-1004"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{850D40FF-4B7D-4E9B-B6CA-3E94F4137E29}\LocalServer32]
""=""C:\Program Files (x86)\Chromium\Update\1.3.99.0\ChromiumUpdateBroker.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{850D40FF-4B7D-4E9B-B6CA-3E94F4137E29}\ProgID]
""="ChromiumUpdate.OnDemandCOMClassMachine.1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{850D40FF-4B7D-4E9B-B6CA-3E94F4137E29}\VersionIndependentProgID]
""="ChromiumUpdate.OnDemandCOMClassMachine"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8A5ABF82-C52B-4E27-B50B-BA833648E9DE}\InprocServer32]
""="C:\Program Files (x86)\Chromium\Update\1.3.99.0\psmachine.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A5941062-36B0-4060-8A47-EE3AF754A503}\LocalServer32]
""=""C:\Program Files (x86)\Chromium\Update\1.3.99.0\ChromiumUpdateOnDemand.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A5941062-36B0-4060-8A47-EE3AF754A503}\ProgID]
""="ChromiumUpdate.ProcessLauncher.1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A5941062-36B0-4060-8A47-EE3AF754A503}\VersionIndependentProgID]
""="ChromiumUpdate.ProcessLauncher"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A82B418D-3C4B-4524-A509-E13BA02DB7BC}]
"LocalizedString"="@C:\Program Files (x86)\Chromium\Update\1.3.99.0\chromiumpdate.dll,-3000"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A82B418D-3C4B-4524-A509-E13BA02DB7BC}\Elevation]
"IconReference"="@C:\Program Files (x86)\Chromium\Update\1.3.99.0\chromiumpdate.dll,-1004"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A82B418D-3C4B-4524-A509-E13BA02DB7BC}\LocalServer32]
""=""C:\Program Files (x86)\Chromium\Update\1.3.99.0\ChromiumUpdateOnDemand.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A82B418D-3C4B-4524-A509-E13BA02DB7BC}\ProgID]
""="ChromiumUpdate.CoreMachineClass.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A82B418D-3C4B-4524-A509-E13BA02DB7BC}\VersionIndependentProgID]
""="ChromiumUpdate.CoreMachineClass"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B7491CE0-8ADC-4B8E-9CCD-CD7E1689FDC2}\ProgID]
""="ChromiumUpdate.Update3WebSvc.1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B7491CE0-8ADC-4B8E-9CCD-CD7E1689FDC2}\VersionIndependentProgID]
""="ChromiumUpdate.Update3WebSvc"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C7D34012-1BAB-43CC-9AE2-39DA38A8AA84}]
"LocalizedString"="@C:\Program Files (x86)\Chromium\Update\1.3.99.0\chromiumpdate.dll,-3000"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C7D34012-1BAB-43CC-9AE2-39DA38A8AA84}\Elevation]
"IconReference"="@C:\Program Files (x86)\Chromium\Update\1.3.99.0\chromiumpdate.dll,-1004"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C7D34012-1BAB-43CC-9AE2-39DA38A8AA84}\LocalServer32]
""=""C:\Program Files (x86)\Chromium\Update\1.3.99.0\ChromiumUpdateBroker.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C7D34012-1BAB-43CC-9AE2-39DA38A8AA84}\ProgID]
""="ChromiumUpdate.Update3WebMachine.1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C7D34012-1BAB-43CC-9AE2-39DA38A8AA84}\VersionIndependentProgID]
""="ChromiumUpdate.Update3WebMachine"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAAC2B28-E43A-4FF3-B1B1-08861BC15E1A}\LocalServer32]
""=""C:\Program Files (x86)\Chromium\Update\1.3.99.0\ChromiumUpdateBroker.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAAC2B28-E43A-4FF3-B1B1-08861BC15E1A}\ProgID]
""="ChromiumUpdate.CoCreateAsync.1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CAAC2B28-E43A-4FF3-B1B1-08861BC15E1A}\VersionIndependentProgID]
""="ChromiumUpdate.CoCreateAsync"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D57D808A-EC29-43C7-A9ED-F0B6CB8E7D84}]
""="Chromium Update Plugin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D57D808A-EC29-43C7-A9ED-F0B6CB8E7D84}\InprocServer32]
""="C:\Program Files (x86)\Chromium\Update\1.3.99.0\npChromiumUpdate3.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D57D808A-EC29-43C7-A9ED-F0B6CB8E7D84}\ProgID]
""="Chromium.Update3WebControl.3"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D838FF8B-5EAC-40EA-8993-547B3381962F}]
""="Chromium.OneClickProcessLauncher"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D838FF8B-5EAC-40EA-8993-547B3381962F}\LocalServer32]
""=""C:\Program Files (x86)\Chromium\Update\1.3.99.0\ChromiumUpdateBroker.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D838FF8B-5EAC-40EA-8993-547B3381962F}\ProgID]
""="Chromium.OneClickProcessLauncherMachine.1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D838FF8B-5EAC-40EA-8993-547B3381962F}\VersionIndependentProgID]
""="Chromium.OneClickProcessLauncherMachine"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D8853A6D-5E44-4329-B14B-3A407E3105EB}]
"LocalizedString"="@C:\Program Files (x86)\Chromium\Update\1.3.99.0\chromiumpdate.dll,-3000"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D8853A6D-5E44-4329-B14B-3A407E3105EB}\Elevation]
"IconReference"="@C:\Program Files (x86)\Chromium\Update\1.3.99.0\chromiumpdate.dll,-1004"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D8853A6D-5E44-4329-B14B-3A407E3105EB}\LocalServer32]
""=""C:\Program Files (x86)\Chromium\Update\1.3.99.0\ChromiumUpdateOnDemand.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D8853A6D-5E44-4329-B14B-3A407E3105EB}\ProgID]
""="ChromiumUpdate.Update3WebMachineFallback.1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D8853A6D-5E44-4329-B14B-3A407E3105EB}\VersionIndependentProgID]
""="ChromiumUpdate.Update3WebMachineFallback"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EF1F5EB5-8AE6-4578-B51A-F037E4A1725C}\ProgID]
""="ChromiumUpdate.CoreClass.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EF1F5EB5-8AE6-4578-B51A-F037E4A1725C}\VersionIndependentProgID]
""="ChromiumUpdate.CoreClass"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\microphone\NonPackaged\C:#Users#wling#AppData#Local#chromium#Application#chrome.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ChromiumUpdate.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsSelfHost\OneSettings]
"TargetingAttributes"="{
"Version": 75,
"SchemaVersion": 1,
"PartA": [
"App",
"AppVer",
"AttrDataVer"
],
"Default": [
"DeviceFamily",
"f:FlightRing",
"t:OSVersionFull"
],
"PartB": {
"CDM": [
"ChassisTypeId",
"r:CurrentBranch",
"DeviceFamily",
"f:FlightingBranchName",
"f:FlightRing",
"c:InstallLanguage",
"c:IsDomainJoined",
"t:IsTestLab",
"OEMModel",
"OSArchitecture",
"OSVersion",
"t:OSSkuId",
"c:ProcessorIdentifier",
"c:TelemetryLevel",
"t:IsMsftOwned",
"t:WCOSProductId",
"c:OSUILocale"
],
"CORTANA_GATEKEEPER": [
"r:CurrentBranch",
"f:FlightRing",
"f:IsRetailOS"
],
"CORTANAUWP": [
"c:OSUILocale",
"t:OSVersionFull",
"v:CortanaAppVer"
],
"CORTANAUWPTEST": [
"+CORTANAUWP",
"v:CortanaAppVerTest"
],
"CTAC": [
"+FSS"
],
"DDC": [
"+WU_STORE",
"+_WU_PTI"
],
"DXDB": [
"DeviceFamily",
"f:FlightRing",
"r:IsHybridOrXGpu",
"t:OSVersionFull"
],
"EDGE_SERVICEUI": [
"t:LocalDeviceID",
"t:LocalUserID"
],
"FCON": [
"+CDM"
],
"FSS": [
"r:PreviewBuildsManagerEnabled",
"f:BranchReadinessLevelRaw",
"u:BranchReadinessLevelSource",
"r:BuildFID",
"t:DeviceFamily",
"DeviceId",
"c:EnablePreviewBuilds",
"f:FlightingPolicyValue",
"f:IsRetailOS",
"f:ManagePreviewBuilds",
"OSVersionFull",
"t:WCOSProductId",
"r:SmartActiveHoursState",
"r:ActiveHoursStart",
"r:ActiveHoursEnd"
],
"MICROSOFT.WINDOWSFEEDBACKHUB_8WEKYB3D8BBWE": [
"t:OSVersionFull",
"t:IsTestLab",
"f:FlightRing"
],
"MITIGATION": [
"t:DeviceFamily",
"f:FlightRing",
"c:FlightIds",
"c:IsDomainJoined",
"t:IsMsftOwned",
"f:IsRetailOS",
"t:IsTestLab",
"IsVM",
"OEMModel",
"c:OSEdition",
"t:OSSkuId",
"t:OSVersionFull",
"c:OSUILocale",
"t:SMode",
"f:IsFlightingEnabled",
"c:FirmwareVersion",
"c:TelemetryLevel"
],
"MLMOD": [
"ChassisTypeId",
"t:DeviceFamily",
"f:FlightingBranchName",
"f:FlightRing",
"f:IsRetailOS",
"t:OSSkuId",
"t:OSVersionFull",
"c:OSUILocale"
],
"MTP": [
"+_WU_OS_CORE"
],
"MUSE": [
"+_WU_FB",
"ChassisTypeId",
"deviceClass",
"deviceId",
"c:FlightIds",
"locale",
"ms",
"os",
"osVer",
"ring",
"sampleId",
"sku",
"r:DaysSince19H1FUOffer",
"u:DisableDualScan",
"u:UpdateServiceUrl",
"c:CommercialId"
],
"NOISYHAMMER": [
"+WU_OS"
],
"SEDIMENTPACK": [
"+WU_OS"
],
"SETUP360": [
"t:OSSkuId",
"f:FlightRing"
],
"STORAGEGROVELER": [
"a:Free",
"c:TelemetryLevel",
"f:FlightRing",
"f:IsFlightingEnabled",
"IsVM",
"t:OSVersionFull"
],
"UTC": [
"+UTC_STATIC",
"osVer",
"locale",
"ring",
"f:PilotRing",
"f:IsRetailOS",
"ms",
"expId",
"t:SMode"
],
"UTC_STATIC": [
"os",
"deviceId",
"sampleId",
"deviceClass",
"sku",
"OEMModel",
"OEMName_Uncleaned",
"c:PrimaryDiskType",
"c:ProcessorModel",
"c:TotalPhysicalRAM"
],
"WAASASSESSMENT": [
"+WU_OS"
],
"WOSC": [
"t:DeviceFamily",
"f:FlightRing",
"f:IsFlightingEnabled",
"t:IsMsftOwned",
"t:LocalDeviceID",
"t:OSSkuId",
"c:OSUILocale",
"t:OSVersionFull",
"c:TelemetryLevel",
"r:IsHybridOrXGpu"
],
"WPSHIFT": [
"+MTP"
],
"WU": [
"+WU_OS",
"r:DUInternal"
],
"_WU_AV": [
"r:AvastReg",
"r:AvastBlackScreen",
"v:AvastVer",
"r:AvgReg",
"v:AvgVer",
"r:EsetReg",
"v:EsetVer",
"r:KasperskyReg",
"v:KasperskyVer",
"v:SymantecVer",
"r:TencentReg",
"r:TencentType"
],
"_WU_COMMON": [
"r:CurrentBranch",
"r:DefaultUserRegion",
"DeviceFamily",
"r:DriverPartnerRing",
"r:FlightContent",
"f:FlightingBranchName",
"f:FlightRing",
"HoloLens",
"c:InstallationType",
"c:InstallLanguage",
"f:IsFlightingEnabled",
"r:IsFlightingEnabled",
"c:MobileOperatorCommercialized",
"OEMModel",
"OEMName_Uncleaned",
"r:OemPartnerRing",
"OSArchitecture",
"OSVersion",
"t:OSSkuId",
"c:OSUILocale",
"c:ProcessorManufacturer",
"r:ReleaseType",
"v:SkypeRoomSystem",
"t:SMode",
"c:TelemetryLevel",
"r:WindowsMixedReality",
"v:WuClientVer",
"p:DucPublisherId",
"p:DucDeviceModelId",
"p:DucOemPartnerRing",
"p:DucCustomPackageId"
],
"_WU_FB": [
"u:BranchReadinessLevel",
"u:DeferQualityUpdatePeriodInDays",
"u:DeferFeatureUpdatePeriodInDays",
"r:PausedFeatureStatus",
"r:PausedQualityStatus"
],
"WU_OS": [
"+_WU_OS_CORE",
"+_WU_FB"
],
"_WU_OS_CORE": [
"+_WU_COMMON",
"+_WU_AV",
"r:AhnLabKeyboard",
"a:Bios",
"r:BlockFeatureUpdates",
"c:CommercialId",
"a:DataVer_RS5",
"r:DisconnectedStandby",
"r:DchuNvidiaGrfxExists",
"r:DchuNvidiaGrfxVen",
"r:DchuIntelGrfxExists",
"r:DchuIntelGrfxVen",
"r:DchuAmdGrfxExists",
"r:DchuAmdGrfxVen",
"c:FirmwareVersion",
"a:Free",
"a:GStatus_RS3",
"a:GStatus_RS4",
"a:GStatus_RS5",
"r:HidOverGattReg",
"r:InstallDate",
"c:IsDeviceRetailDemo",
"c:IsPortableOperatingSystem",
"IsVM",
"c:OEMModelBaseBoard",
"r:OobeSeeker",
"r:OSRollbackBuild",
"r:OSRollbackCount",
"r:OSRollbackDate",
"PhoneTargetingName",
"r:PonchAllow",
"r:PonchBlock",
"c:ProcessorIdentifier",
"r:RecoveredFromBuild",
"r:RecoveredOnDate",
"r:Steam",
"v:TobiiVer",
"v:TrendMicroVer",
"r:UninstallActive",
"l:UpdateManagementGroup",
"a:UpgEx_RS3",
"a:UpgEx_RS4",
"a:UpgEx_RS5",
"a:Version_RS5",
"r:DisableWUfBOfferBlock",
"a:UpgEx_19H1",
"a:SdbVer_19H1",
"a:GStatus_19H1",
"a:GStatus_19H1Setup",
"a:TimestampEpochString_19H1Setup",
"a:GenTelRunTimestamp_19H1",
"a:DataExpDateEpoch_19H1",
"r:EnableWUfBUpgradeGates",
"r:GStatusBlockIDs_All",
"TimestampDelta_19H1Subtract19H1Setup",
"DataExpDateDelta_19H1Subtract19H1Setup",
"a:DataExpDateEpoch_19H1Setup",
"a:TimestampEpochString_19H1",
"r:IsContainerMgrInstalled",
"r:IsWDAGEnabled",
"r:MTPTargetingInfo",
"r:EKB19H2InstallCount",
"r:EKB19H2UnInstallCount",
"r:EKB19H2InstallTimeEpoch",
"r:EKB19H2UnInstallTimeEpoch",
"r:BlockEdgeWithChromiumUpdate",
"r:IsWDATPEnabled",
"r:IsAutopilotRegistered",
"r:EdgeWithChromiumInstallVersion",
"r:EdgeWithChromiumInstallFailureCount",
"r:IsEdgeWithChromiumInstalled"
],
"_WU_PTI": [
"c:FrontFacingCameraResolution",
"c:RearFacingCameraResolution",
"c:TotalPhysicalRAM",
"c:NFCProximity",
"c:Magnetometer",
"c:Gyroscope",
"c:D3DMaxFeatureLevel",
"c:InternalPrimaryDisplayResolutionHorizontal",
"c:InternalPrimaryDisplayResolutionVetical"
],
"WU_STORE": [
"+_WU_COMMON",
"r:AppChannels",
"r:AppRMIDs",
"u:BranchReadinessLevel"
]
},
"Required": [
"App",
"AppVer",
"AttrDataVer"
],
"Aliases": {
"ChassisTypeId": "c:ChassisType",
"DataExpDateDelta_19H1Subtract19H1Setup": "a:DataExpDateEpoch_19H1_Subtract_DataExpDateEpoch_19H1Setup",
"deviceClass": "t:DeviceFamily",
"deviceId": "t:LocalDeviceID",
"DeviceId": "t:LocalDeviceID",
"expId": "c:FlightIds",
"FlightRing": "f:FlightRing",
"IsVM": "a:ISVM",
"locale": "c:OSUILocale",
"ms": "t:IsMsftOwned",
"OEMModel": "c:OEMModelNumber",
"OEMName_Uncleaned": "c:OEMManufacturerName",
"osVer": "t:OSVersionFull",
"OSVersionFull": "t:OSVersionFull",
"PhoneTargetingName": "c:OEMModelName",
"ring": "f:FlightRing",
"sampleId": "t:PopVal",
"sku": "t:OSSkuId",
"TimestampDelta_19H1Subtract19H1Setup": "a:TimestampEpochString_19H1_Subtract_TimestampEpochString_19H1Setup"
},
"Fallback": {
"r:AvastBlackScreen": "r:AvgBlackScreen",
"a:Bios": "a:Bios_RS3",
"a:Bios_RS3": "a:Bios_RS4",
"a:Bios_RS4": "a:Bios_RS5",
"r:BlockFeatureUpdates": "r:BlockWUUpgrades",
"r:BlockWUUpgrades": "r:BlockWUUpgradesWow",
"r:BuildFID": "r:BuildFID_WCOS",
"r:BuildFID_WCOS": "r:BuildFID_WCOS2",
"r:DchuAmdGrfxVen": "r:DchuAmdGrfxVen2",
"r:DchuAmdGrfxVen2": "r:DchuAmdGrfxDeletePending",
"r:DchuIntelGrfxVen": "r:DchuIntelGrfxVen2",
"r:DchuIntelGrfxVen2": "r:DchuIntelGrfxDeletePending",
"r:DchuNvidiaGrfxVen": "r:DchuNvidiaGrfxVen2",
"r:DchuNvidiaGrfxVen2": "r:DchuNvidiaGrfxDeletePending",
"r:DriverPartnerRing": "r:OSDataDriverPartnerRing",
"r:EdgeWithChromiumInstallFailureCount": "r:EdgeWithChromiumInstallFailureCountWow",
"r:EdgeWithChromiumInstallVersion": "r:EdgeWithChromiumInstallVersionWow",
"f:FlightingBranchName": "c:FlightingBranchName",
"a:Free": "a:Free_RS3",
"a:Free_RS3": "a:Free_RS4",
"a:Free_RS4": "a:Free_RS5",
"HoloLens": "r:WindowsMixedReality",
"r:IsEdgeWithChromiumInstalled": "r:IsEdgeWithChromiumInstalledWow",
"a:ISVM": "a:ISVM_RS3",
"a:ISVM_RS3": "a:ISVM_RS4",
"a:ISVM_RS4": "a:ISVM_RS5",
"c:OEMModelBaseBoard": "r:OEMModelBaseBoard",
"r:PonchAllow": "r:PonchAllowKey",
"r:PonchAllowKey": "r:PonchAllowWow",
"r:PonchAllowWow": "r:PonchAllowWowKey",
"v:SymantecVer": "v:SymantecVer64",
"v:TobiiVer": "v:TobiiVerx86",
"v:TobiiVerx86": "v:TobiiVer1x86"
},
"Transform": {
"IsDomainJoined": {
"Ignore": [
"0"
]
},
"IsHybridOrXGpu": {
"Ignore": [
"0"
]
},
"IsMsftOwned": {
"Ignore": [
"0"
]
},
"IsPortableOperatingSystem": {
"Ignore": [
"0"
]
},
"IsTestLab": {
"Ignore": [
"0"
]
},
"IsVM": {
"Ignore": [
"0"
]
},
"OEMModel": {
"SubLength": 100
},
"OEMName_Uncleaned": {
"SubLength": 100
},
"PausedFeatureStatus": {
"Ignore": [
"0"
]
},
"PausedQualityStatus": {
"Ignore": [
"0"
]
},
"SMode": {
"Ignore": [
"0"
]
}
},
"Registry": {
"ActiveHoursEnd": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\WindowsUpdate\\UX\\Settings",
"ValueName": "ActiveHoursEnd",
"RegValueType": "REG_DWORD"
},
"ActiveHoursStart": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\WindowsUpdate\\UX\\Settings",
"ValueName": "ActiveHoursStart",
"RegValueType": "REG_DWORD"
},
"AhnLabKeyboard": {
"FullPath": "SYSTEM\\CurrentControlSet\\Services\\Mkd2kfNt",
"ValueName": "NbTpMsExist"
},
"AppChannels": {
"FullPath": "SOFTWARE\\Policies\\Microsoft\\WindowsStore\\Apps\\*",
"ValueName": "ChannelId",
"EncodingType": "Json"
},
"AppRMIDs": {
"FullPath": "SOFTWARE\\Policies\\Microsoft\\WindowsStore\\Apps\\*",
"ValueName": "ReleaseManagementId",
"EncodingType": "Json"
},
"AvastBlackScreen": {
"FullPath": "SYSTEM\\CurrentControlSet\\Services\\aswVmm\\Parameters",
"ValueName": "Win10-1803"
},
"AvastReg": {
"FullPath": "SYSTEM\\CurrentControlSet\\Services\\aswVmm\\Parameters",
"ValueName": "QualityCompat"
},
"AvgBlackScreen": {
"FullPath": "SYSTEM\\CurrentControlSet\\Services\\avgVmm\\Parameters",
"ValueName": "Win10-1803"
},
"AvgReg": {
"FullPath": "SYSTEM\\CurrentControlSet\\Services\\avgVmm\\Parameters",
"ValueName": "QualityCompat"
},
"BlockEdgeWithChromiumUpdate": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\EdgeUpdate",
"ValueName": "DoNotUpdateToEdgeWithChromium",
"RegValueType": "REG_DWORD"
},
"BlockFeatureUpdates": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WindowsUpdate\\OSUpgrade",
"ValueName": "BlockFeatureUpdates",
"RegValueType": "REG_DWORD"
},
"BlockWUUpgrades": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows10Upgrader\\Volatile",
"ValueName": "BlockWUUpgrades",
"RegValueType": "REG_DWORD"
},
"BlockWUUpgradesWow": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\WOW6432Node\\Microsoft\\Windows10Upgrader\\Volatile",
"ValueName": "BlockWUUpgrades",
"RegValueType": "REG_DWORD"
},
"BuildFID": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "Software\\Microsoft\\Windows\\CurrentVersion\\Flighting\\Build",
"ValueName": "EsdFlightData",
"RegValueType": "REG_SZ"
},
"BuildFID_WCOS": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "OSDATA\\Software\\Microsoft\\Windows\\CurrentVersion\\Flighting\\Build",
"ValueName": "EsdFlightData",
"RegValueType": "REG_SZ"
},
"BuildFID_WCOS2": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "OSDATA\\Microsoft\\Windows\\CurrentVersion\\Flighting\\Build",
"ValueName": "EsdFlightData",
"RegValueType": "REG_SZ"
},
"CurrentBranch": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion",
"ValueName": "BuildBranch",
"RegValueType": "REG_SZ"
},
"DaysSince19H1FUOffer": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\rempl\\irplugin",
"ValueName": "DaysSinceLastOffer",
"RegValueType": "REG_QWORD"
},
"DchuAmdGrfxDeletePending": {
"FullPath": "SYSTEM\\CurrentControlSet\\Services\\amdkmdap",
"ValueName": "DriverDelete"
},
"DchuAmdGrfxExists": {
"FullPath": "SYSTEM\\CurrentControlSet\\Services\\amdkmdap",
"IfExists": true
},
"DchuAmdGrfxVen": {
"FullPath": "SYSTEM\\CurrentControlSet\\Services\\amdkmdap",
"ValueName": "DCHUVen"
},
"DchuAmdGrfxVen2": {
"FullPath": "SYSTEM\\CurrentControlSet\\Services\\amdkmdap\\Parameters",
"ValueName": "DCHUVen"
},
"DchuIntelGrfxDeletePending": {
"FullPath": "SYSTEM\\CurrentControlSet\\Services\\igfx",
"ValueName": "DriverDelete"
},
"DchuIntelGrfxExists": {
"FullPath": "SYSTEM\\CurrentControlSet\\Services\\igfx",
"IfExists": true
},
"DchuIntelGrfxVen": {
"FullPath": "SYSTEM\\CurrentControlSet\\Services\\igfx",
"ValueName": "DCHUVen"
},
"DchuIntelGrfxVen2": {
"FullPath": "SYSTEM\\CurrentControlSet\\Services\\igfx\\Parameters",
"ValueName": "DCHUVen"
},
"DchuNvidiaGrfxDeletePending": {
"FullPath": "SYSTEM\\CurrentControlSet\\Services\\nvlddmkm",
"ValueName": "DriverDelete"
},
"DchuNvidiaGrfxExists": {
"FullPath": "SYSTEM\\CurrentControlSet\\Services\\nvlddmkm",
"IfExists": true
},
"DchuNvidiaGrfxVen": {
"FullPath": "SYSTEM\\CurrentControlSet\\Services\\nvlddmkm",
"ValueName": "DCHUVen"
},
"DchuNvidiaGrfxVen2": {
"FullPath": "SYSTEM\\CurrentControlSet\\Services\\nvlddmkm\\Parameters",
"ValueName": "DCHUVen"
},
"DefaultUserRegion": {
"HKey": "HKEY_USERS",
"FullPath": ".DEFAULT\\Control Panel\\International\\Geo",
"ValueName": "Nation",
"RegValueType": "REG_SZ"
},
"DisableWUfBOfferBlock": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\WindowsUpdate\\UpdatePolicy\\Settings",
"ValueName": "DisableWUfBOfferBlock",
"RegValueType": "REG_DWORD"
},
"DisconnectedStandby": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SYSTEM\\CurrentControlSet\\Control\\Power",
"ValueName": "EnforceDisconnectedStandby",
"RegValueType": "REG_DWORD"
},
"DriverPartnerRing": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\DriverFlighting\\Partner",
"ValueName": "TargetRing",
"RegValueType": "REG_SZ"
},
"DUInternal": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SYSTEM\\Setup\\MoSetup",
"ValueName": "DynamicUpdateInternalTest",
"RegValueType": "REG_DWORD"
},
"EdgeWithChromiumInstallFailureCount": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\EdgeUpdate",
"ValueName": "WindowsUpdateAttempts"
},
"EdgeWithChromiumInstallFailureCountWow": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Wow6432Node\\Microsoft\\EdgeUpdate",
"ValueName": "WindowsUpdateAttempts"
},
"EdgeWithChromiumInstallVersion": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\EdgeUpdate",
"ValueName": "WindowsUpdateVersion"
},
"EdgeWithChromiumInstallVersionWow": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Wow6432Node\\Microsoft\\EdgeUpdate",
"ValueName": "WindowsUpdateVersion"
},
"EKB19H2InstallCount": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SYSTEM\\Setup\\FeatureStaging\\20455539\\2",
"ValueName": "Count"
},
"EKB19H2InstallTimeEpoch": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SYSTEM\\Setup\\FeatureStaging\\20455539\\2",
"ValueName": "Timestamp"
},
"EKB19H2UnInstallCount": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SYSTEM\\Setup\\FeatureStaging\\20455539\\0",
"ValueName": "Count"
},
"EKB19H2UnInstallTimeEpoch": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SYSTEM\\Setup\\FeatureStaging\\20455539\\0",
"ValueName": "Timestamp"
},
"EnableWUfBUpgradeGates": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "Software\\Microsoft\\Windows NT\\CurrentVersion\\502505fe-762c-4e80-911e-0c3fa4c63fb0",
"ValueName": "DataRequireGatedScanForFeatureUpdates",
"RegValueType": "REG_DWORD"
},
"EsetReg": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SYSTEM\\CurrentControlSet\\Services\\ehdrv\\Parameters",
"ValueName": "WindowsCompatibilityLevel",
"RegValueType": "REG_DWORD"
},
"FlightContent": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\WindowsSelfHost\\Applicability",
"ValueName": "ContentType",
"RegValueType": "REG_SZ"
},
"GStatusBlockIDs_All": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags\\Appraiser\\GWX",
"ValueName": "SdbEntries",
"RegValueType": "REG_SZ"
},
"HidOverGattReg": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\PnpLockdownFiles\\%SystemRoot%/System32/drivers/UMDF/Microsoft.Bluetooth.Profiles.HidOverGatt.dll",
"ValueName": "Source",
"RegValueType": "REG_SZ"
},
"InstallDate": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion",
"ValueName": "InstallDate",
"RegValueType": "REG_DWORD"
},
"IsAutopilotRegistered": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Provisioning\\AutopilotPolicyCache",
"ValueName": "ProfileAvailable",
"RegValueType": "REG_DWORD"
},
"IsFlightingEnabled": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\WindowsSelfHost\\Applicability",
"ValueName": "IsBuildFlightingEnabled",
"RegValueType": "REG_DWORD"
},
"IsContainerMgrInstalled": {
"FullPath": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Containers\\CmService",
"IfExists": true
},
"IsEdgeWithChromiumInstalled": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\EdgeUpdate\\Clients\\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}",
"IfExists": true
},
"IsEdgeWithChromiumInstalledWow": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Wow6432Node\\Microsoft\\EdgeUpdate\\Clients\\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}",
"IfExists": true
},
"IsHybridOrXGpu": {
"FullPath": "SOFTWARE\\Microsoft\\DirectX",
"ValueName": "HybridDeviceApplicableForDxDbGpuPreferences"
},
"IsWDAGEnabled": {
"FullPath": "SYSTEM\\ControlSet001\\Services\\hvsics",
"IfExists": true
},
"IsWDATPEnabled": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows Advanced Threat Protection\\Status",
"ValueName": "OnboardingState"
},
"KasperskyReg": {
"FullPath": "System\\CurrentControlSet\\Services\\klhk\\Parameters",
"ValueName": "UseVtHardware"
},
"MTPTargetingInfo": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SYSTEM\\Platform\\MTPTargetingInfo",
"ValueName": "TargetRing"
},
"OEMModelBaseBoard": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "HARDWARE\\DESCRIPTION\\System\\BIOS",
"ValueName": "BaseBoardProduct",
"RegValueType": "REG_SZ"
},
"OemPartnerRing": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SYSTEM\\Platform\\DeviceTargetingInfo",
"ValueName": "TargetRing",
"RegValueType": "REG_SZ"
},
"OobeSeeker": {
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\OOBE\\Updates",
"ValueName": "OOBEUpdateStarted"
},
"OSDataDriverPartnerRing": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "OSData\\SOFTWARE\\Microsoft\\DriverFlighting\\Partner",
"ValueName": "TargetRing",
"RegValueType": "REG_SZ"
},
"OSRollbackBuild": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WindowsUpdate\\OSUpgrade\\Rollback",
"ValueName": "BuildString",
"RegValueType": "REG_SZ"
},
"OSRollbackCount": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WindowsUpdate\\OSUpgrade\\Rollback",
"ValueName": "Count",
"RegValueType": "REG_DWORD"
},
"OSRollbackDate": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WindowsUpdate\\OSUpgrade\\Rollback",
"ValueName": "DateStamp",
"RegValueType": "REG_DWORD"
},
"PausedFeatureStatus": {
"FullPath": "SOFTWARE\\Microsoft\\WindowsUpdate\\UpdatePolicy\\Settings",
"ValueName": "PausedFeatureStatus"
},
"PausedQualityStatus": {
"FullPath": "SOFTWARE\\Microsoft\\WindowsUpdate\\UpdatePolicy\\Settings",
"ValueName": "PausedQualityStatus"
},
"PonchAllow": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\QualityCompat",
"ValueName": "cadca5fe-87d3-4b96-b7fb-a231484277cc",
"RegValueType": "REG_DWORD"
},
"PonchAllowKey": {
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\QualityCompat\\cadca5fe-87d3-4b96-b7fb-a231484277cc",
"IfExists": true
},
"PonchAllowWow": {
"FullPath": "SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\QualityCompat",
"ValueName": "cadca5fe-87d3-4b96-b7fb-a231484277cc"
},
"PonchAllowWowKey": {
"FullPath": "SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\QualityCompat\\cadca5fe-87d3-4b96-b7fb-a231484277cc",
"IfExists": true
},
"PonchBlock": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\QualityCompat",
"ValueName": "65d75b03-6f4d-46e9-b870-517731e06cf9",
"RegValueType": "REG_DWORD"
},
"PreviewBuildsManagerEnabled": {
"FullPath": "SOFTWARE\\Microsoft\\WindowsSelfhost\\Manager",
"ValueName": "ArePreviewBuildsAllowed"
},
"RecoveredFromBuild": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "Software\\Microsoft\\WindowsSelfHost\\Applicability\\RecoveredFrom",
"ValueName": "LastBuild",
"RegValueType": "REG_DWORD"
},
"RecoveredOnDate": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "Software\\Microsoft\\WindowsSelfHost\\Applicability\\RecoveredFrom",
"ValueName": "DateStamp",
"RegValueType": "REG_DWORD"
},
"ReleaseType": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Update\\TargetingInfo",
"ValueName": "ReleaseType",
"RegValueType": "REG_SZ"
},
"SmartActiveHoursState": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\WindowsUpdate\\UX\\Settings",
"ValueName": "SmartActiveHoursState",
"RegValueType": "REG_DWORD"
},
"Steam": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Classes\\Steam",
"ValueName": "",
"RegValueType": "REG_SZ"
},
"TencentReg": {
"FullPath": "SYSTEM\\CurrentControlSet\\services\\TesSafe",
"ValueName": "LoadStartTime"
},
"TencentType": {
"FullPath": "SYSTEM\\CurrentControlSet\\services\\TesSafe",
"ValueName": "Type"
},
"UninstallActive": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "System\\Setup",
"ValueName": "UninstallActive",
"RegValueType": "REG_DWORD"
},
"WindowsMixedReality": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\WUDF\\Services\\HoloLensSensors",
"ValueName": "WdfMajorVersion",
"RegValueType": "REG_DWORD"
}
},
"FileInfo": {
"AvastVer": {
"Path": "\\system32\\Drivers\\aswVmm.sys",
"FolderGuid": "{F38BF404-1D43-42F2-9305-67DE0B28FC23}"
},
"AvgVer": {
"Path": "\\system32\\Drivers\\avgVmm.sys",
"FolderGuid": "{F38BF404-1D43-42F2-9305-67DE0B28FC23}"
},
"CortanaAppVer": {
"Path": "\\WindowsApps\\Microsoft.549981C3F5F10_8wekyb3d8bbwe\\CortanaApp.View.exe",
"FolderGuid": "{905E63B6-C1BF-494E-B29C-65B732D3D21A}"
},
"CortanaAppVerTest": {
"Path": "\\WindowsApps\\3242f7d9-db60-4380-a379-4205ea768bfc_1.0.0.0_x64__zs4v8rx04ex0m\\UndockingTestApp.exe",
"FolderGuid": "{905E63B6-C1BF-494E-B29C-65B732D3D21A}"
},
"EsetVer": {
"Path": "\\drivers\\ehdrv.sys",
"FolderGuid": "{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}"
},
"KasperskyVer": {
"Path": "\\system32\\Drivers\\klhk.sys",
"FolderGuid": "{F38BF404-1D43-42F2-9305-67DE0B28FC23}"
},
"SkypeRoomSystem": {
"Path": "%systemdrive%\\Recovery\\OEM\\$oem$\\$1\\Rigel\\x64\\Scripts\\Provisioning\\AutoUnattend.xml",
"IfExists": true
},
"SymantecVer": {
"Path": "\\Symantec\\Shared\\EENGINE\\eeCtrl.sys",
"FolderGuid": "{DE974D24-D9C6-4D3E-BF91-F4455120B917}"
},
"SymantecVer64": {
"Path": "\\Symantec\\Shared\\EENGINE\\eeCtrl64.sys",
"FolderGuid": "{DE974D24-D9C6-4D3E-BF91-F4455120B917}"
},
"TobiiVer": {
"Path": "\\Tobii\\Tobii EyeX Interaction\\Tobii.EyeX.Interaction.exe",
"FolderGuid": "{905E63B6-C1BF-494E-B29C-65B732D3D21A}"
},
"TobiiVer1x86": {
"Path": "\\Tobii\\tobii EyeX Interaction\\Tobii.EyeX.Interaction.exe",
"FolderGuid": "{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}"
},
"TobiiVerx86": {
"Path": "\\tobii EyeX Interaction\\Tobii.EyeX.Interaction.exe",
"FolderGuid": "{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}"
},
"TrendMicroVer": {
"Path": "\\drivers\\TMUMH.sys",
"FolderGuid": "{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}"
},
"WuClientVer": {
"Path": "\\system32\\wuaueng.dll",
"FolderGuid": "{F38BF404-1D43-42F2-9305-67DE0B28FC23}"
}
},
"Licensing": {
"UpdateManagementGroup": {
"Name": "UpdatePolicy-UpdateManagementGroup"
}
},
"Policy": {
"DucCustomPackageId": {
"LocUri": "./Device/Vendor/MSFT/DeviceUpdateCenter/Enrollment/CustomPackageId"
},
"DucDeviceModelId": {
"LocUri": "./Device/Vendor/MSFT/DeviceUpdateCenter/Enrollment/DeviceModelId"
},
"DucOemPartnerRing": {
"LocUri": "./Device/Vendor/MSFT/DeviceUpdateCenter/Enrollment/OemPartnerRing"
},
"DucPublisherId": {
"LocUri": "./Device/Vendor/MSFT/DeviceUpdateCenter/Enrollment/PublisherId"
}
},
"UpdatePolicy": {
"BranchReadinessLevel": {
"PolicyEnum": 5,
"Enterprise": true
},
"BranchReadinessLevelSource": {
"PolicyEnum": 5,
"Enterprise": true,
"UseSource": true
},
"DeferFeatureUpdatePeriodInDays": {
"PolicyEnum": 9,
"Enterprise": true
},
"DeferQualityUpdatePeriodInDays": {
"PolicyEnum": 7,
"Enterprise": true
},
"DisableDualScan": {
"PolicyEnum": 42,
"Enterprise": true
},
"UpdateServiceUrl": {
"PolicyEnum": 12
}
}
}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsSelfHost\OneSettings]
"TargetingAttributesVerified"="{
"Version": 75,
"SchemaVersion": 1,
"PartA": [
"App",
"AppVer",
"AttrDataVer"
],
"Default": [
"DeviceFamily",
"f:FlightRing",
"t:OSVersionFull"
],
"PartB": {
"CDM": [
"ChassisTypeId",
"r:CurrentBranch",
"DeviceFamily",
"f:FlightingBranchName",
"f:FlightRing",
"c:InstallLanguage",
"c:IsDomainJoined",
"t:IsTestLab",
"OEMModel",
"OSArchitecture",
"OSVersion",
"t:OSSkuId",
"c:ProcessorIdentifier",
"c:TelemetryLevel",
"t:IsMsftOwned",
"t:WCOSProductId",
"c:OSUILocale"
],
"CORTANA_GATEKEEPER": [
"r:CurrentBranch",
"f:FlightRing",
"f:IsRetailOS"
],
"CORTANAUWP": [
"c:OSUILocale",
"t:OSVersionFull",
"v:CortanaAppVer"
],
"CORTANAUWPTEST": [
"+CORTANAUWP",
"v:CortanaAppVerTest"
],
"CTAC": [
"+FSS"
],
"DDC": [
"+WU_STORE",
"+_WU_PTI"
],
"DXDB": [
"DeviceFamily",
"f:FlightRing",
"r:IsHybridOrXGpu",
"t:OSVersionFull"
],
"EDGE_SERVICEUI": [
"t:LocalDeviceID",
"t:LocalUserID"
],
"FCON": [
"+CDM"
],
"FSS": [
"r:PreviewBuildsManagerEnabled",
"f:BranchReadinessLevelRaw",
"u:BranchReadinessLevelSource",
"r:BuildFID",
"t:DeviceFamily",
"DeviceId",
"c:EnablePreviewBuilds",
"f:FlightingPolicyValue",
"f:IsRetailOS",
"f:ManagePreviewBuilds",
"OSVersionFull",
"t:WCOSProductId",
"r:SmartActiveHoursState",
"r:ActiveHoursStart",
"r:ActiveHoursEnd"
],
"MICROSOFT.WINDOWSFEEDBACKHUB_8WEKYB3D8BBWE": [
"t:OSVersionFull",
"t:IsTestLab",
"f:FlightRing"
],
"MITIGATION": [
"t:DeviceFamily",
"f:FlightRing",
"c:FlightIds",
"c:IsDomainJoined",
"t:IsMsftOwned",
"f:IsRetailOS",
"t:IsTestLab",
"IsVM",
"OEMModel",
"c:OSEdition",
"t:OSSkuId",
"t:OSVersionFull",
"c:OSUILocale",
"t:SMode",
"f:IsFlightingEnabled",
"c:FirmwareVersion",
"c:TelemetryLevel"
],
"MLMOD": [
"ChassisTypeId",
"t:DeviceFamily",
"f:FlightingBranchName",
"f:FlightRing",
"f:IsRetailOS",
"t:OSSkuId",
"t:OSVersionFull",
"c:OSUILocale"
],
"MTP": [
"+_WU_OS_CORE"
],
"MUSE": [
"+_WU_FB",
"ChassisTypeId",
"deviceClass",
"deviceId",
"c:FlightIds",
"locale",
"ms",
"os",
"osVer",
"ring",
"sampleId",
"sku",
"r:DaysSince19H1FUOffer",
"u:DisableDualScan",
"u:UpdateServiceUrl",
"c:CommercialId"
],
"NOISYHAMMER": [
"+WU_OS"
],
"SEDIMENTPACK": [
"+WU_OS"
],
"SETUP360": [
"t:OSSkuId",
"f:FlightRing"
],
"STORAGEGROVELER": [
"a:Free",
"c:TelemetryLevel",
"f:FlightRing",
"f:IsFlightingEnabled",
"IsVM",
"t:OSVersionFull"
],
"UTC": [
"+UTC_STATIC",
"osVer",
"locale",
"ring",
"f:PilotRing",
"f:IsRetailOS",
"ms",
"expId",
"t:SMode"
],
"UTC_STATIC": [
"os",
"deviceId",
"sampleId",
"deviceClass",
"sku",
"OEMModel",
"OEMName_Uncleaned",
"c:PrimaryDiskType",
"c:ProcessorModel",
"c:TotalPhysicalRAM"
],
"WAASASSESSMENT": [
"+WU_OS"
],
"WOSC": [
"t:DeviceFamily",
"f:FlightRing",
"f:IsFlightingEnabled",
"t:IsMsftOwned",
"t:LocalDeviceID",
"t:OSSkuId",
"c:OSUILocale",
"t:OSVersionFull",
"c:TelemetryLevel",
"r:IsHybridOrXGpu"
],
"WPSHIFT": [
"+MTP"
],
"WU": [
"+WU_OS",
"r:DUInternal"
],
"_WU_AV": [
"r:AvastReg",
"r:AvastBlackScreen",
"v:AvastVer",
"r:AvgReg",
"v:AvgVer",
"r:EsetReg",
"v:EsetVer",
"r:KasperskyReg",
"v:KasperskyVer",
"v:SymantecVer",
"r:TencentReg",
"r:TencentType"
],
"_WU_COMMON": [
"r:CurrentBranch",
"r:DefaultUserRegion",
"DeviceFamily",
"r:DriverPartnerRing",
"r:FlightContent",
"f:FlightingBranchName",
"f:FlightRing",
"HoloLens",
"c:InstallationType",
"c:InstallLanguage",
"f:IsFlightingEnabled",
"r:IsFlightingEnabled",
"c:MobileOperatorCommercialized",
"OEMModel",
"OEMName_Uncleaned",
"r:OemPartnerRing",
"OSArchitecture",
"OSVersion",
"t:OSSkuId",
"c:OSUILocale",
"c:ProcessorManufacturer",
"r:ReleaseType",
"v:SkypeRoomSystem",
"t:SMode",
"c:TelemetryLevel",
"r:WindowsMixedReality",
"v:WuClientVer",
"p:DucPublisherId",
"p:DucDeviceModelId",
"p:DucOemPartnerRing",
"p:DucCustomPackageId"
],
"_WU_FB": [
"u:BranchReadinessLevel",
"u:DeferQualityUpdatePeriodInDays",
"u:DeferFeatureUpdatePeriodInDays",
"r:PausedFeatureStatus",
"r:PausedQualityStatus"
],
"WU_OS": [
"+_WU_OS_CORE",
"+_WU_FB"
],
"_WU_OS_CORE": [
"+_WU_COMMON",
"+_WU_AV",
"r:AhnLabKeyboard",
"a:Bios",
"r:BlockFeatureUpdates",
"c:CommercialId",
"a:DataVer_RS5",
"r:DisconnectedStandby",
"r:DchuNvidiaGrfxExists",
"r:DchuNvidiaGrfxVen",
"r:DchuIntelGrfxExists",
"r:DchuIntelGrfxVen",
"r:DchuAmdGrfxExists",
"r:DchuAmdGrfxVen",
"c:FirmwareVersion",
"a:Free",
"a:GStatus_RS3",
"a:GStatus_RS4",
"a:GStatus_RS5",
"r:HidOverGattReg",
"r:InstallDate",
"c:IsDeviceRetailDemo",
"c:IsPortableOperatingSystem",
"IsVM",
"c:OEMModelBaseBoard",
"r:OobeSeeker",
"r:OSRollbackBuild",
"r:OSRollbackCount",
"r:OSRollbackDate",
"PhoneTargetingName",
"r:PonchAllow",
"r:PonchBlock",
"c:ProcessorIdentifier",
"r:RecoveredFromBuild",
"r:RecoveredOnDate",
"r:Steam",
"v:TobiiVer",
"v:TrendMicroVer",
"r:UninstallActive",
"l:UpdateManagementGroup",
"a:UpgEx_RS3",
"a:UpgEx_RS4",
"a:UpgEx_RS5",
"a:Version_RS5",
"r:DisableWUfBOfferBlock",
"a:UpgEx_19H1",
"a:SdbVer_19H1",
"a:GStatus_19H1",
"a:GStatus_19H1Setup",
"a:TimestampEpochString_19H1Setup",
"a:GenTelRunTimestamp_19H1",
"a:DataExpDateEpoch_19H1",
"r:EnableWUfBUpgradeGates",
"r:GStatusBlockIDs_All",
"TimestampDelta_19H1Subtract19H1Setup",
"DataExpDateDelta_19H1Subtract19H1Setup",
"a:DataExpDateEpoch_19H1Setup",
"a:TimestampEpochString_19H1",
"r:IsContainerMgrInstalled",
"r:IsWDAGEnabled",
"r:MTPTargetingInfo",
"r:EKB19H2InstallCount",
"r:EKB19H2UnInstallCount",
"r:EKB19H2InstallTimeEpoch",
"r:EKB19H2UnInstallTimeEpoch",
"r:BlockEdgeWithChromiumUpdate",
"r:IsWDATPEnabled",
"r:IsAutopilotRegistered",
"r:EdgeWithChromiumInstallVersion",
"r:EdgeWithChromiumInstallFailureCount",
"r:IsEdgeWithChromiumInstalled"
],
"_WU_PTI": [
"c:FrontFacingCameraResolution",
"c:RearFacingCameraResolution",
"c:TotalPhysicalRAM",
"c:NFCProximity",
"c:Magnetometer",
"c:Gyroscope",
"c:D3DMaxFeatureLevel",
"c:InternalPrimaryDisplayResolutionHorizontal",
"c:InternalPrimaryDisplayResolutionVetical"
],
"WU_STORE": [
"+_WU_COMMON",
"r:AppChannels",
"r:AppRMIDs",
"u:BranchReadinessLevel"
]
},
"Required": [
"App",
"AppVer",
"AttrDataVer"
],
"Aliases": {
"ChassisTypeId": "c:ChassisType",
"DataExpDateDelta_19H1Subtract19H1Setup": "a:DataExpDateEpoch_19H1_Subtract_DataExpDateEpoch_19H1Setup",
"deviceClass": "t:DeviceFamily",
"deviceId": "t:LocalDeviceID",
"DeviceId": "t:LocalDeviceID",
"expId": "c:FlightIds",
"FlightRing": "f:FlightRing",
"IsVM": "a:ISVM",
"locale": "c:OSUILocale",
"ms": "t:IsMsftOwned",
"OEMModel": "c:OEMModelNumber",
"OEMName_Uncleaned": "c:OEMManufacturerName",
"osVer": "t:OSVersionFull",
"OSVersionFull": "t:OSVersionFull",
"PhoneTargetingName": "c:OEMModelName",
"ring": "f:FlightRing",
"sampleId": "t:PopVal",
"sku": "t:OSSkuId",
"TimestampDelta_19H1Subtract19H1Setup": "a:TimestampEpochString_19H1_Subtract_TimestampEpochString_19H1Setup"
},
"Fallback": {
"r:AvastBlackScreen": "r:AvgBlackScreen",
"a:Bios": "a:Bios_RS3",
"a:Bios_RS3": "a:Bios_RS4",
"a:Bios_RS4": "a:Bios_RS5",
"r:BlockFeatureUpdates": "r:BlockWUUpgrades",
"r:BlockWUUpgrades": "r:BlockWUUpgradesWow",
"r:BuildFID": "r:BuildFID_WCOS",
"r:BuildFID_WCOS": "r:BuildFID_WCOS2",
"r:DchuAmdGrfxVen": "r:DchuAmdGrfxVen2",
"r:DchuAmdGrfxVen2": "r:DchuAmdGrfxDeletePending",
"r:DchuIntelGrfxVen": "r:DchuIntelGrfxVen2",
"r:DchuIntelGrfxVen2": "r:DchuIntelGrfxDeletePending",
"r:DchuNvidiaGrfxVen": "r:DchuNvidiaGrfxVen2",
"r:DchuNvidiaGrfxVen2": "r:DchuNvidiaGrfxDeletePending",
"r:DriverPartnerRing": "r:OSDataDriverPartnerRing",
"r:EdgeWithChromiumInstallFailureCount": "r:EdgeWithChromiumInstallFailureCountWow",
"r:EdgeWithChromiumInstallVersion": "r:EdgeWithChromiumInstallVersionWow",
"f:FlightingBranchName": "c:FlightingBranchName",
"a:Free": "a:Free_RS3",
"a:Free_RS3": "a:Free_RS4",
"a:Free_RS4": "a:Free_RS5",
"HoloLens": "r:WindowsMixedReality",
"r:IsEdgeWithChromiumInstalled": "r:IsEdgeWithChromiumInstalledWow",
"a:ISVM": "a:ISVM_RS3",
"a:ISVM_RS3": "a:ISVM_RS4",
"a:ISVM_RS4": "a:ISVM_RS5",
"c:OEMModelBaseBoard": "r:OEMModelBaseBoard",
"r:PonchAllow": "r:PonchAllowKey",
"r:PonchAllowKey": "r:PonchAllowWow",
"r:PonchAllowWow": "r:PonchAllowWowKey",
"v:SymantecVer": "v:SymantecVer64",
"v:TobiiVer": "v:TobiiVerx86",
"v:TobiiVerx86": "v:TobiiVer1x86"
},
"Transform": {
"IsDomainJoined": {
"Ignore": [
"0"
]
},
"IsHybridOrXGpu": {
"Ignore": [
"0"
]
},
"IsMsftOwned": {
"Ignore": [
"0"
]
},
"IsPortableOperatingSystem": {
"Ignore": [
"0"
]
},
"IsTestLab": {
"Ignore": [
"0"
]
},
"IsVM": {
"Ignore": [
"0"
]
},
"OEMModel": {
"SubLength": 100
},
"OEMName_Uncleaned": {
"SubLength": 100
},
"PausedFeatureStatus": {
"Ignore": [
"0"
]
},
"PausedQualityStatus": {
"Ignore": [
"0"
]
},
"SMode": {
"Ignore": [
"0"
]
}
},
"Registry": {
"ActiveHoursEnd": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\WindowsUpdate\\UX\\Settings",
"ValueName": "ActiveHoursEnd",
"RegValueType": "REG_DWORD"
},
"ActiveHoursStart": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\WindowsUpdate\\UX\\Settings",
"ValueName": "ActiveHoursStart",
"RegValueType": "REG_DWORD"
},
"AhnLabKeyboard": {
"FullPath": "SYSTEM\\CurrentControlSet\\Services\\Mkd2kfNt",
"ValueName": "NbTpMsExist"
},
"AppChannels": {
"FullPath": "SOFTWARE\\Policies\\Microsoft\\WindowsStore\\Apps\\*",
"ValueName": "ChannelId",
"EncodingType": "Json"
},
"AppRMIDs": {
"FullPath": "SOFTWARE\\Policies\\Microsoft\\WindowsStore\\Apps\\*",
"ValueName": "ReleaseManagementId",
"EncodingType": "Json"
},
"AvastBlackScreen": {
"FullPath": "SYSTEM\\CurrentControlSet\\Services\\aswVmm\\Parameters",
"ValueName": "Win10-1803"
},
"AvastReg": {
"FullPath": "SYSTEM\\CurrentControlSet\\Services\\aswVmm\\Parameters",
"ValueName": "QualityCompat"
},
"AvgBlackScreen": {
"FullPath": "SYSTEM\\CurrentControlSet\\Services\\avgVmm\\Parameters",
"ValueName": "Win10-1803"
},
"AvgReg": {
"FullPath": "SYSTEM\\CurrentControlSet\\Services\\avgVmm\\Parameters",
"ValueName": "QualityCompat"
},
"BlockEdgeWithChromiumUpdate": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\EdgeUpdate",
"ValueName": "DoNotUpdateToEdgeWithChromium",
"RegValueType": "REG_DWORD"
},
"BlockFeatureUpdates": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WindowsUpdate\\OSUpgrade",
"ValueName": "BlockFeatureUpdates",
"RegValueType": "REG_DWORD"
},
"BlockWUUpgrades": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows10Upgrader\\Volatile",
"ValueName": "BlockWUUpgrades",
"RegValueType": "REG_DWORD"
},
"BlockWUUpgradesWow": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\WOW6432Node\\Microsoft\\Windows10Upgrader\\Volatile",
"ValueName": "BlockWUUpgrades",
"RegValueType": "REG_DWORD"
},
"BuildFID": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "Software\\Microsoft\\Windows\\CurrentVersion\\Flighting\\Build",
"ValueName": "EsdFlightData",
"RegValueType": "REG_SZ"
},
"BuildFID_WCOS": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "OSDATA\\Software\\Microsoft\\Windows\\CurrentVersion\\Flighting\\Build",
"ValueName": "EsdFlightData",
"RegValueType": "REG_SZ"
},
"BuildFID_WCOS2": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "OSDATA\\Microsoft\\Windows\\CurrentVersion\\Flighting\\Build",
"ValueName": "EsdFlightData",
"RegValueType": "REG_SZ"
},
"CurrentBranch": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion",
"ValueName": "BuildBranch",
"RegValueType": "REG_SZ"
},
"DaysSince19H1FUOffer": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\rempl\\irplugin",
"ValueName": "DaysSinceLastOffer",
"RegValueType": "REG_QWORD"
},
"DchuAmdGrfxDeletePending": {
"FullPath": "SYSTEM\\CurrentControlSet\\Services\\amdkmdap",
"ValueName": "DriverDelete"
},
"DchuAmdGrfxExists": {
"FullPath": "SYSTEM\\CurrentControlSet\\Services\\amdkmdap",
"IfExists": true
},
"DchuAmdGrfxVen": {
"FullPath": "SYSTEM\\CurrentControlSet\\Services\\amdkmdap",
"ValueName": "DCHUVen"
},
"DchuAmdGrfxVen2": {
"FullPath": "SYSTEM\\CurrentControlSet\\Services\\amdkmdap\\Parameters",
"ValueName": "DCHUVen"
},
"DchuIntelGrfxDeletePending": {
"FullPath": "SYSTEM\\CurrentControlSet\\Services\\igfx",
"ValueName": "DriverDelete"
},
"DchuIntelGrfxExists": {
"FullPath": "SYSTEM\\CurrentControlSet\\Services\\igfx",
"IfExists": true
},
"DchuIntelGrfxVen": {
"FullPath": "SYSTEM\\CurrentControlSet\\Services\\igfx",
"ValueName": "DCHUVen"
},
"DchuIntelGrfxVen2": {
"FullPath": "SYSTEM\\CurrentControlSet\\Services\\igfx\\Parameters",
"ValueName": "DCHUVen"
},
"DchuNvidiaGrfxDeletePending": {
"FullPath": "SYSTEM\\CurrentControlSet\\Services\\nvlddmkm",
"ValueName": "DriverDelete"
},
"DchuNvidiaGrfxExists": {
"FullPath": "SYSTEM\\CurrentControlSet\\Services\\nvlddmkm",
"IfExists": true
},
"DchuNvidiaGrfxVen": {
"FullPath": "SYSTEM\\CurrentControlSet\\Services\\nvlddmkm",
"ValueName": "DCHUVen"
},
"DchuNvidiaGrfxVen2": {
"FullPath": "SYSTEM\\CurrentControlSet\\Services\\nvlddmkm\\Parameters",
"ValueName": "DCHUVen"
},
"DefaultUserRegion": {
"HKey": "HKEY_USERS",
"FullPath": ".DEFAULT\\Control Panel\\International\\Geo",
"ValueName": "Nation",
"RegValueType": "REG_SZ"
},
"DisableWUfBOfferBlock": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\WindowsUpdate\\UpdatePolicy\\Settings",
"ValueName": "DisableWUfBOfferBlock",
"RegValueType": "REG_DWORD"
},
"DisconnectedStandby": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SYSTEM\\CurrentControlSet\\Control\\Power",
"ValueName": "EnforceDisconnectedStandby",
"RegValueType": "REG_DWORD"
},
"DriverPartnerRing": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\DriverFlighting\\Partner",
"ValueName": "TargetRing",
"RegValueType": "REG_SZ"
},
"DUInternal": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SYSTEM\\Setup\\MoSetup",
"ValueName": "DynamicUpdateInternalTest",
"RegValueType": "REG_DWORD"
},
"EdgeWithChromiumInstallFailureCount": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\EdgeUpdate",
"ValueName": "WindowsUpdateAttempts"
},
"EdgeWithChromiumInstallFailureCountWow": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Wow6432Node\\Microsoft\\EdgeUpdate",
"ValueName": "WindowsUpdateAttempts"
},
"EdgeWithChromiumInstallVersion": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\EdgeUpdate",
"ValueName": "WindowsUpdateVersion"
},
"EdgeWithChromiumInstallVersionWow": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Wow6432Node\\Microsoft\\EdgeUpdate",
"ValueName": "WindowsUpdateVersion"
},
"EKB19H2InstallCount": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SYSTEM\\Setup\\FeatureStaging\\20455539\\2",
"ValueName": "Count"
},
"EKB19H2InstallTimeEpoch": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SYSTEM\\Setup\\FeatureStaging\\20455539\\2",
"ValueName": "Timestamp"
},
"EKB19H2UnInstallCount": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SYSTEM\\Setup\\FeatureStaging\\20455539\\0",
"ValueName": "Count"
},
"EKB19H2UnInstallTimeEpoch": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SYSTEM\\Setup\\FeatureStaging\\20455539\\0",
"ValueName": "Timestamp"
},
"EnableWUfBUpgradeGates": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "Software\\Microsoft\\Windows NT\\CurrentVersion\\502505fe-762c-4e80-911e-0c3fa4c63fb0",
"ValueName": "DataRequireGatedScanForFeatureUpdates",
"RegValueType": "REG_DWORD"
},
"EsetReg": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SYSTEM\\CurrentControlSet\\Services\\ehdrv\\Parameters",
"ValueName": "WindowsCompatibilityLevel",
"RegValueType": "REG_DWORD"
},
"FlightContent": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\WindowsSelfHost\\Applicability",
"ValueName": "ContentType",
"RegValueType": "REG_SZ"
},
"GStatusBlockIDs_All": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags\\Appraiser\\GWX",
"ValueName": "SdbEntries",
"RegValueType": "REG_SZ"
},
"HidOverGattReg": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\PnpLockdownFiles\\%SystemRoot%/System32/drivers/UMDF/Microsoft.Bluetooth.Profiles.HidOverGatt.dll",
"ValueName": "Source",
"RegValueType": "REG_SZ"
},
"InstallDate": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion",
"ValueName": "InstallDate",
"RegValueType": "REG_DWORD"
},
"IsAutopilotRegistered": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Provisioning\\AutopilotPolicyCache",
"ValueName": "ProfileAvailable",
"RegValueType": "REG_DWORD"
},
"IsFlightingEnabled": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\WindowsSelfHost\\Applicability",
"ValueName": "IsBuildFlightingEnabled",
"RegValueType": "REG_DWORD"
},
"IsContainerMgrInstalled": {
"FullPath": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Containers\\CmService",
"IfExists": true
},
"IsEdgeWithChromiumInstalled": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\EdgeUpdate\\Clients\\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}",
"IfExists": true
},
"IsEdgeWithChromiumInstalledWow": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Wow6432Node\\Microsoft\\EdgeUpdate\\Clients\\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}",
"IfExists": true
},
"IsHybridOrXGpu": {
"FullPath": "SOFTWARE\\Microsoft\\DirectX",
"ValueName": "HybridDeviceApplicableForDxDbGpuPreferences"
},
"IsWDAGEnabled": {
"FullPath": "SYSTEM\\ControlSet001\\Services\\hvsics",
"IfExists": true
},
"IsWDATPEnabled": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows Advanced Threat Protection\\Status",
"ValueName": "OnboardingState"
},
"KasperskyReg": {
"FullPath": "System\\CurrentControlSet\\Services\\klhk\\Parameters",
"ValueName": "UseVtHardware"
},
"MTPTargetingInfo": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SYSTEM\\Platform\\MTPTargetingInfo",
"ValueName": "TargetRing"
},
"OEMModelBaseBoard": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "HARDWARE\\DESCRIPTION\\System\\BIOS",
"ValueName": "BaseBoardProduct",
"RegValueType": "REG_SZ"
},
"OemPartnerRing": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SYSTEM\\Platform\\DeviceTargetingInfo",
"ValueName": "TargetRing",
"RegValueType": "REG_SZ"
},
"OobeSeeker": {
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\OOBE\\Updates",
"ValueName": "OOBEUpdateStarted"
},
"OSDataDriverPartnerRing": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "OSData\\SOFTWARE\\Microsoft\\DriverFlighting\\Partner",
"ValueName": "TargetRing",
"RegValueType": "REG_SZ"
},
"OSRollbackBuild": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WindowsUpdate\\OSUpgrade\\Rollback",
"ValueName": "BuildString",
"RegValueType": "REG_SZ"
},
"OSRollbackCount": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WindowsUpdate\\OSUpgrade\\Rollback",
"ValueName": "Count",
"RegValueType": "REG_DWORD"
},
"OSRollbackDate": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WindowsUpdate\\OSUpgrade\\Rollback",
"ValueName": "DateStamp",
"RegValueType": "REG_DWORD"
},
"PausedFeatureStatus": {
"FullPath": "SOFTWARE\\Microsoft\\WindowsUpdate\\UpdatePolicy\\Settings",
"ValueName": "PausedFeatureStatus"
},
"PausedQualityStatus": {
"FullPath": "SOFTWARE\\Microsoft\\WindowsUpdate\\UpdatePolicy\\Settings",
"ValueName": "PausedQualityStatus"
},
"PonchAllow": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\QualityCompat",
"ValueName": "cadca5fe-87d3-4b96-b7fb-a231484277cc",
"RegValueType": "REG_DWORD"
},
"PonchAllowKey": {
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\QualityCompat\\cadca5fe-87d3-4b96-b7fb-a231484277cc",
"IfExists": true
},
"PonchAllowWow": {
"FullPath": "SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\QualityCompat",
"ValueName": "cadca5fe-87d3-4b96-b7fb-a231484277cc"
},
"PonchAllowWowKey": {
"FullPath": "SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\QualityCompat\\cadca5fe-87d3-4b96-b7fb-a231484277cc",
"IfExists": true
},
"PonchBlock": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\QualityCompat",
"ValueName": "65d75b03-6f4d-46e9-b870-517731e06cf9",
"RegValueType": "REG_DWORD"
},
"PreviewBuildsManagerEnabled": {
"FullPath": "SOFTWARE\\Microsoft\\WindowsSelfhost\\Manager",
"ValueName": "ArePreviewBuildsAllowed"
},
"RecoveredFromBuild": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "Software\\Microsoft\\WindowsSelfHost\\Applicability\\RecoveredFrom",
"ValueName": "LastBuild",
"RegValueType": "REG_DWORD"
},
"RecoveredOnDate": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "Software\\Microsoft\\WindowsSelfHost\\Applicability\\RecoveredFrom",
"ValueName": "DateStamp",
"RegValueType": "REG_DWORD"
},
"ReleaseType": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Update\\TargetingInfo",
"ValueName": "ReleaseType",
"RegValueType": "REG_SZ"
},
"SmartActiveHoursState": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\WindowsUpdate\\UX\\Settings",
"ValueName": "SmartActiveHoursState",
"RegValueType": "REG_DWORD"
},
"Steam": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Classes\\Steam",
"ValueName": "",
"RegValueType": "REG_SZ"
},
"TencentReg": {
"FullPath": "SYSTEM\\CurrentControlSet\\services\\TesSafe",
"ValueName": "LoadStartTime"
},
"TencentType": {
"FullPath": "SYSTEM\\CurrentControlSet\\services\\TesSafe",
"ValueName": "Type"
},
"UninstallActive": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "System\\Setup",
"ValueName": "UninstallActive",
"RegValueType": "REG_DWORD"
},
"WindowsMixedReality": {
"HKey": "HKEY_LOCAL_MACHINE",
"FullPath": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\WUDF\\Services\\HoloLensSensors",
"ValueName": "WdfMajorVersion",
"RegValueType": "REG_DWORD"
}
},
"FileInfo": {
"AvastVer": {
"Path": "\\system32\\Drivers\\aswVmm.sys",
"FolderGuid": "{F38BF404-1D43-42F2-9305-67DE0B28FC23}"
},
"AvgVer": {
"Path": "\\system32\\Drivers\\avgVmm.sys",
"FolderGuid": "{F38BF404-1D43-42F2-9305-67DE0B28FC23}"
},
"CortanaAppVer": {
"Path": "\\WindowsApps\\Microsoft.549981C3F5F10_8wekyb3d8bbwe\\CortanaApp.View.exe",
"FolderGuid": "{905E63B6-C1BF-494E-B29C-65B732D3D21A}"
},
"CortanaAppVerTest": {
"Path": "\\WindowsApps\\3242f7d9-db60-4380-a379-4205ea768bfc_1.0.0.0_x64__zs4v8rx04ex0m\\UndockingTestApp.exe",
"FolderGuid": "{905E63B6-C1BF-494E-B29C-65B732D3D21A}"
},
"EsetVer": {
"Path": "\\drivers\\ehdrv.sys",
"FolderGuid": "{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}"
},
"KasperskyVer": {
"Path": "\\system32\\Drivers\\klhk.sys",
"FolderGuid": "{F38BF404-1D43-42F2-9305-67DE0B28FC23}"
},
"SkypeRoomSystem": {
"Path": "%systemdrive%\\Recovery\\OEM\\$oem$\\$1\\Rigel\\x64\\Scripts\\Provisioning\\AutoUnattend.xml",
"IfExists": true
},
"SymantecVer": {
"Path": "\\Symantec\\Shared\\EENGINE\\eeCtrl.sys",
"FolderGuid": "{DE974D24-D9C6-4D3E-BF91-F4455120B917}"
},
"SymantecVer64": {
"Path": "\\Symantec\\Shared\\EENGINE\\eeCtrl64.sys",
"FolderGuid": "{DE974D24-D9C6-4D3E-BF91-F4455120B917}"
},
"TobiiVer": {
"Path": "\\Tobii\\Tobii EyeX Interaction\\Tobii.EyeX.Interaction.exe",
"FolderGuid": "{905E63B6-C1BF-494E-B29C-65B732D3D21A}"
},
"TobiiVer1x86": {
"Path": "\\Tobii\\tobii EyeX Interaction\\Tobii.EyeX.Interaction.exe",
"FolderGuid": "{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}"
},
"TobiiVerx86": {
"Path": "\\tobii EyeX Interaction\\Tobii.EyeX.Interaction.exe",
"FolderGuid": "{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}"
},
"TrendMicroVer": {
"Path": "\\drivers\\TMUMH.sys",
"FolderGuid": "{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}"
},
"WuClientVer": {
"Path": "\\system32\\wuaueng.dll",
"FolderGuid": "{F38BF404-1D43-42F2-9305-67DE0B28FC23}"
}
},
"Licensing": {
"UpdateManagementGroup": {
"Name": "UpdatePolicy-UpdateManagementGroup"
}
},
"Policy": {
"DucCustomPackageId": {
"LocUri": "./Device/Vendor/MSFT/DeviceUpdateCenter/Enrollment/CustomPackageId"
},
"DucDeviceModelId": {
"LocUri": "./Device/Vendor/MSFT/DeviceUpdateCenter/Enrollment/DeviceModelId"
},
"DucOemPartnerRing": {
"LocUri": "./Device/Vendor/MSFT/DeviceUpdateCenter/Enrollment/OemPartnerRing"
},
"DucPublisherId": {
"LocUri": "./Device/Vendor/MSFT/DeviceUpdateCenter/Enrollment/PublisherId"
}
},
"UpdatePolicy": {
"BranchReadinessLevel": {
"PolicyEnum": 5,
"Enterprise": true
},
"BranchReadinessLevelSource": {
"PolicyEnum": 5,
"Enterprise": true,
"UseSource": true
},
"DeferFeatureUpdatePeriodInDays": {
"PolicyEnum": 9,
"Enterprise": true
},
"DeferQualityUpdatePeriodInDays": {
"PolicyEnum": 7,
"Enterprise": true
},
"DisableDualScan": {
"PolicyEnum": 42,
"Enterprise": true
},
"UpdateServiceUrl": {
"PolicyEnum": 12
}
}
}"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Chromium]
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Chromium\Update]
"path"="C:\Program Files (x86)\Chromium\Update\ChromiumUpdate.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Chromium\Update]
"UninstallCmdLine"=""C:\Program Files (x86)\Chromium\Update\ChromiumUpdate.exe" "
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Chromium\Update\Clients\{4631A031-6CF1-40FA-8096-F515E357E055}]
"name"="Chromium Update"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2D38058A-29DC-4608-B481-DDF3748F0B10}]
"AppName"="ChromiumUpdateWebPlugin.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2D38058A-29DC-4608-B481-DDF3748F0B10}]
"AppPath"="C:\Program Files (x86)\Chromium\Update\1.3.99.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D57D808A-EC29-43C7-A9ED-F0B6CB8E7D84}]
"AppName"="ChromiumUpdateBroker.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D57D808A-EC29-43C7-A9ED-F0B6CB8E7D84}]
"AppPath"="C:\Program Files (x86)\Chromium\Update\1.3.99.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}]
"InstallSource"="C:\Program Files (x86)\Chromium\Update\1.3.99.0\"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ChromiumUpdate.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\MozillaPlugins\@chbrowserupdate.com/Chromium Update;version=3]
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\MozillaPlugins\@chbrowserupdate.com/Chromium Update;version=3]
"Path"="C:\Program Files (x86)\Chromium\Update\1.3.99.0\npChromiumUpdate3.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\MozillaPlugins\@chbrowserupdate.com/Chromium Update;version=3]
"Description"="Chromium Update"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\MozillaPlugins\@chbrowserupdate.com/Chromium Update;version=3]
"ProductName"="Chromium Update"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\MozillaPlugins\@chbrowserupdate.com/Chromium Update;version=3]
"Vendor"="Chromium."
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\MozillaPlugins\@chbrowserupdate.com/Chromium Update;version=9]
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\MozillaPlugins\@chbrowserupdate.com/Chromium Update;version=9]
"Path"="C:\Program Files (x86)\Chromium\Update\1.3.99.0\npChromiumUpdate3.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\MozillaPlugins\@chbrowserupdate.com/Chromium Update;version=9]
"Description"="Chromium Update"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\MozillaPlugins\@chbrowserupdate.com/Chromium Update;version=9]
"ProductName"="Chromium Update"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\MozillaPlugins\@chbrowserupdate.com/Chromium Update;version=9]
"Vendor"="Chromium."
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam\State\UserSettings\S-1-5-21-1350030688-3982378959-1933083795-1001]
"\Device\HarddiskVolume4\Users\wling\AppData\Local\chromium\Application\chrome.exe"="0xFF2D50598BC8D50100000000000000000000000002000000"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{489C3DFC-B661-46FC-9DFD-201F02C3C2B9}"="v2.30|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=5353|App=C:\Users\wling\AppData\Local\Chromium\Application\chrome.exe|Name=Chromium (mDNS-In)|Desc=Inbound rule for Chromium to allow mDNS traffic.|EmbedCtxt=Chromium|"
[HKEY_USERS\S-1-5-21-1350030688-3982378959-1933083795-1001\Software\Chromium]
[HKEY_USERS\S-1-5-21-1350030688-3982378959-1933083795-1001\Software\Chromium]
"UninstallString"="C:\Users\wling\AppData\Local\Chromium\Application\63.0.3235.0\Installer\setup.exe"
[HKEY_USERS\S-1-5-21-1350030688-3982378959-1933083795-1001\Software\Chromium]
"name"="Chromium"
[HKEY_USERS\S-1-5-21-1350030688-3982378959-1933083795-1001\Software\Chromium]
"InstallerSuccessLaunchCmdLine"=""C:\Users\wling\AppData\Local\Chromium\Application\chrome.exe""
[HKEY_USERS\S-1-5-21-1350030688-3982378959-1933083795-1001\Software\Chromium\Commands\on-os-upgrade]
"CommandLine"=""C:\Users\wling\AppData\Local\Chromium\Application\63.0.3235.0\Installer\setup.exe" --on-os-upgrade --verbose-logging"
[HKEY_USERS\S-1-5-21-1350030688-3982378959-1933083795-1001\Software\Chromium\Update\Clients\{026492D3-2D2F-48EB-AFA6-F8108FC41DEA}]
"name"="Chromium"
[HKEY_USERS\S-1-5-21-1350030688-3982378959-1933083795-1001\Software\Clients\StartMenuInternet\Chromium.W2AHQLOLJBJMZAESKDCQ4HVPHI]
[HKEY_USERS\S-1-5-21-1350030688-3982378959-1933083795-1001\Software\Clients\StartMenuInternet\Chromium.W2AHQLOLJBJMZAESKDCQ4HVPHI]
""="Chromium"
[HKEY_USERS\S-1-5-21-1350030688-3982378959-1933083795-1001\Software\Clients\StartMenuInternet\Chromium.W2AHQLOLJBJMZAESKDCQ4HVPHI\Capabilities]
"ApplicationDescription"="Chromium is a web browser that runs webpages and applications with lightning speed. It's fast, stable, and easy to use. Browse the web more safely with malware and phishing protection built into Chromium."
[HKEY_USERS\S-1-5-21-1350030688-3982378959-1933083795-1001\Software\Clients\StartMenuInternet\Chromium.W2AHQLOLJBJMZAESKDCQ4HVPHI\Capabilities]
"ApplicationIcon"="C:\Users\wling\AppData\Local\Chromium\Application\chrome.exe,0"
[HKEY_USERS\S-1-5-21-1350030688-3982378959-1933083795-1001\Software\Clients\StartMenuInternet\Chromium.W2AHQLOLJBJMZAESKDCQ4HVPHI\Capabilities]
"ApplicationName"="Chromium"
[HKEY_USERS\S-1-5-21-1350030688-3982378959-1933083795-1001\Software\Clients\StartMenuInternet\Chromium.W2AHQLOLJBJMZAESKDCQ4HVPHI\Capabilities\FileAssociations]
".htm"="ChromiumHTM.W2AHQLOLJBJMZAESKDCQ4HVPHI"
[HKEY_USERS\S-1-5-21-1350030688-3982378959-1933083795-1001\Software\Clients\StartMenuInternet\Chromium.W2AHQLOLJBJMZAESKDCQ4HVPHI\Capabilities\FileAssociations]
".html"="ChromiumHTM.W2AHQLOLJBJMZAESKDCQ4HVPHI"
[HKEY_USERS\S-1-5-21-1350030688-3982378959-1933083795-1001\Software\Clients\StartMenuInternet\Chromium.W2AHQLOLJBJMZAESKDCQ4HVPHI\Capabilities\FileAssociations]
".pdf"="ChromiumHTM.W2AHQLOLJBJMZAESKDCQ4HVPHI"
[HKEY_USERS\S-1-5-21-1350030688-3982378959-1933083795-1001\Software\Clients\StartMenuInternet\Chromium.W2AHQLOLJBJMZAESKDCQ4HVPHI\Capabilities\FileAssociations]
".shtml"="ChromiumHTM.W2AHQLOLJBJMZAESKDCQ4HVPHI"
[HKEY_USERS\S-1-5-21-1350030688-3982378959-1933083795-1001\Software\Clients\StartMenuInternet\Chromium.W2AHQLOLJBJMZAESKDCQ4HVPHI\Capabilities\FileAssociations]
".svg"="ChromiumHTM.W2AHQLOLJBJMZAESKDCQ4HVPHI"
[HKEY_USERS\S-1-5-21-1350030688-3982378959-1933083795-1001\Software\Clients\StartMenuInternet\Chromium.W2AHQLOLJBJMZAESKDCQ4HVPHI\Capabilities\FileAssociations]
".xht"="ChromiumHTM.W2AHQLOLJBJMZAESKDCQ4HVPHI"
[HKEY_USERS\S-1-5-21-1350030688-3982378959-1933083795-1001\Software\Clients\StartMenuInternet\Chromium.W2AHQLOLJBJMZAESKDCQ4HVPHI\Capabilities\FileAssociations]
".xhtml"="ChromiumHTM.W2AHQLOLJBJMZAESKDCQ4HVPHI"
[HKEY_USERS\S-1-5-21-1350030688-3982378959-1933083795-1001\Software\Clients\StartMenuInternet\Chromium.W2AHQLOLJBJMZAESKDCQ4HVPHI\Capabilities\FileAssociations]
".webp"="ChromiumHTM.W2AHQLOLJBJMZAESKDCQ4HVPHI"
[HKEY_USERS\S-1-5-21-1350030688-3982378959-1933083795-1001\Software\Clients\StartMenuInternet\Chromium.W2AHQLOLJBJMZAESKDCQ4HVPHI\Capabilities\Startmenu]
"StartMenuInternet"="Chromium.W2AHQLOLJBJMZAESKDCQ4HVPHI"
[HKEY_USERS\S-1-5-21-1350030688-3982378959-1933083795-1001\Software\Clients\StartMenuInternet\Chromium.W2AHQLOLJBJMZAESKDCQ4HVPHI\Capabilities\URLAssociations]
"ftp"="ChromiumHTM.W2AHQLOLJBJMZAESKDCQ4HVPHI"
[HKEY_USERS\S-1-5-21-1350030688-3982378959-1933083795-1001\Software\Clients\StartMenuInternet\Chromium.W2AHQLOLJBJMZAESKDCQ4HVPHI\Capabilities\URLAssociations]
"http"="ChromiumHTM.W2AHQLOLJBJMZAESKDCQ4HVPHI"
[HKEY_USERS\S-1-5-21-1350030688-3982378959-1933083795-1001\Software\Clients\StartMenuInternet\Chromium.W2AHQLOLJBJMZAESKDCQ4HVPHI\Capabilities\URLAssociations]
"https"="ChromiumHTM.W2AHQLOLJBJMZAESKDCQ4HVPHI"
[HKEY_USERS\S-1-5-21-1350030688-3982378959-1933083795-1001\Software\Clients\StartMenuInternet\Chromium.W2AHQLOLJBJMZAESKDCQ4HVPHI\Capabilities\URLAssociations]
"irc"="ChromiumHTM.W2AHQLOLJBJMZAESKDCQ4HVPHI"
[HKEY_USERS\S-1-5-21-1350030688-3982378959-1933083795-1001\Software\Clients\StartMenuInternet\Chromium.W2AHQLOLJBJMZAESKDCQ4HVPHI\Capabilities\URLAssociations]
"mailto"="ChromiumHTM.W2AHQLOLJBJMZAESKDCQ4HVPHI"
[HKEY_USERS\S-1-5-21-1350030688-3982378959-1933083795-1001\Software\Clients\StartMenuInternet\Chromium.W2AHQLOLJBJMZAESKDCQ4HVPHI\Capabilities\URLAssociations]
"mms"="ChromiumHTM.W2AHQLOLJBJMZAESKDCQ4HVPHI"
[HKEY_USERS\S-1-5-21-1350030688-3982378959-1933083795-1001\Software\Clients\StartMenuInternet\Chromium.W2AHQLOLJBJMZAESKDCQ4HVPHI\Capabilities\URLAssociations]
"news"="ChromiumHTM.W2AHQLOLJBJMZAESKDCQ4HVPHI"
[HKEY_USERS\S-1-5-21-1350030688-3982378959-1933083795-1001\Software\Clients\StartMenuInternet\Chromium.W2AHQLOLJBJMZAESKDCQ4HVPHI\Capabilities\URLAssociations]
"nntp"="ChromiumHTM.W2AHQLOLJBJMZAESKDCQ4HVPHI"
[HKEY_USERS\S-1-5-21-1350030688-3982378959-1933083795-1001\Software\Clients\StartMenuInternet\Chromium.W2AHQLOLJBJMZAESKDCQ4HVPHI\Capabilities\URLAssociations]
"sms"="ChromiumHTM.W2AHQLOLJBJMZAESKDCQ4HVPHI"
[HKEY_USERS\S-1-5-21-1350030688-3982378959-1933083795-1001\Software\Clients\StartMenuInternet\Chromium.W2AHQLOLJBJMZAESKDCQ4HVPHI\Capabilities\URLAssociations]
"smsto"="ChromiumHTM.W2AHQLOLJBJMZAESKDCQ4HVPHI"
[HKEY_USERS\S-1-5-21-1350030688-3982378959-1933083795-1001\Software\Clients\StartMenuInternet\Chromium.W2AHQLOLJBJMZAESKDCQ4HVPHI\Capabilities\URLAssociations]
"tel"="ChromiumHTM.W2AHQLOLJBJMZAESKDCQ4HVPHI"
[HKEY_USERS\S-1-5-21-1350030688-3982378959-1933083795-1001\Software\Clients\StartMenuInternet\Chromium.W2AHQLOLJBJMZAESKDCQ4HVPHI\Capabilities\URLAssociations]
"urn"="ChromiumHTM.W2AHQLOLJBJMZAESKDCQ4HVPHI"
[HKEY_USERS\S-1-5-21-1350030688-3982378959-1933083795-1001\Software\Clients\StartMenuInternet\Chromium.W2AHQLOLJBJMZAESKDCQ4HVPHI\Capabilities\URLAssociations]
"webcal"="ChromiumHTM.W2AHQLOLJBJMZAESKDCQ4HVPHI"
[HKEY_USERS\S-1-5-21-1350030688-3982378959-1933083795-1001\Software\Clients\StartMenuInternet\Chromium.W2AHQLOLJBJMZAESKDCQ4HVPHI\DefaultIcon]
""="C:\Users\wling\AppData\Local\Chromium\Application\chrome.exe,0"
[HKEY_USERS\S-1-5-21-1350030688-3982378959-1933083795-1001\Software\Clients\StartMenuInternet\Chromium.W2AHQLOLJBJMZAESKDCQ4HVPHI\InstallInfo]
"ReinstallCommand"=""C:\Users\wling\AppData\Local\Chromium\Application\chrome.exe" --make-default-browser"
[HKEY_USERS\S-1-5-21-1350030688-3982378959-1933083795-1001\Software\Clients\StartMenuInternet\Chromium.W2AHQLOLJBJMZAESKDCQ4HVPHI\InstallInfo]
"HideIconsCommand"=""C:\Users\wling\AppData\Local\Chromium\Application\chrome.exe" --hide-icons"
[HKEY_USERS\S-1-5-21-1350030688-3982378959-1933083795-1001\Software\Clients\StartMenuInternet\Chromium.W2AHQLOLJBJMZAESKDCQ4HVPHI\InstallInfo]
"ShowIconsCommand"=""C:\Users\wling\AppData\Local\Chromium\Application\chrome.exe" --show-icons"
[HKEY_USERS\S-1-5-21-1350030688-3982378959-1933083795-1001\Software\Clients\StartMenuInternet\Chromium.W2AHQLOLJBJMZAESKDCQ4HVPHI\shell\open\command]
""=""C:\Users\wling\AppData\Local\Chromium\Application\chrome.exe""
[HKEY_USERS\S-1-5-21-1350030688-3982378959-1933083795-1001\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\9887d78f_0]
""="{2}.\\?\usb#vid_1395&pid_003c&mi_00#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\global/00010004|\Device\HarddiskVolume4\Users\wling\AppData\Local\chromium\Application\chrome.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_USERS\S-1-5-21-1350030688-3982378959-1933083795-1001\Software\Microsoft\Windows\CurrentVersion\App Paths\chrome.exe]
""="C:\Users\wling\AppData\Local\Chromium\Application\chrome.exe"
[HKEY_USERS\S-1-5-21-1350030688-3982378959-1933083795-1001\Software\Microsoft\Windows\CurrentVersion\App Paths\chrome.exe]
"Path"="C:\Users\wling\AppData\Local\Chromium\Application"
[HKEY_USERS\S-1-5-21-1350030688-3982378959-1933083795-1001\Software\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts]
"ChromiumHTM.W2AHQLOLJBJMZAESKDCQ4HVPHI_.pdf"="0"
[HKEY_USERS\S-1-5-21-1350030688-3982378959-1933083795-1001\Software\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts]
"ChromiumHTM.W2AHQLOLJBJMZAESKDCQ4HVPHI_https"="0"
[HKEY_USERS\S-1-5-21-1350030688-3982378959-1933083795-1001\Software\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts]
"ChromiumHTM.W2AHQLOLJBJMZAESKDCQ4HVPHI_http"="0"
[HKEY_USERS\S-1-5-21-1350030688-3982378959-1933083795-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\AppBadgeUpdated]
"Chromium.W2AHQLOLJBJMZAESKDCQ4HVPHI"="40"
[HKEY_USERS\S-1-5-21-1350030688-3982378959-1933083795-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\AppLaunch]
"Chromium.W2AHQLOLJBJMZAESKDCQ4HVPHI"="17"
[HKEY_USERS\S-1-5-21-1350030688-3982378959-1933083795-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\AppSwitched]
"Chromium.W2AHQLOLJBJMZAESKDCQ4HVPHI"="24"
[HKEY_USERS\S-1-5-21-1350030688-3982378959-1933083795-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\ShowJumpView]
"Chromium.W2AHQLOLJBJMZAESKDCQ4HVPHI"="19"
[HKEY_USERS\S-1-5-21-1350030688-3982378959-1933083795-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run]
"Chromium"="0x020000000000000000000000"
[HKEY_USERS\S-1-5-21-1350030688-3982378959-1933083795-1001\Software\Microsoft\Windows\CurrentVersion\Run]
"Chromium"=""c:\users\wling\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session"
[HKEY_USERS\S-1-5-21-1350030688-3982378959-1933083795-1001\Software\Microsoft\Windows\CurrentVersion\Run]
"GoogleChromeAutoLaunch_C4B61FEEA98BBD94CB1805502B97E522"=""C:\Users\wling\AppData\Local\chromium\Application\chrome.exe" --no-startup-window /prefetch:5"
[HKEY_USERS\S-1-5-21-1350030688-3982378959-1933083795-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Users\wling\AppData\Local\chromium\Application\chrome.exe"="0x5341435001000000000000000700000028000000000440000000000001000000000000000000000A00210000631F6E6F0EDED4010000000000000000020000002800000000000000000000000000000000000000000000000000000067010000000000000F0000000F000000"
[HKEY_USERS\S-1-5-21-1350030688-3982378959-1933083795-1001\Software\RegisteredApplications]
"Chromium.W2AHQLOLJBJMZAESKDCQ4HVPHI"="Software\Clients\StartMenuInternet\Chromium.W2AHQLOLJBJMZAESKDCQ4HVPHI\Capabilities"
[HKEY_USERS\S-1-5-21-1350030688-3982378959-1933083795-1001\Software\Classes\.htm\OpenWithProgids]
"ChromiumHTM.W2AHQLOLJBJMZAESKDCQ4HVPHI"=""
[HKEY_USERS\S-1-5-21-1350030688-3982378959-1933083795-1001\Software\Classes\.html\OpenWithProgids]
"ChromiumHTM.W2AHQLOLJBJMZAESKDCQ4HVPHI"=""
[HKEY_USERS\S-1-5-21-1350030688-3982378959-1933083795-1001\Software\Classes\.pdf\OpenWithProgids]
"ChromiumHTM.W2AHQLOLJBJMZAESKDCQ4HVPHI"=""
[HKEY_USERS\S-1-5-21-1350030688-3982378959-1933083795-1001\Software\Classes\.shtml\OpenWithProgids]
"ChromiumHTM.W2AHQLOLJBJMZAESKDCQ4HVPHI"=""
[HKEY_USERS\S-1-5-21-1350030688-3982378959-1933083795-1001\Software\Classes\.svg\OpenWithProgids]
"ChromiumHTM.W2AHQLOLJBJMZAESKDCQ4HVPHI"=""
[HKEY_USERS\S-1-5-21-1350030688-3982378959-1933083795-1001\Software\Classes\.webp\OpenWithProgids]
"ChromiumHTM.W2AHQLOLJBJMZAESKDCQ4HVPHI"=""
[HKEY_USERS\S-1-5-21-1350030688-3982378959-1933083795-1001\Software\Classes\.xht\OpenWithProgids]
"ChromiumHTM.W2AHQLOLJBJMZAESKDCQ4HVPHI"=""
[HKEY_USERS\S-1-5-21-1350030688-3982378959-1933083795-1001\Software\Classes\.xhtml\OpenWithProgids]
"ChromiumHTM.W2AHQLOLJBJMZAESKDCQ4HVPHI"=""
[HKEY_USERS\S-1-5-21-1350030688-3982378959-1933083795-1001\Software\Classes\ChromiumHTM.W2AHQLOLJBJMZAESKDCQ4HVPHI]
[HKEY_USERS\S-1-5-21-1350030688-3982378959-1933083795-1001\Software\Classes\ChromiumHTM.W2AHQLOLJBJMZAESKDCQ4HVPHI]
""="Chromium HTML Document"
[HKEY_USERS\S-1-5-21-1350030688-3982378959-1933083795-1001\Software\Classes\ChromiumHTM.W2AHQLOLJBJMZAESKDCQ4HVPHI]
"AppUserModelId"="Chromium.W2AHQLOLJBJMZAESKDCQ4HVPHI"
[HKEY_USERS\S-1-5-21-1350030688-3982378959-1933083795-1001\Software\Classes\ChromiumHTM.W2AHQLOLJBJMZAESKDCQ4HVPHI\Application]
"AppUserModelId"="Chromium.W2AHQLOLJBJMZAESKDCQ4HVPHI"
[HKEY_USERS\S-1-5-21-1350030688-3982378959-1933083795-1001\Software\Classes\ChromiumHTM.W2AHQLOLJBJMZAESKDCQ4HVPHI\Application]
"ApplicationIcon"="C:\Users\wling\AppData\Local\Chromium\Application\chrome.exe,0"
[HKEY_USERS\S-1-5-21-1350030688-3982378959-1933083795-1001\Software\Classes\ChromiumHTM.W2AHQLOLJBJMZAESKDCQ4HVPHI\Application]
"ApplicationName"="Chromium"
[HKEY_USERS\S-1-5-21-1350030688-3982378959-1933083795-1001\Software\Classes\ChromiumHTM.W2AHQLOLJBJMZAESKDCQ4HVPHI\Application]
"ApplicationCompany"="Chromium"
[HKEY_USERS\S-1-5-21-1350030688-3982378959-1933083795-1001\Software\Classes\ChromiumHTM.W2AHQLOLJBJMZAESKDCQ4HVPHI\DefaultIcon]
""="C:\Users\wling\AppData\Local\Chromium\Application\chrome.exe,0"
[HKEY_USERS\S-1-5-21-1350030688-3982378959-1933083795-1001\Software\Classes\ChromiumHTM.W2AHQLOLJBJMZAESKDCQ4HVPHI\shell\open\command]
""=""C:\Users\wling\AppData\Local\Chromium\Application\chrome.exe" -- "%1""


====== End of Search ======
aiemgahd is offline  
Old 01-11-2020, 08:59 AM   #14
Registered Member
 
Join Date: Jul 2009
Posts: 33
OS: Windows 7



Here you go iconotev!
Attached Files
File Type: txt Search.txt (94.0 KB, 4 views)
aiemgahd is offline  
Old 01-12-2020, 09:25 AM   #15
Security Team
Moderator
 
Join Date: Jan 2011
Location: Bulgaria
Posts: 152
OS: win 10 Pro 1903



Hi ,aiemgahd ...!

Tweaking.com Registry Backup

  • Download Tweaking.com Registry Backup from here, and save tweaking.com_registry_backup_portable.zip to your desktop.
  • Now we need to create a new folder to extract the zipped contents into. Right click on the zipped folder you just downloaded and select "Extract All".
  • Click the "Browse" button and from the list, expand "Computer", then expand "Windows (C:)", and click the "Make New Folder" button.
  • Call this folder something you will remember...like "RegBackup" then click "Ok", and then click "Extract".
  • From the newly extracted files, right click on and select Run as Administrator (XP users just double click) to start Tweaking.com Registry Backup.
    (Windows Vista/7/8 users: Accept UAC warning if it is enabled.)
  • A screen like this should appear:
  • Type a custom name in Backup Name if you want, then choose Backup Now.
  • If backup is successful, a message will appear at the lower half of the screen with an option to view logs.
  • The registry backup will be created in %WindowsDrive%\RegBackup by default. You can customize the path in Settings.
  • Close Tweaking.com Registry Backup when done.


-----------------------------------------------------------------------------------


Farbar Recovery Scan Tool - Fix


  • Highlight the contents of the below code box and press Ctrl + C on your keyboard
Code:
Start::
CreateRestorePoint:
CloseProcesses:
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
HKU\S-1-5-21-1350030688-3982378959-1933083795-1001\...\Run: [Chromium] => "c:\users\wling\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session
HKU\S-1-5-21-1350030688-3982378959-1933083795-1001\...\Run: [GoogleChromeAutoLaunch_C4B61FEEA98BBD94CB1805502B97E522] => "C:\Users\wling\AppData\Local\chromium\Application\chrome.exe" --no-startup-window /prefetch:5
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.search.yahoo.com/yhs/web?hspart=shnl&hsimp=yhs-001&type=c110f8cc01eed3570148bcf3f41&param1=IE&param2=1&param3=campaignID%3D272%26UserID%3D1101420827&param4=XPbueSzfBeG6K2MlxBpfELmmgzh8mOsLvk1mNxKnkuDjZrnCPluhQt3wIJvlBcR/Ts5Jm44Cgtg7R+hyRCnFVLZk0fElvGHNI40OZ23tgLIDUuSDRmKNIQP9Yf8uFLTCYM+gKIDDfGQi5IKDzl1WIdoP20naSq202N2yj0vfvBfzSoamJbZtKPPrBnVWkK3Mf8/Hjdhq6e4kxYFf2GETWSp/YHUb1Uan9amf+mMXTKzUN8tgYUzHMKhqngM6ovjP5kW+OhwnZYpoK0sMqKYVNWOmR1gtAOAX8bWGoojWsKIBLSPfIBYa3+yCAdfMOyhA8QqvR6uaQoZAMshRwYOd8FRkXAZmcq1gHiI8nPQEKHmgjmzlHn34urFcNWy81bWbMiZz6wkcMJwuOCBuN+9iZLXarTS3IDwMk5PISZfduB/zDeyoVnZ8E3Gxdty9yLKMhsdDNAwsgLPk9ejd/J/d+gBoCNpnI4Lr58JBw1BhEDkkopgF7eYCkTpMhHEsZA32pM4q9xeQ9BYX1SRhHW25AelfT+7/zfc7EdxsV1lDrkgFaNtuGZ2XlZyWF469MEzQI3kvFknqdJm11Y/TM7427ez6rLczEnVnOWQNnCHh7fOuQuFIKQlVF2GnKPJuIKhqtX34KGUxVb+Z2Xd2RC+T62rXlU7Jn/u5Kiqz3n201xBQ0daJ5eEczH4+aXWgNzJ5
HKU\S-1-5-21-1350030688-3982378959-1933083795-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.search.yahoo.com/yhs/web?hspart=shnl&hsimp=yhs-001&type=c110f8cc01eed3570148bcf3f41&param1=IE&param2=1&param3=campaignID%3D272%26UserID%3D1101420827&param4=XPbueSzfBeG6K2MlxBpfELmmgzh8mOsLvk1mNxKnkuDjZrnCPluhQt3wIJvlBcR/Ts5Jm44Cgtg7R+hyRCnFVLZk0fElvGHNI40OZ23tgLIDUuSDRmKNIQP9Yf8uFLTCYM+gKIDDfGQi5IKDzl1WIdoP20naSq202N2yj0vfvBfzSoamJbZtKPPrBnVWkK3Mf8/Hjdhq6e4kxYFf2GETWSp/YHUb1Uan9amf+mMXTKzUN8tgYUzHMKhqngM6ovjP5kW+OhwnZYpoK0sMqKYVNWOmR1gtAOAX8bWGoojWsKIBLSPfIBYa3+yCAdfMOyhA8QqvR6uaQoZAMshRwYOd8FRkXAZmcq1gHiI8nPQEKHmgjmzlHn34urFcNWy81bWbMiZz6wkcMJwuOCBuN+9iZLXarTS3IDwMk5PISZfduB/zDeyoVnZ8E3Gxdty9yLKMhsdDNAwsgLPk9ejd/J/d+gBoCNpnI4Lr58JBw1BhEDkkopgF7eYCkTpMhHEsZA32pM4q9xeQ9BYX1SRhHW25AelfT+7/zfc7EdxsV1lDrkgFaNtuGZ2XlZyWF469MEzQI3kvFknqdJm11Y/TM7427ez6rLczEnVnOWQNnCHh7fOuQuFIKQlVF2GnKPJuIKhqtX34KGUxVb+Z2Xd2RC+T62rXlU7Jn/u5Kiqz3n201xBQ0daJ5eEczH4+aXWgNzJ5
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
FF Plugin-x32: @chbrowserupdate.com/Chromium Update;version=3 -> C:\Program Files (x86)\Chromium\Update\1.3.99.0\npChromiumUpdate3.dll [2019-12-01] (Chromium.) [File not signed]
FF Plugin-x32: @chbrowserupdate.com/Chromium Update;version=9 -> C:\Program Files (x86)\Chromium\Update\1.3.99.0\npChromiumUpdate3.dll [2019-12-01] (Chromium.) [File not signed]
safeboot: Minimal => The system is configured to boot to Safe Mode <==== ATTENTION
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
FirewallRules: [TCP Query User{033B4412-A45E-4EF4-BE3B-97B515AC4A05}C:\program files\transmission\transmission-qt.exe] => (Allow) C:\program files\transmission\transmission-qt.exe No File
FirewallRules: [UDP Query User{105DB114-2309-4456-BA9F-9365B08AADEE}C:\program files\transmission\transmission-qt.exe] => (Allow) C:\program files\transmission\transmission-qt.exe No File
FirewallRules: [{A9C97BE1-64A8-4216-803C-C496DA02DFD0}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe No File
FirewallRules: [{654B193D-8D4A-49F9-962B-ED165D31424C}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe No File
FirewallRules: [{2150E588-533C-45C2-BD27-4E515C41CE61}] => (Allow) C:\Users\wling\AppData\Local\Temp\7zS4AAB\HP.EasyStart.exe No File
FirewallRules: [{489C3DFC-B661-46FC-9DFD-201F02C3C2B9}] => (Allow) C:\Users\wling\AppData\Local\Chromium\Application\chrome.exe (The Chromium Authors) [File not signed]
C:\Users\wling\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chromium.lnk
C:\Users\wling\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Chromium.lnk
C:\Users\wling\AppData\Local\Packages\Microsoft.Windows.Cortana_cw5n1h2txyewy\LocalState\AppIconCache\100\Chromium_W2AHQLOLJBJMZAESKDCQ4HVPHI
C:\Users\wling\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\K8SX0MMU\chromium-virus-1239820[1].htm
C:\Program Files (x86)\Chromium\Update\ChromiumUpdate.exe
C:\Program Files (x86)\Chromium\Update\1.3.99.0\ChromiumCrashHandler.exe
C:\Program Files (x86)\Chromium\Update\1.3.99.0\ChromiumCrashHandler64.exe
C:\Program Files (x86)\Chromium\Update\1.3.99.0\chromiumpdate.dll
C:\Program Files (x86)\Chromium\Update\1.3.99.0\chromiumpdateres_en.dll
C:\Program Files (x86)\Chromium\Update\1.3.99.0\ChromiumUpdate.exe
C:\Program Files (x86)\Chromium\Update\1.3.99.0\ChromiumUpdateBroker.exe
C:\Program Files (x86)\Chromium\Update\1.3.99.0\ChromiumUpdateComRegisterShell64.exe
C:\Program Files (x86)\Chromium\Update\1.3.99.0\ChromiumUpdateCore.exe
C:\Program Files (x86)\Chromium\Update\1.3.99.0\ChromiumUpdateHelper.msi
C:\Program Files (x86)\Chromium\Update\1.3.99.0\ChromiumUpdateOnDemand.exe
C:\Program Files (x86)\Chromium\Update\1.3.99.0\ChromiumUpdateSetup.exe
C:\Program Files (x86)\Chromium\Update\1.3.99.0\ChromiumUpdateWebPlugin.exe
C:\Program Files (x86)\Chromium\Update\1.3.99.0\npChromiumUpdate3.dll
2019-12-01 20:13 - 2019-12-01 20:13 _____ C:\Users\wling\AppData\Local\chromium
2019-12-01 20:13 - 2019-12-01 20:13 _____ C:\Program Files (x86)\Chromium
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\ChromiumUpdate.exe
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Chromium.OneClickCtrl.9
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Chromium.OneClickProcessLauncherMachine
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Chromium.OneClickProcessLauncherMachine.1.0
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Chromium.Update3WebControl.3
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ChromiumUpdate.CoCreateAsync
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ChromiumUpdate.CoreClass.1
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ChromiumUpdate.CoreMachineClass
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ChromiumUpdate.CredentialDialogMachine.1.0
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ChromiumUpdate.OnDemandCOMClassMachine
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ChromiumUpdate.CredentialDialogMachine.1.0
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ChromiumUpdate.OnDemandCOMClassMachine
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ChromiumUpdate.CoCreateAsync
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ChromiumUpdate.CoCreateAsync.1.0
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ChromiumUpdate.CoreClass
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ChromiumUpdate.CoreClass.1
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ChromiumUpdate.CoreMachineClass
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ChromiumUpdate.CoreMachineClass.1
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ChromiumUpdate.CredentialDialogMachine
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ChromiumUpdate.CredentialDialogMachine.1.0
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ChromiumUpdate.OnDemandCOMClassMachine.1.0
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ChromiumUpdate.OnDemandCOMClassMachineFallback.1.0
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ChromiumUpdate.OnDemandCOMClassSvc
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ChromiumUpdate.OnDemandCOMClassMachineFallback
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ChromiumUpdate.OnDemandCOMClassMachine
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ChromiumUpdate.OnDemandCOMClassSvc.1.0
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ChromiumUpdate.ProcessLauncher
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ChromiumUpdate.ProcessLauncher.1.0
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ChromiumUpdate.Update3COMClassService
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ChromiumUpdate.Update3COMClassService.1.0
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ChromiumUpdate.Update3WebMachine
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ChromiumUpdate.Update3WebMachine.1.0
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ChromiumUpdate.Update3WebMachineFallback
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ChromiumUpdate.Update3WebMachineFallback.1.0
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ChromiumUpdate.Update3WebSvc
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ChromiumUpdate.Update3WebSvc.1.0
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\microphone\NonPackaged\C:#Users#wling#AppData#Local#chromium#Application#chrome.exe
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ChromiumUpdate.exe
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Chromium 
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ChromiumUpdate.exe
DeleteKey: HKEY_USERS\S-1-5-21-1350030688-3982378959-1933083795-1001\Software\Chromium
DeleteKey: HKEY_USERS\S-1-5-21-1350030688-3982378959-1933083795-1001\Software\Clients\StartMenuInternet\Chromium.W2AHQLOLJBJMZAESKDCQ4HVPHI
DeleteKey: HKEY_USERS\S-1-5-21-1350030688-3982378959-1933083795-1001\Software\Classes\ChromiumHTM.W2AHQLOLJBJMZAESKDCQ4HVPHI
C:\Program Files (x86)\Chromium
EmptyTemp:
End::
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Double-click FRST.exe/FRST64.exe to run it.
  • Press the Fix button just once and wait.
    Note: No need to paste the script into FRST.
  • Restart the computer if prompted.
  • When the fix is complete FRST will generate a log in the same location it was run from (Fixlog.txt)
  • Please copy and paste its contents into your reply.


In your next reply, please include:
  • Fixlog.txt
Deejay100six likes this.
icotonev is offline  
Old 01-12-2020, 10:36 PM   #16
Registered Member
 
Join Date: Jul 2009
Posts: 33
OS: Windows 7



Done, problem appears to be resolved and there is no more Chromium on the desktop!

Yay!

Thank you so much for your patience and hard work on this iconotev, I really appreciate it! You the man!
Attached Files
File Type: txt Fixlog.txt (20.0 KB, 7 views)
aiemgahd is offline  
Old 01-13-2020, 07:52 AM   #17
Security Team
Moderator
 
Join Date: Jan 2011
Location: Bulgaria
Posts: 152
OS: win 10 Pro 1903



Hi ,aiemgahd ...! Great news ..! Thanks..!


I wish we could do a final check...!


Farbar Recovery Scan Tool (FRST) - fresh


Download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, and that will be the right version.
  • Right-click FRST.exe/FRST64.exe then click "Run as administrator"
  • When the tool opens, click Yes to the disclaimer.
  • Press the Scan button.
  • When finished, it will produce logs called FRST.txt and Addition.txt in the same directory the tool was run from.
  • Please copy and paste the logs in your next reply.


------------------------------------------------------


AdwCleaner

Download AdwCleaner and save it to your desktop.
  • Double click AdwCleaner.exe to run it.
  • Click Scan Now ...
    • When the scan has finished a Scan Results window will open.
    • Click Cancel (at this point do not attempt to Quarantine anything that is found)
  • Now click the Log Files tab ...
    • Double click on the latest scan log (Scan logs have a [S0*] suffix, where * is replaced by a number, the latest scan will have the largest number)
    • A Notepad file will open containing the results of the scan.
    • Please post the contents of the file in your next reply.

---------------------------------------------------


Run Malwarebytes Anti-Malware
  • run the program
  • click on the ‘Dashboard’ to make sure everything is up to date, (it is not necessary to upgrade to the premium version of MBAM)
  • click on the ‘Scan’ tab, (directly below the Dashboard tab)
  • select the Threat Scan option
  • click the Scan Now button
  • ’Threat Scan’ will begin
  • when the scan has completed and if malware was found, click the Quarantine Selected button to allow MBAM to quarantine what was found
  • if prompted to restart the computer, close all other programs and click Yes to restart your computer
  • once you are back at your desktop, open MBAM once more
  • click on the ‘Reports’ tab
  • double-click on the most recent Scan Report
  • click on Export, then Copy to Clipboard
----------------------------------------------------------------------

Scanning with SecurityCheck by glax24

  • Download SecurityCheck by glax24 from here and remember the tool on the desktop.
  • Run the program right-click the administrator name
  • Wait for the scan to finish. It will open in a text file named SecurityType.txt. Copy the contents of this file to your next post
  • You can find this file in the root of the system disk in a folder called SecurityCheck, C: \\ SecurityCheck \\ SecurityCheck.txt
----------------------------------------------------------------------------------------



In your next reply, please include:
  • FRST.txt
  • Addition.txt
  • AdwCleaner[S0*].txt
  • Mbam.txt
  • SecurityType.txt
icotonev is offline  
Old 01-13-2020, 02:54 PM   #18
Registered Member
 
Join Date: Jul 2009
Posts: 33
OS: Windows 7



Here you go!

Reddit links below for the FRST and Addition Files:

https://www.reddit.com/user/Will_Lin...blem_resolved/

https://www.reddit.com/user/Will_Lin...solved_part_2/

https://www.reddit.com/user/Will_Lin...irus_resolved/
Attached Files
File Type: txt MBAM.txt (4.9 KB, 7 views)
File Type: txt AdwCleaner Scan Report.txt (2.3 KB, 6 views)
File Type: txt SecurityCheck.txt (6.9 KB, 9 views)
aiemgahd is offline  
Old 01-14-2020, 08:55 AM   #19
Security Team
Moderator
 
Join Date: Jan 2011
Location: Bulgaria
Posts: 152
OS: win 10 Pro 1903



Hi ,aiemgahd ...!


Step 1 with Malwarebytes:


Because you have not taken any action:

Quote:
No Action By User
..start again Malwarebytes, but this time:
  • If potential threats are detected, ensure to check mark all the listed items, and click the Quarantine Selected button
Please post the log for my review...!


-------------------------------------------------------------------------------

Step 2 with AdwCleaner:

  • Double click AdwCleaner.exe to run it.
  • Click Scan Now
  • When the scan has finished a Scan Results window will open.
  • Please check the following boxes and then click Quarantine
  • Click Next
  • If any pre-installed software was found on your machine, a prompt window will open ...
    • Click OK to close it
  • Check any pre-installed software items you want to remove (if they're not causing you a problem I recommend you don't select any)
  • Click Quarantine
    • A prompt to save your work will appear ...
      • Click Continue when you're ready to proceed.
    • A prompt to restart your computer will appear ...
      • Click Restart Now
    • Once your computer has restarted ...
      • If it doesn't open automatically, please start ADWCleaner ...
      • Click the Log Files tab ...
      • Double click on the latest Clean log (Clean logs have a [C0*] suffix, where * is replaced by a number, the latest scan will have the largest number)
      • A Notepad file will open containing the results of the removal.
      • Please post the contents of the file in your next reply.




FRST scan
  • Double-click FRST.exe/FRST64.exe to run it.
  • Press the Scan button.
  • When finished, it will produce logs called FRST.txt and Addition.txt in the same directory the tool was run from.
  • Please copy and paste the logs in your next reply.


In your next reply, please include:

  • Mbam.txt
  • AdwCleaner[C0*].txt
  • FRST.txt
  • Addition.txt
icotonev is offline  
Old 01-25-2020, 03:17 AM   #20
Security Team
Moderator
 
Join Date: Jan 2011
Location: Bulgaria
Posts: 152
OS: win 10 Pro 1903



Hi ,aiemgahd ...! Are you having trouble with my last instruction ..? Please let me know if you still have problems ..?
icotonev is offline  
Closed Thread

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 07:50 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts