RegRipper & keys parsed by plugins

This table is an attempt to list all registry keys parsed by all RegRipper plugins available at RegRipper v2.8 released on Oct 22th, 2014, last update Sep 2018 (retrieved on Nov 4th, 2018) and merged with changes introduced in RegRipper v3.0
available at RegRipper v3.0 released on May 27th, 2020 The list has been generated by a perl script which I called - for the fun of it - RegRipper Ripper a.k.a. 3R.
The name is similar to 3RPG and it's not a coincident either;
in fact, I was curious which keys are actually being already covered by the RegRipper plugins bundle.
With 400+ existing plugin it's easy to get lost, and perhaps even end up re-inventing the wheel by writing a plugin for a key that already has its plugin.

Most of the data below has been extracted automatically by 3R, and a few manual correction were added for items that 3R was unable to retrieve directly from the source code.
I can only wish that the author(s) of the plug-ins will be more consistent in the future while writing them; the syntax, variable names and the way these variables are initialized and used varies really a lot across all the plug-ins and makes it really tricky to parse it all w/o errors.
In any case, if you find any mistakes or omissions, please let me know and I will fix that.
Thanks.

There are two tables - one sorted by hive/key pair and second by plugin file names:

By Hive / Key

By Plugin file name

By Hive / Key

Hive	Key	Scans Wow6432Node	Plugin file
all	(Entire Hive)	N/A	regtime_tln.pl
all	All keys (all hives)	N/A	sizes.pl
all	Begin	N/A	malware.pl
all	BINARY	N/A	malware.pl
all	Check key/value names in a hive for leading null char	N/A	null.pl
all	Classes\BJ\Static	N/A	malware.pl
all	Classes\FAST	N/A	malware.pl
all	Classes\Network\SharingHandler	N/A	malware.pl
all	Classes\XXXX	N/A	malware.pl
all	Clients\Netrau	N/A	malware.pl
all	Clients\sdata	N/A	malware.pl
all	Control\SecurityProviders\WDigest	N/A	malware.pl
all	Look for Slack space	N/A	slack.pl
all	Microsoft\HTMLHelp	N/A	malware.pl
all	Microsoft\Rpc\Internet	N/A	malware.pl
all	Microsoft\ShipTr	N/A	malware.pl
all	Microsoft\ShipUp	N/A	malware.pl
all	Microsoft\WBEM\ESS\//./root/CIMV2\Win32ClockProvider	N/A	malware.pl
all	Microsoft\Windows\CurrentVersion\Policies\System	N/A	malware.pl
all	Parse base info from hive	N/A	base.pl
all	Parse hive, check key/value names for RLO character	N/A	rlo.pl
all	Parse hive, print deleted keys/values	N/A	del_tln.pl
all	Parse hive, print slack space, retrieve keys/values	N/A	slack_tln.pl
all	Policies\Microsoft\Windows Defender	N/A	malware.pl
all	Policies\Microsoft\Windows Defender\Real-Time Protection	N/A	malware.pl
all	Policies\Microsoft\Windows NT\Terminal Services\	N/A	malware.pl
all	Policy\Secrets	N/A	malware.pl
all	root	N/A	findexes.pl
all	Scans a hive file, checking sizes of binary value data	N/A	baseline.pl
all	Software\Adobe\Adobe ARM\1.0\ARM	N/A	malware.pl
all	Software\Adobe\Adobe Reader\<VERSION>\IPM	N/A	malware.pl
all	Software\BINARY	N/A	malware.pl
all	Software\Google\Update\network\secure	N/A	malware.pl
all	Software\Locky	N/A	malware.pl
all	Software\Microsoft\Clock	N/A	malware.pl
all	Software\Microsoft\CurrentHalInf	N/A	malware.pl
all	Software\Microsoft\CurrentPnpSetup	N/A	malware.pl
all	Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	N/A	malware.pl
all	Software\Microsoft\Office test\Special\Perf	N/A	malware.pl
all	Software\Microsoft\Wbem\WMIC	N/A	malware.pl
all	Software\TransPan	N/A	malware.pl
all	Wow6432Node\WRData\Threats\History	N/A	malware.pl
all	WRData\Threats\History	N/A	malware.pl
amcache	Root\File	N/A	amcache_tln.pl
amcache	Root\InventoryApplication	N/A	amcache_tln.pl
amcache	Root\InventoryApplicationFile	N/A	amcache_tln.pl
amcache	Root\Programs	N/A	amcache.pl
ntuser.dat, software	Microsoft\AppV\Client\RunVirtual	No	runvirtual_tln.pl
ntuser.dat, software	Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom	Yes	appcompatflags.pl
ntuser.dat, software	Microsoft\Windows NT\CurrentVersion\AppCompatFlags\InstalledSDB	Yes	appcompatflags.pl
ntuser.dat, software	Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers	Yes	appcompatflags.pl
ntuser.dat, software	Microsoft\Windows\CurrentVersion\App Paths	Yes	apppaths_tln.pl
ntuser.dat, software	Microsoft\Windows\CurrentVersion\Explorer\Advanced	No	disablemru.pl
ntuser.dat, software	Microsoft\Windows\CurrentVersion\Explorer\AllowedEnumeration	No	allowedenum.pl
ntuser.dat, software	Microsoft\Windows\CurrentVersion\Explorer\AppKey	No	appkeys_tln.pl
ntuser.dat, software	Microsoft\Windows\CurrentVersion\Policies\Comdlg32	No	disablemru.pl
ntuser.dat, software	Microsoft\Windows\CurrentVersion\Policies\Explorer	No	disablemru.pl
ntuser.dat, software	Policies\Microsoft\Windows\PowerShell	No	pslogging.pl
ntuser.dat, software	Software\Microsoft\AppV\Client\RunVirtual	No	runvirtual_tln.pl
ntuser.dat, software	Software\Microsoft\Office	Yes	kankan.pl
ntuser.dat, software	Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers	Yes	appcompatflags.pl
ntuser.dat, software	Software\Microsoft\Windows\CurrentVersion\App Paths	Yes	apppaths_tln.pl
ntuser.dat, software	Software\Microsoft\Windows\CurrentVersion\Explorer\AllowedEnumeration	No	allowedenum.pl
ntuser.dat, software	Software\Microsoft\Windows\CurrentVersion\Explorer\AppKey	No	appkeys_tln.pl
ntuser.dat, software	Software\Policies\Google\Chrome\.$key_name	No	injectdll64.pl
ntuser.dat, software	Software\Policies\Microsoft\Windows\PowerShell	No	pslogging.pl
ntuser.dat, software	Wow6432Node\Microsoft\Office	Yes	kankan.pl
ntuser.dat, software	Wow6432Node\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers	Yes	appcompatflags.pl
ntuser.dat, software	Wow6432Node\Microsoft\Windows\CurrentVersion\App Paths	Yes	apppaths_tln.pl
ntuser.dat, software	Wow6432Node\Software\Microsoft\Office	Yes	kankan.pl
ntuser.dat, software	Wow6432Node\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers	Yes	appcompatflags.pl
ntuser.dat, software	Wow6432Node\Software\Microsoft\Windows\CurrentVersion\App Paths	Yes	apppaths_tln.pl
ntuser.dat, system	ControlSetXXX\Control\Session Manager\Environment	N/A	profiler.pl
ntuser.dat, system	Environment	N/A	profiler.pl
ntuser.dat, usrclass.dat	ActivatableClasses\Package	N/A	appx_tln.pl
ntuser.dat, usrclass.dat	Software\Microsoft\Windows\CurrentVersion\PackagedAppXDebug	N/A	appx_tln.pl
ntuser.dat,software	Microsoft\Windows\CurrentVersion\App Paths	Yes	apppaths.pl
ntuser.dat,software	Microsoft\Windows\CurrentVersion\Internet Settings	No	ie_zones.pl
ntuser.dat,software	Software\Microsoft\Windows\CurrentVersion\App Paths	Yes	apppaths.pl
ntuser.dat,software	Software\Microsoft\Windows\CurrentVersion\Internet Settings	No	ie_zones.pl
ntuser.dat,software	Wow6432Node\Microsoft\Windows\CurrentVersion\App Paths	Yes	apppaths.pl
ntuser.dat,software	Wow6432Node\Software\Microsoft\Windows\CurrentVersion\App Paths	Yes	apppaths.pl
ntuser.dat,usrclass.dat	Local Settings\Software\Microsoft\Windows\Shell\MUICache	N/A	muicache_tln.pl
ntuser.dat,usrclass.dat	Software\Microsoft\Windows\ShellNoRoam\MUICache	N/A	muicache_tln.pl
ntuser.dat	appdata	N/A	urun_tln.pl
ntuser.dat	application data	N/A	urun_tln.pl
ntuser.dat	audio\.gen	N/A	ares.pl
ntuser.dat	Control Panel\Desktop	N/A	autoendtasks.pl
ntuser.dat	Control Panel\don\'t load	N/A	cpldontload.pl
ntuser.dat	Control Panel\International\Geo	N/A	nation.pl
ntuser.dat	Cover Designer	N/A	nero.pl
ntuser.dat	EulaAccepted	N/A	rootkit_revealer.pl
ntuser.dat	FlmgPlg	N/A	nero.pl
ntuser.dat	gen\.gen	N/A	ares.pl
ntuser.dat	globalroot	N/A	urun_tln.pl
ntuser.dat	Identities	N/A	identities.pl
ntuser.dat	image\.gen	N/A	ares.pl
ntuser.dat	InstallPath	N/A	aports.pl
ntuser.dat	Nero PhotoSnap	N/A	nero.pl
ntuser.dat	Network	N/A	ntusernetwork.pl
ntuser.dat	NSPluginMgr	N/A	nero.pl
ntuser.dat	password	N/A	haven_and_hearth.pl
ntuser.dat	PhotoEffects	N/A	nero.pl
ntuser.dat	Printers	N/A	printers.pl
ntuser.dat	Printers\Settings\Wizard\ConnectMRU	N/A	printermru.pl
ntuser.dat	ProxyPort	N/A	odysseus.pl
ntuser.dat	ProxyUpstreamHost	N/A	odysseus.pl
ntuser.dat	ProxyUpstreamPort	N/A	odysseus.pl
ntuser.dat	recycle	N/A	urun_tln.pl
ntuser.dat	savedtoken	N/A	haven_and_hearth.pl
ntuser.dat	ServerCert	N/A	odysseus.pl
ntuser.dat	ServerCertPass	N/A	odysseus.pl
ntuser.dat	Software	N/A	listsoft.pl
ntuser.dat	Software\7-Zip	N/A	sevenzip.pl
ntuser.dat	Software\Adobe\Acrobat Reader\<VERSION>\AVGeneral\cRecentFiles	N/A	adoberdr.pl
ntuser.dat	Software\Ahead	N/A	nero.pl
ntuser.dat	Software\America Online\AOL Instant Messenger (TM)\CurrentVersion\Users	N/A	aim.pl
ntuser.dat	Software\Ares	N/A	ares.pl
ntuser.dat	Software\bindshell.net\Odysseus	N/A	odysseus.pl
ntuser.dat	Software\Blizzard Entertainment\Warcraft III\String	N/A	warcraft3.pl
ntuser.dat	Software\Cain\Settings	N/A	cain.pl
ntuser.dat	Software\Clients	N/A	startmenuinternetapps_cu.pl
ntuser.dat	Software\DECAFme	N/A	decaf.pl
ntuser.dat	Software\Eraser\Eraser 6	N/A	eraser.pl
ntuser.dat	Software\Foxit Software\Foxit Reader <VERSION>	N/A	foxitrdr.pl
ntuser.dat	Software\Google\Google Toolbar\4.0\whitelist	N/A	gtwhitelist.pl
ntuser.dat	Software\Google\NavClient\1.1\History	N/A	gthist.pl
ntuser.dat	Software\Google\Update\network\secure	N/A	latentbot.pl
ntuser.dat	Software\ImgBurn	N/A	imgburn1.pl
ntuser.dat	Software\JavaSoft\Java Update\Policy\JavaFX	N/A	javafx.pl
ntuser.dat	Software\JavaSoft\Prefs\haven	N/A	haven_and_hearth.pl
ntuser.dat	Software\Martin Prikryl\WinSCP 2	N/A	winscp.pl
ntuser.dat	Software\Microsoft	N/A	osversion_tln.pl
ntuser.dat	Software\Microsoft\Command Processor	N/A	cmdproc_tln.pl
ntuser.dat	Software\Microsoft\CTF\LangBarAddIn	N/A	mmo.pl
ntuser.dat	Software\Microsoft\Dependency Walker\Recent File List	N/A	dependency_walker.pl
ntuser.dat	Software\Microsoft\IEAK\GroupPolicy\PendingGPOs	N/A	pendinggpos.pl
ntuser.dat	Software\Microsoft\Installer\Products\D4676621F4CF7AF46BB388D4351B86F0	N/A	netassist.pl
ntuser.dat	Software\Microsoft\Installer\Products\D4676621F4CF7AF46BB388D4351B86F0\SourceList	N/A	netassist.pl
ntuser.dat	Software\Microsoft\IntelliPoint\AppSpecific	N/A	appspecific.pl
ntuser.dat	Software\Microsoft\Internet Account Manager\Accounts	N/A	clampi.pl
ntuser.dat	Software\Microsoft\Internet Explorer	N/A	internet_explorer_cu.pl
ntuser.dat	Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore	N/A	mixer_tln.pl
ntuser.dat	Software\Microsoft\Internet Explorer\Main	N/A	vawtrak.pl
ntuser.dat	Software\Microsoft\Internet Explorer\Main\WindowsSearch	N/A	ie_settings.pl
ntuser.dat	Software\Microsoft\Internet Explorer\SearchScopes	N/A	searchscopes.pl
ntuser.dat	Software\Microsoft\Internet Explorer\Settings	N/A	clampitm.pl
ntuser.dat	Software\Microsoft\Internet Explorer\Toolbar	N/A	reveton.pl
ntuser.dat	Software\Microsoft\Internet Explorer\TypedURLs	N/A	typedurls_tln.pl
ntuser.dat	Software\Microsoft\Internet Explorer\TypedURLsTime	N/A	typedurlstime_tln.pl
ntuser.dat	Software\Microsoft\MediaPlayer\Player\RecentFileList	N/A	mpmru.pl
ntuser.dat	Software\Microsoft\MediaPlayer\Preferences	N/A	brisv.pl
ntuser.dat	Software\Microsoft\Microsoft Management Console\Recent File List	N/A	mmc_tln.pl
ntuser.dat	Software\Microsoft\Multimedia\Other	N/A	mmo.pl
ntuser.dat	Software\Microsoft\Office	N/A	oisc.pl
ntuser.dat	Software\Microsoft\Office\<VERSION>\<OFFICE_APP> where VERSION depends on Office version and OFFICE_APP is: Word, PowerPoint, Excel, Access	N/A	trustrecords_tln.pl
ntuser.dat	Software\Microsoft\Office\<VERSION>\Common\Open Find	N/A	officedocs.pl
ntuser.dat	Software\Microsoft\Office\14.0	N/A	officedocs2010_tln.pl
ntuser.dat	Software\Microsoft\Office\15.0\Word\Reading Locations	N/A	reading_locations.pl
ntuser.dat	Software\Microsoft\Office\Common	N/A	userinfo.pl
ntuser.dat	Software\Microsoft\OneDrive	N/A	onedrive_tln.pl
ntuser.dat	Software\Microsoft\PIMSRV	N/A	brisv.pl
ntuser.dat	Software\Microsoft\Search Assistant\ACMru	N/A	acmru.pl
ntuser.dat	Software\Microsoft\Snapshot Viewer\Recent File List	N/A	snapshot_viewer.pl
ntuser.dat	Software\Microsoft\Speech	N/A	speech_tln.pl
ntuser.dat	Software\Microsoft\Terminal Server Client\Default	N/A	tsclient_tln.pl
ntuser.dat	Software\Microsoft\Terminal Server Client\Servers	N/A	tsclient_tln.pl
ntuser.dat	Software\Microsoft\User Location Service\Client	N/A	userlocsvc.pl
ntuser.dat	Software\Microsoft\Windows Live Contacts\Database	N/A	liveContactsGUID.pl
ntuser.dat	Software\Microsoft\Windows NT\CurrentVersion\DeviceDisplayObjects	N/A	ddo.pl
ntuser.dat	Software\Microsoft\Windows NT\CurrentVersion\PrinterPorts	N/A	printers.pl
ntuser.dat	Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles	N/A	outlook.pl
ntuser.dat	Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook	N/A	outlook2.pl
ntuser.dat	Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\0a0d020000000000c000000000000046	N/A	olsearch.pl
ntuser.dat	Software\Microsoft\Windows NT\CurrentVersion\Windows	N/A	user_win.pl
ntuser.dat	Software\Microsoft\Windows NT\CurrentVersion\Winlogon	N/A	winlogon_u.pl
ntuser.dat	Software\Microsoft\Windows\CurrentVersion	N/A	policies_u.pl
ntuser.dat	Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache	N/A	arpcache.pl
ntuser.dat	Software\Microsoft\Windows\CurrentVersion\Applets	N/A	applets_tln.pl
ntuser.dat	Software\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts	N/A	appassoc.pl
ntuser.dat	Software\Microsoft\Windows\CurrentVersion\CloudStore\Store\Cache\DefaultAccount\$$windows.data.taskflow.shellactivities\Current	N/A	shellactivities.pl
ntuser.dat	Software\Microsoft\Windows\CurrentVersion\Explorer	N/A	logonusername.pl
ntuser.dat	Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\	N/A	reveton.pl
ntuser.dat	Software\Microsoft\Windows\CurrentVersion\Explorer\AutoComplete	N/A	clampi.pl
ntuser.dat	Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\KnownDevices	N/A	knowndev.pl
ntuser.dat	Software\Microsoft\Windows\CurrentVersion\Explorer\BitBucket	N/A	vista_bitbucket.pl
ntuser.dat	Software\Microsoft\Windows\CurrentVersion\Explorer\CD Burning\StagingInfo	N/A	cdstaginginfo.pl
ntuser.dat	Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32	N/A	comdlg32.pl
ntuser.dat	Software\Microsoft\Windows\CurrentVersion\Explorer\ComputerDescriptions	N/A	compdesc.pl
ntuser.dat	Software\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel	N/A	controlpanel.pl
ntuser.dat	Software\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage	N/A	featureusage.pl
ntuser.dat	SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts	N/A	cortana.pl
ntuser.dat	Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts	N/A	fileexts.pl
ntuser.dat	Software\Microsoft\Windows\CurrentVersion\Explorer\LogonStats	N/A	logonstats.pl
ntuser.dat	Software\Microsoft\Windows\CurrentVersion\Explorer\Map Network Drive MRU	N/A	mndmru_tln.pl
ntuser.dat	Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder	N/A	menuorder.pl
ntuser.dat	Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2	N/A	mp3.pl
ntuser.dat	Software\Microsoft\Windows\CurrentVersion\Explorer\PublishingWizard\AddNetworkPlace\AddNetPlace\LocationMRU	N/A	publishingwizard.pl
ntuser.dat	Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs	N/A	recentdocs_tln.pl
ntuser.dat	Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU	N/A	runmru_tln.pl
ntuser.dat	Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders	N/A	startup.pl
ntuser.dat	Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage	N/A	startpage.pl
ntuser.dat	Software\Microsoft\Windows\CurrentVersion\Explorer\TypedPaths	N/A	typedpaths_tln.pl
ntuser.dat	Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders	N/A	startup.pl
ntuser.dat	Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist	N/A	userassist_tln.pl
ntuser.dat	Software\Microsoft\Windows\CurrentVersion\Explorer\Wallpaper\MRU	N/A	wallpaper.pl
ntuser.dat	Software\Microsoft\Windows\CurrentVersion\Explorer\WordWheelQuery	N/A	wordwheelquery_tln.pl
ntuser.dat	Software\Microsoft\Windows\CurrentVersion\Explorer\WorkgroupCrawler\Shares	N/A	wc_shares.pl
ntuser.dat	Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8AD9C840-044E-11D1-B3E9-00805F499D93}	N/A	iejava.pl
ntuser.dat	Software\Microsoft\Windows\CurrentVersion\FileHistory	N/A	filehistory.pl
ntuser.dat	Software\Microsoft\Windows\CurrentVersion\Internet Settings	N/A	proxysettings.pl
ntuser.dat	Software\Microsoft\Windows\CurrentVersion\Internet Settings\<SUBKEY>\History	N/A	internet_settings_cu.pl
ntuser.dat	Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoComplete	N/A	internet_explorer_cu.pl
ntuser.dat	Software\Microsoft\Windows\CurrentVersion\Internet Settings\DOMStorage	N/A	internet_explorer_cu.pl
ntuser.dat	Software\Microsoft\Windows\CurrentVersion\Internet Settings\IETld	N/A	internet_explorer_cu.pl
ntuser.dat	Software\Microsoft\Windows\CurrentVersion\Internet Settings\Main	N/A	internet_explorer_cu.pl
ntuser.dat	Software\Microsoft\Windows\CurrentVersion\Internet Settings\Privacy	N/A	internet_explorer_cu.pl
ntuser.dat	Software\Microsoft\Windows\CurrentVersion\Internet Settings\Recovery	N/A	internet_explorer_cu.pl
ntuser.dat	Software\Microsoft\Windows\CurrentVersion\Internet Settings\Recovery\Active	N/A	internet_explorer_cu.pl
ntuser.dat	Software\Microsoft\Windows\CurrentVersion\Internet Settings\Recovery\AdminActive	N/A	internet_explorer_cu.pl
ntuser.dat	Software\Microsoft\Windows\CurrentVersion\Internet Settings\Recovery\PendingDelete	N/A	internet_explorer_cu.pl
ntuser.dat	Software\Microsoft\Windows\CurrentVersion\Internet Settings\Suggested Sites	N/A	internet_explorer_cu.pl
ntuser.dat	Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap	N/A	domains.pl
ntuser.dat	Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3	N/A	vawtrak.pl
ntuser.dat	Software\Microsoft\Windows\CurrentVersion\Lxss	N/A	lxss_tln.pl
ntuser.dat	Software\Microsoft\Windows\CurrentVersion\Policies\Associations	N/A	attachmgr_tln.pl
ntuser.dat	Software\Microsoft\Windows\CurrentVersion\Policies\Attachments	N/A	attachmgr_tln.pl
ntuser.dat	Software\Microsoft\Windows\CurrentVersion\Policies\Explorer	N/A	autorun.pl
ntuser.dat	Software\Microsoft\Windows\CurrentVersion\Policies\System\	N/A	reveton.pl
ntuser.dat	Software\Microsoft\Windows\CurrentVersion\Run	N/A	vawtrak.pl
ntuser.dat	Software\Microsoft\Windows\CurrentVersion\Search\JumpListData	N/A	jumplistdata.pl
ntuser.dat	Software\Microsoft\Windows\CurrentVersion\Search\RecentApps	N/A	recentapps_tln.pl
ntuser.dat	Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached	N/A	cached_tln.pl
ntuser.dat	Software\Microsoft\Windows\CurrentVersion\UFH\SHC	N/A	shc.pl
ntuser.dat	Software\Microsoft\Windows\CurrentVersion\Uninstall\NetAssistant	N/A	netassist.pl
ntuser.dat	Software\Microsoft\Windows\CurrentVersion\Uninstall\uTorrent	N/A	utorrent.pl
ntuser.dat	Software\Microsoft\Windows\CurrentVersion\UnreadMail	N/A	unreadmail.pl
ntuser.dat	Software\Microsoft\Windows\Shell\Bags\1\Desktop	N/A	itempos.pl
ntuser.dat	Software\Microsoft\Windows\ShellNoRoam\BagMRU	N/A	shellbags_xp.pl
ntuser.dat	Software\Microsoft\Windows\ShellNoRoam\Bags	N/A	itempos.pl
ntuser.dat	Software\Mozilla\Firefox\Extensions	N/A	netassist.pl
ntuser.dat	Software\Nico Mak Computing\WinZip	N/A	winzip.pl
ntuser.dat	Software\ORL\VNCHooks\Application_Prefs	N/A	vnchooksapplicationprefs.pl
ntuser.dat	Software\ORL\VNCviewer\MRU	N/A	vncviewer.pl
ntuser.dat	Software\ORL\WinVNC3	N/A	winvnc.pl
ntuser.dat	Software\ORL\WinVNC3\Default	N/A	winvnc.pl
ntuser.dat	Software\ORL\WinVNC\Default	N/A	winvnc.pl
ntuser.dat	Software\Piriform\CCleaner	N/A	ccleaner.pl
ntuser.dat	Software\Privoxy	N/A	privoxy.pl
ntuser.dat	Software\RealNetworks\RealPlayer\6.0\Preferences	N/A	realplayer6.pl
ntuser.dat	Software\RealVNC\Default	N/A	winvnc.pl
ntuser.dat	Software\RealVNC\VNCViewer4\MRU	N/A	vncviewer.pl
ntuser.dat	Software\RealVNC\WinVNC4	N/A	winvnc.pl
ntuser.dat	Software\SimonTatham\PuTTY\Sessions	N/A	putty_sessions.pl
ntuser.dat	Software\SimonTatham\PuTTY\SshHostKeys	N/A	putty.pl
ntuser.dat	Software\Skype	N/A	skype.pl
ntuser.dat	Software\SmartLine Vision\aports	N/A	aports.pl
ntuser.dat	Software\SysInternals	N/A	sysinternals_tln.pl
ntuser.dat	Software\Sysinternals\RootkitRevealer	N/A	rootkit_revealer.pl
ntuser.dat	Software\VMware, Inc.\VMware Player\VMplayer\Window position	N/A	vmplayer.pl
ntuser.dat	Software\VMware\Virtual Infrastructure Client\Preferences\UI\ClientsXml	N/A	vmware_vsphere_client.pl
ntuser.dat	Software\VMware\VMware Infrastructure Client\Preferences	N/A	vmware_vsphere_client.pl
ntuser.dat	Software\VS Revo Group\Revo Uninstaller Pro\TrackCleaner\Browsers	N/A	revouninstaller.pl
ntuser.dat	Software\VS Revo Group\Revo Uninstaller Pro\TrackCleaner\MSOffice	N/A	revouninstaller.pl
ntuser.dat	Software\VS Revo Group\Revo Uninstaller Pro\TrackCleaner\Windows	N/A	revouninstaller.pl
ntuser.dat	Software\VS Revo Group\Revo Uninstaller Pro\Uninstaller	N/A	revouninstaller.pl
ntuser.dat	Software\VS Revo Group\Revo Uninstaller Pro\Uninstaller\AppBar	N/A	revouninstaller.pl
ntuser.dat	Software\WinRAR\ArcHistory	N/A	winrar_tln.pl
ntuser.dat	Software\WinRAR\DialogEditHistory\ArcName	N/A	winrar2.pl
ntuser.dat	Software\WinRAR\DialogEditHistory\ExtrPath	N/A	winrar2.pl
ntuser.dat	Software\Wow6432Node\7-Zip	N/A	sevenzip.pl
ntuser.dat	Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon	N/A	winlogon_u.pl
ntuser.dat	Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run	N/A	vawtrak.pl
ntuser.dat	Software\Yahoo\pager	N/A	yahoo_cu.pl
ntuser.dat	system volume information	N/A	urun_tln.pl
ntuser.dat	temp	N/A	urun_tln.pl
ntuser.dat	userbnet	N/A	warcraft3.pl
ntuser.dat	userlocal	N/A	warcraft3.pl
ntuser.dat	username	N/A	haven_and_hearth.pl
ntuser.dat	video\.aut	N/A	ares.pl
ntuser.dat	video\.dat	N/A	ares.pl
ntuser.dat	video\.gen	N/A	ares.pl
ntuser.dat	video\.tit	N/A	ares.pl
ntuser.dat	XlmgPlg	N/A	nero.pl
sam	SAM\Domains\Account\Users	N/A	samparse_tln.pl
sam	SAM\Domains\Builtin\Aliases	N/A	samparse.pl
security	Policy\PolAcDmS	N/A	polacdms.pl
security	Policy\PolAdtEv	N/A	auditpol_xp.pl
security	Policy\PolPrDmS	N/A	polacdms.pl
security	Policy\Secrets	N/A	secrets_tln.pl
software, ntuser.dat	Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Run	Yes	run.pl
software, ntuser.dat	Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\RunOnce	Yes	run.pl
software, ntuser.dat	Microsoft\Windows\CurrentVersion\Group Policy\Scripts\Startup\0\0	No	psscript.pl
software, ntuser.dat	Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Scripts\Startup\0\0	No	psscript.pl
software, ntuser.dat	Microsoft\Windows\CurrentVersion\Policies\Explorer\Run	Yes	run.pl
software, ntuser.dat	Microsoft\Windows\CurrentVersion\Run	Yes	run.pl
software, ntuser.dat	Microsoft\Windows\CurrentVersion\RunOnce	Yes	run.pl
software, ntuser.dat	Microsoft\Windows\CurrentVersion\RunServices	Yes	run.pl
software, ntuser.dat	Microsoft\Windows\CurrentVersion\StartupApproved\Run32	Yes	run.pl
software, ntuser.dat	Microsoft\Windows\CurrentVersion\StartupApproved\Run	Yes	run.pl
software, ntuser.dat	Microsoft\Windows\CurrentVersion\StartupApproved\StartupFolder	Yes	run.pl
software, ntuser.dat	Microsoft\Windows\CurrentVersion\Uninstall	Yes	uninstall_tln.pl
software, ntuser.dat	Software\Microsoft\Windows\CurrentVersion\Uninstall	Yes	uninstall_tln.pl
software, ntuser.dat	Wow6432Node\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run	Yes	run.pl
software, ntuser.dat	Wow6432Node\Microsoft\Windows\CurrentVersion\Run	Yes	run.pl
software, ntuser.dat	Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce	Yes	run.pl
software, ntuser.dat	Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall	Yes	uninstall_tln.pl
software, usrclass.dat	Classes\CLSID	Yes	scriptleturl.pl
software, usrclass.dat	Classes\Wow6432Node\CLSID	Yes	clsid_tln.pl
software, usrclass.dat	CLSID	Yes	scriptleturl.pl
software, usrclass.dat	WOW6432Node\CLSID	Yes	scriptleturl.pl
software,ntuser.dat	Microsoft\Windows\CurrentVersion\App Paths\thunderbird.exe	Yes	thunderbirdinstalled.pl
software,ntuser.dat	Microsoft\Windows\CurrentVersion\Run	Yes	ahaha.pl
software,ntuser.dat	Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run	Yes	ahaha.pl
software,ntuser.dat	WOW6432Node\Microsoft\Windows\CurrentVersion\App Paths\thunderbird.exe	Yes	thunderbirdinstalled.pl
software,ntuser.dat	Wow6432Node\Microsoft\Windows\CurrentVersion\Run	Yes	ahaha.pl
software,usrclass	Classes	Yes	assoc.pl
software,usrclass	Classes\Wow6432Node	Yes	assoc.pl
software,usrclass	Wow6432Node	Yes	assoc.pl
software	ADatumCorporation\OpenCandy	Yes	opencandy.pl
software	Classes\<EXTENSION>file\shell\open\command where EXTENSION is exe, cmd, bat, cs, hta, pif	No	cmd_shell_tln.pl
software	Classes\CLSID	Yes	inprocserver.pl
software	Classes\HTTP\shell\open\command	No	defbrowser.pl
software	Classes\Installer\Products	No	msis.pl
software	Classes\Network\SharingHandler	No	handler.pl
software	Classes\Wow6432Node\CLSID	Yes	inprocserver.pl
software	Clients	No	startmenuinternetapps_lm.pl
software	Clients\StartMenuInternet	No	defbrowser.pl
software	CLSID	Yes	inprocserver.pl
software	JavaSoft\Java Plug-in	Yes	javasoft.pl
software	LANDesk\ManagementSuite\WinClient\SoftwareMonitoring\MonitorLog	Yes	landesk_tln.pl
software	Licenses	No	licenses.pl
software	LogMeIn\V5\PerBrowser	Yes	logmein_tln.pl
software	Microsoft	Yes	direct_tln.pl
software	Microsoft\Active Setup\Installed Components	Yes	installedcomp.pl
software	Microsoft\Dfrg\BootOptimizeFunction	No	dfrg.pl
software	Microsoft\DRM\amty	No	renocide.pl
software	Microsoft\DrWatson	No	drwatson.pl
software	Microsoft\EAPOL\Parameters\Interfaces	No	ssid.pl
software	Microsoft\ESENT\Process	No	esent.pl
software	Microsoft\Internet Explorer	No	snapshot.pl
software	Microsoft\MSSQLServer\Client\SuperSocketNetLib\LastConnect	No	sql_lastconnect.pl
software	Microsoft\Netsh	No	netsh.pl
software	Microsoft\PowerShell\1\ShellIds\Microsoft.Powershell	No	execpolicy.pl
software	Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications	No	heap.pl
software	Microsoft\RemovalTools\MRT	No	mrt.pl
software	Microsoft\RFC1156Agent\CurrentVersion\Parameters	No	trappoll.pl
software	Microsoft\Rpc\Internet	No	dcom.pl
software	Microsoft\SchedulingAgent	No	schedagent.pl
software	Microsoft\Security Center	No	secctr.pl
software	Microsoft\Tracing	Yes	tracing_tln.pl
software	Microsoft\Updates\Windows XP\SP4\KB950582	No	kb950582.pl
software	Microsoft\WAB\DLLPath	No	wab_tln.pl
software	Microsoft\WBEM\CIMOM	No	wbem.pl
software	Microsoft\WBEM\WDM	No	wbem.pl
software	Microsoft\Windows Advanced Protection	No	watp.pl
software	Microsoft\Windows Defender	No	defender.pl
software	Microsoft\Windows NT\CurrentVersion	No	winver.pl
software	Microsoft\Windows NT\CurrentVersion\AeDebug	No	drwatson.pl
software	Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom	Yes	powershellcore.pl
software	Microsoft\Windows NT\CurrentVersion\AppCompatFlags\InstalledSDB	Yes	powershellcore.pl
software	Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers	Yes	powershellcore.pl
software	Microsoft\Windows NT\CurrentVersion\Drivers32	Yes	drivers32.pl
software	Microsoft\Windows NT\CurrentVersion\EMDMgmt	No	emdmgmt.pl
software	Microsoft\Windows NT\CurrentVersion\ICM\Calibration	No	calibrator.pl
software	Microsoft\Windows NT\CurrentVersion\Image File Execution Options	Yes	imagefile.pl
software	Microsoft\Windows NT\CurrentVersion\Network	No	networkuid.pl
software	Microsoft\Windows NT\CurrentVersion\NetworkCards	No	ssid.pl
software	Microsoft\Windows NT\CurrentVersion\NetworkList	No	networklist_tln.pl
software	Microsoft\Windows NT\CurrentVersion\NetworkList\Nla\Cache\Intranet	No	networklist_tln.pl
software	Microsoft\Windows NT\CurrentVersion\NetworkList\Nla\Wireless	No	networklist.pl
software	Microsoft\Windows NT\CurrentVersion\NetworkList\Profiles	No	networklist_tln.pl
software	Microsoft\Windows NT\CurrentVersion\NetworkList\Signatures\Managed	No	networklist_tln.pl
software	Microsoft\Windows NT\CurrentVersion\NetworkList\Signatures\Unmanaged	No	networklist_tln.pl
software	Microsoft\Windows NT\CurrentVersion\ProfileList	No	profilelist.pl
software	Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache	No	taskcache_tln.pl
software	Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks	No	tasks_tln.pl
software	Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree	No	at_tln.pl
software	Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Registry\RegIdleBackup	No	regback.pl
software	Microsoft\Windows NT\CurrentVersion\SilentProcessExit	No	silentprocessexit_tln.pl
software	Microsoft\Windows NT\CurrentVersion\SPP\Clients	No	spp_clients.pl
software	Microsoft\Windows NT\CurrentVersion\SRUM\Extensions	No	srum.pl
software	Microsoft\Windows NT\CurrentVersion\SvcHost	No	svchost.pl
software	Microsoft\Windows NT\CurrentVersion\SystemRestore	No	disablesr.pl
software	Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Run	Yes	srun_tln.pl
software	Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\RunOnce	Yes	srun_tln.pl
software	Microsoft\Windows NT\CurrentVersion\Windows	No	init_dlls.pl
software	Microsoft\Windows NT\CurrentVersion\Winlogon	Yes	winlogon_tln.pl
software	Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList	Yes	winlogon_tln.pl
software	Microsoft\Windows Portable Devices\Devices	No	removdev.pl
software	Microsoft\Windows Script Host\Settings	No	wsh_settings.pl
software	Microsoft\Windows Search\Gather\Windows\SystemIndex\Sites\LocalHost\Paths	No	systemindex.pl
software	Microsoft\Windows Search\VolumeInfoCache	No	volinfocache.pl
software	Microsoft\Windows\CurrentVersion	No	win_cv.pl
software	Microsoft\Windows\CurrentVersion\Authentication\LogonUI	No	lastloggedon.pl
software	Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages	No	updates.pl
software	Microsoft\Windows\CurrentVersion\Control Panel	No	ctrlpnl.pl
software	Microsoft\Windows\CurrentVersion\Explorer	No	virut.pl
software	Microsoft\Windows\CurrentVersion\Explorer\BitBucket	No	bitbucket.pl
software	Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects	Yes	bho.pl
software	Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\'.$guids{$g}.'\PropertyBag	No	thispcpolicy.pl
software	Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks	Yes	shellexec.pl
software	Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers	No	shelloverlay.pl
software	Microsoft\Windows\CurrentVersion\Group Policy\History	No	gpohist_tln.pl
software	Microsoft\Windows\CurrentVersion\Installer\UserData	No	product.pl
software	Microsoft\Windows\CurrentVersion\Internet Settings\urlzone	No	urlzone.pl
software	Microsoft\Windows\CurrentVersion\MMDevices\Audio	No	audiodev.pl
software	Microsoft\Windows\CurrentVersion\OemMgmt	No	killsuit_tln.pl
software	Microsoft\Windows\CurrentVersion\Policies\Explorer	No	kb950582.pl
software	Microsoft\Windows\CurrentVersion\Policies\Explorer\Run	Yes	srun_tln.pl
software	Microsoft\Windows\CurrentVersion\policies\system	No	uac.pl
software	Microsoft\Windows\CurrentVersion\Reliability	Yes	gauss.pl
software	Microsoft\Windows\CurrentVersion\Run	Yes	srun_tln.pl
software	Microsoft\Windows\CurrentVersion\RunOnce	Yes	srun_tln.pl
software	Microsoft\Windows\CurrentVersion\RunOnceEx	No	runonceex.pl
software	Microsoft\Windows\CurrentVersion\RunServices	Yes	srun_tln.pl
software	Microsoft\Windows\CurrentVersion\Shell Extensions\Approved	No	shellext.pl
software	Microsoft\Windows\CurrentVersion\SideBySide	Yes	sbs.pl
software	Microsoft\Windows\CurrentVersion\Uninstall\KB950582	No	kb950582.pl
software	Microsoft\Windows\CurrentVersion\WindowsBackup\ScheduleParams\TargetDevice	No	winbackup.pl
software	Microsoft\Windows\CurrentVersion\WindowsBackup\Status	No	winbackup.pl
software	Microsoft\Windows\CurrentVersion\WindowsUpdate	No	susclient.pl
software	Microsoft\Windows\CurrentVersion\WINEVT\Channels	No	winevt.pl
software	Microsoft\Windows\CurrentVersion\Wordpad\ComChecks\Safelist	Yes	lazyshell.pl
software	Microsoft\WOW64\arm	No	wow64.pl
software	Microsoft\WOW64\x86	No	wow64.pl
software	Microsoft\WZCSVC\Parameters\Interfaces	No	ssid.pl
software	ODBC.INI	No	etos.pl
software	ODBC\ODBC.INI	No	etos.pl
software	Policies\Microsoft	No	ryuk_gpo.pl
software	Policies\Microsoft\Windows Defender	No	defender.pl
software	Policies\Microsoft\Windows NT\Windows File Protection	No	sfc.pl
software	Policies\Microsoft\Windows\Safer\CodeIdentifiers	No	codeid.pl
software	Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers	Yes	powershellcore.pl
software	Software\Microsoft\Windows\CurrentVersion\Group Policy\History	No	gpohist_tln.pl
software	TeamViewer	Yes	teamviewer.pl
software	WidComm\BTConfig\Devices	No	btconfig.pl
software	Wow6432Node\ADatumCorporation\OpenCandy	Yes	opencandy.pl
software	Wow6432Node\CLSID	Yes	inprocserver.pl
software	Wow6432Node\JavaSoft\Java Plug-in	Yes	javasoft.pl
software	Wow6432Node\LANDesk\ManagementSuite\WinClient\SoftwareMonitoring\MonitorLog	Yes	landesk_tln.pl
software	Wow6432Node\LogMeIn\V5\PerBrowser	Yes	logmein_tln.pl
software	Wow6432Node\Microsoft	Yes	direct_tln.pl
software	Wow6432Node\Microsoft\Active Setup\Installed Components	Yes	installedcomp.pl
software	Wow6432Node\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers	Yes	powershellcore.pl
software	Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32	Yes	drivers32.pl
software	Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options	Yes	imagefile.pl
software	Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows	Yes	appinitdlls.pl
software	Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon	Yes	winlogon_tln.pl
software	Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects	Yes	bho.pl
software	Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks	Yes	shellexec.pl
software	Wow6432Node\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run	Yes	srun_tln.pl
software	Wow6432Node\Microsoft\Windows\CurrentVersion\Reliability	Yes	gauss.pl
software	Wow6432Node\Microsoft\Windows\CurrentVersion\Run	Yes	srun_tln.pl
software	Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce	Yes	srun_tln.pl
software	Wow6432Node\Microsoft\Windows\CurrentVersion\SideBySide	Yes	sbs.pl
software	Wow6432Node\Microsoft\Windows\CurrentVersion\Wordpad\ComChecks\Safelist	Yes	lazyshell.pl
software	Wow6432Node\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers	Yes	powershellcore.pl
software	Wow6432Node\TeamViewer	Yes	teamviewer.pl
software	WOW6432Node\WRData	Yes	webroot.pl
software	Wow6432Node\WRData	Yes	wrdata_tln.pl
software	WOW6432Node\WRData\Actions	Yes	webroot.pl
software	WOW6432Node\WRData\FileFlags	Yes	webroot.pl
software	WOW6432Node\WRData\IPM	Yes	webroot.pl
software	WOW6432Node\WRData\Journal	Yes	webroot.pl
software	WOW6432Node\WRData\Status	Yes	webroot.pl
software	WOW6432Node\WRData\Threats	Yes	webroot.pl
software	WRData	Yes	wrdata_tln.pl
software	Yahoo	No	yahoo_lm.pl
syscache	DefaultObjectStore\ObjectTable	N/A	syscache_tln.pl
system, ntuser.dat	ControlSetXXX\Control\Session Manager\Environment	N/A	environment.pl
system, ntuser.dat	Environment	N/A	environment.pl
system, software	ControlSetXXX\Control\Print\Printers	No	printer_settings.pl
system, software	ControlSetXXX\Control\Terminal Server	No	termserv.pl
system, software	Microsoft\Windows NT\CurrentVersion\Print\Printers	No	printer_settings.pl
system, software	Policies\Microsoft\Windows NT\Terminal Services	No	termserv.pl
system, software	Select	No	termserv.pl
system,software	ControlSetXXX\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}	No	macaddr.pl
system,software	Microsoft\Windows Genuine Advantage	No	macaddr.pl
system,software	Select	No	macaddr.pl
system	\Control\Session Manager	N/A	shimcache_tln.pl
system	\services\NetLogon\Parameters	N/A	netlogon.pl
system	ControlSetXXX\Control	N/A	disableremotescm.pl
system	ControlSetXXX\Control\BackupRestore\FilesNotToBackup	N/A	backuprestore.pl
system	ControlSetXXX\Control\BackupRestore\FilesNotToSnapshot	N/A	backuprestore.pl
system	ControlSetXXX\Control\BackupRestore\KeysNotToRestore	N/A	backuprestore.pl
system	ControlSetXXX\Control\Class\{6BDD1FC6-810F-11D0-BEC7-08002BE2092F}	N/A	stillimage.pl
system	ControlSetXXX\Control\ComputerName\ComputerName	N/A	usbstor2.pl
system	ControlSetXXX\Control\CrashControl	N/A	crashcontrol.pl
system	ControlSetXXX\Control\DDM	N/A	ddm.pl
system	ControlSetXXX\Control\DeviceClasses\{10497b1b-ba51-44e5-8318-a65c837b6661}	N/A	wpdbusenum.pl
system	ControlSetXXX\Control\DeviceClasses\{53f56307-b6bf-11d0-94f2-00a0c91efb8b}	N/A	ide.pl
system	ControlSetXXX\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}	N/A	devclass.pl
system	ControlSetXXX\Control\FileSystem	N/A	disablelastaccess.pl
system	ControlSetXXX\Control\LSA	N/A	lsa_packages.pl
system	ControlSetXXX\Control\Lsa	N/A	nolmhash.pl
system	ControlSetXXX\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}	N/A	nic_mst2.pl
system	ControlSetXXX\Control\NetworkSetup2\Interfaces	N/A	networksetup2.pl
system	ControlSetXXX\Control\Nls\CodePage	N/A	codepage.pl
system	ControlSetXXX\Control\Print\Monitors	N/A	printmon_tln.pl
system	ControlSetXXX\Control\ProductOptions	N/A	producttype.pl
system	ControlSetXXX\Control\SafeBoot	N/A	safeboot.pl
system	ControlSetXXX\Control\SecurityProviders	N/A	securityproviders.pl
system	ControlSetXXX\Control\SecurityProviders\WDigest	N/A	cred_tln.pl
system	ControlSetXXX\Control\Session Manager	N/A	pending.pl
system	ControlSetXXX\Control\Session Manager\AppCertDlls	N/A	appcertdlls.pl
system	ControlSetXXX\Control\Session Manager\Environment	N/A	processor_architecture.pl
system	ControlSetXXX\Control\Session Manager\Memory Management	N/A	pagefile.pl
system	ControlSetXXX\Control\Session Manager\Memory Management\PrefetchParameters	N/A	prefetch.pl
system	ControlSetXXX\Control\Session Manager\Power	N/A	hibernate.pl
system	ControlSetXXX\Control\StillImage\Logging	N/A	stillimage.pl
system	ControlSetXXX\Control\Terminal Server\WinStations\RDP-Tcp	N/A	rdpport.pl
system	ControlSetXXX\Control\TimeZoneInformation	N/A	timezone.pl
system	ControlSetXXX\Control\Watchdog\Display	N/A	shutdowncount.pl
system	ControlSetXXX\Control\Windows	N/A	shutdown.pl
system	ControlSetXXX\Control\Windows\SystemLookup	N/A	angelfire.pl
system	ControlSetXXX\Enum\BTHENUM	N/A	bthenum.pl
system	ControlSetXXX\Enum\IDE	N/A	ide.pl
system	ControlSetXXX\Enum\Root	N/A	netsvcs.pl
system	ControlSetXXX\Enum\SWD\DAFUPnPProvider	N/A	dafupnp.pl
system	ControlSetXXX\Enum\SWD\WPDBUSENUM	N/A	wpdbusenum.pl
system	ControlSetXXX\Enum\USB	N/A	usbdevices.pl
system	ControlSetXXX\Enum\USBStor	N/A	usbstor3.pl
system	ControlSetXXX\Enum\WpdBusEnumRoot	N/A	wpdbusenum.pl
system	ControlSetXXX\Services	N/A	svcdll.pl
system	ControlSetXXX\Services\bam\State\UserSettings	N/A	bam_tln.pl
system	ControlSetXXX\services\BTHPORT\Parameters\Devices	N/A	bthport_tln.pl
system	ControlSetXXX\services\BTHPORT\Parameters\Radio Support	N/A	bthport.pl
system	ControlSetXXX\Services\Eventlog	N/A	eventlogs.pl
system	ControlSetXXX\Services\LanmanServer\Shares	N/A	shares.pl
system	ControlSetXXX\Services\msupdate	N/A	phdet.pl
system	ControlSetXXX\Services\NTDS	N/A	ntds.pl
system	ControlSetXXX\services\RemoteAccess\Parameters\AccountLockout	N/A	remoteaccess.pl
system	ControlSetXXX\Services\Tcpip\Parameters	N/A	compname.pl
system	ControlSetXXX\Services\Tcpip\Parameters\Interfaces	N/A	nic_mst2.pl
system	ControlSetXXX\Services\Tcpip\Parameters\PersistentRoutes	N/A	routes.pl
system	ControlSetXXX\Services\TermService\Parameters	N/A	termcert.pl
system	ControlSetXXX\Services\VSS\Diag\SystemRestore	N/A	diag_sr.pl
system	MountedDevices	N/A	usbstor2.pl
system	Select	N/A	wpdbusenum.pl
system	Setup	N/A	source_os.pl
system	WPA\MediaCenter	N/A	xpedition.pl
system	WPA\TabletPC	N/A	xpedition.pl
unknown	Software\Martin Prikryl\WinSCP 2\Sessions	N/A	winscp_sessions.pl
unknown	Software\Martin Prikryl\WinSCP 2\SshHostKeys	N/A	ssh_host_keys.pl
unknown	Software\SimonTatham\Putty\SshHostKeys	N/A	ssh_host_keys.pl
usrclass.dat, software	exefile\shell\runas\command	No	uacbypass.pl
usrclass.dat	\shell\open\command	N/A	cmd_shell_u.pl
usrclass.dat	Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TypedURLs	N/A	msedge_win10.pl
usrclass.dat	Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TypedURLsTime	N/A	msedge_win10.pl
usrclass.dat	Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TypedURLsVisitCount	N/A	msedge_win10.pl
usrclass.dat	Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.Photos_8wekyb3d8bbwe\PersistedStorageItemTable\ManagedByApp	N/A	photos_win10.pl
usrclass.dat	Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.Photos_8wekyb3d8bbwe\Schemas	N/A	photos_win10.pl
usrclass.dat	Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\microsoft\.windowsphotos_8wekyb3d8bbwe\PersistedStorageItemTable\ManagedByApp	N/A	photos.pl
usrclass.dat	Local Settings\Software\Microsoft\Windows\Shell\BagMRU	N/A	shellbags_tln.pl
usrclass.dat	Software\Microsoft\Windows\ShellNoRoam\Bags\<NODESLOT>\Shell	N/A	shellbags_test.pl

By Plugin file name

Plugin File	Hive	Scans Wow6432Node	Keys
acmru.pl	ntuser.dat	N/A	Software\Microsoft\Search Assistant\ACMru
adoberdr.pl	ntuser.dat	N/A	Software\Adobe\Acrobat Reader\<VERSION>\AVGeneral\cRecentFiles
ahaha.pl	software,ntuser.dat	Yes	Microsoft\Windows\CurrentVersion\Run
ahaha.pl	software,ntuser.dat	Yes	Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run
ahaha.pl	software,ntuser.dat	Yes	Wow6432Node\Microsoft\Windows\CurrentVersion\Run
aim.pl	ntuser.dat	N/A	Software\America Online\AOL Instant Messenger (TM)\CurrentVersion\Users
allowedenum.pl	ntuser.dat, software	No	Microsoft\Windows\CurrentVersion\Explorer\AllowedEnumeration
allowedenum.pl	ntuser.dat, software	No	Software\Microsoft\Windows\CurrentVersion\Explorer\AllowedEnumeration
amcache.pl	amcache	N/A	Root\File
amcache.pl	amcache	N/A	Root\InventoryApplication
amcache.pl	amcache	N/A	Root\InventoryApplicationFile
amcache.pl	amcache	N/A	Root\Programs
amcache_tln.pl	amcache	N/A	Root\File
amcache_tln.pl	amcache	N/A	Root\InventoryApplication
amcache_tln.pl	amcache	N/A	Root\InventoryApplicationFile
angelfire.pl	system	N/A	ControlSetXXX\Control\Windows\SystemLookup
angelfire.pl	system	N/A	Select
aports.pl	ntuser.dat	N/A	InstallPath
aports.pl	ntuser.dat	N/A	Software\SmartLine Vision\aports
appassoc.pl	ntuser.dat	N/A	Software\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts
appcertdlls.pl	system	N/A	ControlSetXXX\Control\Session Manager\AppCertDlls
appcertdlls.pl	system	N/A	Select
appcompatcache.pl	system	N/A	ControlSetXXX\Control\Session Manager
appcompatcache.pl	system	N/A	Select
appcompatcache_tln.pl	system	N/A	ControlSetXXX\Control\Session Manager
appcompatcache_tln.pl	system	N/A	Select
appcompatflags.pl	ntuser.dat, software	Yes	Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom
appcompatflags.pl	ntuser.dat, software	Yes	Microsoft\Windows NT\CurrentVersion\AppCompatFlags\InstalledSDB
appcompatflags.pl	ntuser.dat, software	Yes	Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers
appcompatflags.pl	ntuser.dat, software	Yes	Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers
appcompatflags.pl	ntuser.dat, software	Yes	Wow6432Node\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers
appcompatflags.pl	ntuser.dat, software	Yes	Wow6432Node\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers
appinitdlls.pl	software	Yes	Microsoft\Windows NT\CurrentVersion\Windows
appinitdlls.pl	software	Yes	Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows
appkeys.pl	ntuser.dat, software	No	Microsoft\Windows\CurrentVersion\Explorer\AppKey
appkeys.pl	ntuser.dat, software	No	Software\Microsoft\Windows\CurrentVersion\Explorer\AppKey
appkeys_tln.pl	ntuser.dat, software	No	Microsoft\Windows\CurrentVersion\Explorer\AppKey
appkeys_tln.pl	ntuser.dat, software	No	Software\Microsoft\Windows\CurrentVersion\Explorer\AppKey
applets.pl	ntuser.dat	N/A	Software\Microsoft\Windows\CurrentVersion\Applets
applets_tln.pl	ntuser.dat	N/A	Software\Microsoft\Windows\CurrentVersion\Applets
apppaths.pl	ntuser.dat,software	Yes	Microsoft\Windows\CurrentVersion\App Paths
apppaths.pl	ntuser.dat,software	Yes	Software\Microsoft\Windows\CurrentVersion\App Paths
apppaths.pl	ntuser.dat,software	Yes	Wow6432Node\Microsoft\Windows\CurrentVersion\App Paths
apppaths.pl	ntuser.dat,software	Yes	Wow6432Node\Software\Microsoft\Windows\CurrentVersion\App Paths
apppaths_tln.pl	ntuser.dat, software	Yes	Microsoft\Windows\CurrentVersion\App Paths
apppaths_tln.pl	ntuser.dat, software	Yes	Software\Microsoft\Windows\CurrentVersion\App Paths
apppaths_tln.pl	ntuser.dat, software	Yes	Wow6432Node\Microsoft\Windows\CurrentVersion\App Paths
apppaths_tln.pl	ntuser.dat, software	Yes	Wow6432Node\Software\Microsoft\Windows\CurrentVersion\App Paths
appspecific.pl	ntuser.dat	N/A	Software\Microsoft\IntelliPoint\AppSpecific
appx.pl	ntuser.dat, usrclass.dat	N/A	ActivatableClasses\Package
appx.pl	ntuser.dat, usrclass.dat	N/A	Software\Microsoft\Windows\CurrentVersion\PackagedAppXDebug
appx_tln.pl	ntuser.dat, usrclass.dat	N/A	ActivatableClasses\Package
appx_tln.pl	ntuser.dat, usrclass.dat	N/A	Software\Microsoft\Windows\CurrentVersion\PackagedAppXDebug
ares.pl	ntuser.dat	N/A	audio\.gen
ares.pl	ntuser.dat	N/A	gen\.gen
ares.pl	ntuser.dat	N/A	image\.gen
ares.pl	ntuser.dat	N/A	Software\Ares
ares.pl	ntuser.dat	N/A	video\.aut
ares.pl	ntuser.dat	N/A	video\.dat
ares.pl	ntuser.dat	N/A	video\.gen
ares.pl	ntuser.dat	N/A	video\.tit
arpcache.pl	ntuser.dat	N/A	Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache
assoc.pl	software,usrclass	Yes	Classes
assoc.pl	software,usrclass	Yes	Classes\Wow6432Node
assoc.pl	software,usrclass	Yes	Wow6432Node
at.pl	software	No	Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree
at_tln.pl	software	No	Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree
attachmgr.pl	ntuser.dat	N/A	Software\Microsoft\Windows\CurrentVersion\Policies\Associations
attachmgr.pl	ntuser.dat	N/A	Software\Microsoft\Windows\CurrentVersion\Policies\Attachments
attachmgr_tln.pl	ntuser.dat	N/A	Software\Microsoft\Windows\CurrentVersion\Policies\Associations
attachmgr_tln.pl	ntuser.dat	N/A	Software\Microsoft\Windows\CurrentVersion\Policies\Attachments
audiodev.pl	software	No	Microsoft\Windows\CurrentVersion\MMDevices\Audio
auditfail.pl	system	N/A	ControlSetXXX\Control\Lsa
auditfail.pl	system	N/A	Select
auditpol.pl	security	N/A	Policy\PolAdtEv
auditpol_xp.pl	security	N/A	Policy\PolAdtEv
autoendtasks.pl	ntuser.dat	N/A	Control Panel\Desktop
autorun.pl	ntuser.dat	N/A	Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
backuprestore.pl	system	N/A	ControlSetXXX\Control\BackupRestore\FilesNotToBackup
backuprestore.pl	system	N/A	ControlSetXXX\Control\BackupRestore\FilesNotToSnapshot
backuprestore.pl	system	N/A	ControlSetXXX\Control\BackupRestore\KeysNotToRestore
backuprestore.pl	system	N/A	Select
bam.pl	system	N/A	ControlSetXXX\Services\bam\State\UserSettings
bam.pl	system	N/A	Select
bam_tln.pl	system	N/A	ControlSetXXX\Services\bam\State\UserSettings
bam_tln.pl	system	N/A	Select
banner.pl	software	No	Microsoft\Windows NT\CurrentVersion\Winlogon
banner.pl	software	No	Microsoft\Windows\CurrentVersion\policies\system
base.pl	all	N/A	Parse base info from hive
baseline.pl	all	N/A	Scans a hive file, checking sizes of binary value data
bho.pl	software	Yes	Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
bho.pl	software	Yes	Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
bitbucket.pl	software	No	Microsoft\Windows\CurrentVersion\Explorer\BitBucket
bitbucket_user.pl	ntuser.dat	N/A	Software\Microsoft\Windows\CurrentVersion\Explorer\BitBucket
brisv.pl	ntuser.dat	N/A	Software\Microsoft\MediaPlayer\Preferences
brisv.pl	ntuser.dat	N/A	Software\Microsoft\PIMSRV
btconfig.pl	software	No	WidComm\BTConfig\Devices
bthenum.pl	system	N/A	ControlSetXXX\Enum\BTHENUM
bthenum.pl	system	N/A	Select
bthport.pl	system	N/A	ControlSetXXX\services\BTHPORT\Parameters\Devices
bthport.pl	system	N/A	ControlSetXXX\services\BTHPORT\Parameters\Radio Support
bthport.pl	system	N/A	Select
bthport_tln.pl	system	N/A	ControlSetXXX\services\BTHPORT\Parameters\Devices
bthport_tln.pl	system	N/A	Select
cached.pl	ntuser.dat	N/A	Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached
cached_tln.pl	ntuser.dat	N/A	Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached
cain.pl	ntuser.dat	N/A	Software\Cain\Settings
calibrator.pl	software	No	Microsoft\Windows NT\CurrentVersion\ICM\Calibration
ccleaner.pl	ntuser.dat	N/A	Software\Piriform\CCleaner
cdstaginginfo.pl	ntuser.dat	N/A	Software\Microsoft\Windows\CurrentVersion\Explorer\CD Burning\StagingInfo
clampi.pl	ntuser.dat	N/A	Software\Microsoft\Internet Account Manager\Accounts
clampi.pl	ntuser.dat	N/A	Software\Microsoft\Internet Explorer\Main
clampi.pl	ntuser.dat	N/A	Software\Microsoft\Windows\CurrentVersion\Explorer\AutoComplete
clampitm.pl	ntuser.dat	N/A	Software\Microsoft\Internet Explorer\Settings
clsid.pl	software, usrclass.dat	Yes	Classes\CLSID
clsid.pl	software, usrclass.dat	Yes	Classes\Wow6432Node\CLSID
clsid_tln.pl	software, usrclass.dat	Yes	Classes\CLSID
clsid_tln.pl	software, usrclass.dat	Yes	Classes\Wow6432Node\CLSID
cmd_shell.pl	software	No	Classes\<EXTENSION>file\shell\open\command where EXTENSION is exe, cmd, bat, cs, hta, pif
cmd_shell_tln.pl	software	No	Classes\<EXTENSION>file\shell\open\command where EXTENSION is exe, cmd, bat, cs, hta, pif
cmd_shell_u.pl	usrclass.dat	N/A	\shell\open\command
cmdproc.pl	ntuser.dat	N/A	Software\Microsoft\Command Processor
cmdproc_tln.pl	ntuser.dat	N/A	Software\Microsoft\Command Processor
codeid.pl	software	No	Policies\Microsoft\Windows\Safer\CodeIdentifiers
codepage.pl	system	N/A	ControlSetXXX\Control\Nls\CodePage
comdlg32.pl	ntuser.dat	N/A	Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32
comfoo.pl	system	N/A	Select
compdesc.pl	ntuser.dat	N/A	Software\Microsoft\Windows\CurrentVersion\Explorer\ComputerDescriptions
compname.pl	system	N/A	ControlSetXXX\Control\ComputerName\ComputerName
compname.pl	system	N/A	ControlSetXXX\Services\Tcpip\Parameters
compname.pl	system	N/A	Select
controlpanel.pl	ntuser.dat	N/A	Software\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel
cortana.pl	ntuser.dat	N/A	SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts
cpldontload.pl	ntuser.dat	N/A	Control Panel\don\'t load
crashcontrol.pl	system	N/A	ControlSetXXX\Control\CrashControl
crashcontrol.pl	system	N/A	Select
cred.pl	system	N/A	ControlSetXXX\Control\SecurityProviders\WDigest
cred_tln.pl	system	N/A	ControlSetXXX\Control\SecurityProviders\WDigest
ctrlpnl.pl	software	No	Microsoft\Windows\CurrentVersion\Control Panel
dafupnp.pl	system	N/A	ControlSetXXX\Enum\SWD\DAFUPnPProvider
dafupnp.pl	system	N/A	Select
dcom.pl	software	No	Microsoft\Rpc\Internet
ddm.pl	system	N/A	ControlSetXXX\Control\DDM
ddm.pl	system	N/A	Select
ddo.pl	ntuser.dat	N/A	Software\Microsoft\Windows NT\CurrentVersion\DeviceDisplayObjects
decaf.pl	ntuser.dat	N/A	Software\DECAFme
defbrowser.pl	software	No	Classes\HTTP\shell\open\command
defbrowser.pl	software	No	Clients\StartMenuInternet
defender.pl	software	No	Microsoft\Windows Defender
defender.pl	software	No	Policies\Microsoft\Windows Defender
del.pl	all	N/A	Parse hive, print deleted keys/values
del_tln.pl	all	N/A	Parse hive, print deleted keys/values
dependency_walker.pl	ntuser.dat	N/A	Software\Microsoft\Dependency Walker\Recent File List
devclass.pl	system	N/A	ControlSetXXX\Control\DeviceClasses\{10497b1b-ba51-44e5-8318-a65c837b6661}
devclass.pl	system	N/A	ControlSetXXX\Control\DeviceClasses\{53f56307-b6bf-11d0-94f2-00a0c91efb8b}
devclass.pl	system	N/A	ControlSetXXX\Control\DeviceClasses\{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
devclass.pl	system	N/A	Select
dfrg.pl	software	No	Microsoft\Dfrg\BootOptimizeFunction
diag_sr.pl	system	N/A	ControlSetXXX\Services\VSS\Diag\SystemRestore
diag_sr.pl	system	N/A	Select
direct.pl	software	Yes	Microsoft
direct.pl	software	Yes	Wow6432Node\Microsoft
direct_tln.pl	software	Yes	Microsoft
direct_tln.pl	software	Yes	Wow6432Node\Microsoft
disablelastaccess.pl	system	N/A	ControlSetXXX\Control\FileSystem
disablelastaccess.pl	system	N/A	Select
disablemru.pl	ntuser.dat, software	No	Microsoft\Windows\CurrentVersion\Explorer\Advanced
disablemru.pl	ntuser.dat, software	No	Microsoft\Windows\CurrentVersion\Policies\Comdlg32
disablemru.pl	ntuser.dat, software	No	Microsoft\Windows\CurrentVersion\Policies\Explorer
disableremotescm.pl	system	N/A	ControlSetXXX\Control
disableremotescm.pl	system	N/A	Select
disablesr.pl	software	No	Microsoft\Windows NT\CurrentVersion\SystemRestore
dllsearch.pl	system	N/A	ControlSetXXX\Control\Session Manager
dllsearch.pl	system	N/A	Select
dnschanger.pl	system	N/A	ControlSetXXX\Services\Tcpip\Parameters\Interfaces
domains.pl	ntuser.dat	N/A	Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
drivers32.pl	software	Yes	Microsoft\Windows NT\CurrentVersion\Drivers32
drivers32.pl	software	Yes	Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32
drwatson.pl	software	No	Microsoft\DrWatson
drwatson.pl	software	No	Microsoft\Windows NT\CurrentVersion\AeDebug
emdmgmt.pl	software	No	Microsoft\Windows NT\CurrentVersion\EMDMgmt
environment.pl	system, ntuser.dat	N/A	ControlSetXXX\Control\Session Manager\Environment
environment.pl	system, ntuser.dat	N/A	Environment
eraser.pl	ntuser.dat	N/A	Software\Eraser\Eraser 6
esent.pl	software	No	Microsoft\ESENT\Process
etos.pl	software	No	ODBC.INI
etos.pl	software	No	ODBC\ODBC.INI
eventlog.pl	system	N/A	ControlSetXXX\Services\Eventlog
eventlog.pl	system	N/A	Select
eventlogs.pl	system	N/A	ControlSetXXX\Services\Eventlog
eventlogs.pl	system	N/A	Select
execpolicy.pl	software	No	Microsoft\PowerShell\1\ShellIds\Microsoft.Powershell
featureusage.pl	ntuser.dat	N/A	Software\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage
fileexts.pl	ntuser.dat	N/A	Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts
filehistory.pl	ntuser.dat	N/A	Software\Microsoft\Windows\CurrentVersion\FileHistory
fileless.pl	all	N/A	All keys (all hives)
findexes.pl	all	N/A	root
foxitrdr.pl	ntuser.dat	N/A	Software\Foxit Software\Foxit Reader <VERSION>
fw_config.pl	system	N/A	Select
gauss.pl	software	Yes	Microsoft\Windows\CurrentVersion\Reliability
gauss.pl	software	Yes	Wow6432Node\Microsoft\Windows\CurrentVersion\Reliability
gpohist.pl	software	No	Microsoft\Windows\CurrentVersion\Group Policy\History
gpohist.pl	software	No	Software\Microsoft\Windows\CurrentVersion\Group Policy\History
gpohist_tln.pl	software	No	Microsoft\Windows\CurrentVersion\Group Policy\History
gpohist_tln.pl	software	No	Software\Microsoft\Windows\CurrentVersion\Group Policy\History
gthist.pl	ntuser.dat	N/A	Software\Google\NavClient\1.1\History
gtwhitelist.pl	ntuser.dat	N/A	Software\Google\Google Toolbar\4.0\whitelist
handler.pl	software	No	Classes\Network\SharingHandler
haven_and_hearth.pl	ntuser.dat	N/A	password
haven_and_hearth.pl	ntuser.dat	N/A	savedtoken
haven_and_hearth.pl	ntuser.dat	N/A	Software\JavaSoft\Prefs\haven
haven_and_hearth.pl	ntuser.dat	N/A	username
heap.pl	software	No	Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications
hibernate.pl	system	N/A	ControlSetXXX\Control\Session Manager\Power
hibernate.pl	system	N/A	Select
ide.pl	system	N/A	ControlSetXXX\Control\DeviceClasses\{53f56307-b6bf-11d0-94f2-00a0c91efb8b}
ide.pl	system	N/A	ControlSetXXX\Enum\IDE
ide.pl	system	N/A	Select
identities.pl	ntuser.dat	N/A	Identities
ie_main.pl	ntuser.dat	N/A	Software\Microsoft\Internet Explorer\Main
ie_settings.pl	ntuser.dat	N/A	Software\Microsoft\Internet Explorer\Main\WindowsSearch
ie_settings.pl	ntuser.dat	N/A	Software\Microsoft\Windows\CurrentVersion\Internet Settings
ie_version.pl	software	No	Microsoft\Internet Explorer
ie_zones.pl	ntuser.dat,software	No	Microsoft\Windows\CurrentVersion\Internet Settings
ie_zones.pl	ntuser.dat,software	No	Software\Microsoft\Windows\CurrentVersion\Internet Settings
iejava.pl	ntuser.dat	N/A	Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8AD9C840-044E-11D1-B3E9-00805F499D93}
imagedev.pl	system	N/A	ControlSetXXX\Control\Class\{6BDD1FC6-810F-11D0-BEC7-08002BE2092F}
imagedev.pl	system	N/A	Select
imagefile.pl	software	Yes	Microsoft\Windows NT\CurrentVersion\Image File Execution Options
imagefile.pl	software	Yes	Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
imgburn1.pl	ntuser.dat	N/A	Software\ImgBurn
init_dlls.pl	software	No	Microsoft\Windows NT\CurrentVersion\Windows
injectdll64.pl	ntuser.dat, software	No	Software\Policies\Google\Chrome\.$key_name
inprocserver.pl	software	Yes	Classes\CLSID
inprocserver.pl	software	Yes	Classes\Wow6432Node\CLSID
inprocserver.pl	software	Yes	CLSID
inprocserver.pl	software	Yes	Wow6432Node\CLSID
installedcomp.pl	software	Yes	Microsoft\Active Setup\Installed Components
installedcomp.pl	software	Yes	Wow6432Node\Microsoft\Active Setup\Installed Components
installer.pl	software	No	Microsoft\Windows\CurrentVersion\Installer\UserData
internet_explorer_cu.pl	ntuser.dat	N/A	Software\Microsoft\Internet Explorer
internet_explorer_cu.pl	ntuser.dat	N/A	Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoComplete
internet_explorer_cu.pl	ntuser.dat	N/A	Software\Microsoft\Windows\CurrentVersion\Internet Settings\DOMStorage
internet_explorer_cu.pl	ntuser.dat	N/A	Software\Microsoft\Windows\CurrentVersion\Internet Settings\IETld
internet_explorer_cu.pl	ntuser.dat	N/A	Software\Microsoft\Windows\CurrentVersion\Internet Settings\Main
internet_explorer_cu.pl	ntuser.dat	N/A	Software\Microsoft\Windows\CurrentVersion\Internet Settings\Privacy
internet_explorer_cu.pl	ntuser.dat	N/A	Software\Microsoft\Windows\CurrentVersion\Internet Settings\Recovery
internet_explorer_cu.pl	ntuser.dat	N/A	Software\Microsoft\Windows\CurrentVersion\Internet Settings\Recovery\Active
internet_explorer_cu.pl	ntuser.dat	N/A	Software\Microsoft\Windows\CurrentVersion\Internet Settings\Recovery\AdminActive
internet_explorer_cu.pl	ntuser.dat	N/A	Software\Microsoft\Windows\CurrentVersion\Internet Settings\Recovery\PendingDelete
internet_explorer_cu.pl	ntuser.dat	N/A	Software\Microsoft\Windows\CurrentVersion\Internet Settings\Suggested Sites
internet_settings_cu.pl	ntuser.dat	N/A	Software\Microsoft\Windows\CurrentVersion\Internet Settings
internet_settings_cu.pl	ntuser.dat	N/A	Software\Microsoft\Windows\CurrentVersion\Internet Settings\<SUBKEY>\History
ips.pl	system	N/A	ControlSetXXX\Services\Tcpip\Parameters\Interfaces
itempos.pl	ntuser.dat	N/A	Software\Microsoft\Windows\Shell\Bags\1\Desktop
itempos.pl	ntuser.dat	N/A	Software\Microsoft\Windows\ShellNoRoam\Bags
javafx.pl	ntuser.dat	N/A	Software\JavaSoft\Java Update\Policy\JavaFX
javasoft.pl	software	Yes	JavaSoft\Java Plug-in
javasoft.pl	software	Yes	Wow6432Node\JavaSoft\Java Plug-in
jumplistdata.pl	ntuser.dat	N/A	Software\Microsoft\Windows\CurrentVersion\Search\JumpListData
kankan.pl	ntuser.dat, software	Yes	Software\Microsoft\Office
kankan.pl	ntuser.dat, software	Yes	Wow6432Node\Microsoft\Office
kankan.pl	ntuser.dat, software	Yes	Wow6432Node\Software\Microsoft\Office
kb950582.pl	software	No	Microsoft\Updates\Windows XP\SP4\KB950582
kb950582.pl	software	No	Microsoft\Windows\CurrentVersion\Policies\Explorer
kb950582.pl	software	No	Microsoft\Windows\CurrentVersion\Uninstall\KB950582
kbdcrash.pl	system	N/A	Select
killsuit.pl	software	No	Microsoft\Windows\CurrentVersion\OemMgmt
killsuit_tln.pl	software	No	Microsoft\Windows\CurrentVersion\OemMgmt
knowndev.pl	ntuser.dat	N/A	Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\KnownDevices
landesk.pl	software	Yes	LANDesk\ManagementSuite\WinClient\SoftwareMonitoring\MonitorLog
landesk.pl	software	Yes	Wow6432Node\LANDesk\ManagementSuite\WinClient\SoftwareMonitoring\MonitorLog
landesk_tln.pl	software	Yes	LANDesk\ManagementSuite\WinClient\SoftwareMonitoring\MonitorLog
landesk_tln.pl	software	Yes	Wow6432Node\LANDesk\ManagementSuite\WinClient\SoftwareMonitoring\MonitorLog
lastloggedon.pl	software	No	Microsoft\Windows\CurrentVersion\Authentication\LogonUI
latentbot.pl	ntuser.dat	N/A	Software\Google\Update\network\secure
latentbot.pl	ntuser.dat	N/A	Software\Microsoft\Windows NT\CurrentVersion\Windows
lazyshell.pl	software	Yes	Microsoft\Windows\CurrentVersion\Wordpad\ComChecks\Safelist
lazyshell.pl	software	Yes	Wow6432Node\Microsoft\Windows\CurrentVersion\Wordpad\ComChecks\Safelist
legacy.pl	system	N/A	ControlSetXXX\Enum\Root
legacy.pl	system	N/A	Select
legacy_tln.pl	system	N/A	ControlSetXXX\Enum\Root
legacy_tln.pl	system	N/A	Select
licenses.pl	software	No	Licenses
link_click.pl	ntuser.dat	N/A	Software\Microsoft\Office
listsoft.pl	ntuser.dat	N/A	Software
liveContactsGUID.pl	ntuser.dat	N/A	Software\Microsoft\Windows Live Contacts\Database
load.pl	ntuser.dat	N/A	Software\Microsoft\Windows NT\CurrentVersion\Windows
logmein.pl	software	Yes	LogMeIn\V5\PerBrowser
logmein.pl	software	Yes	Wow6432Node\LogMeIn\V5\PerBrowser
logmein_tln.pl	software	Yes	LogMeIn\V5\PerBrowser
logmein_tln.pl	software	Yes	Wow6432Node\LogMeIn\V5\PerBrowser
logonstats.pl	ntuser.dat	N/A	Software\Microsoft\Windows\CurrentVersion\Explorer\LogonStats
logonusername.pl	ntuser.dat	N/A	Software\Microsoft\Windows\CurrentVersion\Explorer
lsa.pl	system	N/A	ControlSetXXX\Control\LSA
lsa.pl	system	N/A	Select
lsa_packages.pl	system	N/A	ControlSetXXX\Control\LSA
lsa_packages.pl	system	N/A	Select
lsasecrets.pl	security	N/A	Policy\Secrets
lxss.pl	ntuser.dat	N/A	Software\Microsoft\Windows\CurrentVersion\Lxss
lxss_tln.pl	ntuser.dat	N/A	Software\Microsoft\Windows\CurrentVersion\Lxss
macaddr.pl	system,software	No	ControlSetXXX\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}
macaddr.pl	system,software	No	Microsoft\Windows Genuine Advantage
macaddr.pl	system,software	No	Select
malware.pl	all	N/A	Begin
malware.pl	all	N/A	BINARY
malware.pl	all	N/A	Classes\BJ\Static
malware.pl	all	N/A	Classes\FAST
malware.pl	all	N/A	Classes\Network\SharingHandler
malware.pl	all	N/A	Classes\XXXX
malware.pl	all	N/A	Clients\Netrau
malware.pl	all	N/A	Clients\sdata
malware.pl	all	N/A	Control\SecurityProviders\WDigest
malware.pl	all	N/A	Microsoft\HTMLHelp
malware.pl	all	N/A	Microsoft\Rpc\Internet
malware.pl	all	N/A	Microsoft\ShipTr
malware.pl	all	N/A	Microsoft\ShipUp
malware.pl	all	N/A	Microsoft\WBEM\ESS\//./root/CIMV2\Win32ClockProvider
malware.pl	all	N/A	Microsoft\Windows\CurrentVersion\Policies\System
malware.pl	all	N/A	Policies\Microsoft\Windows Defender
malware.pl	all	N/A	Policies\Microsoft\Windows Defender\Real-Time Protection
malware.pl	all	N/A	Policies\Microsoft\Windows NT\Terminal Services\
malware.pl	all	N/A	Policy\Secrets
malware.pl	all	N/A	Software\Adobe\Adobe ARM\1.0\ARM
malware.pl	all	N/A	Software\Adobe\Adobe Reader\<VERSION>\IPM
malware.pl	all	N/A	Software\BINARY
malware.pl	all	N/A	Software\Google\Update\network\secure
malware.pl	all	N/A	Software\Locky
malware.pl	all	N/A	Software\Microsoft\Clock
malware.pl	all	N/A	Software\Microsoft\CurrentHalInf
malware.pl	all	N/A	Software\Microsoft\CurrentPnpSetup
malware.pl	all	N/A	Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION
malware.pl	all	N/A	Software\Microsoft\Office test\Special\Perf
malware.pl	all	N/A	Software\Microsoft\Wbem\WMIC
malware.pl	all	N/A	Software\TransPan
malware.pl	all	N/A	Wow6432Node\WRData\Threats\History
malware.pl	all	N/A	WRData\Threats\History
menuorder.pl	ntuser.dat	N/A	Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder
mixer.pl	ntuser.dat	N/A	Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore
mixer_tln.pl	ntuser.dat	N/A	Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore
mmc.pl	ntuser.dat	N/A	Software\Microsoft\Microsoft Management Console\Recent File List
mmc_tln.pl	ntuser.dat	N/A	Software\Microsoft\Microsoft Management Console\Recent File List
mmo.pl	ntuser.dat	N/A	Software\Microsoft\CTF\LangBarAddIn
mmo.pl	ntuser.dat	N/A	Software\Microsoft\Multimedia\Other
mndmru.pl	ntuser.dat	N/A	Software\Microsoft\Windows\CurrentVersion\Explorer\Map Network Drive MRU
mndmru_tln.pl	ntuser.dat	N/A	Software\Microsoft\Windows\CurrentVersion\Explorer\Map Network Drive MRU
mountdev.pl	system	N/A	MountedDevices
mountdev2.pl	system	N/A	MountedDevices
mp2.pl	ntuser.dat	N/A	Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2
mp2_tln.pl	ntuser.dat	N/A	Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2
mp3.pl	ntuser.dat	N/A	Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2
mpmru.pl	ntuser.dat	N/A	Software\Microsoft\MediaPlayer\Player\RecentFileList
mrt.pl	software	No	Microsoft\RemovalTools\MRT
msedge_win10.pl	usrclass.dat	N/A	Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TypedURLs
msedge_win10.pl	usrclass.dat	N/A	Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TypedURLsTime
msedge_win10.pl	usrclass.dat	N/A	Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TypedURLsVisitCount
msis.pl	software	No	Classes\Installer\Products
msoffice.pl	ntuser.dat	N/A	Software\Microsoft\Office
msoffice_tln.pl	ntuser.dat	N/A	Software\Microsoft\Office
mspaper.pl	ntuser.dat	N/A	Software\Microsoft
muicache.pl	ntuser.dat,usrclass.dat	N/A	Local Settings\Software\Microsoft\Windows\Shell\MUICache
muicache.pl	ntuser.dat,usrclass.dat	N/A	Software\Microsoft\Windows\ShellNoRoam\MUICache
muicache_tln.pl	ntuser.dat,usrclass.dat	N/A	Local Settings\Software\Microsoft\Windows\Shell\MUICache
muicache_tln.pl	ntuser.dat,usrclass.dat	N/A	Software\Microsoft\Windows\ShellNoRoam\MUICache
mzthunderbird.pl	ntuser.dat	N/A	Software\Microsoft\Windows\CurrentVersion\UnreadMail
nation.pl	ntuser.dat	N/A	Control Panel\International\Geo
nero.pl	ntuser.dat	N/A	Cover Designer
nero.pl	ntuser.dat	N/A	FlmgPlg
nero.pl	ntuser.dat	N/A	Nero PhotoSnap
nero.pl	ntuser.dat	N/A	NSPluginMgr
nero.pl	ntuser.dat	N/A	PhotoEffects
nero.pl	ntuser.dat	N/A	Software\Ahead
nero.pl	ntuser.dat	N/A	XlmgPlg
netassist.pl	ntuser.dat	N/A	Software\Microsoft\Installer\Products\D4676621F4CF7AF46BB388D4351B86F0
netassist.pl	ntuser.dat	N/A	Software\Microsoft\Installer\Products\D4676621F4CF7AF46BB388D4351B86F0\SourceList
netassist.pl	ntuser.dat	N/A	Software\Microsoft\Windows\CurrentVersion\Uninstall\NetAssistant
netassist.pl	ntuser.dat	N/A	Software\Mozilla\Firefox\Extensions
netlogon.pl	system	N/A	\services\NetLogon\Parameters
netsh.pl	software	No	Microsoft\Netsh
netsvcs.pl	system	N/A	ControlSetXXX\Enum\Root
netsvcs.pl	system	N/A	ControlSetXXX\Services
netsvcs.pl	system	N/A	Select
network.pl	system	N/A	ControlSetXXX\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}
network.pl	system	N/A	Select
networkcards.pl	software	No	Microsoft\Windows NT\CurrentVersion\NetworkCards
networklist.pl	software	No	Microsoft\Windows NT\CurrentVersion\NetworkList
networklist.pl	software	No	Microsoft\Windows NT\CurrentVersion\NetworkList\Nla\Cache\Intranet
networklist.pl	software	No	Microsoft\Windows NT\CurrentVersion\NetworkList\Nla\Wireless
networklist.pl	software	No	Microsoft\Windows NT\CurrentVersion\NetworkList\Profiles
networklist.pl	software	No	Microsoft\Windows NT\CurrentVersion\NetworkList\Signatures\Managed
networklist.pl	software	No	Microsoft\Windows NT\CurrentVersion\NetworkList\Signatures\Unmanaged
networklist_tln.pl	software	No	Microsoft\Windows NT\CurrentVersion\NetworkList
networklist_tln.pl	software	No	Microsoft\Windows NT\CurrentVersion\NetworkList\Nla\Cache\Intranet
networklist_tln.pl	software	No	Microsoft\Windows NT\CurrentVersion\NetworkList\Profiles
networklist_tln.pl	software	No	Microsoft\Windows NT\CurrentVersion\NetworkList\Signatures\Managed
networklist_tln.pl	software	No	Microsoft\Windows NT\CurrentVersion\NetworkList\Signatures\Unmanaged
networksetup2.pl	system	N/A	ControlSetXXX\Control\NetworkSetup2\Interfaces
networksetup2.pl	system	N/A	Select
networkuid.pl	software	No	Microsoft\Windows NT\CurrentVersion\Network
nic.pl	system	N/A	ControlSetXXX\Services
nic2.pl	system	N/A	ControlSetXXX\Services\Tcpip\Parameters\Interfaces
nic_mst2.pl	system	N/A	ControlSetXXX\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}
nic_mst2.pl	system	N/A	ControlSetXXX\Services\Tcpip\Parameters\Interfaces
nic_mst2.pl	system	N/A	Select
nolmhash.pl	system	N/A	ControlSetXXX\Control\Lsa
nolmhash.pl	system	N/A	Select
ntds.pl	system	N/A	ControlSetXXX\Services\NTDS
ntds.pl	system	N/A	Select
ntusernetwork.pl	ntuser.dat	N/A	Network
null.pl	all	N/A	Check key/value names in a hive for leading null char
odysseus.pl	ntuser.dat	N/A	ProxyPort
odysseus.pl	ntuser.dat	N/A	ProxyUpstreamHost
odysseus.pl	ntuser.dat	N/A	ProxyUpstreamPort
odysseus.pl	ntuser.dat	N/A	ServerCert
odysseus.pl	ntuser.dat	N/A	ServerCertPass
odysseus.pl	ntuser.dat	N/A	Software\bindshell.net\Odysseus
officedocs.pl	ntuser.dat	N/A	Software\Microsoft\Office\<VERSION>\Common\Open Find
officedocs2010.pl	ntuser.dat	N/A	Software\Microsoft\Office\14.0
officedocs2010_tln.pl	ntuser.dat	N/A	Software\Microsoft\Office\14.0
oisc.pl	ntuser.dat	N/A	Software\Microsoft\Office
olsearch.pl	ntuser.dat	N/A	Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\0a0d020000000000c000000000000046
onedrive.pl	ntuser.dat	N/A	Software\Microsoft\OneDrive
onedrive_tln.pl	ntuser.dat	N/A	Software\Microsoft\OneDrive
opencandy.pl	software	Yes	ADatumCorporation\OpenCandy
opencandy.pl	software	Yes	Wow6432Node\ADatumCorporation\OpenCandy
osversion.pl	ntuser.dat	N/A	Software\Microsoft
osversion_tln.pl	ntuser.dat	N/A	Software\Microsoft
outlook.pl	ntuser.dat	N/A	Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles
outlook2.pl	ntuser.dat	N/A	Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook
pagefile.pl	system	N/A	ControlSetXXX\Control\Session Manager\Memory Management
pagefile.pl	system	N/A	Select
pending.pl	system	N/A	ControlSetXXX\Control\Session Manager
pending.pl	system	N/A	Select
pendinggpos.pl	ntuser.dat	N/A	Software\Microsoft\IEAK\GroupPolicy\PendingGPOs
phdet.pl	system	N/A	ControlSetXXX\Services\msupdate
phdet.pl	system	N/A	Select
photos.pl	usrclass.dat	N/A	Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\microsoft\.windowsphotos_8wekyb3d8bbwe\PersistedStorageItemTable\ManagedByApp
photos_win10.pl	usrclass.dat	N/A	Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.Photos_8wekyb3d8bbwe\PersistedStorageItemTable\ManagedByApp
photos_win10.pl	usrclass.dat	N/A	Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.Photos_8wekyb3d8bbwe\Schemas
polacdms.pl	security	N/A	Policy\PolAcDmS
polacdms.pl	security	N/A	Policy\PolPrDmS
policies_u.pl	ntuser.dat	N/A	Software\Microsoft\Windows\CurrentVersion
port_dev.pl	software	No	Microsoft\Windows Portable Devices\Devices
portdev.pl	software	No	Microsoft\Windows Portable Devices\Devices
powershellcore.pl	software	Yes	Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom
powershellcore.pl	software	Yes	Microsoft\Windows NT\CurrentVersion\AppCompatFlags\InstalledSDB
powershellcore.pl	software	Yes	Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers
powershellcore.pl	software	Yes	Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers
powershellcore.pl	software	Yes	Wow6432Node\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers
powershellcore.pl	software	Yes	Wow6432Node\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers
prefetch.pl	system	N/A	ControlSetXXX\Control\Session Manager\Memory Management\PrefetchParameters
prefetch.pl	system	N/A	Select
printdemon.pl	software	No	Microsoft\Windows NT\CurrentVersion
printer_settings.pl	system, software	No	ControlSetXXX\Control\Print\Printers
printer_settings.pl	system, software	No	Microsoft\Windows NT\CurrentVersion\Print\Printers
printermru.pl	ntuser.dat	N/A	Printers\Settings\Wizard\ConnectMRU
printers.pl	ntuser.dat	N/A	Printers
printers.pl	ntuser.dat	N/A	Software\Microsoft\Windows NT\CurrentVersion\PrinterPorts
printers.pl	ntuser.dat	N/A	Software\Microsoft\Windows NT\CurrentVersion\Windows
printmon.pl	system	N/A	ControlSetXXX\Control\Print\Monitors
printmon.pl	system	N/A	Select
printmon_tln.pl	system	N/A	ControlSetXXX\Control\Print\Monitors
printmon_tln.pl	system	N/A	Select
privoxy.pl	ntuser.dat	N/A	Software\Privoxy
processor_architecture.pl	system	N/A	ControlSetXXX\Control\Session Manager\Environment
processor_architecture.pl	system	N/A	Select
product.pl	software	No	Microsoft\Windows\CurrentVersion\Installer\UserData
productpolicy.pl	system	N/A	ControlSetXXX\Control\ProductOptions
producttype.pl	system	N/A	ControlSetXXX\Control\ProductOptions
producttype.pl	system	N/A	Select
profilelist.pl	software	No	Microsoft\Windows NT\CurrentVersion\ProfileList
profilelist.pl	software	No	Microsoft\Windows NT\CurrentVersion\Winlogon
profiler.pl	ntuser.dat, system	N/A	ControlSetXXX\Control\Session Manager\Environment
profiler.pl	ntuser.dat, system	N/A	Environment
proxysettings.pl	ntuser.dat	N/A	Software\Microsoft\Windows\CurrentVersion\Internet Settings
pslogging.pl	ntuser.dat, software	No	Policies\Microsoft\Windows\PowerShell
pslogging.pl	ntuser.dat, software	No	Software\Policies\Microsoft\Windows\PowerShell
psscript.pl	software, ntuser.dat	No	Microsoft\Windows\CurrentVersion\Group Policy\Scripts\Startup\0\0
psscript.pl	software, ntuser.dat	No	Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Scripts\Startup\0\0
publishingwizard.pl	ntuser.dat	N/A	Software\Microsoft\Windows\CurrentVersion\Explorer\PublishingWizard\AddNetworkPlace\AddNetPlace\LocationMRU
putty.pl	ntuser.dat	N/A	Software\SimonTatham\PuTTY\SshHostKeys
putty_sessions.pl	ntuser.dat	N/A	Software\SimonTatham\PuTTY\Sessions
rdphint.pl	ntuser.dat	N/A	Software\Microsoft\Terminal Server Client\Servers
rdpnla.pl	system	N/A	ControlSetXXX\Control\Terminal Server\WinStations\RDP-Tcp
rdpport.pl	system	N/A	ControlSetXXX\Control\Terminal Server\WinStations\RDP-Tcp
reading_locations.pl	ntuser.dat	N/A	Software\Microsoft\Office\15.0\Word\Reading Locations
realplayer6.pl	ntuser.dat	N/A	Software\RealNetworks\RealPlayer\6.0\Preferences
realvnc.pl	ntuser.dat	N/A	Software\RealVNC\VNCViewer4\MRU
recentapps.pl	ntuser.dat	N/A	Software\Microsoft\Windows\CurrentVersion\Search\RecentApps
recentapps_tln.pl	ntuser.dat	N/A	Software\Microsoft\Windows\CurrentVersion\Search\RecentApps
recentdocs.pl	ntuser.dat	N/A	Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs
recentdocs_timeline.pl	ntuser.dat	N/A	Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs
recentdocs_tln.pl	ntuser.dat	N/A	Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs
regback.pl	software	No	Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks
regback.pl	software	No	Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Registry\RegIdleBackup
regin.pl	system	N/A	Select
regtime.pl	all	N/A	(Entire Hive)
regtime_tln.pl	all	N/A	(Entire Hive)
remoteaccess.pl	system	N/A	ControlSetXXX\services\RemoteAccess\Parameters\AccountLockout
remoteaccess.pl	system	N/A	Select
removdev.pl	software	No	Microsoft\Windows Portable Devices\Devices
renocide.pl	software	No	Microsoft\DRM\amty
reveton.pl	ntuser.dat	N/A	Software\Microsoft\Internet Explorer\Main
reveton.pl	ntuser.dat	N/A	Software\Microsoft\Internet Explorer\Toolbar
reveton.pl	ntuser.dat	N/A	Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\
reveton.pl	ntuser.dat	N/A	Software\Microsoft\Windows\CurrentVersion\Policies\System\
reveton.pl	ntuser.dat	N/A	Software\Microsoft\Windows\CurrentVersion\Run
reveton.pl	ntuser.dat	N/A	Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run
revouninstaller.pl	ntuser.dat	N/A	Software\VS Revo Group\Revo Uninstaller Pro\TrackCleaner\Browsers
revouninstaller.pl	ntuser.dat	N/A	Software\VS Revo Group\Revo Uninstaller Pro\TrackCleaner\MSOffice
revouninstaller.pl	ntuser.dat	N/A	Software\VS Revo Group\Revo Uninstaller Pro\TrackCleaner\Windows
revouninstaller.pl	ntuser.dat	N/A	Software\VS Revo Group\Revo Uninstaller Pro\Uninstaller
revouninstaller.pl	ntuser.dat	N/A	Software\VS Revo Group\Revo Uninstaller Pro\Uninstaller\AppBar
rlo.pl	all	N/A	Parse hive, check key/value names for RLO character
rootkit_revealer.pl	ntuser.dat	N/A	EulaAccepted
rootkit_revealer.pl	ntuser.dat	N/A	Software\Sysinternals\RootkitRevealer
routes.pl	system	N/A	ControlSetXXX\Services\Tcpip\Parameters\PersistentRoutes
routes.pl	system	N/A	Select
run.pl	software, ntuser.dat	Yes	Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Run
run.pl	software, ntuser.dat	Yes	Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\RunOnce
run.pl	software, ntuser.dat	Yes	Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
run.pl	software, ntuser.dat	Yes	Microsoft\Windows\CurrentVersion\Run
run.pl	software, ntuser.dat	Yes	Microsoft\Windows\CurrentVersion\RunOnce
run.pl	software, ntuser.dat	Yes	Microsoft\Windows\CurrentVersion\RunServices
run.pl	software, ntuser.dat	Yes	Microsoft\Windows\CurrentVersion\StartupApproved\Run32
run.pl	software, ntuser.dat	Yes	Microsoft\Windows\CurrentVersion\StartupApproved\Run
run.pl	software, ntuser.dat	Yes	Microsoft\Windows\CurrentVersion\StartupApproved\StartupFolder
run.pl	software, ntuser.dat	Yes	Wow6432Node\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
run.pl	software, ntuser.dat	Yes	Wow6432Node\Microsoft\Windows\CurrentVersion\Run
run.pl	software, ntuser.dat	Yes	Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce
runmru.pl	ntuser.dat	N/A	Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU
runmru_tln.pl	ntuser.dat	N/A	Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU
runonceex.pl	software	No	Microsoft\Windows\CurrentVersion\RunOnceEx
runvirtual.pl	ntuser.dat, software	No	Microsoft\AppV\Client\RunVirtual
runvirtual.pl	ntuser.dat, software	No	Software\Microsoft\AppV\Client\RunVirtual
runvirtual_tln.pl	ntuser.dat, software	No	Microsoft\AppV\Client\RunVirtual
runvirtual_tln.pl	ntuser.dat, software	No	Software\Microsoft\AppV\Client\RunVirtual
ryuk_gpo.pl	software	No	Policies\Microsoft
safeboot.pl	system	N/A	ControlSetXXX\Control\SafeBoot
safeboot.pl	system	N/A	Select
samparse.pl	sam	N/A	SAM\Domains\Account\Users
samparse.pl	sam	N/A	SAM\Domains\Builtin\Aliases
samparse_tln.pl	sam	N/A	SAM\Domains\Account\Users
sbs.pl	software	Yes	Microsoft\Windows\CurrentVersion\SideBySide
sbs.pl	software	Yes	Wow6432Node\Microsoft\Windows\CurrentVersion\SideBySide
schedagent.pl	software	No	Microsoft\SchedulingAgent
scriptleturl.pl	software, usrclass.dat	Yes	Classes\CLSID
scriptleturl.pl	software, usrclass.dat	Yes	CLSID
scriptleturl.pl	software, usrclass.dat	Yes	WOW6432Node\CLSID
searchscopes.pl	ntuser.dat	N/A	Software\Microsoft\Internet Explorer\SearchScopes
secctr.pl	software	No	Microsoft\Security Center
secrets.pl	security	N/A	Policy\Secrets
secrets_tln.pl	security	N/A	Policy\Secrets
securityproviders.pl	system	N/A	ControlSetXXX\Control\SecurityProviders
securityproviders.pl	system	N/A	Select
services.pl	system	N/A	ControlSetXXX\Services
services.pl	system	N/A	Select
sevenzip.pl	ntuser.dat	N/A	Software\7-Zip
sevenzip.pl	ntuser.dat	N/A	Software\Wow6432Node\7-Zip
sfc.pl	software	No	Microsoft\Windows NT\CurrentVersion\Winlogon
sfc.pl	software	No	Policies\Microsoft\Windows NT\Windows File Protection
shares.pl	system	N/A	ControlSetXXX\Services\LanmanServer\Shares
shc.pl	ntuser.dat	N/A	Software\Microsoft\Windows\CurrentVersion\UFH\SHC
shellactivities.pl	ntuser.dat	N/A	Software\Microsoft\Windows\CurrentVersion\CloudStore\Store\Cache\DefaultAccount\$$windows.data.taskflow.shellactivities\Current
shellbags.pl	usrclass.dat	N/A	Local Settings\Software\Microsoft\Windows\Shell\BagMRU
shellbags_test.pl	usrclass.dat	N/A	Software\Microsoft\Windows\ShellNoRoam\Bags\<NODESLOT>\Shell
shellbags_tln.pl	usrclass.dat	N/A	Local Settings\Software\Microsoft\Windows\Shell\BagMRU
shellbags_xp.pl	ntuser.dat	N/A	Software\Microsoft\Windows\ShellNoRoam\BagMRU
shellexec.pl	software	Yes	Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
shellexec.pl	software	Yes	Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
shellext.pl	software	No	Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
shellfolders.pl	ntuser.dat	N/A	Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
shellfolders.pl	ntuser.dat	N/A	Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
shelloverlay.pl	software	No	Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers
shimcache.pl	system	N/A	\Control\Session Manager
shimcache_tln.pl	system	N/A	\Control\Session Manager
shutdown.pl	system	N/A	ControlSetXXX\Control\Windows
shutdown.pl	system	N/A	Select
shutdowncount.pl	system	N/A	ControlSetXXX\Control\Watchdog\Display
shutdowncount.pl	system	N/A	Select
silentprocessexit.pl	software	No	Microsoft\Windows NT\CurrentVersion\SilentProcessExit
silentprocessexit_tln.pl	software	No	Microsoft\Windows NT\CurrentVersion\SilentProcessExit
sizes.pl	all	N/A	All keys (all hives)
skype.pl	ntuser.dat	N/A	Software\Skype
slack.pl	all	N/A	Look for Slack space
slack_tln.pl	all	N/A	Parse hive, print slack space, retrieve keys/values
snapshot.pl	software	No	Microsoft\Internet Explorer
snapshot_viewer.pl	ntuser.dat	N/A	Software\Microsoft\Snapshot Viewer\Recent File List
soft_run.pl	software	Yes	Microsoft\Windows\CurrentVersion\Run
source_os.pl	system	N/A	Setup
speech.pl	ntuser.dat	N/A	Software\Microsoft\Speech
speech_tln.pl	ntuser.dat	N/A	Software\Microsoft\Speech
spp_clients.pl	software	No	Microsoft\Windows NT\CurrentVersion\SPP\Clients
sql_lastconnect.pl	software	No	Microsoft\MSSQLServer\Client\SuperSocketNetLib\LastConnect
srum.pl	software	No	Microsoft\Windows NT\CurrentVersion\SRUM\Extensions
srun_tln.pl	software	Yes	Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Run
srun_tln.pl	software	Yes	Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\RunOnce
srun_tln.pl	software	Yes	Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
srun_tln.pl	software	Yes	Microsoft\Windows\CurrentVersion\Run
srun_tln.pl	software	Yes	Microsoft\Windows\CurrentVersion\RunOnce
srun_tln.pl	software	Yes	Microsoft\Windows\CurrentVersion\RunServices
srun_tln.pl	software	Yes	Wow6432Node\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
srun_tln.pl	software	Yes	Wow6432Node\Microsoft\Windows\CurrentVersion\Run
srun_tln.pl	software	Yes	Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce
ssh_host_keys.pl	unknown	N/A	Software\Martin Prikryl\WinSCP 2\SshHostKeys
ssid.pl	software	No	Microsoft\EAPOL\Parameters\Interfaces
ssid.pl	software	No	Microsoft\Windows NT\CurrentVersion\NetworkCards
ssid.pl	software	No	Microsoft\WZCSVC\Parameters\Interfaces
startmenuinternetapps_cu.pl	ntuser.dat	N/A	Software\Clients
startmenuinternetapps_lm.pl	software	No	Clients
startpage.pl	ntuser.dat	N/A	Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage
startup.pl	ntuser.dat	N/A	Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
startup.pl	ntuser.dat	N/A	Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
stillimage.pl	system	N/A	ControlSetXXX\Control\Class\{6BDD1FC6-810F-11D0-BEC7-08002BE2092F}
stillimage.pl	system	N/A	ControlSetXXX\Control\StillImage\Logging
stillimage.pl	system	N/A	Select
susclient.pl	software	No	Microsoft\Windows\CurrentVersion\WindowsUpdate
svc.pl	system	N/A	ControlSetXXX\Services
svc.pl	system	N/A	Select
svc_plus.pl	system	N/A	ControlSetXXX\Services
svc_plus.pl	system	N/A	Select
svc_tln.pl	system	N/A	ControlSetXXX\Services
svc_tln.pl	system	N/A	Select
svcdll.pl	system	N/A	ControlSetXXX\Services
svcdll.pl	system	N/A	Select
svchost.pl	software	No	Microsoft\Windows NT\CurrentVersion\SvcHost
syscache.pl	syscache	N/A	DefaultObjectStore\ObjectTable
syscache_csv.pl	syscache	N/A	DefaultObjectStore\ObjectTable
syscache_tln.pl	syscache	N/A	DefaultObjectStore\ObjectTable
sysinternals.pl	ntuser.dat	N/A	Software\SysInternals
sysinternals_tln.pl	ntuser.dat	N/A	Software\SysInternals
systemindex.pl	software	No	Microsoft\Windows Search\Gather\Windows\SystemIndex\Sites\LocalHost\Paths
taskcache.pl	software	No	Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache
taskcache_tln.pl	software	No	Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache
tasks.pl	software	No	Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks
tasks_tln.pl	software	No	Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks
teamviewer.pl	software	Yes	TeamViewer
teamviewer.pl	software	Yes	Wow6432Node\TeamViewer
termcert.pl	system	N/A	ControlSetXXX\Services\TermService\Parameters
termcert.pl	system	N/A	Select
termserv.pl	system, software	No	ControlSetXXX\Control\Terminal Server
termserv.pl	system, software	No	Policies\Microsoft\Windows NT\Terminal Services
termserv.pl	system, software	No	Select
thispcpolicy.pl	software	No	Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\'.$guids{$g}.'\PropertyBag
thunderbirdinstalled.pl	software,ntuser.dat	Yes	Microsoft\Windows\CurrentVersion\App Paths\thunderbird.exe
thunderbirdinstalled.pl	software,ntuser.dat	Yes	WOW6432Node\Microsoft\Windows\CurrentVersion\App Paths\thunderbird.exe
timezone.pl	system	N/A	ControlSetXXX\Control\TimeZoneInformation
timezone.pl	system	N/A	Select
tracing.pl	software	Yes	Microsoft\Tracing
tracing_tln.pl	software	Yes	Microsoft\Tracing
trappoll.pl	software	No	Microsoft\RFC1156Agent\CurrentVersion\Parameters
trustrecords.pl	ntuser.dat	N/A	Software\Microsoft\Office\<VERSION>\<OFFICE_APP> where VERSION depends on Office version and OFFICE_APP is: Word, PowerPoint, Excel, Access
trustrecords_tln.pl	ntuser.dat	N/A	Software\Microsoft\Office\<VERSION>\<OFFICE_APP> where VERSION depends on Office version and OFFICE_APP is: Word, PowerPoint, Excel, Access
tsclient.pl	ntuser.dat	N/A	Software\Microsoft\Terminal Server Client\Default
tsclient.pl	ntuser.dat	N/A	Software\Microsoft\Terminal Server Client\Servers
tsclient_tln.pl	ntuser.dat	N/A	Software\Microsoft\Terminal Server Client\Default
tsclient_tln.pl	ntuser.dat	N/A	Software\Microsoft\Terminal Server Client\Servers
typedpaths.pl	ntuser.dat	N/A	Software\Microsoft\Windows\CurrentVersion\Explorer\TypedPaths
typedpaths_tln.pl	ntuser.dat	N/A	Software\Microsoft\Windows\CurrentVersion\Explorer\TypedPaths
typedurls.pl	ntuser.dat	N/A	Software\Microsoft\Internet Explorer\TypedURLs
typedurls_tln.pl	ntuser.dat	N/A	Software\Microsoft\Internet Explorer\TypedURLs
typedurlstime.pl	ntuser.dat	N/A	Software\Microsoft\Internet Explorer\TypedURLsTime
typedurlstime_tln.pl	ntuser.dat	N/A	Software\Microsoft\Internet Explorer\TypedURLsTime
uac.pl	software	No	Microsoft\Windows\CurrentVersion\policies\system
uacbypass.pl	usrclass.dat, software	No	exefile\shell\runas\command
uninstall.pl	software, ntuser.dat	Yes	Microsoft\Windows\CurrentVersion\Uninstall
uninstall.pl	software, ntuser.dat	Yes	Software\Microsoft\Windows\CurrentVersion\Uninstall
uninstall.pl	software, ntuser.dat	Yes	Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall
uninstall_tln.pl	software, ntuser.dat	Yes	Microsoft\Windows\CurrentVersion\Uninstall
uninstall_tln.pl	software, ntuser.dat	Yes	Software\Microsoft\Windows\CurrentVersion\Uninstall
uninstall_tln.pl	software, ntuser.dat	Yes	Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall
unreadmail.pl	ntuser.dat	N/A	Software\Microsoft\Windows\CurrentVersion\UnreadMail
updates.pl	software	No	Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages
urlzone.pl	software	No	Microsoft\Windows\CurrentVersion\Internet Settings\urlzone
urun_tln.pl	ntuser.dat	N/A	appdata
urun_tln.pl	ntuser.dat	N/A	application data
urun_tln.pl	ntuser.dat	N/A	globalroot
urun_tln.pl	ntuser.dat	N/A	recycle
urun_tln.pl	ntuser.dat	N/A	Software\Microsoft\Windows NT\CurrentVersion\Windows
urun_tln.pl	ntuser.dat	N/A	system volume information
urun_tln.pl	ntuser.dat	N/A	temp
usb.pl	system	N/A	ControlSetXXX\Enum\USB
usb.pl	system	N/A	Select
usbdevices.pl	system	N/A	ControlSetXXX\Enum\USB
usbdevices.pl	system	N/A	Select
usbstor.pl	system	N/A	ControlSetXXX\Enum\USBStor
usbstor.pl	system	N/A	Select
usbstor2.pl	system	N/A	ControlSetXXX\Control\ComputerName\ComputerName
usbstor2.pl	system	N/A	ControlSetXXX\Enum\USBStor
usbstor2.pl	system	N/A	MountedDevices
usbstor2.pl	system	N/A	Select
usbstor3.pl	system	N/A	ControlSetXXX\Enum\USBStor
usbstor3.pl	system	N/A	Select
user_run.pl	ntuser.dat	N/A	Software\Microsoft\Windows NT\CurrentVersion\Windows
user_win.pl	ntuser.dat	N/A	Software\Microsoft\Windows NT\CurrentVersion\Windows
userassist.pl	ntuser.dat	N/A	Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist
userassist_tln.pl	ntuser.dat	N/A	Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist
userinfo.pl	ntuser.dat	N/A	Software\Microsoft\Office\Common
userlocsvc.pl	ntuser.dat	N/A	Software\Microsoft\User Location Service\Client
utorrent.pl	ntuser.dat	N/A	Software\Microsoft\Windows\CurrentVersion\Uninstall\uTorrent
vawtrak.pl	ntuser.dat	N/A	Software\Microsoft\Internet Explorer\Main
vawtrak.pl	ntuser.dat	N/A	Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
vawtrak.pl	ntuser.dat	N/A	Software\Microsoft\Windows\CurrentVersion\Run
vawtrak.pl	ntuser.dat	N/A	Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run
virut.pl	software	No	Microsoft\Windows\CurrentVersion\Explorer
vista_bitbucket.pl	ntuser.dat	N/A	Software\Microsoft\Windows\CurrentVersion\Explorer\BitBucket
vmplayer.pl	ntuser.dat	N/A	Software\VMware, Inc.\VMware Player\VMplayer\Window position
vmware_vsphere_client.pl	ntuser.dat	N/A	Software\VMware\VMware Infrastructure Client\Preferences
vnchooksapplicationprefs.pl	ntuser.dat	N/A	Software\ORL\VNCHooks\Application_Prefs
vncviewer.pl	ntuser.dat	N/A	Software\ORL\VNCviewer\MRU
vncviewer.pl	ntuser.dat	N/A	Software\RealVNC\VNCViewer4\MRU
volinfocache.pl	software	No	Microsoft\Windows Search\VolumeInfoCache
wab.pl	software	No	Microsoft\WAB\DLLPath
wab_tln.pl	software	No	Microsoft\WAB\DLLPath
wallpaper.pl	ntuser.dat	N/A	Software\Microsoft\Windows\CurrentVersion\Explorer\Wallpaper\MRU
warcraft3.pl	ntuser.dat	N/A	Software\Blizzard Entertainment\Warcraft III\String
warcraft3.pl	ntuser.dat	N/A	userbnet
warcraft3.pl	ntuser.dat	N/A	userlocal
watp.pl	software	No	Microsoft\Windows Advanced Protection
wbem.pl	software	No	Microsoft\WBEM\CIMOM
wbem.pl	software	No	Microsoft\WBEM\WDM
wc_shares.pl	ntuser.dat	N/A	Software\Microsoft\Windows\CurrentVersion\Explorer\WorkgroupCrawler\Shares
webroot.pl	software	Yes	WOW6432Node\WRData
webroot.pl	software	Yes	WOW6432Node\WRData\Actions
webroot.pl	software	Yes	WOW6432Node\WRData\FileFlags
webroot.pl	software	Yes	WOW6432Node\WRData\IPM
webroot.pl	software	Yes	WOW6432Node\WRData\Journal
webroot.pl	software	Yes	WOW6432Node\WRData\Status
webroot.pl	software	Yes	WOW6432Node\WRData\Threats
win_cv.pl	software	No	Microsoft\Windows\CurrentVersion
winbackup.pl	software	No	Microsoft\Windows\CurrentVersion\WindowsBackup\ScheduleParams\TargetDevice
winbackup.pl	software	No	Microsoft\Windows\CurrentVersion\WindowsBackup\Status
winevt.pl	software	No	Microsoft\Windows\CurrentVersion\WINEVT\Channels
winlogon.pl	software	Yes	Microsoft\Windows NT\CurrentVersion\Winlogon
winlogon.pl	software	Yes	Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList
winlogon.pl	software	Yes	Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon
winlogon_tln.pl	software	Yes	Microsoft\Windows NT\CurrentVersion\Winlogon
winlogon_tln.pl	software	Yes	Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList
winlogon_tln.pl	software	Yes	Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon
winlogon_u.pl	ntuser.dat	N/A	Software\Microsoft\Windows NT\CurrentVersion\Winlogon
winlogon_u.pl	ntuser.dat	N/A	Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon
winnt_cv.pl	software	No	Microsoft\Windows NT\CurrentVersion
winrar.pl	ntuser.dat	N/A	Software\WinRAR\ArcHistory
winrar2.pl	ntuser.dat	N/A	Software\WinRAR\DialogEditHistory\ExtrPath
winrar_tln.pl	ntuser.dat	N/A	Software\WinRAR\ArcHistory
winscp.pl	ntuser.dat	N/A	Software\Martin Prikryl\WinSCP 2
winscp_sessions.pl	unknown	N/A	Software\Martin Prikryl\WinSCP 2\Sessions
winver.pl	software	No	Microsoft\Windows NT\CurrentVersion
winvnc.pl	ntuser.dat	N/A	Software\RealVNC\Default
winzip.pl	ntuser.dat	N/A	Software\Nico Mak Computing\WinZip
wordwheelquery.pl	ntuser.dat	N/A	Software\Microsoft\Windows\CurrentVersion\Explorer\WordWheelQuery
wordwheelquery_tln.pl	ntuser.dat	N/A	Software\Microsoft\Windows\CurrentVersion\Explorer\WordWheelQuery
wow64.pl	software	No	Microsoft\WOW64\arm
wow64.pl	software	No	Microsoft\WOW64\x86
wpdbusenum.pl	system	N/A	ControlSetXXX\Control\DeviceClasses\{10497b1b-ba51-44e5-8318-a65c837b6661}
wpdbusenum.pl	system	N/A	ControlSetXXX\Enum\SWD\WPDBUSENUM
wpdbusenum.pl	system	N/A	ControlSetXXX\Enum\WpdBusEnumRoot
wpdbusenum.pl	system	N/A	Select
wrdata.pl	software	Yes	Wow6432Node\WRData
wrdata.pl	software	Yes	WRData
wrdata_tln.pl	software	Yes	Wow6432Node\WRData
wrdata_tln.pl	software	Yes	WRData
wsh_settings.pl	software	No	Microsoft\Windows Script Host\Settings
xpedition.pl	system	N/A	WPA\TabletPC
yahoo_cu.pl	ntuser.dat	N/A	Software\Yahoo\pager
yahoo_lm.pl	software	No	Yahoo