Issues with PUP.optional.legacy and PUP.optional conduit returning

[ddemerin]

I've found many topics on how to get rid of these on these forums, but I haven't found one that handles it on my laptop. I could use some assistance figuring this out as this is my work laptop and having to do multiple restarts just to get the disk drive to stop burning at 100% so I can get some work done is really slowing down my productivity.

Much like the forums I've looked at before, I'm attaching the adwcleaner logs below as well as the FRST logs.

I would appreciate help with this ASAP as I've already spent the entire weekend trying to solve this issue.

Thanks!

FRST.txt AdwCleaner[C04].txt AdwCleaner[S04].txt Addition.txt

[kevinf80]

Hello ddemerin and welcome to Malwarebytes,

Do not see any obvious Malware or Infection in the FRST logs, continue please;

Please download the attached fixlist.txt file and save it to the Desktop or location where you ran FRST from. NOTE. It's important that both files, FRST or FRST64, and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system that cannot be undone. Run FRST or FRST64 and press the Fix button just once and wait. If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart. The tool will make a log on the Desktop (Fixlog.txt) or wherever you ran FRST from. Please attach or post it to your next reply. Note: If the tool warned you about an outdated version please download and run the updated version. NOTE-1: This fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files. It will also run a disk check on the restart to ensure disk integrity. Depending on the speed of your computer this fix may take 30 minutes or more. NOTE-2: As part of this fix all temporary files will be removed. If you have any open web pages that have not been bookmarked please make sure you bookmark them now as all open applications will be automatically closed. Also, make sure you know the passwords for all websites as cookies will also be removed. The following directories are emptied:   Windows Temp Users Temp folders Edge, IE, FF, Chrome and Opera caches, HTML5 storages, Cookies and History Recently opened files cache Flash Player cache Java cache Steam HTML cache Explorer thumbnail and icon cache BITS transfer queue (qmgr*.dat files) Recycle Bin Important: items are permanently deleted. They are not moved to quarantine. If you have any questions or concerns please ask before running this fix. The system will be rebooted after the fix has run. Next, Download Malwarebytes version 4 from the following link: https://www.malwarebytes.com/mwb-download/thankyou/ Double click on the installer and follow the prompts. When the install completes or Malwarebytes is already installed do the following: Open Malwarebytes, select > "settings" > "protection tab" Scroll down to "Scan Options" ensure Scan for Rootkits and Scan within Archives are both on.... Go back to "DashBoard" select the Blue "Scan Now" tab...... When the scan completes quarantine any found entries... To get the log from Malwarebytes do the following:   Click on the Detection History tab > from main interface. Then click on "History" that will open to a historical list Double click on the Scan log which shows the Date and time of the scan just performed. Click Export > From export you have two options: Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply Text file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply   Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply… Next, Download AdwCleaner by Malwarebytes onto your Desktop. Or from this Mirror   Right-click on AdwCleaner.exe and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users) Accept the EULA (I accept), then click on Scan Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Quarantine button. This will kill all the active processes Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply Next, Download Sophos Free Virus Removal Tool and save it to your desktop. If your security alerts to this scan either accept the alert or turn off your security to allow Sophos to run and complete..... Please Do Not use your PC whilst the scan is in progress.... This scan is very thorough so may take several hours...   Double click the icon and select Run Click Next Select I accept the terms in this license agreement, then click Next twice Click Install Click Finish to launch the program Once the virus database has been updated click Start Scanning If any threats are found click Details, then View log file... (bottom left hand corner) Copy and paste the results in your reply Close the Notepad document, close the Threat Details screen, then click Start cleanup Click Exit to close the program If no threats were found please confirm that result.... The Virus Removal Tool scans the following areas of your computer: Memory, including system memory on 32-bit (x86) versions of Windows The Windows registry All local hard drives, fixed and removable Mapped network drives are not scanned. Note: If threats are found in the computer memory, the scan stops. This is because further scanning could enable the threat to spread. You will be asked to click Start Cleanup to remove the threats before continuing the scan. Saved logs are found here: C:\ProgramData\Sophos\Sophos Virus Removal Tool\Logs Let me see those logs in your next reply, Thank you, Kevin..

fixlist.txt

[ddemerin]

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 9/21/20
Scan Time: 4:15 PM
Log File: 2a84d1c2-fc47-11ea-8b83-0a0027000009.json

-Software Information-
Version: 4.2.0.82
Components Version: 1.0.1036
Update Package Version: 1.0.30206
License: Trial

-System Information-
OS: Windows 10 (Build 18362.1082)
CPU: x64
File System: NTFS
User: DESKTOP-J6HPIKV\Anybody

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 301889
Threats Detected: 2
Threats Quarantined: 2
Time Elapsed: 34 min, 58 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 2
PUP.Optional.ASK, C:\USERS\ANYBODY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, 281, 454827, 1.0.30206, , ame, , DC7F67883EC6D3407721C450046F235E, 7E119863CC97621E987FB6100034D9EB7656EB9EA29622390000181BB51994F4
PUP.Optional.Conduit, C:\USERS\ANYBODY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Replaced, 193, 454832, 1.0.30206, , ame, , DC7F67883EC6D3407721C450046F235E, 7E119863CC97621E987FB6100034D9EB7656EB9EA29622390000181BB51994F4

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)

(end)

SophosVirusRemovalTool_cloud4.log SophosVirusRemovalTool.log AdwCleaner[C06].txt AdwCleaner[S06].txt

[kevinf80]

Did you run FRST fix...?

[ddemerin]

Ah. My apologies. I thought I had uploaded it with the last reply.

Fixlog.txt

[kevinf80]

Hello ddemerin,

How is your PC responding now, any remaining issues or concerns...?

Thank you,

Kevin..

[ddemerin]

So far, I haven't had any issues with the 100% disk usage which was what first made me follow the trail to those PUPs, so it seems like we're good! Only have a bit of a longer boot time when I booted up today, but we'll see if that was just this one time or if it remains consistent.

Really appreciate your help Kevin. Just sent you a donation for your assistance!

[kevinf80]

Hiya ddemerin,

Thanks for the donation, very much appreciated. Continue to clean up:

Uninstall the following program: Sophos AV http://www.askvg.com/how-to-completely-uninstall-remove-a-software-program-in-windows-without-using-3rd-party-software/ Next, Right click on FRST here: C:\Users\Anybody\Downloads\FRST64.exe and rename uninstall.exe when complete right click on uninstall.exe and select "Run as Administrator" If you do not see the .exe appended that is because file extensions are hidden, in that case just rename FRST64 to uninstall That action will remove FRST and all created files and folders... Next, Remove all System Restore Points: https://www.tenforums.com/tutorials/33593-delete-system-restore-points-windows-10-a.html#option2 Create clean fresh Restore Point: http://www.thewindowsclub.com/create-system-restore-point Run Windows Disk Clean Up Utility - https://neosmart.net/wiki/disk-cleanup/ Download and use a Password Management application. https://www.windowscentral.com/best-password-manager-windows From there you should be good to go... Next, Read the following links to fully understand PC Security and Best Practices, you may find them useful.... Answers to Common Security Questions and best Practices Do I need a Registry Cleaner? Take care and surf safe Kevin...

[ddemerin]

Actually, Keith I just started my laptop today, noticed it was running incredibly slow, ran adwcleaner again and found that the two PUPs were back again.

Please advise.

[kevinf80]

Hello ddemerin,

Apologies for the late reply, have just noticed your reply now. Can you post the log from AdwCleaner, also run a fresh scan with FRST...

Run FRST one more time, ensure all boxes are checkmarked under "Whitelist" but only Addition.txt under "Optional scan" Select scan, when done post the new logs. "FRST.txt" and "Addition.txt"   Thank you,   Kevin

[ddemerin]

Hey Kevin,

No apologies necessary! Appreciate you taking the time out of your day to help me out. 

FRST.txt Addition.txt AdwCleaner[C10].txt AdwCleaner[S10].txt

[kevinf80]

Hello ddemerin,

No evidence showing in the FRST logs to indicate why the same PUP`s should return, try the following:

Please download the correct portable version (32-bit or 64-bit) of RogueKiller for your system and save the file to your computer Desktop.   Right-click on the RogueKiller file and select Run as administrator to start the tool. Click Yes to accept the UAC security warning that may appear. Click Accept to agree with the EULA (End User License Agreement) and close the browser tab it will open. Now click the Scan blue button and under the Standard Scan (recommended) click on the Scan button. When the scan is complete, click on Results button. NOTE: DO NOT delete any found entries. All listed entries will be carefully analyzed. Then click on Report button. Click Export button and select "Text file". Give a name to the file such as RKlog.txt and save it to the Desktop or in a location where you can easily find it. Click the Finish button and close RogueKiller window. Copy and paste the entire contents of that log into your next reply. Thank you, Kevin...

[ddemerin]

{"header": {"program": {"project": "RogueKiller Anti-Malware", "version": "14.7.3.0", "x64": true, "date": "Sep 15 2020", "contact": "https://adlice.com/contact/", "website": "https://adlice.com/download/roguekiller/"}, "environment": {"operating_system": "Windows 10 (10.0.18363) 64 bits", "boot": 0, "winpe": false, "user": "Anybody", "user_admin": true, "program_location": "C:\\Program Files\\RogueKiller\\RogueKiller64.exe", "x64": true, "licensing": "premium"}, "report": {"type": 1, "aborted": false, "date": "2020/09/26 19:34:37", "duration": 1954, "count": 0, "scanned_count": 120214, "scan_mode": "standard", "signatures_version": "20200925_093707", "log_legit": false, "expert_mode": false, "truesight_loaded": true, "switches": ["-minimize"], "id": "0468104AFCF93695"}}, "warnings": [], "results": {"processes": [{"name": "[System Process]", "pid": 0, "children": []}, {"name": "System", "pid": 4, "children": [{"name": "smss.exe", "pid": 416, "children": []}, {"name": "Memory Compression", "pid": 2288, "children": []}]}, {"name": "Registry", "pid": 96, "children": []}, {"name": "GoogleCrashHandler64.exe", "pid": 272, "children": []}, {"name": "csrss.exe", "pid": 596, "children": []}, {"name": "wininit.exe", "pid": 684, "children": [{"name": "services.exe", "pid": 812, "children": [{"name": "WUDFHost.exe", "pid": 572, "children": []}, {"name": "svchost.exe", "pid": 576, "children": []}, {"name": "svchost.exe", "pid": 716, "children": []}, {"name": "svchost.exe", "pid": 968, "children": []}, {"name": "svchost.exe", "pid": 1012, "children": [{"name": "SearchUI.exe", "pid": 676, "children": []}, {"name": "YourPhone.exe", "pid": 1160, "children": []}, {"name": "StartMenuExperienceHost.exe", "pid": 1352, "children": []}, {"name": "LockApp.exe", "pid": 1488, "children": []}, {"name": "WmiPrvSE.exe", "pid": 3460, "children": []}, {"name": "smartscreen.exe", "pid": 4080, "children": []}, {"name": "unsecapp.exe", "pid": 4440, "children": []}, {"name": "RuntimeBroker.exe", "pid": 5124, "children": []}, {"name": "RuntimeBroker.exe", "pid": 5504, "children": []}, {"name": "ApplicationFrameHost.exe", "pid": 5876, "children": []}, {"name": "SystemSettings.exe", "pid": 7180, "children": []}, {"name": "RuntimeBroker.exe", "pid": 7264, "children": []}, {"name": "Microsoft.Photos.exe", "pid": 7616, "children": []}, {"name": "SettingSyncHost.exe", "pid": 8236, "children": []}, {"name": "RuntimeBroker.exe", "pid": 8324, "children": []}, {"name": "WindowsInternal.ComposableShell.Experiences.TextInput.InputApp.exe", "pid": 8544, "children": []}, {"name": "RuntimeBroker.exe", "pid": 10104, "children": []}, {"name": "RuntimeBroker.exe", "pid": 10728, "children": []}]}, {"name": "svchost.exe", "pid": 1064, "children": []}, {"name": "svchost.exe", "pid": 1080, "children": []}, {"name": "DDVDataCollector.exe", "pid": 1184, "children": []}, {"name": "svchost.exe", "pid": 1268, "children": []}, {"name": "svchost.exe", "pid": 1276, "children": []}, {"name": "svchost.exe", "pid": 1324, "children": []}, {"name": "svchost.exe", "pid": 1416, "children": []}, {"name": "svchost.exe", "pid": 1424, "children": [{"name": "taskhostw.exe", "pid": 6440, "children": []}, {"name": "adwcleaner_8.0.7.exe", "pid": 6464, "children": [{"name": "notepad.exe", "pid": 1804, "children": []}]}, {"name": "RAVBg64.exe", "pid": 7252, "children": []}]}, {"name": "svchost.exe", "pid": 1476, "children": []}, {"name": "svchost.exe", "pid": 1500, "children": []}, {"name": "svchost.exe", "pid": 1584, "children": []}, {"name": "svchost.exe", "pid": 1592, "children": []}, {"name": "svchost.exe", "pid": 1628, "children": []}, {"name": "svchost.exe", "pid": 1636, "children": [{"name": "ctfmon.exe", "pid": 8052, "children": []}, {"name": "TabTip.exe", "pid": 8076, "children": []}]}, {"name": "isa.exe", "pid": 1708, "children": []}, {"name": "svchost.exe", "pid": 1732, "children": [{"name": "sihost.exe", "pid": 6172, "children": []}]}, {"name": "svchost.exe", "pid": 1744, "children": []}, {"name": "svchost.exe", "pid": 1828, "children": []}, {"name": "svchost.exe", "pid": 1844, "children": []}, {"name": "igfxCUIService.exe", "pid": 1860, "children": []}, {"name": "svchost.exe", "pid": 1944, "children": []}, {"name": "svchost.exe", "pid": 2128, "children": []}, {"name": "svchost.exe", "pid": 2180, "children": []}, {"name": "svchost.exe", "pid": 2188, "children": []}, {"name": "svchost.exe", "pid": 2232, "children": []}, {"name": "svchost.exe", "pid": 2240, "children": []}, {"name": "svchost.exe", "pid": 2248, "children": []}, {"name": "svchost.exe", "pid": 2312, "children": []}, {"name": "svchost.exe", "pid": 2316, "children": []}, {"name": "DSAPI.exe", "pid": 2392, "children": []}, {"name": "svchost.exe", "pid": 2416, "children": []}, {"name": "svchost.exe", "pid": 2424, "children": []}, {"name": "svchost.exe", "pid": 2552, "children": [{"name": "audiodg.exe", "pid": 7372, "children": []}]}, {"name": "svchost.exe", "pid": 2592, "children": []}, {"name": "RtkAudioService64.exe", "pid": 2608, "children": [{"name": "RAVBg64.exe", "pid": 3100, "children": []}, {"name": "RAVBg64.exe", "pid": 3180, "children": []}]}, {"name": "svchost.exe", "pid": 2728, "children": []}, {"name": "svchost.exe", "pid": 2740, "children": []}, {"name": "SgrmBroker.exe", "pid": 2780, "children": []}, {"name": "WUDFHost.exe", "pid": 2872, "children": []}, {"name": "svchost.exe", "pid": 2892, "children": []}, {"name": "svchost.exe", "pid": 2996, "children": [{"name": "wlanext.exe", "pid": 3364, "children": [{"name": "conhost.exe", "pid": 3376, "children": []}]}]}, {"name": "svchost.exe", "pid": 3048, "children": []}, {"name": "svchost.exe", "pid": 3128, "children": []}, {"name": "spoolsv.exe", "pid": 3300, "children": []}, {"name": "svchost.exe", "pid": 3380, "children": []}, {"name": "svchost.exe", "pid": 3488, "children": []}, {"name": "svchost.exe", "pid": 3516, "children": []}, {"name": "svchost.exe", "pid": 3660, "children": []}, {"name": "svchost.exe", "pid": 3668, "children": []}, {"name": "esif_uf.exe", "pid": 3676, "children": [{"name": "esif_assist_64.exe", "pid": 6540, "children": []}]}, {"name": "svchost.exe", "pid": 3688, "children": []}, {"name": "EvtEng.exe", "pid": 3700, "children": []}, {"name": "ibtsiva.exe", "pid": 3708, "children": []}, {"name": "RogueKillerSvc.exe", "pid": 3724, "children": [{"name": "RogueKiller64.exe", "pid": 11476, "children": []}]}, {"name": "svchost.exe", "pid": 3732, "children": []}, {"name": "MBAMService.exe", "pid": 3820, "children": [{"name": "mbamtray.exe", "pid": 6404, "children": []}]}, {"name": "svchost.exe", "pid": 3856, "children": []}, {"name": "svchost.exe", "pid": 3888, "children": []}, {"name": "WavesSysSvc64.exe", "pid": 3896, "children": []}, {"name": "svchost.exe", "pid": 3932, "children": []}, {"name": "svchost.exe", "pid": 3956, "children": []}, {"name": "ZeroConfigService.exe", "pid": 3988, "children": []}, {"name": "PRSvc.exe", "pid": 4016, "children": []}, {"name": "svchost.exe", "pid": 4092, "children": []}, {"name": "svchost.exe", "pid": 4104, "children": []}, {"name": "svchost.exe", "pid": 4200, "children": []}, {"name": "svchost.exe", "pid": 4420, "children": []}, {"name": "svchost.exe", "pid": 4656, "children": []}, {"name": "svchost.exe", "pid": 5172, "children": []}, {"name": "svchost.exe", "pid": 5576, "children": []}, {"name": "svchost.exe", "pid": 5636, "children": []}, {"name": "ServiceShell.exe", "pid": 5696, "children": []}, {"name": "SupportAssistAgent.exe", "pid": 5816, "children": []}, {"name": "svchost.exe", "pid": 5868, "children": []}, {"name": "svchost.exe", "pid": 6004, "children": []}, {"name": "svchost.exe", "pid": 6152, "children": []}, {"name": "svchost.exe", "pid": 6188, "children": []}, {"name": "svchost.exe", "pid": 6252, "children": []}, {"name": "PresentationFontCache.exe", "pid": 6280, "children": []}, {"name": "svchost.exe", "pid": 6420, "children": []}, {"name": "svchost.exe", "pid": 6568, "children": []}, {"name": "jhi_service.exe", "pid": 7384, "children": []}, {"name": "svchost.exe", "pid": 7624, "children": []}, {"name": "DDVCollectorSvcApi.exe", "pid": 7664, "children": []}, {"name": "SearchIndexer.exe", "pid": 7692, "children": []}, {"name": "Dell.D3.WinSvc.exe", "pid": 7920, "children": []}, {"name": "DDVRulesProcessor.exe", "pid": 7944, "children": []}, {"name": "LMS.exe", "pid": 8116, "children": []}, {"name": "svchost.exe", "pid": 8204, "children": []}, {"name": "MDLCSvc.exe", "pid": 8220, "children": []}, {"name": "svchost.exe", "pid": 8332, "children": []}, {"name": "DFSSvc.exe", "pid": 8452, "children": []}, {"name": "SecurityHealthService.exe", "pid": 8604, "children": []}, {"name": "svchost.exe", "pid": 9032, "children": []}, {"name": "IAStorDataMgrSvc.exe", "pid": 9140, "children": []}, {"name": "svchost.exe", "pid": 9392, "children": []}, {"name": "svchost.exe", "pid": 9808, "children": []}, {"name": "svchost.exe", "pid": 10684, "children": []}, {"name": "svchost.exe", "pid": 10784, "children": []}, {"name": "svchost.exe", "pid": 12648, "children": []}]}, {"name": "lsass.exe", "pid": 852, "children": []}, {"name": "fontdrvhost.exe", "pid": 992, "children": []}]}, {"name": "csrss.exe", "pid": 696, "children": []}, {"name": "winlogon.exe", "pid": 788, "children": [{"name": "fontdrvhost.exe", "pid": 988, "children": []}, {"name": "dwm.exe", "pid": 1136, "children": []}]}, {"name": "GoogleCrashHandler.exe", "pid": 2080, "children": []}, {"name": "DFS.Common.Agent.exe", "pid": 3004, "children": [{"name": "conhost.exe", "pid": 2840, "children": []}]}, {"name": "postgres.exe", "pid": 4460, "children": [{"name": "postgres.exe", "pid": 1776, "children": []}, {"name": "postgres.exe", "pid": 2436, "children": []}, {"name": "postgres.exe", "pid": 3904, "children": []}, {"name": "conhost.exe", "pid": 4500, "children": []}, {"name": "postgres.exe", "pid": 5008, "children": []}, {"name": "postgres.exe", "pid": 5472, "children": []}, {"name": "postgres.exe", "pid": 8400, "children": []}, {"name": "postgres.exe", "pid": 8672, "children": []}]}, {"name": "slack.exe", "pid": 5584, "children": [{"name": "slack.exe", "pid": 3448, "children": []}, {"name": "slack.exe", "pid": 7436, "children": []}, {"name": "slack.exe", "pid": 8128, "children": []}, {"name": "slack.exe", "pid": 8200, "children": []}]}, {"name": "explorer.exe", "pid": 6964, "children": [{"name": "chrome.exe", "pid": 284, "children": [{"name": "chrome.exe", "pid": 1076, "children": []}, {"name": "chrome.exe", "pid": 1784, "children": []}, {"name": "chrome.exe", "pid": 2460, "children": []}, {"name": "chrome.exe", "pid": 3084, "children": []}, {"name": "chrome.exe", "pid": 3652, "children": []}, {"name": "chrome.exe", "pid": 4204, "children": []}, {"name": "chrome.exe", "pid": 6060, "children": []}, {"name": "chrome.exe", "pid": 6276, "children": []}, {"name": "chrome.exe", "pid": 8360, "children": []}, {"name": "chrome.exe", "pid": 8708, "children": []}, {"name": "chrome.exe", "pid": 9820, "children": []}, {"name": "RogueKiller_setup.exe", "pid": 11240, "children": [{"name": "RogueKiller_setup.tmp", "pid": 8396, "children": [{"name": "RogueKiller_setup.exe", "pid": 5768, "children": [{"name": "RogueKiller_setup.tmp", "pid": 12392, "children": []}]}]}]}, {"name": "chrome.exe", "pid": 11248, "children": []}]}, {"name": "SecurityHealthSystray.exe", "pid": 8556, "children": []}, {"name": "quickset.exe", "pid": 8596, "children": []}, {"name": "RtkNGUI64.exe", "pid": 8700, "children": []}, {"name": "RAVBg64.exe", "pid": 8756, "children": []}, {"name": "WavesSvc64.exe", "pid": 8892, "children": []}, {"name": "OneDrive.exe", "pid": 9096, "children": []}]}, {"name": "igfxEM.exe", "pid": 7296, "children": []}, {"name": "igfxHK.exe", "pid": 7360, "children": []}, {"name": "igfxTray.exe", "pid": 7452, "children": []}, {"name": "IAStorIcon.exe", "pid": 7844, "children": []}, {"name": "imstrayicon.exe", "pid": 12544, "children": []}], "modules": [], "services": [], "tasks": [], "registry": [], "wmi": [], "hosts": {"is_too_big": false, "hosts_file_path": "C:\\Windows\\System32\\drivers\\etc\\hosts", "lines": []}, "filesystem": [], "web_browsers": [], "antirootkit": {"is_driver_loaded": true, "driver_error": 1, "results": []}}} 

[kevinf80]

Not sure what you`ve posted...?

[ddemerin]

Oops. Sorry, I thought I had exported to a .txt file, but apparently I exported the JSON file. lol, I thought it looked more like code than anything else.

 

RogueKiller Anti-Malware V14.7.3.0 (x64) [Sep 15 2020] (Premium) by Adlice Software
mail : https://adlice.com/contact/
Website : https://adlice.com/download/roguekiller/
Operating System : Windows 10 (10.0.18363) 64 bits
Started in : Normal mode
User : Anybody [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Signatures : 20200925_093707, Driver : Loaded
Mode : Standard Scan, Scan -- Date : 2020/09/26 15:34:37 (Duration : 00:32:34)
Switches : -minimize

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Process Modules ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Services ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Tasks ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Registry ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ WMI ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Hosts File ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Files ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Web browsers ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
 

[kevinf80]

That log is clean. Just checking back over your logs, this IP address 192.168.254.254 is flagged as private is that known to you?

[ddemerin]

That's my router IP address.

[kevinf80]

Thanks, that clears that up. Continue:

Run FRST one more time: Type the following in the edit box after "Search:". Chromium Click Search Registry button and post the log it makes (SearchReg.txt) to your reply.

[ddemerin]

Farbar Recovery Scan Tool (x64) Version: 23-09-2020
Ran by Anybody (28-09-2020 10:10:01)
Running from C:\Users\Anybody\Downloads
Boot Mode: Normal

================== Search Registry: "chromium" ===========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsSelfHost\OneSettings]
"TargetingAttributes"="{
  "Version": 107,
  "SchemaVersion": 1,
  "PartA": [
    "App",
    "AppVer",
    "AttrDataVer"
  ],
  "Default": [
    "DeviceFamily",
    "f:FlightRing",
    "t:OSVersionFull"
  ],
  "PartB": {
    "ACSOVERRIDE": [
      "OSArchitecture",
      "c:IsAlwaysOnAlwaysConnectedCapable"
    ],
    "CASSCLIENT": [
      "OSVersion",
      "c:OSEdition",
      "f:FlightRing"
    ],
    "CDM": [
      "ChassisTypeId",
      "r:CurrentBranch",
      "DeviceFamily",
      "f:FlightingBranchName",
      "f:FlightRing",
      "c:InstallLanguage",
      "c:IsDomainJoined",
      "t:IsTestLab",
      "OEMModel",
      "OSArchitecture",
      "OSVersion",
      "t:OSSkuId",
      "c:ProcessorIdentifier",
      "c:TelemetryLevel",
      "t:IsMsftOwned",
      "t:WCOSProductId",
      "c:OSUILocale",
      "c:CommercialId",
      "s:MinShellVersion",
      "s:MaxShellVersion",
      "c:ActivationChannel",
      "c:SCCMClientId",
      "c:IsCloudDomainJoined"
    ],
    "COMPATLOGGER": [
      "osVer",
      "ring",
      "deviceId"
    ],
    "CORTANA_GATEKEEPER": [
      "r:CurrentBranch",
      "f:FlightRing",
      "f:IsRetailOS"
    ],
    "CORTANAUWP": [
      "c:OSUILocale",
      "t:OSVersionFull",
      "v:CortanaAppVer"
    ],
    "CORTANAUWPTEST": [
      "+CORTANAUWP",
      "v:CortanaAppVerTest"
    ],
    "CTAC": [
      "+FSS"
    ],
    "DDC": [
      "+WU_STORE",
      "+_WU_PTI"
    ],
    "DXDB": [
      "DeviceFamily",
      "f:FlightRing",
      "r:IsHybridOrXGpu",
      "t:OSVersionFull"
    ],
    "EDGE_SERVICEUI": [
      "t:LocalDeviceID",
      "t:LocalUserID"
    ],
    "FCON": [
      "+CDM"
    ],
    "FSS": [
      "r:PreviewBuildsManagerEnabled",
      "f:BranchReadinessLevelRaw",
      "u:BranchReadinessLevelSource",
      "r:BuildFID",
      "t:DeviceFamily",
      "DeviceId",
      "c:EnablePreviewBuilds",
      "f:FlightingPolicyValue",
      "f:IsRetailOS",
      "f:ManagePreviewBuilds",
      "OSVersionFull",
      "t:WCOSProductId",
      "r:SmartActiveHoursState",
      "r:ActiveHoursStart",
      "r:ActiveHoursEnd"
    ],
    "FXIRISCLIENT": [
      "+IRISCLIENT"
    ],
    "IRISCLIENT": [
      "DeviceFamily",
      "OSVersion",
      "t:OSSkuId",
      "OSArchitecture",
      "c:TelemetryLevel",
      "f:FlightRing",
      "f:FlightingBranchName",
      "c:InternalPrimaryDisplayResolutionHorizontal",
      "c:InternalPrimaryDisplayResolutionVetical",
      "t:IsMsftOwned",
      "c:ChassisType",
      "c:IsDomainJoined",
      "c:ProcessorIdentifier",
      "c:CommercialId",
      "OEMModel",
      "c:OSUILocale",
      "c:OSEdition",
      "c:FlightIds",
      "t:LocalUserID",
      "r:CurrentBranch",
      "t:WCOSProductId"
    ],
    "MICROSOFT.WINDOWSFEEDBACKHUB_8WEKYB3D8BBWE": [
      "t:OSVersionFull",
      "t:IsTestLab",
      "f:FlightRing"
    ],
    "MITIGATION": [
      "t:DeviceFamily",
      "f:FlightRing",
      "c:FlightIds",
      "c:IsDomainJoined",
      "t:IsMsftOwned",
      "f:IsRetailOS",
      "t:IsTestLab",
      "IsVM",
      "OEMModel",
      "c:OSEdition",
      "t:OSSkuId",
      "t:OSVersionFull",
      "c:OSUILocale",
      "t:SMode",
      "f:IsFlightingEnabled",
      "c:FirmwareVersion",
      "c:TelemetryLevel",
      "f:FlightingBranchName",
      "r:CurrentBranch",
      "OSVersion",
      "w:FirstStorageSpaceDeviceId",
      "r:IsCldFltSyncRoots",
      "c:OSInstallType",
      "v:IsNotepadExePresent"
    ],
    "MLMOD": [
      "ChassisTypeId",
      "t:DeviceFamily",
      "f:FlightingBranchName",
      "f:FlightRing",
      "f:IsRetailOS",
      "t:OSSkuId",
      "t:OSVersionFull",
      "c:OSUILocale",
      "OSVersion",
      "c:TelemetryLevel",
      "r:CurrentBranch",
      "t:IsTestLab"
    ],
    "MTP": [
      "+_WU_OS_CORE"
    ],
    "MUSE": [
      "+_WU_FB",
      "ChassisTypeId",
      "deviceClass",
      "deviceId",
      "c:FlightIds",
      "locale",
      "ms",
      "os",
      "osVer",
      "ring",
      "sampleId",
      "sku",
      "r:DaysSince19H1FUOffer",
      "u:DisableDualScan",
      "u:UpdateServiceUrl",
      "c:CommercialId",
      "f:FlightingBranchName",
      "c:SystemVolumeTotalCapacity",
      "c:IsAlwaysOnAlwaysConnectedCapable",
      "c:ProcessorCores",
      "c:PrimaryDiskType",
      "c:TotalPhysicalRAM",
      "c:ProcessorClockSpeed"
    ],
    "NOISYHAMMER": [
      "+WU_OS"
    ],
    "SEDIMENTPACK": [
      "+WU_OS"
    ],
    "SERVICING_CBS": [
      "+WU"
    ],
    "SETUP360": [
      "t:OSSkuId",
      "f:FlightRing"
    ],
    "STORAGEGROVELER": [
      "a:Free",
      "c:TelemetryLevel",
      "f:FlightRing",
      "f:IsFlightingEnabled",
      "IsVM",
      "t:OSVersionFull"
    ],
    "UTC": [
      "+UTC_STATIC",
      "osVer",
      "locale",
      "ring",
      "f:PilotRing",
      "f:IsRetailOS",
      "ms",
      "expId",
      "t:SMode",
      "f:FlightingBranchName",
      "c:CommercialId"
    ],
    "UTC_STATIC": [
      "os",
      "deviceId",
      "sampleId",
      "deviceClass",
      "sku",
      "OEMModel",
      "OEMName_Uncleaned",
      "c:PrimaryDiskType",
      "c:ProcessorModel",
      "c:TotalPhysicalRAM"
    ],
    "UUS": [
      "OSVersion",
      "f:FlightRing",
      "t:IsTestLab",
      "t:OSVersionFull",
      "f:FlightingBranchName",
      "r:CurrentBranch"
    ],
    "WAASASSESSMENT": [
      "+WU_OS"
    ],
    "WAASMEDIC": [
      "os",
      "osVer",
      "ring",
      "deviceClass",
      "deviceId",
      "locale",
      "sku"
    ],
    "WOSC": [
      "t:DeviceFamily",
      "f:FlightRing",
      "f:IsFlightingEnabled",
      "t:IsMsftOwned",
      "t:LocalDeviceID",
      "t:OSSkuId",
      "c:OSUILocale",
      "t:OSVersionFull",
      "c:TelemetryLevel",
      "r:IsHybridOrXGpu",
      "r:PlayFabPartyRelay"
    ],
    "WPSHIFT": [
      "+MTP"
    ],
    "WU": [
      "+WU_OS",
      "r:DUInternal"
    ],
    "_WU_AV": [
      "r:AvastReg",
      "r:AvastBlackScreen",
      "v:AvastVer",
      "r:AvgReg",
      "v:AvgVer",
      "r:EsetReg",
      "v:EsetVer",
      "r:KasperskyReg",
      "v:KasperskyVer",
      "v:SymantecVer",
      "r:TencentReg",
      "r:TencentType",
      "r:AhnlabInstalledKey",
      "r:AvastInstalledKey",
      "r:AVGInstalledKey",
      "r:AviraInstalledKey",
      "r:BullguardInstalledKey",
      "r:ESETInstalledKey",
      "r:ESTSecurityInstalledKey",
      "r:FSecureInstalledKey",
      "v:GDataInstalledVer",
      "r:K7InstalledKey",
      "r:KasperskyInstalledKey",
      "r:KingsoftInstalledKey",
      "r:LenovoInstalledKey",
      "r:MalwarebytesInstalledKey",
      "r:McAfeeInstalledKey",
      "r:PandaInstalledKey",
      "r:QuickhealInstalledKey1",
      "r:SophosInstalledKey1",
      "r:SymantecInstalledKey",
      "r:TencentInstalledKey",
      "r:ThreatTrackInstalledKey",
      "r:TrendInstalledKey",
      "r:WebrootInstalledKey",
      "v:K7InstalledVer"
    ],
    "_WU_COMMON": [
      "r:CurrentBranch",
      "r:DefaultUserRegion",
      "DeviceFamily",
      "r:DriverPartnerRing",
      "r:FlightContent",
      "f:FlightingBranchName",
      "f:FlightRing",
      "HoloLens",
      "c:InstallationType",
      "c:InstallLanguage",
      "f:IsFlightingEnabled",
      "r:IsFlightingEnabled",
      "c:MobileOperatorCommercialized",
      "OEMModel",
      "OEMName_Uncleaned",
      "r:OemPartnerRing",
      "OSArchitecture",
      "OSVersion",
      "t:OSSkuId",
      "c:OSUILocale",
      "c:ProcessorManufacturer",
      "r:ReleaseType",
      "v:SkypeRoomSystem",
      "t:SMode",
      "c:TelemetryLevel",
      "r:WindowsMixedReality",
      "v:WuClientVer",
      "p:DucPublisherId",
      "p:DucDeviceModelId",
      "p:DucOemPartnerRing",
      "p:DucCustomPackageId",
      "p:DesiredOsVersion",
      "p:DesiredSystemManifestVersion"
    ],
    "_WU_FB": [
      "u:BranchReadinessLevel",
      "u:DeferQualityUpdatePeriodInDays",
      "u:DeferFeatureUpdatePeriodInDays",
      "r:PausedFeatureStatus",
      "r:PausedQualityStatus",
      "u:TargetReleaseVersion",
      "r:QUDeadline",
      "r:UpdatePreference",
      "r:UpdateOfferedDays"
    ],
    "WU_OS": [
      "+_WU_OS_CORE",
      "+_WU_FB"
    ],
    "_WU_OS_CORE": [
      "+_WU_COMMON",
      "+_WU_AV",
      "r:AhnLabKeyboard",
      "a:Bios",
      "r:BlockFeatureUpdates",
      "c:CommercialId",
      "a:DataVer_RS5",
      "r:DisconnectedStandby",
      "r:DchuNvidiaGrfxExists",
      "r:DchuNvidiaGrfxVen",
      "r:DchuIntelGrfxExists",
      "r:DchuIntelGrfxVen",
      "r:DchuAmdGrfxExists",
      "r:DchuAmdGrfxVen",
      "c:FirmwareVersion",
      "a:Free",
      "a:GStatus_RS3",
      "a:GStatus_RS4",
      "a:GStatus_RS5",
      "r:HidOverGattReg",
      "r:InstallDate",
      "c:IsDeviceRetailDemo",
      "c:IsPortableOperatingSystem",
      "IsVM",
      "c:OEMModelBaseBoard",
      "r:OobeSeeker",
      "r:OSRollbackBuild",
      "r:OSRollbackCount",
      "r:OSRollbackDate",
      "PhoneTargetingName",
      "r:PonchAllow",
      "r:PonchBlock",
      "c:ProcessorIdentifier",
      "r:RecoveredFromBuild",
      "r:RecoveredOnDate",
      "r:Steam",
      "v:TobiiVer",
      "v:TrendMicroVer",
      "r:UninstallActive",
      "l:UpdateManagementGroup",
      "a:UpgEx_RS3",
      "a:UpgEx_RS4",
      "a:UpgEx_RS5",
      "a:Version_RS5",
      "r:DisableWUfBOfferBlock",
      "a:UpgEx_19H1",
      "a:SdbVer_19H1",
      "a:GStatus_19H1",
      "a:GStatus_19H1Setup",
      "a:TimestampEpochString_19H1Setup",
      "a:GenTelRunTimestamp_19H1",
      "a:DataExpDateEpoch_19H1",
      "u:EnableWUfBUpgradeGates",
      "r:GStatusBlockIDs_All",
      "TimestampDelta_19H1Subtract19H1Setup",
      "DataExpDateDelta_19H1Subtract19H1Setup",
      "a:DataExpDateEpoch_19H1Setup",
      "a:TimestampEpochString_19H1",
      "r:IsContainerMgrInstalled",
      "r:IsWDAGEnabled",
      "r:MTPTargetingInfo",
      "r:EKB19H2InstallCount",
      "r:EKB19H2UnInstallCount",
      "r:EKB19H2InstallTimeEpoch",
      "r:EKB19H2UnInstallTimeEpoch",
      "r:BlockEdgeWithChromiumUpdate",
      "r:IsWDATPEnabled",
      "r:IsAutopilotRegistered",
      "r:EdgeWithChromiumInstallVersion",
      "r:EdgeWithChromiumInstallFailureCount",
      "r:IsEdgeWithChromiumInstalled",
      "r:KioskMode",
      "c:IsCloudDomainJoined",
      "c:IsDomainJoined",
      "p:DSS_Enrolled",
      "a:DataExpDateEpoch_20H1",
      "a:DataExpDateEpoch_20H1Setup",
      "a:GStatus_20H1",
      "a:GStatus_20H1Setup",
      "a:SdbVer_20H1",
      "a:TimestampEpochString_20H1",
      "a:TimestampEpochString_20H1Setup",
      "DataExpDateDelta_20H1Subtract20H1Setup",
      "TimestampDelta_20H1Subtract20H1Setup",
      "a:UpgEx_20H1",
      "r:AutopilotUpdateInProgress",
      "r:UHSEnrolled",
      "r:HotPatchEKBInstalled",
      "r:LCUVer",
      "c:isCommercial",
      "c:ActivationChannel",
      "c:IsMDMEnrolled",
      "c:SCCMClientID"
    ],
    "_WU_PTI": [
      "c:FrontFacingCameraResolution",
      "c:RearFacingCameraResolution",
      "c:TotalPhysicalRAM",
      "c:NFCProximity",
      "c:Magnetometer",
      "c:Gyroscope",
      "c:D3DMaxFeatureLevel",
      "c:InternalPrimaryDisplayResolutionHorizontal",
      "c:InternalPrimaryDisplayResolutionVetical"
    ],
    "WU_STORE": [
      "+_WU_COMMON",
      "r:AppChannels",
      "r:AppRMIDs",
      "u:BranchReadinessLevel"
    ]
  },
  "Required": [
    "App",
    "AppVer",
    "AttrDataVer"
  ],
  "Aliases": {
    "ChassisTypeId": "c:ChassisType",
    "DataExpDateDelta_19H1Subtract19H1Setup": "a:DataExpDateEpoch_19H1_Subtract_DataExpDateEpoch_19H1Setup",
    "DataExpDateDelta_20H1Subtract20H1Setup": "a:DataExpDateEpoch_20H1_Subtract_DataExpDateEpoch_20H1Setup",
    "deviceClass": "t:DeviceFamily",
    "deviceId": "t:LocalDeviceID",
    "DeviceId": "t:LocalDeviceID",
    "expId": "c:FlightIds",
    "FlightRing": "f:FlightRing",
    "IsVM": "a:ISVM",
    "locale": "c:OSUILocale",
    "ms": "t:IsMsftOwned",
    "OEMModel": "c:OEMModelNumber",
    "OEMName_Uncleaned": "c:OEMManufacturerName",
    "osVer": "t:OSVersionFull",
    "OSVersionFull": "t:OSVersionFull",
    "PhoneTargetingName": "c:OEMModelName",
    "ring": "f:FlightRing",
    "sampleId": "t:PopVal",
    "sku": "t:OSSkuId",
    "TimestampDelta_19H1Subtract19H1Setup": "a:TimestampEpochString_19H1_Subtract_TimestampEpochString_19H1Setup",
    "TimestampDelta_20H1Subtract20H1Setup": "a:TimestampEpochString_20H1_Subtract_TimestampEpochString_20H1Setup"
  },
  "Fallback": {
    "r:AhnlabInstalledKey": "r:AhnlabInstalledWowKey",
    "r:AvastBlackScreen": "r:AvgBlackScreen",
    "r:AvastInstalledKey": "r:AvastInstalledWowKey",
    "r:AVGInstalledKey": "r:AVGInstalledWowKey",
    "r:AviraInstalledKey": "r:AviraInstalledWowKey",
    "a:Bios": "a:Bios_RS3",
    "a:Bios_RS3": "a:Bios_RS4",
    "a:Bios_RS4": "a:Bios_RS5",
    "r:BlockFeatureUpdates": "r:BlockWUUpgrades",
    "r:BlockWUUpgrades": "r:BlockWUUpgradesWow",
    "r:BuildFID": "r:BuildFID_WCOS",
    "r:BuildFID_WCOS": "r:BuildFID_WCOS2",
    "r:BullguardInstalledKey": "v:BullguardInstalledVer",
    "r:DchuAmdGrfxVen": "r:DchuAmdGrfxVen2",
    "r:DchuAmdGrfxVen2": "r:DchuAmdGrfxDeletePending",
    "r:DchuIntelGrfxDeletePending": "r:DchuIntelGrfxNExists",
    "r:DchuIntelGrfxVen": "r:DchuIntelGrfxVen2",
    "r:DchuIntelGrfxVen2": "r:DchuIntelGrfxDeletePending",
    "r:DchuNvidiaGrfxVen": "r:DchuNvidiaGrfxVen2",
    "r:DchuNvidiaGrfxVen2": "r:DchuNvidiaGrfxDeletePending",
    "r:DriverPartnerRing": "r:OSDataDriverPartnerRing",
    "p:DSS_Enrolled": "r:DSS_EnrolledReg",
    "r:EdgeWithChromiumInstallFailureCount": "r:EdgeWithChromiumInstallFailureCountWow",
    "r:EdgeWithChromiumInstallVersion": "r:EdgeWithChromiumInstallVersionWow",
    "u:EnableWUfBUpgradeGates": "r:EnableWUfBUpgradeGatesRS5",
    "r:ESETInstalledKey": "r:ESETInstalledWowKey",
    "r:ESTSecurityInstalledKey": "r:ESTSecurityInstalledWowKey",
    "f:FlightingBranchName": "c:FlightingBranchName",
    "a:Free": "a:Free_RS3",
    "a:Free_RS3": "a:Free_RS4",
    "a:Free_RS4": "a:Free_RS5",
    "r:FSecureInstalledKey": "r:FSecureInstalledWowKey",
    "HoloLens": "r:WindowsMixedReality",
    "r:IsEdgeWithChromiumInstalled": "r:IsEdgeWithChromiumInstalledWow",
    "a:ISVM": "a:ISVM_RS3",
    "a:ISVM_RS3": "a:ISVM_RS4",
    "a:ISVM_RS4": "a:ISVM_RS5",
    "r:K7InstalledKey": "r:K7InstalledWowKey",
    "r:KasperskyInstalledKey": "r:KasperskyInstalledWowKey",
    "r:KingsoftInstalledKey": "r:KingsoftInstalledWowKey",
    "r:LenovoInstalledKey": "r:LenovoInstalledWowKey",
    "r:MalwarebytesInstalledKey": "r:MalwarebytesInstalledWowKey",
    "r:McAfeeInstalledKey": "r:McAfeeInstalledWowKey",
    "c:OEMModelBaseBoard": "r:OEMModelBaseBoard",
    "r:PandaInstalledKey": "r:PandaInstalledWowKey",
    "r:PandaInstalledWowKey": "v:PandaInstalledVer",
    "r:PonchAllow": "r:PonchAllowKey",
    "r:PonchAllowKey": "r:PonchAllowWow",
    "r:PonchAllowWow": "r:PonchAllowWowKey",
    "r:QUDeadline": "r:QUDeadlineMDM",
    "r:QuickhealInstalledKey1": "r:QuickhealInstalledKey2",
    "r:SophosInstalledKey1": "r:SophosInstalledKey2",
    "r:SymantecInstalledKey": "r:SymantecInstalledWowKey",
    "v:SymantecVer": "v:SymantecVer64",
    "u:TargetReleaseVersion": "r:TargetReleaseVersionGP",
    "r:TargetReleaseVersionGP": "r:TargetReleaseVersionMDM",
    "r:TencentInstalledKey": "r:TencentInstalledWowKey",
    "r:ThreatTrackInstalledKey": "r:ThreatTrackInstalledWowKey",
    "v:TobiiVer": "v:TobiiVerx86",
    "v:TobiiVerx86": "v:TobiiVer1x86",
    "r:TrendInstalledKey": "r:TrendInstalledWowKey",
    "r:TrendInstalledWowKey": "v:TrendInstalledVer",
    "r:WebrootInstalledKey": "r:WebrootInstalledWowKey"
  },
  "Transform": {
    "IsDomainJoined": {
      "Ignore": [
        "0"
      ]
    },
    "IsHybridOrXGpu": {
      "Ignore": [
        "0"
      ]
    },
    "IsMsftOwned": {
      "Ignore": [
        "0"
      ]
    },
    "IsPortableOperatingSystem": {
      "Ignore": [
        "0"
      ]
    },
    "IsTestLab": {
      "Ignore": [
        "0"
      ]
    },
    "IsVM": {
      "Ignore": [
        "0"
      ]
    },
    "OEMModel": {
      "SubLength": 100
    },
    "OEMName_Uncleaned": {
      "SubLength": 100
    },
    "PausedFeatureStatus": {
      "Ignore": [
        "0"
      ]
    },
    "PausedQualityStatus": {
      "Ignore": [
        "0"
      ]
    },
    "SMode": {
      "Ignore": [
        "0"
      ]
    }
  },
  "Registry": {
    "ActiveHoursEnd": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\WindowsUpdate\\UX\\Settings",
      "ValueName": "ActiveHoursEnd",
      "RegValueType": "REG_DWORD"
    },
    "ActiveHoursStart": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\WindowsUpdate\\UX\\Settings",
      "ValueName": "ActiveHoursStart",
      "RegValueType": "REG_DWORD"
    },
    "AhnlabInstalledKey": {
      "FullPath": "SOFTWARE\\Ahnlab",
      "IfExists": true
    },
    "AhnlabInstalledWowKey": {
      "FullPath": "SOFTWARE\\WOW6432Node\\Ahnlab",
      "IfExists": true
    },
    "AhnLabKeyboard": {
      "FullPath": "SYSTEM\\CurrentControlSet\\Services\\Mkd2kfNt",
      "ValueName": "NbTpMsExist"
    },
    "AppChannels": {
      "FullPath": "SOFTWARE\\Policies\\Microsoft\\WindowsStore\\Apps\\*",
      "ValueName": "ChannelId",
      "EncodingType": "Json"
    },
    "AppRMIDs": {
      "FullPath": "SOFTWARE\\Policies\\Microsoft\\WindowsStore\\Apps\\*",
      "ValueName": "ReleaseManagementId",
      "EncodingType": "Json"
    },
    "AutopilotUpdateInProgress": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Provisioning\\AutopilotSettings\\VolatileAutopilotUpdate",
      "ValueName": "AutopilotUpdateInProgress",
      "RegValueType": "REG_DWORD"
    },
    "AvastBlackScreen": {
      "FullPath": "SYSTEM\\CurrentControlSet\\Services\\aswVmm\\Parameters",
      "ValueName": "Win10-1803"
    },
    "AvastInstalledKey": {
      "FullPath": "SOFTWARE\\Avast Software\\Avast",
      "IfExists": true
    },
    "AvastInstalledWowKey": {
      "FullPath": "SOFTWARE\\WOW6432Node\\Avast Software\\Avast",
      "IfExists": true
    },
    "AvastReg": {
      "FullPath": "SYSTEM\\CurrentControlSet\\Services\\aswVmm\\Parameters",
      "ValueName": "QualityCompat"
    },
    "AvgBlackScreen": {
      "FullPath": "SYSTEM\\CurrentControlSet\\Services\\avgVmm\\Parameters",
      "ValueName": "Win10-1803"
    },
    "AVGInstalledKey": {
      "FullPath": "SOFTWARE\\AVG\\Antivirus",
      "IfExists": true
    },
    "AVGInstalledWowKey": {
      "FullPath": "SOFTWARE\\WOW6432Node\\AVG\\Antivirus",
      "IfExists": true
    },
    "AvgReg": {
      "FullPath": "SYSTEM\\CurrentControlSet\\Services\\avgVmm\\Parameters",
      "ValueName": "QualityCompat"
    },
    "AviraInstalledKey": {
      "FullPath": "SOFTWARE\\X-AVCSD\\Workstation\\Antivirus",
      "IfExists": true
    },
    "AviraInstalledWowKey": {
      "FullPath": "SOFTWARE\\WOW6432Node\\X-AVCSD\\Workstation\\Antivirus",
      "IfExists": true
    },
    "BlockEdgeWithChromiumUpdate": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\EdgeUpdate",
      "ValueName": "DoNotUpdateToEdgeWithChromium",
      "RegValueType": "REG_DWORD"
    },
    "BlockFeatureUpdates": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WindowsUpdate\\OSUpgrade",
      "ValueName": "BlockFeatureUpdates",
      "RegValueType": "REG_DWORD"
    },
    "BlockWUUpgrades": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows10Upgrader\\Volatile",
      "ValueName": "BlockWUUpgrades",
      "RegValueType": "REG_DWORD"
    },
    "BlockWUUpgradesWow": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\WOW6432Node\\Microsoft\\Windows10Upgrader\\Volatile",
      "ValueName": "BlockWUUpgrades",
      "RegValueType": "REG_DWORD"
    },
    "BuildFID": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "Software\\Microsoft\\Windows\\CurrentVersion\\Flighting\\Build",
      "ValueName": "EsdFlightData",
      "RegValueType": "REG_SZ"
    },
    "BuildFID_WCOS": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "OSDATA\\Software\\Microsoft\\Windows\\CurrentVersion\\Flighting\\Build",
      "ValueName": "EsdFlightData",
      "RegValueType": "REG_SZ"
    },
    "BuildFID_WCOS2": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "OSDATA\\Microsoft\\Windows\\CurrentVersion\\Flighting\\Build",
      "ValueName": "EsdFlightData",
      "RegValueType": "REG_SZ"
    },
    "BullguardInstalledKey": {
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\BullGuard",
      "IfExists": true
    },
    "CurrentBranch": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion",
      "ValueName": "BuildBranch",
      "RegValueType": "REG_SZ"
    },
    "DaysSince19H1FUOffer": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\rempl\\irplugin",
      "ValueName": "DaysSinceLastOffer",
      "RegValueType": "REG_QWORD"
    },
    "DchuAmdGrfxDeletePending": {
      "FullPath": "SYSTEM\\CurrentControlSet\\Services\\amdkmdag",
      "ValueName": "DriverDelete"
    },
    "DchuAmdGrfxExists": {
      "FullPath": "SYSTEM\\CurrentControlSet\\Services\\amdkmdag",
      "IfExists": true
    },
    "DchuAmdGrfxVen": {
      "FullPath": "SYSTEM\\CurrentControlSet\\Services\\amdkmdag",
      "ValueName": "DCHUVen"
    },
    "DchuAmdGrfxVen2": {
      "FullPath": "SYSTEM\\CurrentControlSet\\Services\\amdkmdag\\Parameters",
      "ValueName": "DCHUVen"
    },
    "DchuIntelGrfxDeletePending": {
      "FullPath": "SYSTEM\\CurrentControlSet\\Services\\igfx",
      "ValueName": "DriverDelete"
    },
    "DchuIntelGrfxExists": {
      "FullPath": "SYSTEM\\CurrentControlSet\\Services\\igfx",
      "IfExists": true
    },
    "DchuIntelGrfxNExists": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SYSTEM\\CurrentControlSet\\Services\\igfxn",
      "IfExists": true
    },
    "DchuIntelGrfxVen": {
      "FullPath": "SYSTEM\\CurrentControlSet\\Services\\igfx",
      "ValueName": "DCHUVen"
    },
    "DchuIntelGrfxVen2": {
      "FullPath": "SYSTEM\\CurrentControlSet\\Services\\igfx\\Parameters",
      "ValueName": "DCHUVen"
    },
    "DchuNvidiaGrfxDeletePending": {
      "FullPath": "SYSTEM\\CurrentControlSet\\Services\\nvlddmkm",
      "ValueName": "DriverDelete"
    },
    "DchuNvidiaGrfxExists": {
      "FullPath": "SYSTEM\\CurrentControlSet\\Services\\nvlddmkm",
      "IfExists": true
    },
    "DchuNvidiaGrfxVen": {
      "FullPath": "SYSTEM\\CurrentControlSet\\Services\\nvlddmkm",
      "ValueName": "DCHUVen"
    },
    "DchuNvidiaGrfxVen2": {
      "FullPath": "SYSTEM\\CurrentControlSet\\Services\\nvlddmkm\\Parameters",
      "ValueName": "DCHUVen"
    },
    "DefaultUserRegion": {
      "HKey": "HKEY_USERS",
      "FullPath": ".DEFAULT\\Control Panel\\International\\Geo",
      "ValueName": "Nation",
      "RegValueType": "REG_SZ"
    },
    "DisableWUfBOfferBlock": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\WindowsUpdate\\UpdatePolicy\\Settings",
      "ValueName": "DisableWUfBOfferBlock",
      "RegValueType": "REG_DWORD"
    },
    "DisconnectedStandby": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SYSTEM\\CurrentControlSet\\Control\\Power",
      "ValueName": "EnforceDisconnectedStandby",
      "RegValueType": "REG_DWORD"
    },
    "DriverPartnerRing": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\DriverFlighting\\Partner",
      "ValueName": "TargetRing",
      "RegValueType": "REG_SZ"
    },
    "DSS_EnrolledReg": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Policies\\Microsoft\\Windows\\WindowsUpdate",
      "ValueName": "EnableWUfBCloud",
      "RegValueType": "REG_DWORD"
    },
    "DUInternal": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SYSTEM\\Setup\\MoSetup",
      "ValueName": "DynamicUpdateInternalTest",
      "RegValueType": "REG_DWORD"
    },
    "EdgeWithChromiumInstallFailureCount": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\EdgeUpdate",
      "ValueName": "WindowsUpdateAttempts"
    },
    "EdgeWithChromiumInstallFailureCountWow": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Wow6432Node\\Microsoft\\EdgeUpdate",
      "ValueName": "WindowsUpdateAttempts"
    },
    "EdgeWithChromiumInstallVersion": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\EdgeUpdate",
      "ValueName": "WindowsUpdateVersion"
    },
    "EdgeWithChromiumInstallVersionWow": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Wow6432Node\\Microsoft\\EdgeUpdate",
      "ValueName": "WindowsUpdateVersion"
    },
    "EKB19H2InstallCount": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SYSTEM\\Setup\\FeatureStaging\\20455539\\2",
      "ValueName": "Count"
    },
    "EKB19H2InstallTimeEpoch": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SYSTEM\\Setup\\FeatureStaging\\20455539\\2",
      "ValueName": "Timestamp"
    },
    "EKB19H2UnInstallCount": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SYSTEM\\Setup\\FeatureStaging\\20455539\\0",
      "ValueName": "Count"
    },
    "EKB19H2UnInstallTimeEpoch": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SYSTEM\\Setup\\FeatureStaging\\20455539\\0",
      "ValueName": "Timestamp"
    },
    "EnableWUfBUpgradeGatesRS5": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "Software\\Microsoft\\Windows NT\\CurrentVersion\\502505fe-762c-4e80-911e-0c3fa4c63fb0",
      "ValueName": "DataRequireGatedScanForFeatureUpdates",
      "RegValueType": "REG_DWORD"
    },
    "ESETInstalledKey": {
      "FullPath": "SOFTWARE\\ESET\\ESET Security",
      "IfExists": true
    },
    "ESETInstalledWowKey": {
      "FullPath": "SOFTWARE\\WOW6432Node\\ESET\\ESET Security",
      "IfExists": true
    },
    "EsetReg": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SYSTEM\\CurrentControlSet\\Services\\ehdrv\\Parameters",
      "ValueName": "WindowsCompatibilityLevel",
      "RegValueType": "REG_DWORD"
    },
    "ESTSecurityInstalledKey": {
      "FullPath": "SOFTWARE\\ESTsoft",
      "IfExists": true
    },
    "ESTSecurityInstalledWowKey": {
      "FullPath": "SOFTWARE\\WOW6432Node\\ESTsoft",
      "IfExists": true
    },
    "FlightContent": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\WindowsSelfHost\\Applicability",
      "ValueName": "ContentType",
      "RegValueType": "REG_SZ"
    },
    "FSecureInstalledKey": {
      "FullPath": "SOFTWARE\\F-Secure\\OneClient",
      "IfExists": true
    },
    "FSecureInstalledWowKey": {
      "FullPath": "SOFTWARE\\WOW6432Node\\F-Secure\\OneClient",
      "IfExists": true
    },
    "GStatusBlockIDs_All": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags\\Appraiser\\GWX",
      "ValueName": "SdbEntries",
      "RegValueType": "REG_SZ"
    },
    "HidOverGattReg": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\PnpLockdownFiles\\%SystemRoot%/System32/drivers/UMDF/Microsoft.Bluetooth.Profiles.HidOverGatt.dll",
      "ValueName": "Source",
      "RegValueType": "REG_SZ"
    },
    "HotPatchEKBInstalled": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Update\\TargetingInfo\\DynamicInstalled\\Hotpatch.amd64",
      "IfExists": true
    },
    "InstallDate": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion",
      "ValueName": "InstallDate",
      "RegValueType": "REG_DWORD"
    },
    "IsAutopilotRegistered": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Provisioning\\AutopilotPolicyCache",
      "ValueName": "ProfileAvailable",
      "RegValueType": "REG_DWORD"
    },
    "IsFlightingEnabled": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\WindowsSelfHost\\Applicability",
      "ValueName": "IsBuildFlightingEnabled",
      "RegValueType": "REG_DWORD"
    },
    "IsCldFltSyncRoots": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager\\*",
      "IfExists": true
    },
    "IsContainerMgrInstalled": {
      "FullPath": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Containers\\CmService",
      "IfExists": true
    },
    "IsEdgeWithChromiumInstalled": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\EdgeUpdate\\Clients\\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}",
      "IfExists": true
    },
    "IsEdgeWithChromiumInstalledWow": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Wow6432Node\\Microsoft\\EdgeUpdate\\Clients\\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}",
      "IfExists": true
    },
    "IsHybridOrXGpu": {
      "FullPath": "SOFTWARE\\Microsoft\\DirectX",
      "ValueName": "HybridDeviceApplicableForDxDbGpuPreferences"
    },
    "IsWDAGEnabled": {
      "FullPath": "SYSTEM\\ControlSet001\\Services\\hvsics",
      "IfExists": true
    },
    "IsWDATPEnabled": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows Advanced Threat Protection\\Status",
      "ValueName": "OnboardingState"
    },
    "K7InstalledKey": {
      "FullPath": "SOFTWARE\\K7 Computing",
      "IfExists": true
    },
    "K7InstalledWowKey": {
      "FullPath": "SOFTWARE\\WOW6432Node\\K7 Computing",
      "IfExists": true
    },
    "KasperskyInstalledKey": {
      "FullPath": "SOFTWARE\\KasperskyLab",
      "IfExists": true
    },
    "KasperskyInstalledWowKey": {
      "FullPath": "SOFTWARE\\WOW6432Node\\KasperskyLab",
      "IfExists": true
    },
    "KasperskyReg": {
      "FullPath": "System\\CurrentControlSet\\Services\\klhk\\Parameters",
      "ValueName": "UseVtHardware"
    },
    "KingsoftInstalledKey": {
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Kingsoft Internet Security",
      "IfExists": true
    },
    "KingsoftInstalledWowKey": {
      "FullPath": "SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Kingsoft Internet Security",
      "IfExists": true
    },
    "KioskMode": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\AssignedAccessCsp\\AutoLogonAccount",
      "ValueName": "ConfigSource",
      "RegValueType": "REG_DWORD"
    },
    "LCUVer": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion",
      "ValueName": "LCUVer"
    },
    "LenovoInstalledKey": {
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{A9861883-31C5-4324-BD9A-DC9527EEB675}_is1",
      "IfExists": true
    },
    "LenovoInstalledWowKey": {
      "FullPath": "SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{A9861883-31C5-4324-BD9A-DC9527EEB675}_is1",
      "IfExists": true
    },
    "MalwarebytesInstalledKey": {
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1",
      "IfExists": true
    },
    "MalwarebytesInstalledWowKey": {
      "FullPath": "SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1",
      "IfExists": true
    },
    "McAfeeInstalledKey": {
      "FullPath": "SOFTWARE\\SOFTWARE\\McAfee\\MSC\\AppInfo\\Substitute\\QueryParams",
      "IfExists": true
    },
    "McAfeeInstalledWowKey": {
      "FullPath": "SOFTWARE\\WOW6432Node\\McAfee\\MSC\\AppInfo\\Substitute\\QueryParams",
      "IfExists": true
    },
    "MTPTargetingInfo": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SYSTEM\\Platform\\MTPTargetingInfo",
      "ValueName": "TargetRing"
    },
    "OEMModelBaseBoard": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "HARDWARE\\DESCRIPTION\\System\\BIOS",
      "ValueName": "BaseBoardProduct",
      "RegValueType": "REG_SZ"
    },
    "OemPartnerRing": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SYSTEM\\Platform\\DeviceTargetingInfo",
      "ValueName": "TargetRing",
      "RegValueType": "REG_SZ"
    },
    "OobeSeeker": {
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\OOBE\\Updates",
      "ValueName": "OOBEUpdateStarted"
    },
    "OSDataDriverPartnerRing": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "OSData\\SOFTWARE\\Microsoft\\DriverFlighting\\Partner",
      "ValueName": "TargetRing",
      "RegValueType": "REG_SZ"
    },
    "OSRollbackBuild": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WindowsUpdate\\OSUpgrade\\Rollback",
      "ValueName": "BuildString",
      "RegValueType": "REG_SZ"
    },
    "OSRollbackCount": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WindowsUpdate\\OSUpgrade\\Rollback",
      "ValueName": "Count",
      "RegValueType": "REG_DWORD"
    },
    "OSRollbackDate": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WindowsUpdate\\OSUpgrade\\Rollback",
      "ValueName": "DateStamp",
      "RegValueType": "REG_DWORD"
    },
    "PandaInstalledKey": {
      "FullPath": "SOFTWARE\\Panda Software\\Setup",
      "IfExists": true
    },
    "PandaInstalledWowKey": {
      "FullPath": "SOFTWARE\\WOW6432Node\\Panda Software\\Setup",
      "IfExists": true
    },
    "PausedFeatureStatus": {
      "FullPath": "SOFTWARE\\Microsoft\\WindowsUpdate\\UpdatePolicy\\Settings",
      "ValueName": "PausedFeatureStatus"
    },
    "PausedQualityStatus": {
      "FullPath": "SOFTWARE\\Microsoft\\WindowsUpdate\\UpdatePolicy\\Settings",
      "ValueName": "PausedQualityStatus"
    },
    "PlayFabPartyRelay": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\PlayFabPartyRelay",
      "IfExists": true
    },
    "PonchAllow": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\QualityCompat",
      "ValueName": "cadca5fe-87d3-4b96-b7fb-a231484277cc",
      "RegValueType": "REG_DWORD"
    },
    "PonchAllowKey": {
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\QualityCompat\\cadca5fe-87d3-4b96-b7fb-a231484277cc",
      "IfExists": true
    },
    "PonchAllowWow": {
      "FullPath": "SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\QualityCompat",
      "ValueName": "cadca5fe-87d3-4b96-b7fb-a231484277cc"
    },
    "PonchAllowWowKey": {
      "FullPath": "SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\QualityCompat\\cadca5fe-87d3-4b96-b7fb-a231484277cc",
      "IfExists": true
    },
    "PonchBlock": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\QualityCompat",
      "ValueName": "65d75b03-6f4d-46e9-b870-517731e06cf9",
      "RegValueType": "REG_DWORD"
    },
    "PreviewBuildsManagerEnabled": {
      "FullPath": "SOFTWARE\\Microsoft\\WindowsSelfhost\\Manager",
      "ValueName": "ArePreviewBuildsAllowed"
    },
    "QUDeadline": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Policies\\Microsoft\\Windows\\WindowsUpdate",
      "ValueName": "ConfigureDeadlineForQualityUpdates",
      "RegValueType": "REG_DWORD"
    },
    "QUDeadlineMDM": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\PolicyManager\\current\\device\\Update",
      "ValueName": "ConfigureDeadlineForQualityUpdates",
      "RegValueType": "REG_DWORD"
    },
    "QuickhealInstalledKey1": {
      "FullPath": "SYSTEM\\CurrentControlSet\\Servicescatflt",
      "IfExists": true
    },
    "QuickhealInstalledKey2": {
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\App Paths\\scanner.exe",
      "IfExists": true
    },
    "RecoveredFromBuild": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "Software\\Microsoft\\WindowsSelfHost\\Applicability\\RecoveredFrom",
      "ValueName": "LastBuild",
      "RegValueType": "REG_DWORD"
    },
    "RecoveredOnDate": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "Software\\Microsoft\\WindowsSelfHost\\Applicability\\RecoveredFrom",
      "ValueName": "DateStamp",
      "RegValueType": "REG_DWORD"
    },
    "ReleaseType": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Update\\TargetingInfo",
      "ValueName": "ReleaseType",
      "RegValueType": "REG_SZ"
    },
    "SmartActiveHoursState": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\WindowsUpdate\\UX\\Settings",
      "ValueName": "SmartActiveHoursState",
      "RegValueType": "REG_DWORD"
    },
    "SophosInstalledKey1": {
      "FullPath": "SYSTEM\\CurrentControlSet\\Services\\SAVService",
      "IfExists": true
    },
    "SophosInstalledKey2": {
      "FullPath": "SYSTEM\\CurrentControlSet\\Services\\hmpalertsvc",
      "IfExists": true
    },
    "Steam": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Classes\\Steam",
      "ValueName": "",
      "RegValueType": "REG_SZ"
    },
    "SymantecInstalledKey": {
      "FullPath": "SOFTWARE\\Norton\\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}",
      "IfExists": true
    },
    "SymantecInstalledWowKey": {
      "FullPath": "SOFTWARE\\WOW6432Node\\Norton\\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}",
      "IfExists": true
    },
    "TargetReleaseVersionGP": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Policies\\Microsoft\\Windows\\WindowsUpdate",
      "ValueName": "TargetReleaseVersionInfo",
      "RegValueType": "REG_SZ"
    },
    "TargetReleaseVersionMDM": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\PolicyManager\\current\\device\\Update",
      "ValueName": "TargetReleaseVersion",
      "RegValueType": "REG_SZ"
    },
    "TencentInstalledKey": {
      "FullPath": "SOFTWARE\\Tencent\\QQPCMgr",
      "IfExists": true
    },
    "TencentInstalledWowKey": {
      "FullPath": "SOFTWARE\\WOW6432Node\\Tencent\\QQPCMgr",
      "IfExists": true
    },
    "TencentReg": {
      "FullPath": "SYSTEM\\CurrentControlSet\\services\\TesSafe",
      "ValueName": "LoadStartTime"
    },
    "TencentType": {
      "FullPath": "SYSTEM\\CurrentControlSet\\services\\TesSafe",
      "ValueName": "Type"
    },
    "ThreatTrackInstalledKey": {
      "FullPath": "SOFTWARE\\SBAMSvc",
      "IfExists": true
    },
    "ThreatTrackInstalledWowKey": {
      "FullPath": "SOFTWARE\\WOW6432Node\\SBAMSvc",
      "IfExists": true
    },
    "TrendInstalledKey": {
      "FullPath": "SOFTWARE\\TrendMicro",
      "IfExists": true
    },
    "TrendInstalledWowKey": {
      "FullPath": "SOFTWARE\\WOW6432Node\\TrendMicro",
      "IfExists": true
    },
    "UHSEnrolled": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion",
      "ValueName": "UHSEnrolled",
      "RegValueType": "REG_SZ",
      "IfExists": true
    },
    "UninstallActive": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "System\\Setup",
      "ValueName": "UninstallActive",
      "RegValueType": "REG_DWORD"
    },
    "UpdateOfferedDays": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WaaSAssessment\\Cache\\",
      "ValueName": "UpToDateDays",
      "RegValueType": "REG_DWORD"
    },
    "UpdatePreference": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Policies\\Microsoft\\Windows\\WindowsUpdate",
      "ValueName": "UpdatePreference",
      "RegValueType": "REG_DWORD"
    },
    "WebrootInstalledKey": {
      "FullPath": "SOFTWARE\\WRData",
      "IfExists": true
    },
    "WebrootInstalledWowKey": {
      "FullPath": "SOFTWARE\\WOW6432Node\\WRData",
      "IfExists": true
    },
    "WindowsMixedReality": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\WUDF\\Services\\HoloLensSensors",
      "ValueName": "WdfMajorVersion",
      "RegValueType": "REG_DWORD"
    }
  },
  "FileInfo": {
    "AvastVer": {
      "Path": "\\system32\\Drivers\\aswVmm.sys",
      "FolderGuid": "{F38BF404-1D43-42F2-9305-67DE0B28FC23}"
    },
    "AvgVer": {
      "Path": "\\system32\\Drivers\\avgVmm.sys",
      "FolderGuid": "{F38BF404-1D43-42F2-9305-67DE0B28FC23}"
    },
    "BullguardInstalledVer": {
      "Path": "\\BullGuard Ltd\\BullGuard\\BullGuard.exe",
      "IfExists": true,
      "FolderGuid": "{905E63B6-C1BF-494E-B29C-65B732D3D21A}"
    },
    "CortanaAppVer": {
      "Path": "\\WindowsApps\\Microsoft.549981C3F5F10_8wekyb3d8bbwe\\CortanaApp.View.exe",
      "FolderGuid": "{905E63B6-C1BF-494E-B29C-65B732D3D21A}"
    },
    "CortanaAppVerTest": {
      "Path": "\\WindowsApps\\3242f7d9-db60-4380-a379-4205ea768bfc_1.0.0.0_x64__zs4v8rx04ex0m\\UndockingTestApp.exe",
      "FolderGuid": "{905E63B6-C1BF-494E-B29C-65B732D3D21A}"
    },
    "EsetVer": {
      "Path": "\\drivers\\ehdrv.sys",
      "FolderGuid": "{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}"
    },
    "GDataInstalledVer": {
      "Path": "\\drivers\\MiniIcpt.sys",
      "IfExists": true,
      "FolderGuid": "{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}"
    },
    "IsNotepadExePresent": {
      "Path": "%windir%\\system32\\notepad.exe",
      "IfExists": true
    },
    "K7InstalledVer": {
      "Path": "\\K7 Computing",
      "IfExists": true,
      "FolderGuid": "{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}"
    },
    "KasperskyVer": {
      "Path": "\\system32\\Drivers\\klhk.sys",
      "FolderGuid": "{F38BF404-1D43-42F2-9305-67DE0B28FC23}"
    },
    "PandaInstalledVer": {
      "Path": "\\Panda Security",
      "IfExists": true,
      "FolderGuid": "{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}"
    },
    "SkypeRoomSystem": {
      "Path": "%systemdrive%\\Recovery\\OEM\\$oem$\\$1\\Rigel\\x64\\Scripts\\Provisioning\\AutoUnattend.xml",
      "IfExists": true
    },
    "SymantecVer": {
      "Path": "\\Symantec\\Shared\\EENGINE\\eeCtrl.sys",
      "FolderGuid": "{DE974D24-D9C6-4D3E-BF91-F4455120B917}"
    },
    "SymantecVer64": {
      "Path": "\\Symantec\\Shared\\EENGINE\\eeCtrl64.sys",
      "FolderGuid": "{DE974D24-D9C6-4D3E-BF91-F4455120B917}"
    },
    "TobiiVer": {
      "Path": "\\Tobii\\Tobii EyeX Interaction\\Tobii.EyeX.Interaction.exe",
      "FolderGuid": "{905E63B6-C1BF-494E-B29C-65B732D3D21A}"
    },
    "TobiiVer1x86": {
      "Path": "\\Tobii\\tobii EyeX Interaction\\Tobii.EyeX.Interaction.exe",
      "FolderGuid": "{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}"
    },
    "TobiiVerx86": {
      "Path": "\\tobii EyeX Interaction\\Tobii.EyeX.Interaction.exe",
      "FolderGuid": "{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}"
    },
    "TrendInstalledVer": {
      "Path": "\\Trend Micro\\Titanium\\plugin\\plugVizor.dll",
      "IfExists": true,
      "FolderGuid": "{905E63B6-C1BF-494E-B29C-65B732D3D21A}"
    },
    "TrendMicroVer": {
      "Path": "\\drivers\\TMUMH.sys",
      "FolderGuid": "{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}"
    },
    "WuClientVer": {
      "Path": "\\system32\\wuaueng.dll",
      "FolderGuid": "{F38BF404-1D43-42F2-9305-67DE0B28FC23}"
    }
  },
  "Licensing": {
    "UpdateManagementGroup": {
      "Name": "UpdatePolicy-UpdateManagementGroup"
    }
  },
  "UpdatePolicy": {
    "BranchReadinessLevel": {
      "PolicyEnum": 5,
      "Enterprise": true
    },
    "BranchReadinessLevelSource": {
      "PolicyEnum": 5,
      "Enterprise": true,
      "UseSource": true
    },
    "DeferFeatureUpdatePeriodInDays": {
      "PolicyEnum": 9,
      "Enterprise": true
    },
    "DeferQualityUpdatePeriodInDays": {
      "PolicyEnum": 7,
      "Enterprise": true
    },
    "DisableDualScan": {
      "PolicyEnum": 42,
      "Enterprise": true
    },
    "EnableWUfBUpgradeGates": {
      "PolicyEnum": 51,
      "Enterprise": true
    },
    "TargetReleaseVersion": {
      "PolicyEnum": 50,
      "Enterprise": true
    },
    "UpdateServiceUrl": {
      "PolicyEnum": 12
    }
  },
  "Policy": {
    "DesiredOsVersion": {
      "LocUri": "./Device/Vendor/MSFT/DeviceUpdateCenter/DesiredUpdates/OsVersion"
    },
    "DesiredSystemManifestVersion": {
      "LocUri": "./Device/Vendor/MSFT/DeviceUpdateCenter/DesiredUpdates/SystemManifestVersion"
    },
    "DSS_Enrolled": {
      "Area": "Update",
      "Name": "EnableWUfBCloud"
    },
    "DucCustomPackageId": {
      "LocUri": "./Device/Vendor/MSFT/DeviceUpdateCenter/Enrollment/CustomPackageId"
    },
    "DucDeviceModelId": {
      "LocUri": "./Device/Vendor/MSFT/DeviceUpdateCenter/Enrollment/DeviceModelId"
    },
    "DucOemPartnerRing": {
      "LocUri": "./Device/Vendor/MSFT/DeviceUpdateCenter/Enrollment/OemPartnerRing"
    },
    "DucPublisherId": {
      "LocUri": "./Device/Vendor/MSFT/DeviceUpdateCenter/Enrollment/PublisherId"
    }
  },
  "WMI": {
    "FirstStorageSpaceDeviceId": {
      "Query": "SELECT DeviceID FROM Win32_DiskDrive WHERE Model = 'Microsoft Storage Space Device'",
      "Name": "DeviceID",
      "Timeout": 2000
    }
  }
}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsSelfHost\OneSettings]
"TargetingAttributesVerified"="{
  "Version": 107,
  "SchemaVersion": 1,
  "PartA": [
    "App",
    "AppVer",
    "AttrDataVer"
  ],
  "Default": [
    "DeviceFamily",
    "f:FlightRing",
    "t:OSVersionFull"
  ],
  "PartB": {
    "ACSOVERRIDE": [
      "OSArchitecture",
      "c:IsAlwaysOnAlwaysConnectedCapable"
    ],
    "CASSCLIENT": [
      "OSVersion",
      "c:OSEdition",
      "f:FlightRing"
    ],
    "CDM": [
      "ChassisTypeId",
      "r:CurrentBranch",
      "DeviceFamily",
      "f:FlightingBranchName",
      "f:FlightRing",
      "c:InstallLanguage",
      "c:IsDomainJoined",
      "t:IsTestLab",
      "OEMModel",
      "OSArchitecture",
      "OSVersion",
      "t:OSSkuId",
      "c:ProcessorIdentifier",
      "c:TelemetryLevel",
      "t:IsMsftOwned",
      "t:WCOSProductId",
      "c:OSUILocale",
      "c:CommercialId",
      "s:MinShellVersion",
      "s:MaxShellVersion",
      "c:ActivationChannel",
      "c:SCCMClientId",
      "c:IsCloudDomainJoined"
    ],
    "COMPATLOGGER": [
      "osVer",
      "ring",
      "deviceId"
    ],
    "CORTANA_GATEKEEPER": [
      "r:CurrentBranch",
      "f:FlightRing",
      "f:IsRetailOS"
    ],
    "CORTANAUWP": [
      "c:OSUILocale",
      "t:OSVersionFull",
      "v:CortanaAppVer"
    ],
    "CORTANAUWPTEST": [
      "+CORTANAUWP",
      "v:CortanaAppVerTest"
    ],
    "CTAC": [
      "+FSS"
    ],
    "DDC": [
      "+WU_STORE",
      "+_WU_PTI"
    ],
    "DXDB": [
      "DeviceFamily",
      "f:FlightRing",
      "r:IsHybridOrXGpu",
      "t:OSVersionFull"
    ],
    "EDGE_SERVICEUI": [
      "t:LocalDeviceID",
      "t:LocalUserID"
    ],
    "FCON": [
      "+CDM"
    ],
    "FSS": [
      "r:PreviewBuildsManagerEnabled",
      "f:BranchReadinessLevelRaw",
      "u:BranchReadinessLevelSource",
      "r:BuildFID",
      "t:DeviceFamily",
      "DeviceId",
      "c:EnablePreviewBuilds",
      "f:FlightingPolicyValue",
      "f:IsRetailOS",
      "f:ManagePreviewBuilds",
      "OSVersionFull",
      "t:WCOSProductId",
      "r:SmartActiveHoursState",
      "r:ActiveHoursStart",
      "r:ActiveHoursEnd"
    ],
    "FXIRISCLIENT": [
      "+IRISCLIENT"
    ],
    "IRISCLIENT": [
      "DeviceFamily",
      "OSVersion",
      "t:OSSkuId",
      "OSArchitecture",
      "c:TelemetryLevel",
      "f:FlightRing",
      "f:FlightingBranchName",
      "c:InternalPrimaryDisplayResolutionHorizontal",
      "c:InternalPrimaryDisplayResolutionVetical",
      "t:IsMsftOwned",
      "c:ChassisType",
      "c:IsDomainJoined",
      "c:ProcessorIdentifier",
      "c:CommercialId",
      "OEMModel",
      "c:OSUILocale",
      "c:OSEdition",
      "c:FlightIds",
      "t:LocalUserID",
      "r:CurrentBranch",
      "t:WCOSProductId"
    ],
    "MICROSOFT.WINDOWSFEEDBACKHUB_8WEKYB3D8BBWE": [
      "t:OSVersionFull",
      "t:IsTestLab",
      "f:FlightRing"
    ],
    "MITIGATION": [
      "t:DeviceFamily",
      "f:FlightRing",
      "c:FlightIds",
      "c:IsDomainJoined",
      "t:IsMsftOwned",
      "f:IsRetailOS",
      "t:IsTestLab",
      "IsVM",
      "OEMModel",
      "c:OSEdition",
      "t:OSSkuId",
      "t:OSVersionFull",
      "c:OSUILocale",
      "t:SMode",
      "f:IsFlightingEnabled",
      "c:FirmwareVersion",
      "c:TelemetryLevel",
      "f:FlightingBranchName",
      "r:CurrentBranch",
      "OSVersion",
      "w:FirstStorageSpaceDeviceId",
      "r:IsCldFltSyncRoots",
      "c:OSInstallType",
      "v:IsNotepadExePresent"
    ],
    "MLMOD": [
      "ChassisTypeId",
      "t:DeviceFamily",
      "f:FlightingBranchName",
      "f:FlightRing",
      "f:IsRetailOS",
      "t:OSSkuId",
      "t:OSVersionFull",
      "c:OSUILocale",
      "OSVersion",
      "c:TelemetryLevel",
      "r:CurrentBranch",
      "t:IsTestLab"
    ],
    "MTP": [
      "+_WU_OS_CORE"
    ],
    "MUSE": [
      "+_WU_FB",
      "ChassisTypeId",
      "deviceClass",
      "deviceId",
      "c:FlightIds",
      "locale",
      "ms",
      "os",
      "osVer",
      "ring",
      "sampleId",
      "sku",
      "r:DaysSince19H1FUOffer",
      "u:DisableDualScan",
      "u:UpdateServiceUrl",
      "c:CommercialId",
      "f:FlightingBranchName",
      "c:SystemVolumeTotalCapacity",
      "c:IsAlwaysOnAlwaysConnectedCapable",
      "c:ProcessorCores",
      "c:PrimaryDiskType",
      "c:TotalPhysicalRAM",
      "c:ProcessorClockSpeed"
    ],
    "NOISYHAMMER": [
      "+WU_OS"
    ],
    "SEDIMENTPACK": [
      "+WU_OS"
    ],
    "SERVICING_CBS": [
      "+WU"
    ],
    "SETUP360": [
      "t:OSSkuId",
      "f:FlightRing"
    ],
    "STORAGEGROVELER": [
      "a:Free",
      "c:TelemetryLevel",
      "f:FlightRing",
      "f:IsFlightingEnabled",
      "IsVM",
      "t:OSVersionFull"
    ],
    "UTC": [
      "+UTC_STATIC",
      "osVer",
      "locale",
      "ring",
      "f:PilotRing",
      "f:IsRetailOS",
      "ms",
      "expId",
      "t:SMode",
      "f:FlightingBranchName",
      "c:CommercialId"
    ],
    "UTC_STATIC": [
      "os",
      "deviceId",
      "sampleId",
      "deviceClass",
      "sku",
      "OEMModel",
      "OEMName_Uncleaned",
      "c:PrimaryDiskType",
      "c:ProcessorModel",
      "c:TotalPhysicalRAM"
    ],
    "UUS": [
      "OSVersion",
      "f:FlightRing",
      "t:IsTestLab",
      "t:OSVersionFull",
      "f:FlightingBranchName",
      "r:CurrentBranch"
    ],
    "WAASASSESSMENT": [
      "+WU_OS"
    ],
    "WAASMEDIC": [
      "os",
      "osVer",
      "ring",
      "deviceClass",
      "deviceId",
      "locale",
      "sku"
    ],
    "WOSC": [
      "t:DeviceFamily",
      "f:FlightRing",
      "f:IsFlightingEnabled",
      "t:IsMsftOwned",
      "t:LocalDeviceID",
      "t:OSSkuId",
      "c:OSUILocale",
      "t:OSVersionFull",
      "c:TelemetryLevel",
      "r:IsHybridOrXGpu",
      "r:PlayFabPartyRelay"
    ],
    "WPSHIFT": [
      "+MTP"
    ],
    "WU": [
      "+WU_OS",
      "r:DUInternal"
    ],
    "_WU_AV": [
      "r:AvastReg",
      "r:AvastBlackScreen",
      "v:AvastVer",
      "r:AvgReg",
      "v:AvgVer",
      "r:EsetReg",
      "v:EsetVer",
      "r:KasperskyReg",
      "v:KasperskyVer",
      "v:SymantecVer",
      "r:TencentReg",
      "r:TencentType",
      "r:AhnlabInstalledKey",
      "r:AvastInstalledKey",
      "r:AVGInstalledKey",
      "r:AviraInstalledKey",
      "r:BullguardInstalledKey",
      "r:ESETInstalledKey",
      "r:ESTSecurityInstalledKey",
      "r:FSecureInstalledKey",
      "v:GDataInstalledVer",
      "r:K7InstalledKey",
      "r:KasperskyInstalledKey",
      "r:KingsoftInstalledKey",
      "r:LenovoInstalledKey",
      "r:MalwarebytesInstalledKey",
      "r:McAfeeInstalledKey",
      "r:PandaInstalledKey",
      "r:QuickhealInstalledKey1",
      "r:SophosInstalledKey1",
      "r:SymantecInstalledKey",
      "r:TencentInstalledKey",
      "r:ThreatTrackInstalledKey",
      "r:TrendInstalledKey",
      "r:WebrootInstalledKey",
      "v:K7InstalledVer"
    ],
    "_WU_COMMON": [
      "r:CurrentBranch",
      "r:DefaultUserRegion",
      "DeviceFamily",
      "r:DriverPartnerRing",
      "r:FlightContent",
      "f:FlightingBranchName",
      "f:FlightRing",
      "HoloLens",
      "c:InstallationType",
      "c:InstallLanguage",
      "f:IsFlightingEnabled",
      "r:IsFlightingEnabled",
      "c:MobileOperatorCommercialized",
      "OEMModel",
      "OEMName_Uncleaned",
      "r:OemPartnerRing",
      "OSArchitecture",
      "OSVersion",
      "t:OSSkuId",
      "c:OSUILocale",
      "c:ProcessorManufacturer",
      "r:ReleaseType",
      "v:SkypeRoomSystem",
      "t:SMode",
      "c:TelemetryLevel",
      "r:WindowsMixedReality",
      "v:WuClientVer",
      "p:DucPublisherId",
      "p:DucDeviceModelId",
      "p:DucOemPartnerRing",
      "p:DucCustomPackageId",
      "p:DesiredOsVersion",
      "p:DesiredSystemManifestVersion"
    ],
    "_WU_FB": [
      "u:BranchReadinessLevel",
      "u:DeferQualityUpdatePeriodInDays",
      "u:DeferFeatureUpdatePeriodInDays",
      "r:PausedFeatureStatus",
      "r:PausedQualityStatus",
      "u:TargetReleaseVersion",
      "r:QUDeadline",
      "r:UpdatePreference",
      "r:UpdateOfferedDays"
    ],
    "WU_OS": [
      "+_WU_OS_CORE",
      "+_WU_FB"
    ],
    "_WU_OS_CORE": [
      "+_WU_COMMON",
      "+_WU_AV",
      "r:AhnLabKeyboard",
      "a:Bios",
      "r:BlockFeatureUpdates",
      "c:CommercialId",
      "a:DataVer_RS5",
      "r:DisconnectedStandby",
      "r:DchuNvidiaGrfxExists",
      "r:DchuNvidiaGrfxVen",
      "r:DchuIntelGrfxExists",
      "r:DchuIntelGrfxVen",
      "r:DchuAmdGrfxExists",
      "r:DchuAmdGrfxVen",
      "c:FirmwareVersion",
      "a:Free",
      "a:GStatus_RS3",
      "a:GStatus_RS4",
      "a:GStatus_RS5",
      "r:HidOverGattReg",
      "r:InstallDate",
      "c:IsDeviceRetailDemo",
      "c:IsPortableOperatingSystem",
      "IsVM",
      "c:OEMModelBaseBoard",
      "r:OobeSeeker",
      "r:OSRollbackBuild",
      "r:OSRollbackCount",
      "r:OSRollbackDate",
      "PhoneTargetingName",
      "r:PonchAllow",
      "r:PonchBlock",
      "c:ProcessorIdentifier",
      "r:RecoveredFromBuild",
      "r:RecoveredOnDate",
      "r:Steam",
      "v:TobiiVer",
      "v:TrendMicroVer",
      "r:UninstallActive",
      "l:UpdateManagementGroup",
      "a:UpgEx_RS3",
      "a:UpgEx_RS4",
      "a:UpgEx_RS5",
      "a:Version_RS5",
      "r:DisableWUfBOfferBlock",
      "a:UpgEx_19H1",
      "a:SdbVer_19H1",
      "a:GStatus_19H1",
      "a:GStatus_19H1Setup",
      "a:TimestampEpochString_19H1Setup",
      "a:GenTelRunTimestamp_19H1",
      "a:DataExpDateEpoch_19H1",
      "u:EnableWUfBUpgradeGates",
      "r:GStatusBlockIDs_All",
      "TimestampDelta_19H1Subtract19H1Setup",
      "DataExpDateDelta_19H1Subtract19H1Setup",
      "a:DataExpDateEpoch_19H1Setup",
      "a:TimestampEpochString_19H1",
      "r:IsContainerMgrInstalled",
      "r:IsWDAGEnabled",
      "r:MTPTargetingInfo",
      "r:EKB19H2InstallCount",
      "r:EKB19H2UnInstallCount",
      "r:EKB19H2InstallTimeEpoch",
      "r:EKB19H2UnInstallTimeEpoch",
      "r:BlockEdgeWithChromiumUpdate",
      "r:IsWDATPEnabled",
      "r:IsAutopilotRegistered",
      "r:EdgeWithChromiumInstallVersion",
      "r:EdgeWithChromiumInstallFailureCount",
      "r:IsEdgeWithChromiumInstalled",
      "r:KioskMode",
      "c:IsCloudDomainJoined",
      "c:IsDomainJoined",
      "p:DSS_Enrolled",
      "a:DataExpDateEpoch_20H1",
      "a:DataExpDateEpoch_20H1Setup",
      "a:GStatus_20H1",
      "a:GStatus_20H1Setup",
      "a:SdbVer_20H1",
      "a:TimestampEpochString_20H1",
      "a:TimestampEpochString_20H1Setup",
      "DataExpDateDelta_20H1Subtract20H1Setup",
      "TimestampDelta_20H1Subtract20H1Setup",
      "a:UpgEx_20H1",
      "r:AutopilotUpdateInProgress",
      "r:UHSEnrolled",
      "r:HotPatchEKBInstalled",
      "r:LCUVer",
      "c:isCommercial",
      "c:ActivationChannel",
      "c:IsMDMEnrolled",
      "c:SCCMClientID"
    ],
    "_WU_PTI": [
      "c:FrontFacingCameraResolution",
      "c:RearFacingCameraResolution",
      "c:TotalPhysicalRAM",
      "c:NFCProximity",
      "c:Magnetometer",
      "c:Gyroscope",
      "c:D3DMaxFeatureLevel",
      "c:InternalPrimaryDisplayResolutionHorizontal",
      "c:InternalPrimaryDisplayResolutionVetical"
    ],
    "WU_STORE": [
      "+_WU_COMMON",
      "r:AppChannels",
      "r:AppRMIDs",
      "u:BranchReadinessLevel"
    ]
  },
  "Required": [
    "App",
    "AppVer",
    "AttrDataVer"
  ],
  "Aliases": {
    "ChassisTypeId": "c:ChassisType",
    "DataExpDateDelta_19H1Subtract19H1Setup": "a:DataExpDateEpoch_19H1_Subtract_DataExpDateEpoch_19H1Setup",
    "DataExpDateDelta_20H1Subtract20H1Setup": "a:DataExpDateEpoch_20H1_Subtract_DataExpDateEpoch_20H1Setup",
    "deviceClass": "t:DeviceFamily",
    "deviceId": "t:LocalDeviceID",
    "DeviceId": "t:LocalDeviceID",
    "expId": "c:FlightIds",
    "FlightRing": "f:FlightRing",
    "IsVM": "a:ISVM",
    "locale": "c:OSUILocale",
    "ms": "t:IsMsftOwned",
    "OEMModel": "c:OEMModelNumber",
    "OEMName_Uncleaned": "c:OEMManufacturerName",
    "osVer": "t:OSVersionFull",
    "OSVersionFull": "t:OSVersionFull",
    "PhoneTargetingName": "c:OEMModelName",
    "ring": "f:FlightRing",
    "sampleId": "t:PopVal",
    "sku": "t:OSSkuId",
    "TimestampDelta_19H1Subtract19H1Setup": "a:TimestampEpochString_19H1_Subtract_TimestampEpochString_19H1Setup",
    "TimestampDelta_20H1Subtract20H1Setup": "a:TimestampEpochString_20H1_Subtract_TimestampEpochString_20H1Setup"
  },
  "Fallback": {
    "r:AhnlabInstalledKey": "r:AhnlabInstalledWowKey",
    "r:AvastBlackScreen": "r:AvgBlackScreen",
    "r:AvastInstalledKey": "r:AvastInstalledWowKey",
    "r:AVGInstalledKey": "r:AVGInstalledWowKey",
    "r:AviraInstalledKey": "r:AviraInstalledWowKey",
    "a:Bios": "a:Bios_RS3",
    "a:Bios_RS3": "a:Bios_RS4",
    "a:Bios_RS4": "a:Bios_RS5",
    "r:BlockFeatureUpdates": "r:BlockWUUpgrades",
    "r:BlockWUUpgrades": "r:BlockWUUpgradesWow",
    "r:BuildFID": "r:BuildFID_WCOS",
    "r:BuildFID_WCOS": "r:BuildFID_WCOS2",
    "r:BullguardInstalledKey": "v:BullguardInstalledVer",
    "r:DchuAmdGrfxVen": "r:DchuAmdGrfxVen2",
    "r:DchuAmdGrfxVen2": "r:DchuAmdGrfxDeletePending",
    "r:DchuIntelGrfxDeletePending": "r:DchuIntelGrfxNExists",
    "r:DchuIntelGrfxVen": "r:DchuIntelGrfxVen2",
    "r:DchuIntelGrfxVen2": "r:DchuIntelGrfxDeletePending",
    "r:DchuNvidiaGrfxVen": "r:DchuNvidiaGrfxVen2",
    "r:DchuNvidiaGrfxVen2": "r:DchuNvidiaGrfxDeletePending",
    "r:DriverPartnerRing": "r:OSDataDriverPartnerRing",
    "p:DSS_Enrolled": "r:DSS_EnrolledReg",
    "r:EdgeWithChromiumInstallFailureCount": "r:EdgeWithChromiumInstallFailureCountWow",
    "r:EdgeWithChromiumInstallVersion": "r:EdgeWithChromiumInstallVersionWow",
    "u:EnableWUfBUpgradeGates": "r:EnableWUfBUpgradeGatesRS5",
    "r:ESETInstalledKey": "r:ESETInstalledWowKey",
    "r:ESTSecurityInstalledKey": "r:ESTSecurityInstalledWowKey",
    "f:FlightingBranchName": "c:FlightingBranchName",
    "a:Free": "a:Free_RS3",
    "a:Free_RS3": "a:Free_RS4",
    "a:Free_RS4": "a:Free_RS5",
    "r:FSecureInstalledKey": "r:FSecureInstalledWowKey",
    "HoloLens": "r:WindowsMixedReality",
    "r:IsEdgeWithChromiumInstalled": "r:IsEdgeWithChromiumInstalledWow",
    "a:ISVM": "a:ISVM_RS3",
    "a:ISVM_RS3": "a:ISVM_RS4",
    "a:ISVM_RS4": "a:ISVM_RS5",
    "r:K7InstalledKey": "r:K7InstalledWowKey",
    "r:KasperskyInstalledKey": "r:KasperskyInstalledWowKey",
    "r:KingsoftInstalledKey": "r:KingsoftInstalledWowKey",
    "r:LenovoInstalledKey": "r:LenovoInstalledWowKey",
    "r:MalwarebytesInstalledKey": "r:MalwarebytesInstalledWowKey",
    "r:McAfeeInstalledKey": "r:McAfeeInstalledWowKey",
    "c:OEMModelBaseBoard": "r:OEMModelBaseBoard",
    "r:PandaInstalledKey": "r:PandaInstalledWowKey",
    "r:PandaInstalledWowKey": "v:PandaInstalledVer",
    "r:PonchAllow": "r:PonchAllowKey",
    "r:PonchAllowKey": "r:PonchAllowWow",
    "r:PonchAllowWow": "r:PonchAllowWowKey",
    "r:QUDeadline": "r:QUDeadlineMDM",
    "r:QuickhealInstalledKey1": "r:QuickhealInstalledKey2",
    "r:SophosInstalledKey1": "r:SophosInstalledKey2",
    "r:SymantecInstalledKey": "r:SymantecInstalledWowKey",
    "v:SymantecVer": "v:SymantecVer64",
    "u:TargetReleaseVersion": "r:TargetReleaseVersionGP",
    "r:TargetReleaseVersionGP": "r:TargetReleaseVersionMDM",
    "r:TencentInstalledKey": "r:TencentInstalledWowKey",
    "r:ThreatTrackInstalledKey": "r:ThreatTrackInstalledWowKey",
    "v:TobiiVer": "v:TobiiVerx86",
    "v:TobiiVerx86": "v:TobiiVer1x86",
    "r:TrendInstalledKey": "r:TrendInstalledWowKey",
    "r:TrendInstalledWowKey": "v:TrendInstalledVer",
    "r:WebrootInstalledKey": "r:WebrootInstalledWowKey"
  },
  "Transform": {
    "IsDomainJoined": {
      "Ignore": [
        "0"
      ]
    },
    "IsHybridOrXGpu": {
      "Ignore": [
        "0"
      ]
    },
    "IsMsftOwned": {
      "Ignore": [
        "0"
      ]
    },
    "IsPortableOperatingSystem": {
      "Ignore": [
        "0"
      ]
    },
    "IsTestLab": {
      "Ignore": [
        "0"
      ]
    },
    "IsVM": {
      "Ignore": [
        "0"
      ]
    },
    "OEMModel": {
      "SubLength": 100
    },
    "OEMName_Uncleaned": {
      "SubLength": 100
    },
    "PausedFeatureStatus": {
      "Ignore": [
        "0"
      ]
    },
    "PausedQualityStatus": {
      "Ignore": [
        "0"
      ]
    },
    "SMode": {
      "Ignore": [
        "0"
      ]
    }
  },
  "Registry": {
    "ActiveHoursEnd": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\WindowsUpdate\\UX\\Settings",
      "ValueName": "ActiveHoursEnd",
      "RegValueType": "REG_DWORD"
    },
    "ActiveHoursStart": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\WindowsUpdate\\UX\\Settings",
      "ValueName": "ActiveHoursStart",
      "RegValueType": "REG_DWORD"
    },
    "AhnlabInstalledKey": {
      "FullPath": "SOFTWARE\\Ahnlab",
      "IfExists": true
    },
    "AhnlabInstalledWowKey": {
      "FullPath": "SOFTWARE\\WOW6432Node\\Ahnlab",
      "IfExists": true
    },
    "AhnLabKeyboard": {
      "FullPath": "SYSTEM\\CurrentControlSet\\Services\\Mkd2kfNt",
      "ValueName": "NbTpMsExist"
    },
    "AppChannels": {
      "FullPath": "SOFTWARE\\Policies\\Microsoft\\WindowsStore\\Apps\\*",
      "ValueName": "ChannelId",
      "EncodingType": "Json"
    },
    "AppRMIDs": {
      "FullPath": "SOFTWARE\\Policies\\Microsoft\\WindowsStore\\Apps\\*",
      "ValueName": "ReleaseManagementId",
      "EncodingType": "Json"
    },
    "AutopilotUpdateInProgress": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Provisioning\\AutopilotSettings\\VolatileAutopilotUpdate",
      "ValueName": "AutopilotUpdateInProgress",
      "RegValueType": "REG_DWORD"
    },
    "AvastBlackScreen": {
      "FullPath": "SYSTEM\\CurrentControlSet\\Services\\aswVmm\\Parameters",
      "ValueName": "Win10-1803"
    },
    "AvastInstalledKey": {
      "FullPath": "SOFTWARE\\Avast Software\\Avast",
      "IfExists": true
    },
    "AvastInstalledWowKey": {
      "FullPath": "SOFTWARE\\WOW6432Node\\Avast Software\\Avast",
      "IfExists": true
    },
    "AvastReg": {
      "FullPath": "SYSTEM\\CurrentControlSet\\Services\\aswVmm\\Parameters",
      "ValueName": "QualityCompat"
    },
    "AvgBlackScreen": {
      "FullPath": "SYSTEM\\CurrentControlSet\\Services\\avgVmm\\Parameters",
      "ValueName": "Win10-1803"
    },
    "AVGInstalledKey": {
      "FullPath": "SOFTWARE\\AVG\\Antivirus",
      "IfExists": true
    },
    "AVGInstalledWowKey": {
      "FullPath": "SOFTWARE\\WOW6432Node\\AVG\\Antivirus",
      "IfExists": true
    },
    "AvgReg": {
      "FullPath": "SYSTEM\\CurrentControlSet\\Services\\avgVmm\\Parameters",
      "ValueName": "QualityCompat"
    },
    "AviraInstalledKey": {
      "FullPath": "SOFTWARE\\X-AVCSD\\Workstation\\Antivirus",
      "IfExists": true
    },
    "AviraInstalledWowKey": {
      "FullPath": "SOFTWARE\\WOW6432Node\\X-AVCSD\\Workstation\\Antivirus",
      "IfExists": true
    },
    "BlockEdgeWithChromiumUpdate": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\EdgeUpdate",
      "ValueName": "DoNotUpdateToEdgeWithChromium",
      "RegValueType": "REG_DWORD"
    },
    "BlockFeatureUpdates": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WindowsUpdate\\OSUpgrade",
      "ValueName": "BlockFeatureUpdates",
      "RegValueType": "REG_DWORD"
    },
    "BlockWUUpgrades": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows10Upgrader\\Volatile",
      "ValueName": "BlockWUUpgrades",
      "RegValueType": "REG_DWORD"
    },
    "BlockWUUpgradesWow": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\WOW6432Node\\Microsoft\\Windows10Upgrader\\Volatile",
      "ValueName": "BlockWUUpgrades",
      "RegValueType": "REG_DWORD"
    },
    "BuildFID": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "Software\\Microsoft\\Windows\\CurrentVersion\\Flighting\\Build",
      "ValueName": "EsdFlightData",
      "RegValueType": "REG_SZ"
    },
    "BuildFID_WCOS": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "OSDATA\\Software\\Microsoft\\Windows\\CurrentVersion\\Flighting\\Build",
      "ValueName": "EsdFlightData",
      "RegValueType": "REG_SZ"
    },
    "BuildFID_WCOS2": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "OSDATA\\Microsoft\\Windows\\CurrentVersion\\Flighting\\Build",
      "ValueName": "EsdFlightData",
      "RegValueType": "REG_SZ"
    },
    "BullguardInstalledKey": {
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\BullGuard",
      "IfExists": true
    },
    "CurrentBranch": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion",
      "ValueName": "BuildBranch",
      "RegValueType": "REG_SZ"
    },
    "DaysSince19H1FUOffer": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\rempl\\irplugin",
      "ValueName": "DaysSinceLastOffer",
      "RegValueType": "REG_QWORD"
    },
    "DchuAmdGrfxDeletePending": {
      "FullPath": "SYSTEM\\CurrentControlSet\\Services\\amdkmdag",
      "ValueName": "DriverDelete"
    },
    "DchuAmdGrfxExists": {
      "FullPath": "SYSTEM\\CurrentControlSet\\Services\\amdkmdag",
      "IfExists": true
    },
    "DchuAmdGrfxVen": {
      "FullPath": "SYSTEM\\CurrentControlSet\\Services\\amdkmdag",
      "ValueName": "DCHUVen"
    },
    "DchuAmdGrfxVen2": {
      "FullPath": "SYSTEM\\CurrentControlSet\\Services\\amdkmdag\\Parameters",
      "ValueName": "DCHUVen"
    },
    "DchuIntelGrfxDeletePending": {
      "FullPath": "SYSTEM\\CurrentControlSet\\Services\\igfx",
      "ValueName": "DriverDelete"
    },
    "DchuIntelGrfxExists": {
      "FullPath": "SYSTEM\\CurrentControlSet\\Services\\igfx",
      "IfExists": true
    },
    "DchuIntelGrfxNExists": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SYSTEM\\CurrentControlSet\\Services\\igfxn",
      "IfExists": true
    },
    "DchuIntelGrfxVen": {
      "FullPath": "SYSTEM\\CurrentControlSet\\Services\\igfx",
      "ValueName": "DCHUVen"
    },
    "DchuIntelGrfxVen2": {
      "FullPath": "SYSTEM\\CurrentControlSet\\Services\\igfx\\Parameters",
      "ValueName": "DCHUVen"
    },
    "DchuNvidiaGrfxDeletePending": {
      "FullPath": "SYSTEM\\CurrentControlSet\\Services\\nvlddmkm",
      "ValueName": "DriverDelete"
    },
    "DchuNvidiaGrfxExists": {
      "FullPath": "SYSTEM\\CurrentControlSet\\Services\\nvlddmkm",
      "IfExists": true
    },
    "DchuNvidiaGrfxVen": {
      "FullPath": "SYSTEM\\CurrentControlSet\\Services\\nvlddmkm",
      "ValueName": "DCHUVen"
    },
    "DchuNvidiaGrfxVen2": {
      "FullPath": "SYSTEM\\CurrentControlSet\\Services\\nvlddmkm\\Parameters",
      "ValueName": "DCHUVen"
    },
    "DefaultUserRegion": {
      "HKey": "HKEY_USERS",
      "FullPath": ".DEFAULT\\Control Panel\\International\\Geo",
      "ValueName": "Nation",
      "RegValueType": "REG_SZ"
    },
    "DisableWUfBOfferBlock": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\WindowsUpdate\\UpdatePolicy\\Settings",
      "ValueName": "DisableWUfBOfferBlock",
      "RegValueType": "REG_DWORD"
    },
    "DisconnectedStandby": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SYSTEM\\CurrentControlSet\\Control\\Power",
      "ValueName": "EnforceDisconnectedStandby",
      "RegValueType": "REG_DWORD"
    },
    "DriverPartnerRing": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\DriverFlighting\\Partner",
      "ValueName": "TargetRing",
      "RegValueType": "REG_SZ"
    },
    "DSS_EnrolledReg": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Policies\\Microsoft\\Windows\\WindowsUpdate",
      "ValueName": "EnableWUfBCloud",
      "RegValueType": "REG_DWORD"
    },
    "DUInternal": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SYSTEM\\Setup\\MoSetup",
      "ValueName": "DynamicUpdateInternalTest",
      "RegValueType": "REG_DWORD"
    },
    "EdgeWithChromiumInstallFailureCount": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\EdgeUpdate",
      "ValueName": "WindowsUpdateAttempts"
    },
    "EdgeWithChromiumInstallFailureCountWow": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Wow6432Node\\Microsoft\\EdgeUpdate",
      "ValueName": "WindowsUpdateAttempts"
    },
    "EdgeWithChromiumInstallVersion": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\EdgeUpdate",
      "ValueName": "WindowsUpdateVersion"
    },
    "EdgeWithChromiumInstallVersionWow": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Wow6432Node\\Microsoft\\EdgeUpdate",
      "ValueName": "WindowsUpdateVersion"
    },
    "EKB19H2InstallCount": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SYSTEM\\Setup\\FeatureStaging\\20455539\\2",
      "ValueName": "Count"
    },
    "EKB19H2InstallTimeEpoch": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SYSTEM\\Setup\\FeatureStaging\\20455539\\2",
      "ValueName": "Timestamp"
    },
    "EKB19H2UnInstallCount": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SYSTEM\\Setup\\FeatureStaging\\20455539\\0",
      "ValueName": "Count"
    },
    "EKB19H2UnInstallTimeEpoch": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SYSTEM\\Setup\\FeatureStaging\\20455539\\0",
      "ValueName": "Timestamp"
    },
    "EnableWUfBUpgradeGatesRS5": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "Software\\Microsoft\\Windows NT\\CurrentVersion\\502505fe-762c-4e80-911e-0c3fa4c63fb0",
      "ValueName": "DataRequireGatedScanForFeatureUpdates",
      "RegValueType": "REG_DWORD"
    },
    "ESETInstalledKey": {
      "FullPath": "SOFTWARE\\ESET\\ESET Security",
      "IfExists": true
    },
    "ESETInstalledWowKey": {
      "FullPath": "SOFTWARE\\WOW6432Node\\ESET\\ESET Security",
      "IfExists": true
    },
    "EsetReg": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SYSTEM\\CurrentControlSet\\Services\\ehdrv\\Parameters",
      "ValueName": "WindowsCompatibilityLevel",
      "RegValueType": "REG_DWORD"
    },
    "ESTSecurityInstalledKey": {
      "FullPath": "SOFTWARE\\ESTsoft",
      "IfExists": true
    },
    "ESTSecurityInstalledWowKey": {
      "FullPath": "SOFTWARE\\WOW6432Node\\ESTsoft",
      "IfExists": true
    },
    "FlightContent": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\WindowsSelfHost\\Applicability",
      "ValueName": "ContentType",
      "RegValueType": "REG_SZ"
    },
    "FSecureInstalledKey": {
      "FullPath": "SOFTWARE\\F-Secure\\OneClient",
      "IfExists": true
    },
    "FSecureInstalledWowKey": {
      "FullPath": "SOFTWARE\\WOW6432Node\\F-Secure\\OneClient",
      "IfExists": true
    },
    "GStatusBlockIDs_All": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags\\Appraiser\\GWX",
      "ValueName": "SdbEntries",
      "RegValueType": "REG_SZ"
    },
    "HidOverGattReg": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\PnpLockdownFiles\\%SystemRoot%/System32/drivers/UMDF/Microsoft.Bluetooth.Profiles.HidOverGatt.dll",
      "ValueName": "Source",
      "RegValueType": "REG_SZ"
    },
    "HotPatchEKBInstalled": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Update\\TargetingInfo\\DynamicInstalled\\Hotpatch.amd64",
      "IfExists": true
    },
    "InstallDate": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion",
      "ValueName": "InstallDate",
      "RegValueType": "REG_DWORD"
    },
    "IsAutopilotRegistered": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Provisioning\\AutopilotPolicyCache",
      "ValueName": "ProfileAvailable",
      "RegValueType": "REG_DWORD"
    },
    "IsFlightingEnabled": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\WindowsSelfHost\\Applicability",
      "ValueName": "IsBuildFlightingEnabled",
      "RegValueType": "REG_DWORD"
    },
    "IsCldFltSyncRoots": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager\\*",
      "IfExists": true
    },
    "IsContainerMgrInstalled": {
      "FullPath": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Containers\\CmService",
      "IfExists": true
    },
    "IsEdgeWithChromiumInstalled": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\EdgeUpdate\\Clients\\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}",
      "IfExists": true
    },
    "IsEdgeWithChromiumInstalledWow": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Wow6432Node\\Microsoft\\EdgeUpdate\\Clients\\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}",
      "IfExists": true
    },
    "IsHybridOrXGpu": {
      "FullPath": "SOFTWARE\\Microsoft\\DirectX",
      "ValueName": "HybridDeviceApplicableForDxDbGpuPreferences"
    },
    "IsWDAGEnabled": {
      "FullPath": "SYSTEM\\ControlSet001\\Services\\hvsics",
      "IfExists": true
    },
    "IsWDATPEnabled": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows Advanced Threat Protection\\Status",
      "ValueName": "OnboardingState"
    },
    "K7InstalledKey": {
      "FullPath": "SOFTWARE\\K7 Computing",
      "IfExists": true
    },
    "K7InstalledWowKey": {
      "FullPath": "SOFTWARE\\WOW6432Node\\K7 Computing",
      "IfExists": true
    },
    "KasperskyInstalledKey": {
      "FullPath": "SOFTWARE\\KasperskyLab",
      "IfExists": true
    },
    "KasperskyInstalledWowKey": {
      "FullPath": "SOFTWARE\\WOW6432Node\\KasperskyLab",
      "IfExists": true
    },
    "KasperskyReg": {
      "FullPath": "System\\CurrentControlSet\\Services\\klhk\\Parameters",
      "ValueName": "UseVtHardware"
    },
    "KingsoftInstalledKey": {
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Kingsoft Internet Security",
      "IfExists": true
    },
    "KingsoftInstalledWowKey": {
      "FullPath": "SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Kingsoft Internet Security",
      "IfExists": true
    },
    "KioskMode": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\AssignedAccessCsp\\AutoLogonAccount",
      "ValueName": "ConfigSource",
      "RegValueType": "REG_DWORD"
    },
    "LCUVer": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion",
      "ValueName": "LCUVer"
    },
    "LenovoInstalledKey": {
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{A9861883-31C5-4324-BD9A-DC9527EEB675}_is1",
      "IfExists": true
    },
    "LenovoInstalledWowKey": {
      "FullPath": "SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{A9861883-31C5-4324-BD9A-DC9527EEB675}_is1",
      "IfExists": true
    },
    "MalwarebytesInstalledKey": {
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1",
      "IfExists": true
    },
    "MalwarebytesInstalledWowKey": {
      "FullPath": "SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1",
      "IfExists": true
    },
    "McAfeeInstalledKey": {
      "FullPath": "SOFTWARE\\SOFTWARE\\McAfee\\MSC\\AppInfo\\Substitute\\QueryParams",
      "IfExists": true
    },
    "McAfeeInstalledWowKey": {
      "FullPath": "SOFTWARE\\WOW6432Node\\McAfee\\MSC\\AppInfo\\Substitute\\QueryParams",
      "IfExists": true
    },
    "MTPTargetingInfo": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SYSTEM\\Platform\\MTPTargetingInfo",
      "ValueName": "TargetRing"
    },
    "OEMModelBaseBoard": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "HARDWARE\\DESCRIPTION\\System\\BIOS",
      "ValueName": "BaseBoardProduct",
      "RegValueType": "REG_SZ"
    },
    "OemPartnerRing": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SYSTEM\\Platform\\DeviceTargetingInfo",
      "ValueName": "TargetRing",
      "RegValueType": "REG_SZ"
    },
    "OobeSeeker": {
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\OOBE\\Updates",
      "ValueName": "OOBEUpdateStarted"
    },
    "OSDataDriverPartnerRing": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "OSData\\SOFTWARE\\Microsoft\\DriverFlighting\\Partner",
      "ValueName": "TargetRing",
      "RegValueType": "REG_SZ"
    },
    "OSRollbackBuild": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WindowsUpdate\\OSUpgrade\\Rollback",
      "ValueName": "BuildString",
      "RegValueType": "REG_SZ"
    },
    "OSRollbackCount": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WindowsUpdate\\OSUpgrade\\Rollback",
      "ValueName": "Count",
      "RegValueType": "REG_DWORD"
    },
    "OSRollbackDate": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WindowsUpdate\\OSUpgrade\\Rollback",
      "ValueName": "DateStamp",
      "RegValueType": "REG_DWORD"
    },
    "PandaInstalledKey": {
      "FullPath": "SOFTWARE\\Panda Software\\Setup",
      "IfExists": true
    },
    "PandaInstalledWowKey": {
      "FullPath": "SOFTWARE\\WOW6432Node\\Panda Software\\Setup",
      "IfExists": true
    },
    "PausedFeatureStatus": {
      "FullPath": "SOFTWARE\\Microsoft\\WindowsUpdate\\UpdatePolicy\\Settings",
      "ValueName": "PausedFeatureStatus"
    },
    "PausedQualityStatus": {
      "FullPath": "SOFTWARE\\Microsoft\\WindowsUpdate\\UpdatePolicy\\Settings",
      "ValueName": "PausedQualityStatus"
    },
    "PlayFabPartyRelay": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\PlayFabPartyRelay",
      "IfExists": true
    },
    "PonchAllow": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\QualityCompat",
      "ValueName": "cadca5fe-87d3-4b96-b7fb-a231484277cc",
      "RegValueType": "REG_DWORD"
    },
    "PonchAllowKey": {
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\QualityCompat\\cadca5fe-87d3-4b96-b7fb-a231484277cc",
      "IfExists": true
    },
    "PonchAllowWow": {
      "FullPath": "SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\QualityCompat",
      "ValueName": "cadca5fe-87d3-4b96-b7fb-a231484277cc"
    },
    "PonchAllowWowKey": {
      "FullPath": "SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\QualityCompat\\cadca5fe-87d3-4b96-b7fb-a231484277cc",
      "IfExists": true
    },
    "PonchBlock": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\QualityCompat",
      "ValueName": "65d75b03-6f4d-46e9-b870-517731e06cf9",
      "RegValueType": "REG_DWORD"
    },
    "PreviewBuildsManagerEnabled": {
      "FullPath": "SOFTWARE\\Microsoft\\WindowsSelfhost\\Manager",
      "ValueName": "ArePreviewBuildsAllowed"
    },
    "QUDeadline": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Policies\\Microsoft\\Windows\\WindowsUpdate",
      "ValueName": "ConfigureDeadlineForQualityUpdates",
      "RegValueType": "REG_DWORD"
    },
    "QUDeadlineMDM": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\PolicyManager\\current\\device\\Update",
      "ValueName": "ConfigureDeadlineForQualityUpdates",
      "RegValueType": "REG_DWORD"
    },
    "QuickhealInstalledKey1": {
      "FullPath": "SYSTEM\\CurrentControlSet\\Servicescatflt",
      "IfExists": true
    },
    "QuickhealInstalledKey2": {
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\App Paths\\scanner.exe",
      "IfExists": true
    },
    "RecoveredFromBuild": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "Software\\Microsoft\\WindowsSelfHost\\Applicability\\RecoveredFrom",
      "ValueName": "LastBuild",
      "RegValueType": "REG_DWORD"
    },
    "RecoveredOnDate": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "Software\\Microsoft\\WindowsSelfHost\\Applicability\\RecoveredFrom",
      "ValueName": "DateStamp",
      "RegValueType": "REG_DWORD"
    },
    "ReleaseType": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Update\\TargetingInfo",
      "ValueName": "ReleaseType",
      "RegValueType": "REG_SZ"
    },
    "SmartActiveHoursState": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\WindowsUpdate\\UX\\Settings",
      "ValueName": "SmartActiveHoursState",
      "RegValueType": "REG_DWORD"
    },
    "SophosInstalledKey1": {
      "FullPath": "SYSTEM\\CurrentControlSet\\Services\\SAVService",
      "IfExists": true
    },
    "SophosInstalledKey2": {
      "FullPath": "SYSTEM\\CurrentControlSet\\Services\\hmpalertsvc",
      "IfExists": true
    },
    "Steam": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Classes\\Steam",
      "ValueName": "",
      "RegValueType": "REG_SZ"
    },
    "SymantecInstalledKey": {
      "FullPath": "SOFTWARE\\Norton\\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}",
      "IfExists": true
    },
    "SymantecInstalledWowKey": {
      "FullPath": "SOFTWARE\\WOW6432Node\\Norton\\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}",
      "IfExists": true
    },
    "TargetReleaseVersionGP": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Policies\\Microsoft\\Windows\\WindowsUpdate",
      "ValueName": "TargetReleaseVersionInfo",
      "RegValueType": "REG_SZ"
    },
    "TargetReleaseVersionMDM": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\PolicyManager\\current\\device\\Update",
      "ValueName": "TargetReleaseVersion",
      "RegValueType": "REG_SZ"
    },
    "TencentInstalledKey": {
      "FullPath": "SOFTWARE\\Tencent\\QQPCMgr",
      "IfExists": true
    },
    "TencentInstalledWowKey": {
      "FullPath": "SOFTWARE\\WOW6432Node\\Tencent\\QQPCMgr",
      "IfExists": true
    },
    "TencentReg": {
      "FullPath": "SYSTEM\\CurrentControlSet\\services\\TesSafe",
      "ValueName": "LoadStartTime"
    },
    "TencentType": {
      "FullPath": "SYSTEM\\CurrentControlSet\\services\\TesSafe",
      "ValueName": "Type"
    },
    "ThreatTrackInstalledKey": {
      "FullPath": "SOFTWARE\\SBAMSvc",
      "IfExists": true
    },
    "ThreatTrackInstalledWowKey": {
      "FullPath": "SOFTWARE\\WOW6432Node\\SBAMSvc",
      "IfExists": true
    },
    "TrendInstalledKey": {
      "FullPath": "SOFTWARE\\TrendMicro",
      "IfExists": true
    },
    "TrendInstalledWowKey": {
      "FullPath": "SOFTWARE\\WOW6432Node\\TrendMicro",
      "IfExists": true
    },
    "UHSEnrolled": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion",
      "ValueName": "UHSEnrolled",
      "RegValueType": "REG_SZ",
      "IfExists": true
    },
    "UninstallActive": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "System\\Setup",
      "ValueName": "UninstallActive",
      "RegValueType": "REG_DWORD"
    },
    "UpdateOfferedDays": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WaaSAssessment\\Cache\\",
      "ValueName": "UpToDateDays",
      "RegValueType": "REG_DWORD"
    },
    "UpdatePreference": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Policies\\Microsoft\\Windows\\WindowsUpdate",
      "ValueName": "UpdatePreference",
      "RegValueType": "REG_DWORD"
    },
    "WebrootInstalledKey": {
      "FullPath": "SOFTWARE\\WRData",
      "IfExists": true
    },
    "WebrootInstalledWowKey": {
      "FullPath": "SOFTWARE\\WOW6432Node\\WRData",
      "IfExists": true
    },
    "WindowsMixedReality": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\WUDF\\Services\\HoloLensSensors",
      "ValueName": "WdfMajorVersion",
      "RegValueType": "REG_DWORD"
    }
  },
  "FileInfo": {
    "AvastVer": {
      "Path": "\\system32\\Drivers\\aswVmm.sys",
      "FolderGuid": "{F38BF404-1D43-42F2-9305-67DE0B28FC23}"
    },
    "AvgVer": {
      "Path": "\\system32\\Drivers\\avgVmm.sys",
      "FolderGuid": "{F38BF404-1D43-42F2-9305-67DE0B28FC23}"
    },
    "BullguardInstalledVer": {
      "Path": "\\BullGuard Ltd\\BullGuard\\BullGuard.exe",
      "IfExists": true,
      "FolderGuid": "{905E63B6-C1BF-494E-B29C-65B732D3D21A}"
    },
    "CortanaAppVer": {
      "Path": "\\WindowsApps\\Microsoft.549981C3F5F10_8wekyb3d8bbwe\\CortanaApp.View.exe",
      "FolderGuid": "{905E63B6-C1BF-494E-B29C-65B732D3D21A}"
    },
    "CortanaAppVerTest": {
      "Path": "\\WindowsApps\\3242f7d9-db60-4380-a379-4205ea768bfc_1.0.0.0_x64__zs4v8rx04ex0m\\UndockingTestApp.exe",
      "FolderGuid": "{905E63B6-C1BF-494E-B29C-65B732D3D21A}"
    },
    "EsetVer": {
      "Path": "\\drivers\\ehdrv.sys",
      "FolderGuid": "{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}"
    },
    "GDataInstalledVer": {
      "Path": "\\drivers\\MiniIcpt.sys",
      "IfExists": true,
      "FolderGuid": "{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}"
    },
    "IsNotepadExePresent": {
      "Path": "%windir%\\system32\\notepad.exe",
      "IfExists": true
    },
    "K7InstalledVer": {
      "Path": "\\K7 Computing",
      "IfExists": true,
      "FolderGuid": "{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}"
    },
    "KasperskyVer": {
      "Path": "\\system32\\Drivers\\klhk.sys",
      "FolderGuid": "{F38BF404-1D43-42F2-9305-67DE0B28FC23}"
    },
    "PandaInstalledVer": {
      "Path": "\\Panda Security",
      "IfExists": true,
      "FolderGuid": "{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}"
    },
    "SkypeRoomSystem": {
      "Path": "%systemdrive%\\Recovery\\OEM\\$oem$\\$1\\Rigel\\x64\\Scripts\\Provisioning\\AutoUnattend.xml",
      "IfExists": true
    },
    "SymantecVer": {
      "Path": "\\Symantec\\Shared\\EENGINE\\eeCtrl.sys",
      "FolderGuid": "{DE974D24-D9C6-4D3E-BF91-F4455120B917}"
    },
    "SymantecVer64": {
      "Path": "\\Symantec\\Shared\\EENGINE\\eeCtrl64.sys",
      "FolderGuid": "{DE974D24-D9C6-4D3E-BF91-F4455120B917}"
    },
    "TobiiVer": {
      "Path": "\\Tobii\\Tobii EyeX Interaction\\Tobii.EyeX.Interaction.exe",
      "FolderGuid": "{905E63B6-C1BF-494E-B29C-65B732D3D21A}"
    },
    "TobiiVer1x86": {
      "Path": "\\Tobii\\tobii EyeX Interaction\\Tobii.EyeX.Interaction.exe",
      "FolderGuid": "{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}"
    },
    "TobiiVerx86": {
      "Path": "\\tobii EyeX Interaction\\Tobii.EyeX.Interaction.exe",
      "FolderGuid": "{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}"
    },
    "TrendInstalledVer": {
      "Path": "\\Trend Micro\\Titanium\\plugin\\plugVizor.dll",
      "IfExists": true,
      "FolderGuid": "{905E63B6-C1BF-494E-B29C-65B732D3D21A}"
    },
    "TrendMicroVer": {
      "Path": "\\drivers\\TMUMH.sys",
      "FolderGuid": "{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}"
    },
    "WuClientVer": {
      "Path": "\\system32\\wuaueng.dll",
      "FolderGuid": "{F38BF404-1D43-42F2-9305-67DE0B28FC23}"
    }
  },
  "Licensing": {
    "UpdateManagementGroup": {
      "Name": "UpdatePolicy-UpdateManagementGroup"
    }
  },
  "UpdatePolicy": {
    "BranchReadinessLevel": {
      "PolicyEnum": 5,
      "Enterprise": true
    },
    "BranchReadinessLevelSource": {
      "PolicyEnum": 5,
      "Enterprise": true,
      "UseSource": true
    },
    "DeferFeatureUpdatePeriodInDays": {
      "PolicyEnum": 9,
      "Enterprise": true
    },
    "DeferQualityUpdatePeriodInDays": {
      "PolicyEnum": 7,
      "Enterprise": true
    },
    "DisableDualScan": {
      "PolicyEnum": 42,
      "Enterprise": true
    },
    "EnableWUfBUpgradeGates": {
      "PolicyEnum": 51,
      "Enterprise": true
    },
    "TargetReleaseVersion": {
      "PolicyEnum": 50,
      "Enterprise": true
    },
    "UpdateServiceUrl": {
      "PolicyEnum": 12
    }
  },
  "Policy": {
    "DesiredOsVersion": {
      "LocUri": "./Device/Vendor/MSFT/DeviceUpdateCenter/DesiredUpdates/OsVersion"
    },
    "DesiredSystemManifestVersion": {
      "LocUri": "./Device/Vendor/MSFT/DeviceUpdateCenter/DesiredUpdates/SystemManifestVersion"
    },
    "DSS_Enrolled": {
      "Area": "Update",
      "Name": "EnableWUfBCloud"
    },
    "DucCustomPackageId": {
      "LocUri": "./Device/Vendor/MSFT/DeviceUpdateCenter/Enrollment/CustomPackageId"
    },
    "DucDeviceModelId": {
      "LocUri": "./Device/Vendor/MSFT/DeviceUpdateCenter/Enrollment/DeviceModelId"
    },
    "DucOemPartnerRing": {
      "LocUri": "./Device/Vendor/MSFT/DeviceUpdateCenter/Enrollment/OemPartnerRing"
    },
    "DucPublisherId": {
      "LocUri": "./Device/Vendor/MSFT/DeviceUpdateCenter/Enrollment/PublisherId"
    }
  },
  "WMI": {
    "FirstStorageSpaceDeviceId": {
      "Query": "SELECT DeviceID FROM Win32_DiskDrive WHERE Model = 'Microsoft Storage Space Device'",
      "Name": "DeviceID",
      "Timeout": 2000
    }
  }
}"
[HKEY_USERS\S-1-5-21-3818253758-67364604-2000356123-1001\Software\Chromium]

====== End of Search ======

[kevinf80]

Does the conduit issues still happen..

[ddemerin]

Yeah. They're still popping up, but my laptop is booting up faster and isn't consistently consistently running at 100% disk. 

[kevinf80]

Does it only happen when you have your default browser open (Chrome)

[ddemerin]

Nope. Adwcleaner finds conduit and legacy right after I boot up without opening any programs. My slack opens on bootup, but I don't have anything else that starts on bootup.

[kevinf80]

Please download Malwarebytes Anti-Rootkit from here   Right click on the tool (select "Run as Administrator) to start the extraction to a convenient location. (Desktop is preferable) Open the folder where the contents were unzipped and run mbar.exe Follow the instructions in the wizard to update and allow the program to scan your computer for threats. Click on the Cleanup button to remove any threats and reboot if prompted to do so. Wait while the system shuts down and the cleanup process is performed. Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process. When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt

[ddemerin]

The scan came back clean, but then after I did used adwcleaner just to see if the pups are still there and both Pup.optional.conduit and Pup.optional.legacy are still there. Again, my laptop is still running faster and with far less issues, but I'm confused why these keep coming back when I boot up my laptop even after adwcleaner removes them.

mbar-log-2020-09-28 (17-08-31).txt system-log.txt