Win 11 Auf Facebook Warnmeldung hereingefallen, PC läuft langsamer , MS Defender wird blockiert

M-K-D-B · 18.05.2025, 10:02

Zitat:

Zitat von Bernd Brot

Mich würde aber interessieren, wieso google diese Meldung bringt. War das der Eingriff durch FRST ?

Ich habe dir im letzten Post auf eine Seite zu Google Captcha verlinkt. Dort findest du weitere Infos.
Mit FRST hat das nichts zu tun.

Zitat:

Zitat von Bernd Brot

Kaspersky keine Funde, keine logdatei.

Eine Logdatei wird von diesem Tool immer erstellt, keine Funde klingt super.

Da die Logdatei von ESET nicht gespeichert wurde und niemand weiß, welche Art von Malware auf dem System war, solltest zu zur Sicherheit alle Passwörter ändern.

Die von SecurityCheck bemängelten Programme solltest du aktualisieren (falls noch benötigt) oder deinstallieren (falls nicht mehr benötigt).
Die Downloadlinks dazu findest du in der Logdatei von SecurityCheck.

Entfernung der verwendeten Tools
Führe KpRm gemäß der bebilderten Anleitung aus und poste abschließend die Logdatei.

Dann wären wir durch!
Wenn du keine Probleme mehr mit Malware hast, dann sind wir hier fertig. Deine Logdateien sind sauber.

Wenn Du möchtest, kannst Du hier sagen, ob du mit uns und unserer Hilfe zufrieden warst...

Vielleicht möchtest du das Forum mit einer kleinen Spende unterstützen.

Zum Schluss bitte unbedingt die Sicherheitsmaßnahmen lesen und umsetzen:

Lesestoff:
Anleitung: Maßnahmen zur Absicherung des Rechners

Hinweis:
Bitte gib mir eine kurze Rückmeldung, sobald du die oben verlinkten Informationen gelesen hast, alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann.

Bernd Brot · 18.05.2025, 15:33

Zum Finale !
Besten Dank und ein schönes Restwochenende.

Code:

ATTFilter

# Run at 18.05.2025 16:27:55
# KpRm (Kernel-panik) version 2.19.0
# Website https://kernel-panik.me/tool/kprm/
# Run by emqi- from C:\Users\emqi-\Downloads
# Computer Name: EMQI-LIVINGPICS
# OS: Windows 11 X64 (26100) (10.0.26100.4061) 
# Number of passes: 1

- Checked options -

    ~ Delete Tools
    ~ Delete Quarantines

- Delete Tools -


  ## ESET Online Scanner
     [OK] C:\Users\emqi-\Desktop\ESET Online Scanner.lnk deleted
     [OK] C:\Users\emqi-\Desktop\Desktop\ESET Online Scanner.lnk deleted
     [OK] C:\Users\emqi-\Downloads\esetonlinescanner.exe deleted
     [OK] C:\Users\emqi-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk deleted
     [OK] C:\Users\emqi-\AppData\Local\ESET\ESETOnlineScanner deleted

  ## FRST
     [OK] C:\Users\emqi-\Desktop\Desktop\Trojaner Board\Addition.txt deleted
     [OK] C:\Users\emqi-\Desktop\Desktop\Trojaner Board\FRST.txt deleted
     [OK] C:\Users\emqi-\Desktop\Desktop\Trojaner Board\FRST64.exe deleted
     [OK] C:\Users\emqi-\Downloads\Addition alt 16.5.2025.txt deleted
     [OK] C:\Users\emqi-\Downloads\Addition.txt deleted
     [OK] C:\Users\emqi-\Downloads\Fixlog.txt deleted
     [OK] C:\Users\emqi-\Downloads\FRST alt 16.5.2025..txt deleted
     [OK] C:\Users\emqi-\Downloads\FRST-OlderVersion deleted
     [OK] C:\Users\emqi-\Downloads\FRST.txt deleted
     [OK] C:\Users\emqi-\Downloads\FRST64.exe deleted
     [OK] C:\FRST deleted

  ## Kaspersky Virus Removal Tool
     [OK] C:\Users\emqi-\Desktop\KVRT.exe deleted
     [R] C:\KVRT2020_Data deleted

  ## Malwarebytes (log)
     [OK] C:\Users\emqi-\Desktop\Desktop\Trojaner Board\Malwarebytes.txt deleted

  ## SecurityCheck
     [OK] C:\Users\emqi-\Downloads\SecurityCheck\SecurityCheck.exe deleted
     [OK] C:\SecurityCheck deleted

-- KPRM finished in 9.15s --


- Need to Restart -

M-K-D-B · 18.05.2025, 19:46

Wir sind froh, dass wir helfen konnten

Dieses Thema scheint erledigt und wird aus unseren Abos gelöscht. Solltest Du das Thema erneut brauchen, schicke uns bitte eine Erinnerung inklusive Link zum Thema.

Jeder andere bitte hier klicken und ein eigenes Thema erstellen.

M-K-D-B · 25.05.2025, 18:18

Der Fund von ESET zeigt auf dein Mailprogramm Thunderbird.

Vermutlich hast du eine Spam-Mail bzw. Mail mit verdächtigem Anhang / Link noch irgendwo abgespeichert. Überprüfe alle verdächtige Mails und lösche diese.

Hierbei handelt es sich aber um keine aktive Infektion deines Systems.

Bzgl. der reCaptcha Meldung von Google... sowas kann auch an VPN-Software liegen... du nutzt Avira VPN... VPN werden sowieso überbewertet, kann man sich getrost schenken.
Avira im Übrigen auch.

Bernd Brot · 25.05.2025, 18:37

Avira habe ich meines Wissens gelöscht. In den Programmen befindet sich noch ein Avira Fallback Updater. Soll/kann ich den entfernen ?

M-K-D-B · 25.05.2025, 18:44

Ja, hau weg das Teil.
Danach den Rechner neu starten.

Bernd Brot · 25.05.2025, 18:51

Zitat:

Zitat von M-K-D-B

Ja, hau weg das Teil.
Danach den Rechner neu starten.

Gar nicht so einfach ;-)
https://ibb.co/jvC6C7tC

M-K-D-B · 26.05.2025, 14:11

Servus,

poste bitte aktuelle Logs von FRST.

Bernd Brot · 26.05.2025, 17:24

Bitteschön:

Code:

ATTFilter

Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 22-05-2025
durchgeführt von emqi- (Administrator) auf EMQI-LIVINGPICS (Micro-Star International Co., Ltd. MS-7E26) (26-05-2025 18:20:37)
Gestartet von C:\Users\emqi-\Downloads\FRST64.exe
Geladene Profile: emqi-
Plattform: Microsoft Windows 11 Pro Version 24H2 26100.4061 (X64) Sprache: Deutsch (Deutschland)
Standard-Browser: FF
Start-Modus: Normal

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\IPCBox\AdobeIPCBroker.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Advanced Micro Devices -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSoftware.exe
(C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe ->) (Adobe Inc. -> ) C:\Program Files (x86)\Adobe\Adobe Sync\CoreSync\CoreSync.exe
(C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe
(C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud Helper.exe
(C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe ->) (OpenJS Foundation -> Node.js) C:\Program Files\Adobe\Adobe Creative Cloud Experience\libs\node.exe
(C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files\Common Files\Adobe\Adobe Desktop Common\HEX\Creative Cloud UI Helper.exe <4>
(C:\Program Files\Adobe\Adobe Lightroom Classic\Helpers\DynamicLinkMediaServer\dynamiclinkmanager.exe ->) (Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files\Adobe\Adobe Lightroom Classic\Helpers\DynamicLinkMediaServer\dynamiclinkmediaserver.exe
(C:\Program Files\Adobe\Adobe Lightroom Classic\Lightroom.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files\Adobe\Adobe Lightroom Classic\Adobe Crash Processor.exe
(C:\Program Files\Adobe\Adobe Lightroom Classic\Lightroom.exe ->) (Adobe Inc. -> Adobe) C:\Program Files\Adobe\Adobe Lightroom Classic\Helpers\DynamicLinkMediaServer\dynamiclinkmanager.exe
(C:\Program Files\AMD\CNext\CNext\AMDRSServ.exe ->) (Advanced Micro Devices -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amdow.exe
(C:\Program Files\AMD\CNext\CNext\AMDRSServ.exe ->) (Advanced Micro Devices -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\AMDRSSrcExt.exe
(C:\Program Files\AMD\CNext\CNext\RadeonSoftware.exe ->) (Advanced Micro Devices -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\cncmd.exe
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe
(C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe ->) (WacomCenterUI) [Datei ist nicht signiert] C:\Program Files\Tablet\Wacom\WacomCenter\WacomCenterUI.exe
(C:\Program Files\Tablet\Wacom\WacomHost.exe ->) (Wacom Co., Ltd. -> Wacom Co. Ltd.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(C:\Program Files\Tablet\Wacom\WTabletServicePro.exe ->) (Wacom Co., Ltd. -> Wacom Co. Ltd.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(C:\Program Files\Tablet\Wacom\WTabletServicePro.exe ->) (Wacom Co., Ltd. -> Wacom Co. Ltd.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(C:\Program Files\Tablet\Wacom\WTabletServicePro.exe ->) (Wacom Co., Ltd. -> Wacom Co. Ltd.) C:\Program Files\Tablet\Wacom\Wacom_UpdateUtil.exe
(C:\Program Files\Tablet\Wacom\WTabletServicePro.exe ->) (Wacom Co., Ltd. -> Wacom Co., Ltd.) C:\Program Files\Tablet\Wacom\WacomHost.exe
(C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_525.10401.30.0_x64__cw5n1h2txyewy\WidgetBoard.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\136.0.3240.92\msedgewebview2.exe <7>
(cmd.exe ->) (Advanced Micro Devices -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\AMDRSServ.exe
(DriverStore\FileRepository\u0415347.inf_amd64_bbe1f1da43e3d52f\B415056\atiesrxx.exe ->) (Advanced Micro Devices -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0415347.inf_amd64_bbe1f1da43e3d52f\B415056\atieclxx.exe
(explorer.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files\Adobe\Adobe Lightroom Classic\Lightroom.exe
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <13>
(explorer.exe ->) (Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Thunderbird\thunderbird.exe <4>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <18>
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(services.exe ->) (Advanced Micro Devices -> Advanced Micro Devices, Inc) C:\Windows\System32\DriverStore\FileRepository\amdppkg.inf_amd64_3b35ade6b9714417\AmdPpkgSvc.exe
(services.exe ->) (Advanced Micro Devices -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0415347.inf_amd64_bbe1f1da43e3d52f\B415056\atiesrxx.exe
(services.exe ->) (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.) C:\Windows\System32\DriverStore\FileRepository\amdfendr.inf_amd64_1aafc0a9b0693712\amdfendrsr.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25040.2-0\MpDefenderCoreService.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25040.2-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25040.2-0\NisSrv.exe
(services.exe ->) (Wacom Co., Ltd. -> Wacom Co. Ltd.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(sihost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Program Files\WindowsApps\MicrosoftWindows.CrossDevice_1.25032.52.0_x64__cw5n1h2txyewy\CrossDeviceService.exe
(svchost.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files\WindowsApps\AdobeNotificationClient_6.0.0.1_x86__enpm4xejd91yc\AdobeNotificationClient.exe
(svchost.exe ->) (Advanced Micro Devices -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\CPUMetricsServer.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\SDXHelper.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.StartExperiencesApp_1.22.1.0_x64__8wekyb3d8bbwe\MicrosoftStartFeedProvider\MicrosoftStartFeedProvider.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_525.10401.30.0_x64__cw5n1h2txyewy\WidgetBoard.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\NgcIso.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe

==================== Registry (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM-x32\...\Run: [Adobe CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [133128 2025-03-24] (Adobe Inc. -> Adobe Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [1145256 2025-04-15] (Adobe Inc. -> Adobe Inc.)
HKU\S-1-5-21-76596380-2333717119-1847427047-1003\...\Run: [MicrosoftEdgeAutoLaunch_3753AF0C68244FA81F8581C5B5045ECE] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [4045880 2025-05-23] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-76596380-2333717119-1847427047-1003\...\Run: [AMDNoiseSuppression] => C:\Windows\system32\AMD\ANR\AMDNoiseSuppression.exe [164840 2024-06-24] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {3A6E2066-337A-4331-AA61-39FBE06617C3} - System32\Tasks\AMD Install Manager - Check For Updates => C:\Program Files\AMD\AMDInstallManager\AMDInstallManager.exe [55426256 2025-05-06] (Advanced Micro Devices -> Advanced Micro Devices, Inc.) -> C:\Program Files\AMD\AMDInstallManager\\-CheckForUpdates
Task: {162516FD-20BF-4DBD-B806-F799A75C8209} - System32\Tasks\AMD Install Manager - Install Updates => C:\Program Files\AMD\AMDInstallManager\AMDInstallManager.exe [55426256 2025-05-06] (Advanced Micro Devices -> Advanced Micro Devices, Inc.) -> C:\Program Files\AMD\AMDInstallManager\\-InstallUpdates -Auto
Task: {8DD8C804-A6EC-48B3-9E55-8CBF735167DA} - System32\Tasks\AMDInstallLauncher => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1038544 2025-04-25] (Advanced Micro Devices -> Advanced Micro Devices, Inc.)
Task: {C4E6387D-B865-448B-A301-A0419D69B0E5} - System32\Tasks\AMDRyzenMasterSDKTask => C:\Program Files\AMD\CNext\CNext\cpumetricsserver.exe [191184 2025-04-25] (Advanced Micro Devices -> Advanced Micro Devices, Inc.)
Task: {92A8AEE7-551B-49B9-9442-0C174ADB5134} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\emqi-\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe [15205744 2025-05-22] (ESET, spol. s r.o. -> ESET)
Task: {6BB8FC9C-8E91-4FC8-9E03-EFDE5A0F42CA} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\emqi-\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe [15205744 2025-05-22] (ESET, spol. s r.o. -> ESET)
Task: {C2B0E3F9-2A9A-46D6-8500-9F4F81B1C0E8} - System32\Tasks\Launch Adobe CCXProcess => C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [194048 2025-04-14] (Adobe Inc. -> Adobe Inc.)
Task: {307313D2-03A0-4E0D-85E8-3EACA50D9307} - System32\Tasks\Microsoft\Office\Office Apps Prewarm => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [307432 2025-05-24] (Microsoft Corporation -> Microsoft Corporation)
Task: {798BA36E-8F34-4189-B853-2A80010E38C5} - System32\Tasks\Microsoft\Office\Office Apps Prewarm Recurring => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [307432 2025-05-24] (Microsoft Corporation -> Microsoft Corporation)
Task: {964C40C9-924E-420A-80A9-7EB30C32C8D3} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [29102808 2025-05-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {D1F8EE3D-FCAB-465D-9A14-262AB7D39BE6} - System32\Tasks\Microsoft\Office\Office Background Push Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\opushutil.exe [68360 2025-05-24] (Microsoft Corporation -> Microsoft Corporation)
Task: {F6AF5150-E18C-49E7-9D54-4E21CB9113FE} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [29102808 2025-05-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {95C5F5F2-A403-4047-A079-E42C508E954D} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [307432 2025-05-24] (Microsoft Corporation -> Microsoft Corporation)
Task: {12B7B082-A730-49A1-8C26-D3134FC2875A} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [307432 2025-05-24] (Microsoft Corporation -> Microsoft Corporation)
Task: {5552BD37-EBF6-4A03-96B3-DB897BE2E8E8} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [213216 2025-05-08] (Microsoft Corporation -> Microsoft Corporation)
Task: {F3E6E7ED-A196-4E44-8803-55FAB3AD4E29} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe  (Keine Datei)
Task: {86D1E86D-2137-4A32-A3E9-56A7CDF4B05A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25040.2-0\MpCmdRun.exe [1753416 2025-05-22] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {E81B23ED-CB9E-46C4-A01E-EC8DE63F8D46} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25040.2-0\MpCmdRun.exe [1753416 2025-05-22] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {C4A13BE7-75A8-4E35-9739-D10C1358519C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25040.2-0\MpCmdRun.exe [1753416 2025-05-22] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {D891B09F-4E2B-4758-AE8C-347881775D43} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25040.2-0\MpCmdRun.exe [1753416 2025-05-22] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {D80CDC39-C24E-4ECF-9FC7-F0713D013101} - System32\Tasks\Microsoft\Windows\WindowsAI\Recall\InitialConfiguration => {709FD5EF-7296-4154-BD3A-E9830FCFA60A} C:\Windows\system32\ShellConfigTask.dll [274432 2025-05-14] (Microsoft Windows -> Microsoft Corporation)
Task: {DD2C0B0E-B6F5-4735-B579-0B0FD439A698} - System32\Tasks\Microsoft\Windows\WindowsAI\Recall\PolicyConfiguration => {0BE6820D-B667-4CB6-931B-C153A77DA895} C:\Windows\system32\ShellConfigTask.dll [274432 2025-05-14] (Microsoft Windows -> Microsoft Corporation)
Task: {AF0E3A50-9A33-4601-8713-BE4203B29E41} - System32\Tasks\ModifyLinkUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1038544 2025-04-25] (Advanced Micro Devices -> Advanced Micro Devices, Inc.)
Task: {703B758E-B8B5-4209-809C-1FDFC66DABC1} - System32\Tasks\Mozilla\Firefox Background Update S-1-5-21-76596380-2333717119-1847427047-1003 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [695360 2025-05-18] (Mozilla Corporation -> Mozilla Corporation) -> C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\--MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask background (Der Dateneintrag hat 6 weitere Zeichen).
Task: {F09DEF76-FAA8-4679-817E-49DDDCE11E27} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [34880 2025-05-18] (Mozilla Corporation -> Mozilla Foundation)
Task: {78B243C9-FBC6-4154-9D8E-EC20CD493BA1} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [143568 2025-04-25] (Advanced Micro Devices -> Advanced Micro Devices, Inc.)
Task: {254EC6C8-ABBF-42C0-B38F-CC6C26B55510} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\RSServCmd.exe [309968 2025-04-25] (Advanced Micro Devices -> Advanced Micro Devices, Inc.)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)


==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{5df49ee4-f519-4dbb-b479-5f501a7a713a}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{5df49ee4-f519-4dbb-b479-5f501a7a713a}: [DhcpDomain] speedport.ip
Tcpip\..\Interfaces\{bd7741e0-00cc-4ee1-bb39-2d5b8377a7d5}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{bd7741e0-00cc-4ee1-bb39-2d5b8377a7d5}: [DhcpDomain] speedport.ip

Edge: 
=======
Edge Profile: C:\Users\emqi-\AppData\Local\Microsoft\Edge\User Data\Default [2025-05-26]
Edge HomePage: Default -> hxxp://www.msn.com/?pc=NMTE
Edge Extension: (Google Docs Offline) - C:\Users\emqi-\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2025-04-27]
Edge Extension: (Edge relevant text changes) - C:\Users\emqi-\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2025-03-24]
Edge HKLM\...\Edge\Extension: [bojobppfploabceghnmlahpoonbcbacn]
Edge HKLM-x32\...\Edge\Extension: [bojobppfploabceghnmlahpoonbcbacn]
Edge HKLM-x32\...\Edge\Extension: [caiblelclndcckfafdaggpephhgfpoip]

FireFox:
========
FF DefaultProfile: gtxv1m88.default
FF ProfilePath: C:\Users\emqi-\AppData\Roaming\Mozilla\Firefox\Profiles\gtxv1m88.default [2025-05-17]
FF ProfilePath: C:\Users\emqi-\AppData\Roaming\Mozilla\Firefox\Profiles\0z7ao6fm.default-release [2025-05-26]
FF Extension: (Activist – Balanced) - C:\Users\emqi-\AppData\Roaming\Mozilla\Firefox\Profiles\0z7ao6fm.default-release\Extensions\activist-balanced-colorway@mozilla.org.xpi [2023-03-17]
FF Extension: (HTTPS Everywhere) - C:\Users\emqi-\AppData\Roaming\Mozilla\Firefox\Profiles\0z7ao6fm.default-release\Extensions\https-everywhere@eff.org.xpi [2021-07-14]
FF Extension: (uBlock Origin) - C:\Users\emqi-\AppData\Roaming\Mozilla\Firefox\Profiles\0z7ao6fm.default-release\Extensions\uBlock0@raymondhill.net.xpi [2025-05-18]
FF Extension: (Malwarebytes Browser Guard) - C:\Users\emqi-\AppData\Roaming\Mozilla\Firefox\Profiles\0z7ao6fm.default-release\Extensions\{242af0bb-db11-4734-b7a0-61cb8a9b20fb}.xpi [2022-10-11]
FF Extension: (Mobile View Switcher) - C:\Users\emqi-\AppData\Roaming\Mozilla\Firefox\Profiles\0z7ao6fm.default-release\Extensions\{fa247c57-77ac-41cd-b942-332051e15ced}.xpi [2022-07-30]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2025-05-24] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2025-04-15] (Adobe Inc. -> Adobe Systems)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2025-05-24] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2025-04-15] (Adobe Inc. -> Adobe Systems)

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll]
CHR HKLM-x32\...\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

==================== Dienste (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [944040 2025-04-15] (Adobe Inc. -> Adobe Inc.)
R2 AmdPpkgSvc; C:\Windows\System32\DriverStore\FileRepository\amdppkg.inf_amd64_3b35ade6b9714417\AmdPpkgSvc.exe [518960 2025-04-01] (Advanced Micro Devices -> Advanced Micro Devices, Inc)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [13823704 2025-05-15] (Microsoft Corporation -> Microsoft Corporation)
S3 CorsairDeviceControlService; C:\Program Files\Corsair\Corsair Device Control Service\bin\CorsairDeviceControlService.exe [2430504 2024-10-29] (Corsair Memory, Inc. -> Corsair Memory, Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [9406208 2025-05-04] (Malwarebytes Inc -> Malwarebytes)
S3 MBVpnTunnelService; C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe [2788304 2025-03-28] (Malwarebytes Inc. -> Malwarebytes)
R2 MDCoreSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25040.2-0\MpDefenderCoreService.exe [2050904 2025-05-22] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [559320 2025-04-09] (Microsoft Windows Publisher -> Microsoft Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25040.2-0\NisSrv.exe [4525976 2025-05-22] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25040.2-0\MsMpEng.exe [278304 2025-05-22] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R3 amdfendrmgr; C:\Windows\System32\DriverStore\FileRepository\amdfendr.inf_amd64_1aafc0a9b0693712\amdfendrmgr.sys [37208 2025-02-06] (Advanced Micro Devices -> Advanced Micro Devices, Inc.)
R3 amdgpio3; C:\Windows\System32\drivers\amdgpio3.sys [33592 2024-09-12] (ASMedia Technology Inc. -> Advanced Micro Devices, Inc)
R3 AmdPpkg; C:\Windows\System32\DriverStore\FileRepository\amdppkg.inf_amd64_3b35ade6b9714417\AmdPpkg.sys [35120 2025-04-01] (Advanced Micro Devices -> Advanced Micro Devices)
R2 AMDRyzenMasterDriverV28; C:\Windows\system32\AMDRyzenMasterDriver.sys [61264 2025-04-23] (Advanced Micro Devices -> Advanced Micro Devices)
R3 AMDSAFD; C:\Windows\System32\DriverStore\FileRepository\amdsafd.inf_amd64_66bdd11a4e97edd1\amdsafd.sys [112840 2024-05-02] (AMD Test Build -> Advanced Micro Devices)
R3 amduw23g-415347-9b12a908; C:\Windows\System32\DriverStore\FileRepository\u0415347.inf_amd64_bbe1f1da43e3d52f\B415056\amdkmdag.sys [100529584 2025-05-08] (Advanced Micro Devices -> Advanced Micro Devices, Inc.)
R3 AMDXE; C:\Windows\System32\drivers\amdxe.sys [63008 2024-05-16] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
R2 CorsairLLAccess8F050F5E415C1A5882EB9FF7CE2BC59B7BE3A953; C:\Program Files\Corsair\Corsair iCUE5 Software\CorsairLLAccess64.sys [23616 2025-02-17] (Microsoft Windows Hardware Compatibility Publisher -> Corsair Memory, Inc.)
R3 KslD; C:\Windows\System32\drivers\wd\KslD.sys [331168 2025-04-10] (Microsoft Windows -> Microsoft Corporation)
R2 mbamchameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [234072 2025-03-28] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [22120 2025-03-28] (Microsoft Windows Early Launch Anti-Malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [239568 2025-03-28] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MTKBTFilterx64; C:\Windows\System32\drivers\mtkbtfilterx.sys [345056 2022-06-26] (Microsoft Windows Hardware Compatibility Publisher -> MediaTek Inc.)
R3 mtkwlex; C:\Windows\System32\drivers\mtkwl6ex.sys [1587680 2022-06-26] (Microsoft Windows Hardware Compatibility Publisher -> MediaTek Inc.)
S3 rtcx21; C:\Windows\System32\DriverStore\FileRepository\rtcx21x64.inf_amd64_feec7a9662e785f0\rtcx21x64.sys [539648 2024-03-28] (Microsoft Windows -> Realtek)
S3 ThermalFilter; C:\Windows\System32\DriverStore\FileRepository\c_thermal.inf_amd64_732a53ed1662b707\ThermalFilter.sys [75376 2025-04-09] (Microsoft Windows Hardware Abstraction Layer Publisher -> Microsoft Corporation)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [19984 2025-05-22] (Microsoft Windows Early Launch Anti-Malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [606568 2025-05-22] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [100736 2025-05-22] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat (erstellte) (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2025-05-26 17:52 - 2025-05-26 17:52 - 000000000 ____D C:\Users\emqi-\AppData\Local\LightroomClassic1-14-WIN
2025-05-26 16:41 - 2025-05-26 16:41 - 000003900 _____ C:\Windows\system32\Tasks\AMD Install Manager - Install Updates
2025-05-26 16:39 - 2025-05-26 16:39 - 000706648 _____ C:\Windows\system32\perfh007.dat
2025-05-26 16:39 - 2025-05-26 16:39 - 000149622 _____ C:\Windows\system32\perfc007.dat
2025-05-25 16:37 - 2025-05-25 16:37 - 000027251 _____ C:\Users\emqi-\Downloads\Addition.txt
2025-05-25 16:36 - 2025-05-26 18:21 - 000025999 _____ C:\Users\emqi-\Downloads\FRST.txt
2025-05-25 16:36 - 2025-05-26 18:20 - 000000000 ____D C:\FRST
2025-05-25 16:35 - 2025-05-25 16:35 - 002405888 _____ (Farbar) C:\Users\emqi-\Downloads\FRST64.exe
2025-05-25 16:14 - 2025-05-25 16:14 - 000008720 _____ C:\Users\emqi-\Documents\SecurityCheck 20250525.txt
2025-05-25 16:05 - 2025-05-25 16:05 - 000000000 ____D C:\SecurityCheck
2025-05-25 16:04 - 2025-05-25 16:05 - 000000022 _____ C:\Users\emqi-\Downloads\SecurityCheck(2).zip
2025-05-25 15:30 - 2025-05-25 15:30 - 000000000 ____D C:\KVRT2020_Data
2025-05-25 15:29 - 2025-05-25 15:28 - 115685224 _____ (AO Kaspersky Lab) C:\Users\emqi-\Desktop\KVRT.exe
2025-05-25 15:28 - 2025-05-25 15:28 - 115685224 _____ (AO Kaspersky Lab) C:\Users\emqi-\Downloads\KVRT.exe
2025-05-25 14:58 - 2025-05-25 14:58 - 000147717 _____ C:\Users\emqi-\Downloads\Pflanzenstärkungsmittel-1.pdf
2025-05-25 14:51 - 2025-05-25 14:51 - 000147717 _____ C:\Users\emqi-\Downloads\Pflanzenstärkungsmittel.pdf
2025-05-25 13:54 - 2025-05-25 13:54 - 000001071 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop 2025.lnk
2025-05-25 13:23 - 2025-05-25 13:23 - 000000718 _____ C:\Users\emqi-\Documents\ESET Fund 20250525.txt
2025-05-23 14:38 - 2025-05-23 14:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMDInstallManager
2025-05-22 13:33 - 2025-05-26 17:36 - 000001385 _____ C:\Users\emqi-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk
2025-05-22 13:33 - 2025-05-26 17:36 - 000001279 _____ C:\Users\emqi-\Desktop\ESET Online Scanner.lnk
2025-05-22 13:32 - 2025-05-22 13:32 - 008412528 _____ (ESET) C:\Users\emqi-\Downloads\esetonlinescanner.exe
2025-05-22 13:18 - 2025-05-25 13:45 - 000000000 ____D C:\Program Files\Mozilla Thunderbird
2025-05-18 16:27 - 2025-05-18 16:28 - 000001890 _____ C:\Users\emqi-\Desktop\kprm-20250518162754.txt
2025-05-18 16:27 - 2025-05-18 16:27 - 000000000 ____D C:\KPRM
2025-05-18 15:15 - 2025-05-18 15:15 - 000492893 _____ C:\Users\emqi-\Downloads\SecurityCheck(1).zip
2025-05-18 15:10 - 2025-05-26 16:32 - 000003118 _____ C:\Windows\system32\Tasks\AMDInstallLauncher
2025-05-18 15:09 - 2025-05-23 14:38 - 000004054 _____ C:\Windows\system32\Tasks\AMD Install Manager - Check For Updates
2025-05-18 15:09 - 2025-05-18 15:09 - 000002618 _____ C:\Windows\system32\Tasks\AMDRyzenMasterSDKTask
2025-05-18 15:09 - 2025-05-18 15:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Software꞉ Adrenalin Edition
2025-05-18 15:09 - 2025-05-18 15:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Bug Report Tool
2025-05-18 15:08 - 2025-05-08 05:22 - 002193792 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiadlxx.dll
2025-05-18 15:08 - 2025-05-08 05:22 - 002092440 _____ C:\Windows\system32\vulkaninfo-1-999-0-0-0.exe
2025-05-18 15:08 - 2025-05-08 05:22 - 002092440 _____ C:\Windows\system32\vulkaninfo.exe
2025-05-18 15:08 - 2025-05-08 05:22 - 001832320 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll
2025-05-18 15:08 - 2025-05-08 05:22 - 001832320 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxx.dll
2025-05-18 15:08 - 2025-05-08 05:22 - 001630592 _____ C:\Windows\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2025-05-18 15:08 - 2025-05-08 05:22 - 001630592 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2025-05-18 15:08 - 2025-05-08 05:22 - 001610512 _____ C:\Windows\system32\vulkan-1-999-0-0-0.dll
2025-05-18 15:08 - 2025-05-08 05:22 - 001610512 _____ C:\Windows\system32\vulkan-1.dll
2025-05-18 15:08 - 2025-05-08 05:22 - 001421448 _____ C:\Windows\SysWOW64\vulkan-1-999-0-0-0.dll
2025-05-18 15:08 - 2025-05-08 05:22 - 001421448 _____ C:\Windows\SysWOW64\vulkan-1.dll
2025-05-18 15:08 - 2025-05-08 05:22 - 001328024 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdsasrv64.dll
2025-05-18 15:08 - 2025-05-08 05:22 - 001184128 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdlvr64.dll
2025-05-18 15:08 - 2025-05-08 05:22 - 001068416 _____ (AMD) C:\Windows\system32\atieclxx.exe
2025-05-18 15:08 - 2025-05-08 05:22 - 000998272 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amdlvr32.dll
2025-05-18 15:08 - 2025-05-08 05:22 - 000631168 _____ C:\Windows\system32\GameManager64.dll
2025-05-18 15:08 - 2025-05-08 05:22 - 000609488 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdsacli64.dll
2025-05-18 15:08 - 2025-05-08 05:22 - 000559488 _____ C:\Windows\system32\atieah64.exe
2025-05-18 15:08 - 2025-05-08 05:22 - 000556280 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amdsacli32.dll
2025-05-18 15:08 - 2025-05-08 05:22 - 000526208 _____ C:\Windows\system32\EEURestart.exe
2025-05-18 15:08 - 2025-05-08 05:22 - 000479104 _____ C:\Windows\SysWOW64\GameManager32.dll
2025-05-18 15:08 - 2025-05-08 05:22 - 000473504 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atidemgy.dll
2025-05-18 15:08 - 2025-05-08 05:22 - 000422304 _____ C:\Windows\SysWOW64\atieah32.exe
2025-05-18 15:08 - 2025-05-08 05:22 - 000200576 _____ (AMD) C:\Windows\system32\atimuixx.dll
2025-05-18 15:08 - 2025-05-08 05:22 - 000190848 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atisamu64.dll
2025-05-18 15:08 - 2025-05-08 05:22 - 000150400 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atisamu32.dll
2025-05-18 15:08 - 2025-05-08 05:22 - 000147328 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amfrt64.dll
2025-05-18 15:08 - 2025-05-08 05:22 - 000140160 _____ C:\Windows\system32\amdxc64.dll
2025-05-18 15:08 - 2025-05-08 05:22 - 000122240 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amfrt32.dll
2025-05-18 15:08 - 2025-05-08 05:22 - 000116632 _____ C:\Windows\SysWOW64\amdxc32.dll
2025-05-18 15:08 - 2025-05-08 05:21 - 121137584 _____ C:\Windows\system32\amd_comgr_2.dll
2025-05-18 15:08 - 2025-05-08 05:21 - 103184792 _____ C:\Windows\SysWOW64\amd_comgr32.dll
2025-05-18 15:08 - 2025-05-08 05:21 - 017760672 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdhip64_6.dll
2025-05-18 15:08 - 2025-05-08 05:21 - 005219760 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdadlx64.dll
2025-05-18 15:08 - 2025-05-08 05:21 - 005006744 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amdadlx32.dll
2025-05-18 15:08 - 2025-05-08 05:21 - 000801688 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Rapidfire64.dll
2025-05-18 15:08 - 2025-05-08 05:21 - 000678808 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\Rapidfire.dll
2025-05-18 15:08 - 2025-05-08 05:21 - 000592264 _____ C:\Windows\system32\amdgfxinfo64.dll
2025-05-18 15:08 - 2025-05-08 05:21 - 000549304 _____ C:\Windows\system32\dgtrayicon.exe
2025-05-18 15:08 - 2025-05-08 05:21 - 000471456 _____ C:\Windows\system32\amdlogum.exe
2025-05-18 15:08 - 2025-05-08 05:21 - 000449920 _____ C:\Windows\SysWOW64\amdgfxinfo32.dll
2025-05-18 15:08 - 2025-05-08 05:21 - 000405184 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdfendr.stz
2025-05-18 15:08 - 2025-05-08 05:21 - 000344480 _____ C:\Windows\system32\clinfo.exe
2025-05-18 15:08 - 2025-05-08 05:21 - 000227768 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2025-05-18 15:08 - 2025-05-08 05:21 - 000197552 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2025-05-18 15:08 - 2025-05-08 05:21 - 000177056 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmmcl6.dll
2025-05-18 15:08 - 2025-05-08 05:21 - 000145824 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmmcl.dll
2025-05-18 15:08 - 2025-05-08 05:21 - 000067320 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdfendrmgr.stz
2025-05-18 15:08 - 2025-05-08 05:21 - 000051584 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\RapidFireServer64.dll
2025-05-18 15:08 - 2025-05-08 05:21 - 000048544 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\RapidFireServer.dll
2025-05-18 15:08 - 2025-05-08 05:05 - 001748320 _____ (AMD) C:\Windows\system32\amf-mft-mjpeg-decoder64.dll
2025-05-18 15:08 - 2025-05-08 05:05 - 001423016 _____ (AMD) C:\Windows\SysWOW64\amf-mft-mjpeg-decoder32.dll
2025-05-18 15:08 - 2025-05-08 05:05 - 000554720 _____ C:\Windows\system32\amdmiracast.dll
2025-05-18 15:08 - 2025-05-08 05:05 - 000169192 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atimpc64.dll
2025-05-18 15:08 - 2025-05-08 05:05 - 000169168 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdpcom64.dll
2025-05-18 15:08 - 2025-05-08 05:05 - 000162272 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atidxx64.dll
2025-05-18 15:08 - 2025-05-08 05:05 - 000141200 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll
2025-05-18 15:08 - 2025-05-08 05:05 - 000141192 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll
2025-05-18 15:08 - 2025-05-08 05:05 - 000134784 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atidxx32.dll
2025-05-18 15:08 - 2025-05-08 05:04 - 000179624 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdave64.dll
2025-05-18 15:08 - 2025-05-08 05:04 - 000154672 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdave32.dll
2025-05-18 15:08 - 2025-05-07 23:32 - 125668160 _____ C:\Windows\system32\amdxc64.so
2025-05-18 15:02 - 2025-05-18 15:03 - 043633576 _____ (Advanced Micro Devices, Inc.) C:\Users\emqi-\Downloads\amd-software-adrenalin-edition-25.5.1-minimalsetup-250513_web.exe
2025-05-18 09:00 - 2025-05-18 09:00 - 000000000 ____D C:\SecurityCheck alt
2025-05-18 08:59 - 2025-05-18 16:27 - 000000000 ____D C:\Users\emqi-\Downloads\SecurityCheck
2025-05-18 08:59 - 2025-05-18 08:59 - 000492893 _____ C:\Users\emqi-\Downloads\SecurityCheck.zip
2025-05-18 08:13 - 2025-05-18 16:28 - 000000000 ____D C:\Program Files\Mozilla Firefox
2025-05-17 17:55 - 2025-05-17 17:55 - 001427235 _____ (<hxxps://furtivex.net>) C:\Users\emqi-\Downloads\FMRS.BERS3j51.exe.part
2025-05-17 17:55 - 2025-05-17 17:55 - 000000000 _____ C:\Users\emqi-\Downloads\FMRS.exe
2025-05-15 19:31 - 2025-05-16 10:16 - 000000000 ____D C:\Windows\system32\Tasks\Remediation
2025-05-14 23:00 - 2025-05-26 17:41 - 000000000 ____D C:\Windows\CbsTemp
2025-05-14 16:03 - 2025-05-14 16:03 - 000030998 _____ C:\Windows\SysWOW64\IntegratedServicesRegionPolicySet.json
2025-05-14 16:03 - 2025-05-14 16:03 - 000030998 _____ C:\Windows\system32\IntegratedServicesRegionPolicySet.json
2025-05-09 07:45 - 2025-05-09 07:45 - 000001092 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Lightroom Classic.lnk
2025-05-04 15:25 - 2025-05-22 21:37 - 000003858 _____ C:\Windows\system32\Tasks\EOSv3 Scheduler onLogOn
2025-05-04 15:25 - 2025-05-22 21:37 - 000003416 _____ C:\Windows\system32\Tasks\EOSv3 Scheduler onTime

==================== Ein Monat (geänderte) ==================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2025-05-26 18:21 - 2025-03-24 22:03 - 000000000 ____D C:\Users\emqi-\AppData\Roaming\WTablet
2025-05-26 18:07 - 2025-03-28 23:49 - 000000000 ____D C:\Users\emqi-\AppData\Local\Malwarebytes
2025-05-26 18:06 - 2025-03-25 00:10 - 000003582 _____ C:\Windows\system32\Tasks\Launch Adobe CCXProcess
2025-05-26 17:51 - 2024-04-01 09:26 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2025-05-26 17:44 - 2024-10-29 15:04 - 000000000 ____D C:\Windows\system32\SleepStudy
2025-05-26 17:43 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\SystemTemp
2025-05-26 16:39 - 2025-03-24 22:08 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2025-05-26 16:39 - 2024-10-29 15:10 - 001633252 _____ C:\Windows\system32\PerfStringBackup.INI
2025-05-26 16:39 - 2024-04-01 09:24 - 000000000 ____D C:\Windows\INF
2025-05-26 16:32 - 2024-10-29 15:06 - 000010512 _____ C:\Windows\system32\5E37410B-D6F1-471D-AE27-563CEAC0D6B2
2025-05-26 16:32 - 2024-10-29 15:06 - 000001623 _____ C:\Windows\system32\config\VSMIDK
2025-05-26 16:32 - 2024-10-29 15:04 - 000012288 ___SH C:\DumpStack.log.tmp
2025-05-26 16:32 - 2024-10-29 15:04 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2025-05-25 22:36 - 2025-03-24 23:50 - 000000000 ____D C:\Users\emqi-\AppData\Local\CrashDumps
2025-05-25 21:12 - 2025-03-24 18:49 - 000000000 ____D C:\Users\emqi-\AppData\Local\Packages
2025-05-25 16:05 - 2024-12-31 13:28 - 000554487 _____ (glax24 (safezone.cc)) C:\Users\emqi-\Desktop\SecurityCheck.exe
2025-05-25 15:37 - 2025-03-24 18:49 - 000000000 ____D C:\Users\emqi-\AppData\Local\D3DSCache
2025-05-25 15:22 - 2025-03-24 18:52 - 000000000 ____D C:\Users\emqi-\AppData\Roaming\Microsoft\Excel
2025-05-25 13:54 - 2025-03-24 23:38 - 000000000 ____D C:\Program Files\Common Files\Adobe
2025-05-25 13:45 - 2025-03-24 22:08 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2025-05-25 13:45 - 2024-04-01 09:21 - 000524288 _____ C:\Windows\system32\config\BBI
2025-05-25 12:27 - 2024-10-29 15:04 - 000002443 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2025-05-25 12:27 - 2024-10-29 15:04 - 000002281 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2025-05-24 17:43 - 2024-10-29 15:31 - 000000000 ____D C:\AMD
2025-05-24 17:43 - 2024-10-29 15:06 - 000000000 ____D C:\Program Files\Microsoft Office
2025-05-24 17:43 - 2024-04-01 09:26 - 000000000 ___HD C:\Program Files\WindowsApps
2025-05-24 17:43 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\AppReadiness
2025-05-24 17:37 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\system32\SecurityHealth
2025-05-23 19:28 - 2025-03-24 22:45 - 000001062 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Thunderbird.lnk
2025-05-23 14:35 - 2025-03-24 18:57 - 000000000 ____D C:\Users\emqi-\AppData\Local\AMD_Common
2025-05-22 13:33 - 2025-03-25 00:44 - 000000000 ____D C:\Users\emqi-\AppData\Local\ESET
2025-05-22 13:27 - 2024-10-29 15:04 - 000000000 ____D C:\Windows\system32\Drivers\wd
2025-05-22 13:16 - 2024-10-29 15:04 - 000003832 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA{323B8279-7486-43E6-B26C-D4E2B6221AA6}
2025-05-22 13:16 - 2024-10-29 15:04 - 000003706 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore{0314DEF4-2C78-42E3-98D2-7EF5DB5F46A6}
2025-05-18 15:10 - 2025-03-24 18:49 - 000000000 ____D C:\Users\emqi-\AppData\Local\AMD
2025-05-18 15:09 - 2024-10-29 15:35 - 000003484 _____ C:\Windows\system32\Tasks\ModifyLinkUpdate
2025-05-18 15:09 - 2024-10-29 15:35 - 000003072 _____ C:\Windows\system32\Tasks\StartDVR
2025-05-18 15:09 - 2024-10-29 15:34 - 000003152 _____ C:\Windows\system32\Tasks\StartCN
2025-05-18 15:09 - 2024-10-29 15:13 - 000000000 ____D C:\Program Files\AMD
2025-05-18 15:09 - 2024-10-29 15:06 - 000000000 ____D C:\ProgramData\Packages
2025-05-18 12:27 - 2025-03-24 18:45 - 000000000 ____D C:\Users\emqi-\AppData\Roaming\Microsoft\Windows
2025-05-18 08:58 - 2025-03-24 22:08 - 000001072 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2025-05-16 10:16 - 2024-04-01 09:26 - 000000000 ___HD C:\Windows\ELAMBKUP
2025-05-16 10:16 - 2024-04-01 09:21 - 000032768 _____ C:\Windows\system32\config\ELAM
2025-05-16 10:05 - 2025-03-27 15:20 - 000000000 ____D C:\Users\emqi-\AppData\Local\Norton
2025-05-15 21:54 - 2024-10-29 15:11 - 000000000 ____D C:\Windows\system32\MRT
2025-05-15 06:28 - 2024-10-29 15:04 - 000475880 _____ C:\Windows\system32\FNTCACHE.DAT
2025-05-15 06:27 - 2024-04-01 10:03 - 000000000 ____D C:\Windows\system32\Microsoft-Edge-WebView
2025-05-15 06:27 - 2024-04-01 10:03 - 000000000 ____D C:\Windows\InboxApps
2025-05-15 06:27 - 2024-04-01 09:26 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2025-05-15 06:27 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\UUS
2025-05-15 06:27 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\SysWOW64\WinMetadata
2025-05-15 06:27 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\SysWOW64\setup
2025-05-15 06:27 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\SysWOW64\oobe
2025-05-15 06:27 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\SysWOW64\Dism
2025-05-15 06:27 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\SystemResources
2025-05-15 06:27 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\SystemApps
2025-05-15 06:27 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\system32\WinMetadata
2025-05-15 06:27 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\system32\ShellExperiences
2025-05-15 06:27 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\system32\setup
2025-05-15 06:27 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\system32\SecureBootUpdates
2025-05-15 06:27 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\system32\oobe
2025-05-15 06:27 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\system32\migwiz
2025-05-15 06:27 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\system32\HealthAttestationClient
2025-05-15 06:27 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\system32\Dism
2025-05-15 06:27 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\system32\DDFs
2025-05-15 06:27 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\system32\appraiser
2025-05-15 06:27 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\ShellExperiences
2025-05-15 06:27 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\Provisioning
2025-05-15 06:27 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\PolicyDefinitions
2025-05-15 06:27 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\bcastdvr
2025-05-14 20:16 - 2024-10-29 15:11 - 214836568 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2025-05-14 16:03 - 2024-10-29 15:07 - 003369984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2025-05-09 07:49 - 2025-03-24 23:39 - 000000000 ____D C:\ProgramData\Adobe
2025-05-09 07:45 - 2025-03-24 23:38 - 000000000 ____D C:\Program Files\Adobe
2025-05-08 22:42 - 2024-04-01 09:26 - 000000000 ____D C:\Windows\system32\AppLocker
2025-05-02 07:13 - 2025-03-29 11:29 - 000000000 ____D C:\Program Files\Microsoft OneDrive
2025-04-29 12:57 - 2025-03-24 18:51 - 000000000 ___RD C:\Users\emqi-\OneDrive

==================== SigCheck ============================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

==================== Ende von FRST.txt ========================

Code:

ATTFilter

Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 22-05-2025
durchgeführt von emqi- (26-05-2025 18:21:37)
Gestartet von C:\Users\emqi-\Downloads
Microsoft Windows 11 Pro Version 24H2 26100.4061 (X64) (2025-03-24 16:22:05)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

Administrator (S-1-5-21-76596380-2333717119-1847427047-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-76596380-2333717119-1847427047-503 - Limited - Disabled)
emqi- (S-1-5-21-76596380-2333717119-1847427047-1003 - Administrator - Enabled) => C:\Users\emqi-
Gast (S-1-5-21-76596380-2333717119-1847427047-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-76596380-2333717119-1847427047-504 - Limited - Disabled)

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 6.6.0.611 - Adobe Inc.)
Adobe Lightroom Classic (HKLM-x32\...\LTRM_14_3_1) (Version: 14.3.1 - Adobe Inc.)
Adobe Photoshop 2025 (HKLM-x32\...\PHSP_26_7) (Version: 26.7.0.15 - Adobe Inc.)
AMD Chipset Software (HKLM-x32\...\AMD_Chipset_IODrivers) (Version: 7.04.09.545 - Advanced Micro Devices, Inc.)
AMD GPIO2 Driver (HKLM-x32\...\{E9DD399F-21A3-479E-A7DF-D6CF4B2ADBF3}) (Version: 2.2.0.134 - Advanced Micro Devices, Inc.) Hidden
AMD Install Manager (HKLM\...\{8D83B6D7-A61B-469A-B549-38A857A4D4AA}) (Version: 25.10.25126.1755 - Advanced Micro Devices, Inc.)
AMD PCI Driver (HKLM-x32\...\{80EC3CEE-2940-42A1-A776-B5D810D39F1E}) (Version: 1.0.0.9 - Advanced Micro Devices, Inc.) Hidden
AMD PPM Provisioning File Driver (HKLM-x32\...\{3665A5DE-D07C-46D7-9207-713E8E9FEF32}) (Version: 8.0.0.52 - Advanced Micro Devices, Inc.) Hidden
AMD PSP Driver (HKLM-x32\...\{988F14B8-79A8-475D-BAC7-83F96AD3D821}) (Version: 5.39.0.0 - Advanced Micro Devices, Inc.) Hidden
AMD SBxxx SMBus Driver (HKLM-x32\...\{AAE0E27D-C88A-49BA-8715-77ADCD4286A3}) (Version: 5.12.0.44 - Advanced Micro Devices, Inc.) Hidden
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 25.5.1 - Advanced Micro Devices, Inc.)
AMD_Chipset_Drivers (HKLM-x32\...\{187898e5-7a9e-459f-a0ad-f2344c6f7f39}) (Version: 7.04.09.545 - Advanced Micro Devices, Inc.) Hidden
Avira Fallback Updater (HKLM-x32\...\Avira Fallback Updater) (Version:  - )
Branding64 (HKLM\...\{492AEFBE-1B81-4C20-A111-E6974BB98EC5}) (Version: 1.00.0009 - Advanced Micro Devices, Inc.) Hidden
Corsair Device Control Service (HKLM\...\{3761F1BA-5697-4562-B677-E3CE0F944679}) (Version: 1.3.1 - Corsair)
Corsair iCUE5 Software (HKLM\...\{A9B0B2D7-8C59-4413-A2FB-99EDBE65A608}) (Version: 5.24.57 - Corsair)
Malwarebytes version 5.2.11.183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 5.2.11.183 - Malwarebytes)
Microsoft 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 16.0.18730.20186 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 136.0.3240.92 - Microsoft Corporation)
Microsoft Edge WebView2-Laufzeit (HKLM-x32\...\Microsoft EdgeWebView) (Version: 136.0.3240.92 - Microsoft Corporation) Hidden
Microsoft Office Home 2024 - de-de (HKLM\...\Home2024Retail - de-de) (Version: 16.0.18730.20186 - Microsoft Corporation)
Microsoft OneNote - de-de (HKLM\...\OneNoteFreeRetail - de-de) (Version: 16.0.18730.20186 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.40.33810 (HKLM-x32\...\{5af95fd8-a22e-458f-acee-c61bd787178e}) (Version: 14.40.33810.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.40.33810 (HKLM-x32\...\{47109d57-d746-4f8b-9618-ed6a17cc922b}) (Version: 14.40.33810.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.40.33810 (HKLM\...\{59CED48F-EBFE-480C-8A38-FC079C2BEC0F}) (Version: 14.40.33810 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.40.33810 (HKLM\...\{B8B3BB4A-A10D-4F51-91B7-A64FFAC31EA7}) (Version: 14.40.33810 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.40.33810 (HKLM-x32\...\{5EA6C998-D5AC-4ED9-89C3-9F25B17CCD3D}) (Version: 14.40.33810 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.40.33810 (HKLM-x32\...\{0C3457A0-3DCE-4A33-BEF0-9B528C557771}) (Version: 14.40.33810 - Microsoft Corporation) Hidden
Mozilla Firefox (x64 de) (HKLM\...\Mozilla Firefox 138.0.4 (x64 de)) (Version: 138.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 136.0.1 - Mozilla)
Mozilla Thunderbird (x64 de) (HKLM\...\Mozilla Thunderbird 138.0.2 (x64 de)) (Version: 138.0.2 - Mozilla)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.18623.20156 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.18730.20186 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0407-1000-0000000FF1CE}) (Version: 16.0.18623.20156 - Microsoft Corporation) Hidden
Promontory_GPIO Driver (HKLM-x32\...\{B5512BCC-F4CD-4159-86A4-B2AD7D38FFA9}) (Version: 3.0.3.0 - Advanced Micro Devices, Inc.) Hidden
RyzenMasterSDK (HKLM\...\{2FC6B840-0E0F-48D6-A461-66CB5566B9FB}) (Version: 1.2.3.5 - Advanced Micro Devices, Inc.) Hidden
UXP WebView Support (HKLM-x32\...\UXPW_1_3_0) (Version: 1.3.0 - Adobe Inc.)
Wacom Tablett (HKLM\...\Wacom Tablet Driver) (Version: 6.4.9-2 - Wacom Technology Corp.)

Packages:
=========
@{MicrosoftWindows.55182690.Taskbar_1000.26100.3775.0_x64__cw5n1h2txyewy?ms-resource://MicrosoftWindows.55182690.Taskbar/Resources/ProductPkgDisplayName} -> C:\Windows\SystemApps\SxS\MicrosoftWindows.55182690.Taskbar_cw5n1h2txyewy [2025-05-15] (Microsoft Windows)
Adobe Notification Client -> C:\Program Files\WindowsApps\AdobeNotificationClient_6.0.0.1_x86__enpm4xejd91yc [2025-03-24] (Adobe Systems Incorporated)
AMD Radeon Software -> C:\Program Files\AMD\CNext\CNext [2025-05-18] (Advanced Micro Devices Inc.)
Ink.Handwriting.de-DE.1.0 -> C:\Program Files\WindowsApps\Microsoft.Ink.Handwriting.de-DE.1.0_0.850.1840.0_x64__8wekyb3d8bbwe [2025-05-02] (Microsoft Corporation)
Ink.Handwriting.de-DE.1.0 -> C:\Program Files\WindowsApps\Microsoft.Ink.Handwriting.de-DE.1.0_0.850.1840.0_x86__8wekyb3d8bbwe [2025-05-02] (Microsoft Corporation)
Ink.Handwriting.Main.de-DE.1.0 -> C:\Program Files\WindowsApps\Microsoft.Ink.Handwriting.Main.de-DE.1.0_0.850.1840.0_x64__8wekyb3d8bbwe [2025-05-02] (Microsoft Corporation)
Journal -> C:\Program Files\WindowsApps\Microsoft.MicrosoftJournal_1.23355.1356.0_x64__8wekyb3d8bbwe [2024-10-29] (Microsoft Corporation)
Klick-und-Los (Vorschau) -> C:\Windows\SystemApps\MicrosoftWindows.Client.CoreAI_cw5n1h2txyewy [2025-05-15] (Microsoft Windows)
Microsoft Defender -> C:\Program Files\WindowsApps\Microsoft.6365217CE6EB4_102.2412.12002.0_x64__8wekyb3d8bbwe [2025-03-24] (Microsoft Corporation) [Startup Task]
Microsoft Family -> C:\Program Files\WindowsApps\MicrosoftCorporationII.MicrosoftFamily_0.2.40.0_x64__8wekyb3d8bbwe [2025-03-26] (Microsoft Corp.)
Microsoft.StartExperiencesApp -> C:\Program Files\WindowsApps\Microsoft.StartExperiencesApp_1.22.1.0_x64__8wekyb3d8bbwe [2025-05-22] (Microsoft Corporation)
OfficePushNotificationsUtility -> C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\OFFICE16 [2025-05-24] ()
Windows Feature Experience Pack -> C:\Windows\SystemApps\SxS\MicrosoftWindows.55182690.Taskbar_cw5n1h2txyewy [2025-05-15] (Microsoft Windows)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-76596380-2333717119-1847427047-1003_Classes\CLSID\{2F81B25E-7507-4844-BFF2-77D2CC24CED4}\localserver32 -> C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (Adobe Inc. -> Adobe Inc.)
CustomCLSID: HKU\S-1-5-21-76596380-2333717119-1847427047-1003_Classes\CLSID\{3978C7B3-066A-45B3-9361-2F73A45C1449}\InprocServer32 -> C:\Program Files\Mozilla Thunderbird\notificationserver.dll (Mozilla Corporation -> Mozilla Foundation)
CustomCLSID: HKU\S-1-5-21-76596380-2333717119-1847427047-1003_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Inc. -> Adobe Systems)
ShellIconOverlayIdentifiers: [   AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2025-03-24] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [   AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2025-03-24] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [   AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2025-03-24] (Adobe Inc. -> )
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2025-03-24] (Adobe Inc. -> )
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2025-03-28] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2025-03-24] (Adobe Inc. -> )
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2025-03-28] (Malwarebytes Inc. -> Malwarebytes)

==================== Codecs (Nicht auf der Ausnahmeliste) ====================

==================== Verknüpfungen & WMI ========================

==================== Geladene Module (Nicht auf der Ausnahmeliste) =============

2025-05-09 07:41 - 2025-05-09 07:41 - 001927680 _____ () [Datei ist nicht signiert] C:\Program Files\Adobe\Adobe Lightroom Classic\opencv_calib3d310.dll
2025-05-09 07:41 - 2025-05-09 07:41 - 002507264 _____ () [Datei ist nicht signiert] C:\Program Files\Adobe\Adobe Lightroom Classic\opencv_core310.dll
2025-05-09 07:41 - 2025-05-09 07:41 - 000787968 _____ () [Datei ist nicht signiert] C:\Program Files\Adobe\Adobe Lightroom Classic\opencv_features2d310.dll
2025-05-09 07:41 - 2025-05-09 07:41 - 000525312 _____ () [Datei ist nicht signiert] C:\Program Files\Adobe\Adobe Lightroom Classic\opencv_flann310.dll
2025-05-09 07:41 - 2025-05-09 07:41 - 002905088 _____ () [Datei ist nicht signiert] C:\Program Files\Adobe\Adobe Lightroom Classic\opencv_imgproc310.dll
2025-05-09 07:41 - 2025-05-09 07:41 - 000484352 _____ () [Datei ist nicht signiert] C:\Program Files\Adobe\Adobe Lightroom Classic\opencv_video310.dll
2025-03-24 21:59 - 2025-02-06 03:14 - 004311040 _____ () [Datei ist nicht signiert] C:\Program Files\Tablet\Wacom\LicenseManager.dll
2025-03-24 21:59 - 2025-02-06 03:14 - 002655744 _____ () [Datei ist nicht signiert] C:\Program Files\Tablet\Wacom\WacomCenter\libxml2.dll
2025-03-24 21:59 - 2025-02-06 03:14 - 007785984 _____ () [Datei ist nicht signiert] C:\Program Files\Tablet\Wacom\WacomCenter\WacomCenterLibrary.dll
2024-10-29 15:07 - 2024-10-29 15:07 - 000000000 ____L (Microsoft Corporation) [symlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvSubsystems64.dll] C:\Program Files\Microsoft Office\Root\Office16\AppVIsvSubsystems64.dll
2024-10-29 15:07 - 2024-10-29 15:07 - 000000000 ____L (Microsoft Corporation) [symlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2R64.dll] C:\Program Files\Microsoft Office\Root\Office16\c2r64.dll
2025-03-24 21:59 - 2025-02-06 03:14 - 001418752 _____ (Microsoft.Graphics.Canvas.Interop) [Datei ist nicht signiert] [Datei wird verwendet] C:\Program Files\Tablet\Wacom\WacomCenter\Microsoft.Graphics.Canvas.Interop.dll
2025-03-24 21:59 - 2025-02-06 03:14 - 002357248 _____ (WacomCenterUI) [Datei ist nicht signiert] [Datei wird verwendet] C:\Program Files\Tablet\Wacom\WacomCenter\WacomCenterUI.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ========

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ==================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Verknüpfungen (Nicht auf der Ausnahmeliste) =================

==================== Internet Explorer (Nicht auf der Ausnahmeliste) =============

BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2025-05-24] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2025-05-24] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2025-05-24] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2025-05-24] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2025-05-24] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2025-05-24] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2025-05-24] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2025-05-24] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2025-05-24] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts Inhalt: =========================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2024-04-01 09:26 - 2025-05-17 16:29 - 000000027 _____ C:\Windows\system32\drivers\etc\hosts
127.0.0.1       localhost

==================== Andere Bereiche ===========================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-76596380-2333717119-1847427047-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\emqi-\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\LocalCache\Microsoft\IrisService\10597558318473548197\133926606644900544.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
 ist aktiviert.

Network Binding:
=============
Ethernet: Realtek Gaming 2.5GbE Family Controller -> rt640x64.sys
WLAN: RZ616 Wi-Fi 6E 160MHz -> mtkwl6ex.sys
Bluetooth-Netzwerkverbindung: Bluetooth Device (Personal Area Network) -> bthpan.sys

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [FPS-SpoolWorker-In-TCP-NoScope] => (Allow) C:\Windows\system32\spoolsvworker.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [FPS-SpoolWorker-In-TCP-V2] => (Allow) C:\Windows\system32\spoolsvworker.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [FPS-SpoolWorker-In-TCP] => (Allow) C:\Windows\system32\spoolsvworker.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{AF3CBF81-A3ED-4414-AB3C-8EC22C186505}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{197244B8-70E2-4592-9848-893DCDBDB608}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{A1683ABE-C8D6-466C-8412-77EF5FFD437C}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{7E72EA80-4B36-473D-AEBE-1CB108A9954D}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\136.0.3240.92\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)

==================== Wiederherstellungspunkte =========================

18-05-2025 15:08:32 Radeon Installer
22-05-2025 16:07:37 Windows Update
23-05-2025 16:11:18 Installed AMD_Chipset_Drivers.

==================== Fehlerhafte Geräte im Gerätemanager ============

==================== Fehlereinträge in der Ereignisanzeige: ========================

Applikationsfehler:
==================
Error: (05/25/2025 10:36:49 PM) (Source: Application Error) (EventID: 1000) (User: EMQI-LIVINGPICS)
Description: Fehlerhafter Anwendungsname: ESETOnlineScanner.exe, Version: 10.34.13.0, Zeitstempel: 0x67d4488f
Fehlerhafter Modulname: WININET.dll, Version: 11.0.26100.3912, Zeitstempel: 0x0b038e12
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000aef94
Fehlerhafte Prozess-ID: 0x2ccc
Fehlerhafte Anwendungsstartzeit: 0x1dbcdb4bc20a5b1
Fehlerhafter Anwendungspfad: C:\Users\emqi-\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe
Fehlerhafter Modulpfad: C:\Windows\SYSTEM32\WININET.dll
Berichts-ID: ad517ec6-6fd2-4ea1-a227-ba540630b490
Vollständiger Name des fehlerhaften Pakets: 
Fehlerhafte paketbezogene Anwendungs-ID:

Error: (05/22/2025 07:55:13 PM) (Source: Application Error) (EventID: 1000) (User: EMQI-LIVINGPICS)
Description: Fehlerhafter Anwendungsname: ESETOnlineScanner.exe, Version: 10.34.13.0, Zeitstempel: 0x67d4488f
Fehlerhafter Modulname: WININET.dll, Version: 11.0.26100.3912, Zeitstempel: 0x0b038e12
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000aef94
Fehlerhafte Prozess-ID: 0x571c
Fehlerhafte Anwendungsstartzeit: 0x1dbcb42a941f7e0
Fehlerhafter Anwendungspfad: C:\Users\emqi-\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe
Fehlerhafter Modulpfad: C:\Windows\SYSTEM32\WININET.dll
Berichts-ID: 1f8feea3-e84f-4d28-b894-eeb083b5dd6b
Vollständiger Name des fehlerhaften Pakets: 
Fehlerhafte paketbezogene Anwendungs-ID:

Error: (05/22/2025 04:07:39 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".

Details:
AddLegacyDriverFiles: Unable to back up image of binary klupd_5260bff7a_klbg.

System Error:
Das System kann die angegebene Datei nicht finden..

Error: (05/22/2025 04:07:39 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".

Details:
AddLegacyDriverFiles: Unable to back up image of binary klupd_5260bff7a_arkmon.

System Error:
Das System kann die angegebene Datei nicht finden..

Error: (05/18/2025 08:58:08 AM) (Source: Firefox Default Browser Agent) (EventID: 5) (User: )
Description: Event-ID 5

Error: (05/17/2025 04:28:13 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "QueryFullProcessImageNameW" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070006, Das Handle ist ungültig..

Vorgang:
   Asynchroner Vorgang wird ausgeführt

Kontext:
   Aktueller Status: DoSnapshotSet

Error: (05/17/2025 04:28:03 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert.Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {b53fcff8-0d79-4520-b680-4306dab10cf8}

Error: (05/17/2025 03:43:28 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts (Prozess = C:\Windows\system32\srtasks.exe ExecuteScheduledSPPCreation; Beschreibung = Geplanter Prüfpunkt; Fehler = 0x80070422).


Systemfehler:
=============
Error: (05/26/2025 04:32:10 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎25.‎05.‎2025 um 23:31:57 unerwartet heruntergefahren.

Error: (05/26/2025 04:32:00 PM) (Source: Microsoft-Windows-Kernel-Boot) (EventID: 29) (User: NT-AUTORITÄT)
Description: 3221225684A fatal error occurred processing the restoration data.

Error: (05/25/2025 01:45:24 PM) (Source: Microsoft-Windows-DeviceAssociationService) (EventID: 3503) (User: NT-AUTORITÄT)
Description: Der Gerätezuordnungsdienst hat einen Fehler bei der Endpunktermittlung erkannt.

Error: (05/25/2025 01:45:24 PM) (Source: Microsoft-Windows-DeviceAssociationService) (EventID: 3503) (User: NT-AUTORITÄT)
Description: Der Gerätezuordnungsdienst hat einen Fehler bei der Endpunktermittlung erkannt.

Error: (05/23/2025 04:10:31 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80073d02 fehlgeschlagen: 9NMPJ99VJBWV-Microsoft.YourPhone

Error: (05/23/2025 02:39:00 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80073d02 fehlgeschlagen: 9NMPJ99VJBWV-Microsoft.YourPhone

Error: (05/23/2025 02:29:41 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎22.‎05.‎2025 um 21:50:56 unerwartet heruntergefahren.

Error: (05/23/2025 02:29:30 PM) (Source: Microsoft-Windows-Kernel-Boot) (EventID: 29) (User: NT-AUTORITÄT)
Description: 3221225684A fatal error occurred processing the restoration data.


Windows Defender:
================
Date: 2025-05-24 18:18:30
Description: 
Microsoft Defender Antivirus Überprüfung wurde vor Abschluss abgebrochen.
Überprüfungs-ID: {C1AF388C-0AFC-4985-8FFE-104B687B6C26}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Schnellüberprüfung
Benutzer: NT-AUTORITÄT\SYSTEM
Abbruchgrund: Die geplante Überprüfung wurde übersprungen, da die letzte erfolgreiche Überprüfung innerhalb der letzten 7 Tage 

Date: 2025-05-17 14:17:13
Description: 
Microsoft Defender Antivirus Überprüfung wurde vor Abschluss abgebrochen.
Überprüfungs-ID: {701255D6-62AC-4CF7-B429-29A238CBD78B}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Quick Scan
Benutzer: NT-AUTORITÄT\SYSTEM
Abbruchgrund: %12 

Date: 2025-05-14 23:26:06
Description: 
Microsoft Defender Antivirus Überprüfung wurde vor Abschluss abgebrochen.
Überprüfungs-ID: {4E696057-9792-4009-8C40-DC980A396FED}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Full Scan
Benutzer: EMQI-LivingPics\emqi-
Abbruchgrund: %12 

Date: 2025-05-12 17:41:30
Description: 
Microsoft Defender Antivirus Überprüfung wurde vor Abschluss abgebrochen.
Überprüfungs-ID: {D0D60AFB-DE2B-40D0-8488-0CA95AA2F517}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Quick Scan
Benutzer: NT-AUTORITÄT\SYSTEM
Abbruchgrund: %12 

Date: 2025-05-11 15:47:58
Description: 
Microsoft Defender Antivirus Überprüfung wurde vor Abschluss abgebrochen.
Überprüfungs-ID: {38C80682-0C01-4FFA-B2A8-68969D294437}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Quick Scan
Benutzer: NT-AUTORITÄT\SYSTEM
Abbruchgrund: %12 
Event[0]

Date: 2025-05-22 14:41:34
Description: 
Microsoft Defender Antivirus konnte Microsoft Defender Antivirus (Offlineüberprüfung) nicht herunterladen und konfigurieren.
Fehlercode: 0x80070032
Fehlerbeschreibung: Die Anforderung wird nicht unterstützt.  

Date: 2025-05-18 22:14:01
Description: 
Microsoft Defender Antivirus konnte Microsoft Defender Antivirus (Offlineüberprüfung) nicht herunterladen und konfigurieren.
Fehlercode: 0x80070032
Fehlerbeschreibung: Die Anforderung wird nicht unterstützt.  

Date: 2025-05-16 13:29:15
Description: 
Microsoft Defender Antivirus konnte Microsoft Defender Antivirus (Offlineüberprüfung) nicht herunterladen und konfigurieren.
Fehlercode: 0x80070032
Fehlerbeschreibung: Die Anforderung wird nicht unterstützt.  

Date: 2025-05-16 13:14:25
Description: 
Microsoft Defender Antivirus konnte Microsoft Defender Antivirus (Offlineüberprüfung) nicht herunterladen und konfigurieren.
Fehlercode: 0x80070032
Fehlerbeschreibung: Die Anforderung wird nicht unterstützt.  

Date: 2025-05-16 13:14:01
Description: 
Microsoft Defender Antivirus konnte Microsoft Defender Antivirus (Offlineüberprüfung) nicht herunterladen und konfigurieren.
Fehlercode: 0x80070032
Fehlerbeschreibung: Die Anforderung wird nicht unterstützt.  

CodeIntegrity:
===============
Date: 2025-05-16 10:15:11
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\SecurityHealthService.exe) attempted to load \Device\HarddiskVolume3\Program Files\Norton Security\Engine\22.24.8.36\symamsi.dll that did not meet the Windows signing level requirements. 

Date: 2025-05-16 10:15:01
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files\Norton Security\Engine\22.24.8.36\symamsi.dll that did not meet the Custom 3 / Antimalware signing level requirements. 


==================== Speicherinformationen =========================== 

BIOS: American Megatrends International, LLC. 1.I0 12/27/2024
Hauptplatine: Micro-Star International Co., Ltd. PRO B650-S WIFI (MS-7E26)
Prozessor: AMD Ryzen 5 7500F 6-Core Processor 
Prozentuale Nutzung des RAM: 43%
Installierter physikalischer RAM: 32361.99 MB
Verfügbarer physikalischer RAM: 18354.81 MB
Summe virtueller Speicher: 35305.99 MB
Verfügbarer virtueller Speicher: 16736.89 MB

==================== Laufwerke ================================

Drive c: (Windows) (Fixed) (Total:930.52 GB) (Free:757.81 GB) (Model: KINGSTON SNV2S1000G) NTFS
Drive d: (Volume) (Fixed) (Total:1863 GB) (Free:617.82 GB) (Model: WD_BLACK SN770 2TB) NTFS

\\?\Volume{65a0ed77-80f7-45f3-b738-502983e78c35}\ (Recovery) (Fixed) (Total:0.88 GB) (Free:0.46 GB) NTFS
\\?\Volume{a06396d4-135d-4615-a166-2d7a28f83397}\ (SYSTEM) (Fixed) (Total:0.09 GB) (Free:0.06 GB) FAT32

==================== MBR & Partitionstabelle ====================

==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: BF8DF24A)

Partition: GPT.

==========================================================
Disk: 1 (Protective MBR) (Size: 1863 GB) (Disk ID: 00000000)

Partition: GPT.

==================== Ende von Addition.txt =======================

M-K-D-B · 26.05.2025, 20:20

Bitte einen Spezialsuchlauf mit FRST ausführen.

Spezialsuche

Starte FRST erneut. Kopiere den Inhalt der folgenden Code-Box oben in das Suchfeld:
Code:
ATTFilter
```
SearchAll: Avira
         
```
Klicke auf den Button Datei-Suche.
FRST beginnt mit dem Suchlauf. Das kann einige Zeit dauern, bitte gedulde dich!
Am Ende wird eine Textdatei Search.txt erstellt.
Poste mir deren Inhalt mit deiner nächsten Antwort.

Bernd Brot · 27.05.2025, 06:57

Ging recht flott:
Teil 1

Code:

ATTFilter

Farbar Recovery Scan Tool (x64) Version: 22-05-2025
durchgeführt von emqi- (27-05-2025 07:43:01)
Gestartet von C:\Users\emqi-\Downloads
Start-Modus: Normal

================== Datei-Suche: "SearchAll: Avira" =============

Datei:
========
C:\Windows\SystemTemp\Avira_Spotlight_Bootstrapper_2025-05-15_06-32-44.log
[2025-05-15 06:32][2025-05-15 06:32] 000009223 _____ () 132FBF5C4A52698A959F2045DE7FD850 [Datei ist nicht signiert]

C:\Windows\SystemTemp\Avira_Spotlight_Bootstrapper_2025-05-15_16-27-00.log
[2025-05-15 16:27][2025-05-15 16:27] 000011205 _____ () 3DCB377A27043A26DF1FF2E3EA78C29B [Datei ist nicht signiert]

C:\Windows\SystemTemp\Avira_Spotlight_Bootstrapper_2025-05-16_09-47-11.log
[2025-05-16 09:47][2025-05-16 09:47] 000009223 _____ () D404494322C413CC2021942F3056DEF4 [Datei ist nicht signiert]

C:\Windows\Prefetch\AVIRA.SPOTLIGHT.BOOTSTRAPPER.-4A5AABF5.pf
[2025-05-14 23:38][2025-05-14 23:38] 000050577 _____ () B2775F81389A1F47DBD3064CAEB7E5FB [Datei ist nicht signiert]

C:\Windows\Prefetch\AVIRA.SPOTLIGHT.BOOTSTRAPPER.-7AEF070C.pf
[2025-05-16 09:53][2025-05-16 09:53] 000042929 _____ () 8B61F8EDB5716DC5DE709ED442272AAE [Datei ist nicht signiert]

C:\Windows\Prefetch\AVIRA.SPOTLIGHT.UI.ADMINISTRA-80E1237E.pf
[2025-05-16 09:53][2025-05-16 09:53] 000046134 _____ () 3C184F95ACC7B2ECDDE7D885C6DDDE56 [Datei ist nicht signiert]

C:\Windows\Prefetch\AVIRA.SPOTLIGHT.UI.APPLICATIO-17D20DBA.pf
[2025-05-15 06:37][2025-05-15 06:38] 000055674 _____ () 077AC4AFAB05F6E614FF1EE329F51821 [Datei ist nicht signiert]

C:\Windows\Prefetch\AVIRA.SPOTLIGHT.UI.APPLICATIO-8506823E.pf
[2025-05-15 17:24][2025-05-15 17:24] 000049482 _____ () E0E5278B2123731CB0EF919E2B4F816F [Datei ist nicht signiert]

C:\Windows\Prefetch\AVIRA_OPTIMIZER_HOST.TMP-6E50DB22.pf
[2025-05-14 23:39][2025-05-14 23:39] 000015992 _____ () 7BEE6F998A3F58EBBD895E9ED360A601 [Datei ist nicht signiert]

C:\Windows\Prefetch\AVIRA_SPOTLIGHT_SETUP_PAVWWS.-8DBC0226.pf
[2025-05-14 23:39][2025-05-14 23:39] 000033687 _____ () C6BBAFD9699513EE3BED945C0A5EFF61 [Datei ist nicht signiert]

C:\Windows\Prefetch\AVIRA_SYSTEM_SPEEDUP.TMP-40918EEC.pf
[2025-05-14 23:39][2025-05-14 23:39] 000039680 _____ () B540899E908F10D5D884E71D5264FA5C [Datei ist nicht signiert]

C:\Users\emqi-\Pictures\Screenshots\Screenshot 2025-05-25 Avira Fallback lösch194656.png
[2025-05-25 19:46][2025-05-25 19:46] 000012727 _____ () AD61462B312C105E115D47DE5B95D33F [Datei ist nicht signiert]

C:\Users\emqi-\AppData\Roaming\Microsoft\Windows\Recent\Screenshot 2025-05-25 Avira Fallback lösch194656.lnk
[2025-05-25 19:48][2025-05-25 19:50] 000000995 _____ () 61BB6A5FCC434E43CFD4C9411D4099DC [Datei ist nicht signiert]


Ordner:
========

Registry:
========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\Avira.Spotlight.UI.Application.Messaging.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Avira_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Avira_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Avira]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsSelfHost\OneSettings]
"TargetingAttributes"="{
  "Version": 311,
  "SchemaVersion": 1,
  "PartA": [
    "App",
    "AppVer",
    "AttrDataVer"
  ],
  "Default": [
    "DeviceFamily",
    "f:FlightRing",
    "t:OSVersionFull"
  ],
  "PartB": {
    "ACSOVERRIDE": [
      "OSArchitecture",
      "c:IsAlwaysOnAlwaysConnectedCapable"
    ],
    "APPTARGETEDFEATUREDB": [
      "c:FlightingBranchName",
      "f:FlightRing",
      "t:OSVersionFull",
      "DeviceFamily"
    ],
    "CASSCLIENT": [
      "OSVersion",
      "c:OSEdition",
      "f:FlightRing",
      "c:OSUILocale",
      "f:FlightingBranchName",
      "r:OEMMode"
    ],
    "CDM": [
      "ChassisTypeId",
      "r:CurrentBranch",
      "DeviceFamily",
      "f:FlightingBranchName",
      "f:FlightRing",
      "c:InstallLanguage",
      "c:IsDomainJoined",
      "t:IsTestLab",
      "OEMModel",
      "OSArchitecture",
      "OSVersion",
      "t:OSSkuId",
      "c:ProcessorIdentifier",
      "c:TelemetryLevel",
      "t:IsMsftOwned",
      "t:WCOSProductId",
      "c:OSUILocale",
      "c:CommercialId",
      "c:ActivationChannel",
      "c:SCCMClientId",
      "c:IsCloudDomainJoined",
      "r:WebExperience",
      "FX_FlightIds",
      "AccountFirstChar",
      "r:WSX_Windows_Settings_Account",
      "r:InstallDate",
      "r:WSX_Runtime",
      "r:DefaultUserRegion",
      "a:GatedFeature_NI22H2",
      "r:WSX_Windows_Shell_Start",
      "a:GatedFeature_CU23H2",
      "r:ExpStates",
      "MX_FlightIds",
      "r:CIOptin",
      "c:ProcessorCores",
      "c:TotalPhysicalRAM",
      "r:TestRN",
      "u:UpdateServiceUrl",
      "u:WUfBClientManaged",
      "r:UUSVersion",
      "DL_OSVersion",
      "r:ExpPkgs",
      "u:AllowOptionalContent",
      "n:IsMicrosoftAAD",
      "q:WidgetsAppVer",
      "c:IsDeviceRetailDemo",
      "r:IsFSOverlay",
      "a:SdbVer_NI22H2",
      "r:EdgeStableVersion",
      "r:Migrated_GatedFeature_NI22H2Setup",
      "a:SdbVer_21H2",
      "a:GatedFeature_21H2",
      "CX_FlightIds",
      "r:UtcDataHandlingPolicies",
      "v:SkypeRoomSystem",
      "r:BypassNRO",
      "c:IsVirtualDevice",
      "s:IsA9CapablePC",
      "a:SdbVer_GE24H2",
      "r:AgileBits1PasswordPluginAuthenticator"
    ],
    "CDM_OS": [
      "+CDM",
      "c:FlightIds"
    ],
    "COMPATLOGGER": [
      "osVer",
      "ring",
      "deviceId"
    ],
    "CONTENT_DELIVERY_MANAGER": [
      "c:OSEdition",
      "t:OSSkuId",
      "c:OSUILocale",
      "a:UpgEx_CO21H2",
      "a:GStatus_CO21H2",
      "a:DataExpDateEpoch_CO21H2",
      "a:TimestampEpochString_CO21H2",
      "r:AndroidUserOptinValue",
      "f:FlightingBranchName",
      "f:FlightRing",
      "r:CurrentBranch",
      "procm",
      "r:NPUEnabledDevice",
      "MX_FlightIds",
      "r:KnownFoldersBackupStatus",
      "c:IsDomainJoined",
      "iepe",
      "iste",
      "drgng",
      "r:WindowsAccountSyncConsentState",
      "r:WindowsAccountSyncConsentApplicable",
      "r:WindowsAccountSyncConsentPromptAllowed",
      "aipc",
      "ram",
      "prccn",
      "prccs",
      "prcmf",
      "ccr",
      "devfm",
      "W10ESU"
    ],
    "CORTANA_GATEKEEPER": [
      "r:CurrentBranch",
      "f:FlightRing",
      "f:IsRetailOS"
    ],
    "CORTANAUWP": [
      "c:OSUILocale",
      "t:OSVersionFull",
      "v:CortanaAppVer",
      "r:TestAllowedIDFlags"
    ],
    "CORTANAUWPTEST": [
      "+CORTANAUWP",
      "v:CortanaAppVerTest"
    ],
    "CTAC": [
      "+FSS",
      "r:FIDTSRan"
    ],
    "DBUPDATE": [
      "c:FirmwareVersion",
      "c:OEMModelBaseBoard",
      "OSArchitecture",
      "c:FirmwareManufacturer",
      "c:OEMModelNumber",
      "r:BaseBoardManufacturer",
      "c:OEMModelSKU",
      "c:OEMManufacturerName",
      "c:OEMName",
      "c:OEMModelBaseBoardVersion",
      "c:OEMModelSystemFamily",
      "c:OEMModelSystemVersion",
      "c:FirmwareReleaseDate"
    ],
    "DDC": [
      "+WU_STORE",
      "+_WU_PTI"
    ],
    "DXDB": [
      "DeviceFamily",
      "f:FlightRing",
      "r:IsHybridOrXGpu",
      "t:OSVersionFull",
      "OSVersion"
    ],
    "EDGE_SERVICEUI": [
      "t:LocalDeviceID",
      "t:LocalUserID"
    ],
    "FCON": [
      "+CDM"
    ],
    "FSS": [
      "r:PreviewBuildsManagerEnabled",
      "f:BranchReadinessLevelRaw",
      "u:BranchReadinessLevelSource",
      "r:BuildFID",
      "t:DeviceFamily",
      "DeviceId",
      "c:EnablePreviewBuilds",
      "f:FlightingPolicyValue",
      "f:IsRetailOS",
      "f:ManagePreviewBuilds",
      "OSVersionFull",
      "t:WCOSProductId",
      "r:SmartActiveHoursState",
      "r:ActiveHoursStart",
      "r:ActiveHoursEnd",
      "r:IsCHCapableBuild",
      "r:FSRing",
      "s:MaxShellVersion",
      "s:MinShellVersion",
      "c:TPMVersion",
      "c:SecureBootCapable",
      "c:ProcessorClockSpeed",
      "c:ProcessorCores",
      "c:TotalPhysicalRAM",
      "t:SMode",
      "c:SystemVolumeTotalCapacity",
      "c:OEMManufacturerName",
      "c:OEMModelNumber",
      "a:ISVM",
      "r:AllowUpgradesWithUnsupportedTPMOrCPU",
      "r:IntelPlatformId",
      "r:IsConfigMgrEnabled",
      "f:IsFlightingEnabled",
      "r:DeviceInfoGatherSuccessful",
      "c:IsVirtualDevice",
      "r:OemPartnerRing",
      "c:FlightingBranchName",
      "a:UpgEx_CO21H2",
      "a:UpgEx_NI22H2",
      "a:UpgEx_GE24H2",
      "sku",
      "r:AADTenantId",
      "r:FIDTSRan"
    ],
    "FXIRISCLIENT": [
      "+IRISCLIENT"
    ],
    "GS": [
      "t:OSSkuId",
      "t:OSVersionFull",
      "r:CurrentBranch",
      "r:DefaultUserRegion",
      "DeviceFamily",
      "c:FlightIds",
      "f:FlightingBranchName",
      "f:FlightRing",
      "c:IsCloudDomainJoined",
      "t:IsMsftOwned",
      "f:IsRetailOS",
      "c:OSUILocale",
      "c:IsDomainJoined"
    ],
    "IDSPCA": [
      "f:FlightRing",
      "f:IsFlightingEnabled",
      "f:FlightingBranchName",
      "f:IsRetailOS",
      "c:OSEdition",
      "c:IsDomainJoined",
      "c:OSUILocale",
      "n:IsMicrosoftAAD",
      "r:CurrentBranch",
      "t:IsMsftOwned",
      "t:IsTestLab",
      "t:DeviceFamily",
      "t:LocalDeviceID",
      "t:OSSkuId",
      "t:OSVersionFull",
      "IsVM",
      "OEMModel",
      "OSVersion",
      "r:EnableCloudManagedIDS",
      "c:AADDeviceId"
    ],
    "IRISCLIENT": [
      "+IRISCLIENTBASE",
      "c:FlightIds"
    ],
    "IRISCLIENTBASE": [
      "DeviceFamily",
      "OSVersion",
      "t:OSSkuId",
      "OSArchitecture",
      "c:TelemetryLevel",
      "f:FlightRing",
      "f:FlightingBranchName",
      "OEMModel",
      "c:OSUILocale",
      "c:OSEdition",
      "r:CurrentBranch",
      "t:WCOSProductId",
      "c:InstallationType",
      "r:InstallDate",
      "c:IsDeviceRetailDemo",
      "f:IsRetailOS",
      "prccs",
      "prccn",
      "prcmf",
      "ram",
      "c:D3DMaxFeatureLevel",
      "c:IsAlwaysOnAlwaysConnectedCapable",
      "t:SMode",
      "t:LocalUserID",
      "r:AndroidUserOptinValue",
      "procm",
      "MX_FlightIds",
      "a:UpgEx_CO21H2",
      "r:KnownFoldersBackupStatus",
      "c:OEMModelSystemFamily",
      "OEMName_Uncleaned",
      "r:IsSpotlightEnabledInOEMTheme",
      "r:IsSpotlightThemeEnabledByOEM",
      "r:WindowsAccountSyncConsentApplicable",
      "r:WindowsAccountSyncConsentState",
      "r:WindowsAccountSyncConsentPromptAllowed",
      "iepe",
      "iste",
      "drgng",
      "aipc",
      "oemname",
      "smbiosdm",
      "ccr",
      "devfm",
      "W10ESU",
      "c:IsCloudDomainJoined"
    ],
    "IRISCLIENTV2": [
      "+IRISCLIENTBASE",
      "IX_FlightIds"
    ],
    "MICROSOFT.WINDOWSFEEDBACKHUB_8WEKYB3D8BBWE": [
      "t:OSVersionFull",
      "t:IsTestLab",
      "f:FlightRing"
    ],
    "MITIGATION": [
      "t:DeviceFamily",
      "f:FlightRing",
      "c:IsDomainJoined",
      "t:IsMsftOwned",
      "f:IsRetailOS",
      "t:IsTestLab",
      "IsVM",
      "OEMModel",
      "c:OSEdition",
      "t:OSSkuId",
      "t:OSVersionFull",
      "c:OSUILocale",
      "t:SMode",
      "f:IsFlightingEnabled",
      "c:FirmwareVersion",
      "c:TelemetryLevel",
      "f:FlightingBranchName",
      "r:CurrentBranch",
      "OSVersion",
      "w:FirstStorageSpaceDeviceId",
      "r:IsCldFltSyncRoots",
      "c:OSInstallType",
      "v:IsNotepadExePresent",
      "r:StrictHiveSecurityReg",
      "a:GatedBlockId_21H1",
      "r:UpdateOfferedDays",
      "r:UsoScanMitigation",
      "r:GamingServicesInstalledKey",
      "v:FileExistsMscoreeDll",
      "w:NetFx3State",
      "r:WCFHTTPActivationNotificationState",
      "w:WCFHTTPActivationState",
      "r:WCFNonHTTPActivationNotificationState",
      "w:WCFNonHTTPActivationState",
      "r:DotNetMissingComponentsTroubleshooterSuccess",
      "r:IIS_ASPNET",
      "w:IIS_ASPNET_WMI",
      "r:IIS_NetFxExtensibility",
      "w:IIS_NetFxExtensibility_WMI",
      "r:WAS_NetFxEnvironment",
      "w:WAS_NetFxEnvironment_WMI",
      "v:XamlCbsActivationStore",
      "v:XamlCbsActivationStoreArm64",
      "v:OnnxruntimeVer",
      "w:ElanFingerprintDriverVersion",
      "r:AADBrokerPluginNotRegistered",
      "r:TenantId",
      "r:IppPrinterBadDefaultPdc",
      "r:FlightingOptOutState",
      "r:CloudFilesFilter",
      "r:PSAKyoceraMissingDEH",
      "r:PSATATriumphMissingDEH",
      "r:PSAXeroxMissingDEH",
      "w:PSAKyoceraInstalledName",
      "w:PSATATriumphInstalledName",
      "w:XeroxPsaInstalledName",
      "v:DmdHpControlPackageEnUs",
      "v:DmdHpControlPackageMultiloc",
      "v:DmdHpControlPackageTr",
      "v:WASDK_1_2_ARM",
      "v:WASDK_1_2_ARM64",
      "v:WASDK_1_2_DLL",
      "v:WASDK_1_2_X86",
      "r:FIDTSRan"
    ],
    "MLMOD": [
      "ChassisTypeId",
      "t:DeviceFamily",
      "f:FlightingBranchName",
      "f:FlightRing",
      "f:IsRetailOS",
      "t:OSSkuId",
      "t:OSVersionFull",
      "c:OSUILocale",
      "OSVersion",
      "c:TelemetryLevel",
      "r:CurrentBranch",
      "t:IsTestLab",
      "c:PrimaryDiskType",
      "FX_FlightIds"
    ],
    "MTP": [
      "+_WU_OS_CORE"
    ],
    "MUSE": [
      "+_WU_FB",
      "ChassisTypeId",
      "deviceClass",
      "deviceId",
      "c:FlightIds",
      "locale",
      "ms",
      "os",
      "osVer",
      "ring",
      "sampleId",
      "sku",
      "r:DaysSince19H1FUOffer",
      "u:DisableDualScan",
      "u:UpdateServiceUrl",
      "c:CommercialId",
      "f:FlightingBranchName",
      "c:SystemVolumeTotalCapacity",
      "c:IsAlwaysOnAlwaysConnectedCapable",
      "c:ProcessorCores",
      "c:PrimaryDiskType",
      "c:TotalPhysicalRAM",
      "c:ProcessorClockSpeed",
      "c:ProcessorIdentifier",
      "c:ProcessorModel",
      "c:ActivationChannel",
      "c:IsCloudDomainJoined",
      "c:isCommercial",
      "c:IsDomainJoined",
      "c:IsMDMEnrolled",
      "c:SCCMClientID",
      "r:OEMSubModel",
      "c:OEMModelNumber",
      "c:OEMManufacturerName",
      "r:OobeSeeker",
      "r:DefaultUserRegion",
      "c:DeviceForm"
    ],
    "NARRATORNNV": [
      "+WU_STORE"
    ],
    "NOISYHAMMER": [
      "+WU_OS"
    ],
    "OPENWITH": [
      "c:OSUILocale"
    ],
    "PHS": [
      "r:GridZoneName",
      "OEMModel",
      "c:OEMManufacturerName",
      "c:OSUILocale",
      "r:OEMSubModel",
      "DeviceFamily"
    ],
    "RULESENGINE": [
      "c:OSEdition",
      "t:OSSkuId",
      "c:OSUILocale",
      "a:UpgEx_CO21H2",
      "a:GStatus_CO21H2",
      "a:DataExpDateEpoch_CO21H2",
      "a:TimestampEpochString_CO21H2",
      "r:AndroidUserOptinValue",
      "f:FlightingBranchName",
      "f:FlightRing",
      "r:CurrentBranch",
      "c:ProcessorModel",
      "r:NPUEnabledDevice",
      "MX_FlightIds",
      "r:KnownFoldersBackupStatus",
      "c:IsDomainJoined",
      "r:WindowsAccountSyncConsentApplicable",
      "r:WindowsAccountSyncConsentState",
      "r:WindowsAccountSyncConsentPromptAllowed",
      "c:FlightIds",
      "c:isCommercial",
      "c:CommercialId",
      "c:SCCMClientID"
    ],
    "RUXIM": [
      "c:ActivationChannel",
      "f:FlightRing",
      "r:InstallDate",
      "f:IsFlightingEnabled",
      "a:ISVM",
      "OEMModel",
      "OSArchitecture",
      "t:OSSkuId",
      "c:SCCMClientID",
      "r:SetupDisplayedEulaVersion",
      "r:KioskMode",
      "r:OobeSeeker",
      "r:UninstallActive",
      "c:OEMManufacturerName",
      "r:OEMSubModel",
      "c:OSUILocale",
      "f:FlightingBranchName"
    ],
    "SEDIMENTPACK": [
      "+WU_OS"
    ],
    "SERVICEEXPERIENCES": [
      "f:FlightingBranchName",
      "f:FlightRing",
      "s:MaxShellVersion",
      "s:MinShellVersion",
      "t:IsTestLab",
      "c:TelemetryLevel",
      "t:OSSkuId",
      "r:CurrentBranch",
      "OSVersion",
      "DeviceFamily",
      "r:WSX_Windows_Settings_Account",
      "c:FlightIds",
      "r:WSX_Runtime",
      "r:WSX_Windows_Shell_Start",
      "r:WSX_Windows_AppSample",
      "r:WSX_Windows_AccountControl"
    ],
    "SERVICING_CBS": [
      "+WU",
      "osVer"
    ],
    "SETUP360": [
      "t:OSSkuId",
      "f:FlightRing"
    ],
    "SMARTOPTOUT": [
      "+CDM"
    ],
    "STORAGEGROVELER": [
      "a:Free",
      "c:TelemetryLevel",
      "f:FlightRing",
      "f:IsFlightingEnabled",
      "IsVM",
      "t:OSVersionFull"
    ],
    "UCPD": [
      "c:OSUILocale",
      "c:IsDomainJoined",
      "v:UCPDVer",
      "c:IsCloudDomainJoined",
      "t:OSSkuId",
      "c:isCommercial"
    ],
    "UNEXPECTEDCODEPATHLOGGING": [
      "+UTC_STATIC",
      "t:LocalDeviceID",
      "OSVersionFull",
      "OEMModel",
      "OEMName_Uncleaned"
    ],
    "UTC": [
      "+UTC_STATIC",
      "osVer",
      "locale",
      "ring",
      "f:PilotRing",
      "f:IsRetailOS",
      "ms",
      "expId",
      "t:SMode",
      "f:FlightingBranchName",
      "c:CommercialId",
      "r:IsFeedbackHubSelfhost",
      "c:AzureVMType",
      "t:IsTestLab",
      "c:TelemetryLevel",
      "c:IsVirtualDevice",
      "r:IsProcessorMode",
      "r:UtcDataHandlingPolicies",
      "s:IsA9CapablePC"
    ],
    "UTC_STATIC": [
      "os",
      "deviceId",
      "sampleId",
      "deviceClass",
      "sku",
      "OEMModel",
      "OEMName_Uncleaned",
      "c:PrimaryDiskType",
      "c:ProcessorModel",
      "c:TotalPhysicalRAM"
    ],
    "UUS": [
      "OSVersion",
      "f:FlightRing",
      "t:IsTestLab",
      "t:OSVersionFull",
      "f:FlightingBranchName",
      "r:CurrentBranch",
      "f:IsFlightingEnabled"
    ],
    "WAASASSESSMENT": [
      "+WU_OS"
    ],
    "WAASMEDIC": [
      "os",
      "osVer",
      "ring",
      "deviceClass",
      "deviceId",
      "locale",
      "sku",
      "c:ActivationChannel",
      "c:CommercialId",
      "r:CurrentBranch",
      "f:FlightingBranchName",
      "c:IsCloudDomainJoined",
      "c:IsDomainJoined",
      "t:IsTestLab",
      "OSVersion",
      "c:SCCMClientID",
      "c:TelemetryLevel",
      "r:FlightingOptOutState"
    ],
    "WOSC": [
      "t:DeviceFamily",
      "f:FlightRing",
      "f:IsFlightingEnabled",
      "t:IsMsftOwned",
      "t:LocalDeviceID",
      "t:OSSkuId",
      "c:OSUILocale",
      "t:OSVersionFull",
      "c:TelemetryLevel",
      "r:IsHybridOrXGpu",
      "r:PlayFabPartyRelay",
      "OSVersion",
      "n:IsMicrosoftAAD",
      "r:WOSCEndpointsSupported",
      "r:FIDTSRan"
    ],
    "WPSHIFT": [
      "+MTP"
    ],
    "WU": [
      "+WU_OS",
      "r:DUInternal"
    ],
    "_WU_AV": [
      "r:AvastReg",
      "r:AvastBlackScreen",
      "v:AvastVer",
      "r:AvgReg",
      "v:AvgVer",
      "r:EsetReg",
      "v:EsetVer",
      "r:KasperskyReg",
      "v:KasperskyVer",
      "v:SymantecVer",
      "r:TencentReg",
      "r:TencentType",
      "r:AhnlabInstalledKey",
      "r:AvastInstalledKey",
      "r:AVGInstalledKey",
      "r:AviraInstalledKey",
      "r:BullguardInstalledKey",
      "r:ESETInstalledKey",
      "r:ESTSecurityInstalledKey",
      "r:FSecureInstalledKey",
      "v:GDataInstalledVer",
      "r:K7InstalledKey",
      "r:KasperskyInstalledKey",
      "r:KingsoftInstalledKey",
      "r:LenovoInstalledKey",
      "r:MalwarebytesInstalledKey",
      "r:McAfeeInstalledKey",
      "r:PandaInstalledKey",
      "r:QuickhealInstalledKey1",
      "r:SophosInstalledKey1",
      "r:SymantecInstalledKey",
      "r:TencentInstalledKey",
      "r:ThreatTrackInstalledKey",
      "r:TrendInstalledKey",
      "r:WebrootInstalledKey",
      "v:K7InstalledVer"
    ],
    "_WU_COMMON": [
      "r:CurrentBranch",
      "r:DefaultUserRegion",
      "DeviceFamily",
      "r:DriverPartnerRing",
      "r:FlightContent",
      "f:FlightingBranchName",
      "f:FlightRing",
      "HoloLens",
      "c:InstallationType",
      "c:InstallLanguage",
      "f:IsFlightingEnabled",
      "r:IsFlightingEnabled",
      "c:MobileOperatorCommercialized",
      "OEMModel",
      "OEMName_Uncleaned",
      "r:OemPartnerRing",
      "OSArchitecture",
      "OSVersion",
      "t:OSSkuId",
      "c:OSUILocale",
      "c:ProcessorManufacturer",
      "r:ReleaseType",
      "v:SkypeRoomSystem",
      "t:SMode",
      "c:TelemetryLevel",
      "r:WindowsMixedReality",
      "v:WuClientVer",
      "p:DucPublisherId",
      "p:DucDeviceModelId",
      "p:DucOemPartnerRing",
      "p:DucCustomPackageId",
      "p:DesiredOsVersion",
      "p:DesiredSystemManifestVersion",
      "r:TenantId"
    ],
    "_WU_FB": [
      "u:BranchReadinessLevel",
      "u:DeferQualityUpdatePeriodInDays",
      "u:DeferFeatureUpdatePeriodInDays",
      "r:PausedFeatureStatus",
      "r:PausedQualityStatus",
      "u:TargetReleaseVersion",
      "r:QUDeadline",
      "r:UpdatePreference",
      "r:UpdateOfferedDays",
      "u:TargetProductVersion",
      "DSS_Enrolled",
      "r:NonSecurityUpdate",
      "u:AdminOptedIntoRebootlessUpdates"
    ],
    "WU_OS": [
      "+_WU_OS_CORE",
      "+_WU_FB"
    ],
    "_WU_OS_CORE": [
      "+_WU_COMMON",
      "+_WU_AV",
      "r:AhnLabKeyboard",
      "a:Bios",
      "r:BlockFeatureUpdates",
      "c:CommercialId",
      "a:DataVer_RS5",
      "r:DisconnectedStandby",
      "r:DchuNvidiaGrfxExists",
      "r:DchuNvidiaGrfxVen",
      "r:DchuIntelGrfxExists",
      "r:DchuIntelGrfxVen",
      "r:DchuAmdGrfxExists",
      "r:DchuAmdGrfxVen",
      "c:FirmwareVersion",
      "a:Free",
      "a:GStatus_RS3",
      "a:GStatus_RS4",
      "a:GStatus_RS5",
      "r:HidOverGattReg",
      "r:InstallDate",
      "c:IsDeviceRetailDemo",
      "c:IsPortableOperatingSystem",
      "IsVM",
      "c:OEMModelBaseBoard",
      "r:OobeSeeker",
      "r:OSRollbackBuild",
      "r:OSRollbackCount",
      "r:OSRollbackDate",
      "PhoneTargetingName",
      "r:PonchAllow",
      "r:PonchBlock",
      "c:ProcessorIdentifier",
      "r:RecoveredFromBuild",
      "r:RecoveredOnDate",
      "r:Steam",
      "v:TobiiVer",
      "v:TrendMicroVer",
      "r:UninstallActive",
      "l:UpdateManagementGroup",
      "a:UpgEx_RS3",
      "a:UpgEx_RS4",
      "a:UpgEx_RS5",
      "a:Version_RS5",
      "r:DisableWUfBOfferBlock",
      "a:UpgEx_19H1",
      "a:SdbVer_19H1",
      "a:GStatus_19H1",
      "a:GStatus_19H1Setup",
      "a:TimestampEpochString_19H1Setup",
      "a:GenTelRunTimestamp_19H1",
      "a:DataExpDateEpoch_19H1",
      "u:EnableWUfBUpgradeGates",
      "r:GStatusBlockIDs_All",
      "TimestampDelta_19H1Subtract19H1Setup",
      "DataExpDateDelta_19H1Subtract19H1Setup",
      "a:DataExpDateEpoch_19H1Setup",
      "a:TimestampEpochString_19H1",
      "r:IsContainerMgrInstalled",
      "r:IsWDAGEnabled",
      "r:MTPTargetingInfo",
      "r:EKB19H2InstallCount",
      "r:EKB19H2UnInstallCount",
      "r:EKB19H2InstallTimeEpoch",
      "r:EKB19H2UnInstallTimeEpoch",
      "r:BlockEdgeWithChromiumUpdate",
      "r:IsWDATPEnabled",
      "r:IsAutopilotRegistered",
      "r:EdgeWithChromiumInstallVersion",
      "r:EdgeWithChromiumInstallFailureCount",
      "r:IsEdgeWithChromiumInstalled",
      "r:KioskMode",
      "c:IsCloudDomainJoined",
      "c:IsDomainJoined",
      "a:DataExpDateEpoch_20H1",
      "a:DataExpDateEpoch_20H1Setup",
      "a:GStatus_20H1",
      "a:GStatus_20H1Setup",
      "a:SdbVer_20H1",
      "a:TimestampEpochString_20H1",
      "a:TimestampEpochString_20H1Setup",
      "DataExpDateDelta_20H1Subtract20H1Setup",
      "TimestampDelta_20H1Subtract20H1Setup",
      "a:UpgEx_20H1",
      "r:AutopilotUpdateInProgress",
      "r:UHSEnrolled",
      "r:HotPatchEKBInstalled",
      "r:LCUVer",
      "c:isCommercial",
      "c:ActivationChannel",
      "c:IsMDMEnrolled",
      "c:SCCMClientID",
      "r:ChinaTypeApproval_CTA",
      "p:DesiredOcpVersion",
      "r:UpgradeEligible",
      "r:AllowInPlaceUpgrade",
      "r:SH_SIPolicyCleanup",
      "r:FeatureUpdateDeadline",
      "a:DataExpDateEpoch_21H1",
      "a:UpgEx_CO21H2",
      "a:GStatus_21H1",
      "DataExpDateDelta_21H1Subtract20H1Setup",
      "TimestampDelta_21H1Subtract20H1Setup",
      "a:TimestampEpochString_21H1",
      "r:OEMSubModel",
      "c:ProcessorModel",
      "c:TPMVersion",
      "r:StayOnWindows10Timestamp",
      "a:GStatus_CO21H2Setup",
      "TimestampDelta_CO21H2SubtractCO21H2Setup",
      "DataExpDateDelta_CO21H2SubtractCO21H2Setup",
      "a:TimestampEpochString_CO21H2Setup",
      "a:DataExpDateEpoch_CO21H2Setup",
      "a:TimestampEpochString_CO21H2",
      "a:DataExpDateEpoch_CO21H2",
      "a:GStatus_CO21H2",
      "p:SetPolicyDrivenUpdateSourceForFeatureUpdates",
      "r:DchuNvidiaGrfxVenTest",
      "a:DataExpDateDelta_21H2Subtract20H1Setup",
      "a:TimestampEpochString_21H2",
      "a:TimestampDelta_21H2Subtract20H1Setup",
      "a:GStatus_21H2",
      "a:DataExpDateEpoch_21H2",
      "r:DSS_Enrolled_DF",
      "r:UpgradeAccepted",
      "r:SetupDisplayedEulaVersion",
      "c:ProcessorCores",
      "c:ProcessorClockSpeed",
      "c:TotalPhysicalRAM",
      "c:SecureBootCapable",
      "c:PrimaryDiskTotalCapacity",
      "r:BitDefenderInstalledKey",
      "r:BroadcomInstalledKey",
      "v:CrowdStrikeInstalledVer",
      "r:QihooInstalledKey",
      "r:Win11UpgradeAcceptedTimestamp",
      "a:UpgEx_NI22H2",
      "r:OobeNdupAcceptedTarget",
      "r:OobeNdupFU22621CommitChoice",
      "a:DataExpDateEpoch_NI22H2",
      "a:GStatus_NI22H2",
      "a:GStatus_NI22H2Setup",
      "a:TimestampEpochString_NI22H2Setup",
      "TimestampDelta_NI22H2SubtractNI22H2Setup",
      "DataExpDateDelta_NI22H2SubtractNI22H2Setup",
      "a:DataExpDateEpoch_NI22H2Setup",
      "a:TimestampEpochString_NI22H2",
      "r:IsVbsEnabled",
      "r:FODRetryPending",
      "r:UserInPlaceUpgrade",
      "v:HidparseDriversVer",
      "v:HidparseSystem32Ver",
      "v:HidparseSystem32Ver1",
      "r:CIOptin",
      "r:FlightingOptOutState",
      "p:WSUSconfigured_csp",
      "a:UpgEx_NI22H2Setup",
      "a:UpgEx_CO21H2Setup",
      "u:WUfBClientManaged",
      "u:UpdateServiceUrl",
      "u:AllowOptionalContent",
      "FX_FlightIds",
      "DL_OSVersion",
      "r:ExpPkgs",
      "r:UUSVersion",
      "MX_FlightIds",
      "r:OobeNdupFUTarget",
      "a:GStatus_NI23H2",
      "a:DataExpDateEpoch_NI23H2",
      "a:TimestampEpochString_NI23H2",
      "DataExpDateDelta_NI23H2SubtractNI22H2Setup",
      "TimestampDelta_NI23H2SubtractNI22H2Setup",
      "r:LaunchUserOOBE",
      "r:RobloxPlayer",
      "r:RobloxStudio",
      "c:VBSState",
      "r:ARCHotpatchAttached_State",
      "r:MDEWSLPluginReleaseRing",
      "r:SystemGuard_Enabled",
      "u:AdminOptedIntoRebootlessUpdates",
      "r:LaunchOobeInEndUserSession",
      "r:MDE4WSLPluginReleaseRing",
      "r:AdminOptedIntoRebootlessUpdates_Server",
      "r:IsRemoteDesktopSessionHost",
      "a:UpgEx_GE24H2",
      "s:IsA9CapablePC",
      "a:UpgEx_GE24H2Setup",
      "r:ProductType",
      "a:DataExpDateEpoch_GE24H2",
      "DataExpDateDelta_GE24H2SubtractGE24H2Setup",
      "a:DataExpDateEpoch_GE24H2Setup",
      "a:GStatus_GE24H2",
      "a:GStatus_GE24H2Setup",
      "a:TimestampEpochString_GE24H2",
      "TimestampDelta_GE24H2SubtractGE24H2Setup",
      "a:TimestampEpochString_GE24H2Setup",
      "q:AIFabricCBSStableVer",
      "c:IsVirtualDevice",
      "a:SdbVer_GE24H2",
      "r:HotpatchError",
      "r:CHPE_Disabled",
      "r:MSRT_NO_AU",
      "r:ClientHash2",
      "r:NPU_DeviceId"
    ],
    "_WU_PTI": [
      "c:FrontFacingCameraResolution",
      "c:RearFacingCameraResolution",
      "c:TotalPhysicalRAM",
      "c:NFCProximity",
      "c:Magnetometer",
      "c:Gyroscope",
      "c:D3DMaxFeatureLevel",
      "c:InternalPrimaryDisplayResolutionHorizontal",
      "c:InternalPrimaryDisplayResolutionVetical"
    ],
    "WU_STORE": [
      "+_WU_COMMON",
      "r:AppChannels",
      "r:AppRMIDs",
      "u:BranchReadinessLevel"
    ]
  },
  "Required": [
    "App",
    "AppVer",
    "AttrDataVer"
  ],
  "Aliases": {
    "AccountFirstChar": "c:MSA_Accounts",
    "aipc": "s:IsA9CapablePC",
    "ccr": "r:ChargeCapacityRatio",
    "ChassisTypeId": "c:ChassisType",
    "CX_FlightIds": "c:CX_FlightIds",
    "DataExpDateDelta_19H1Subtract19H1Setup": "a:DataExpDateEpoch_19H1_Subtract_DataExpDateEpoch_19H1Setup",
    "DataExpDateDelta_20H1Subtract20H1Setup": "a:DataExpDateEpoch_20H1_Subtract_DataExpDateEpoch_20H1Setup",
    "DataExpDateDelta_21H1Subtract20H1Setup": "a:DataExpDateEpoch_21H1_Subtract_DataExpDateEpoch_20H1Setup",
    "DataExpDateDelta_CO21H2SubtractCO21H2Setup": "a:DataExpDateEpoch_CO21H2_Subtract_DataExpDateEpoch_CO21H2Setup",
    "DataExpDateDelta_GE24H2SubtractGE24H2Setup": "a:DataExpDateEpoch_GE24H2_Subtract_DataExpDateEpoch_GE24H2Setup",
    "DataExpDateDelta_NI22H2SubtractNI22H2Setup": "a:DataExpDateEpoch_NI22H2_Subtract_DataExpDateEpoch_NI22H2Setup",
    "DataExpDateDelta_NI23H2SubtractNI22H2Setup": "a:DataExpDateEpoch_NI23H2_Subtract_DataExpDateEpoch_NI22H2Setup",
    "devfm": "c:DeviceForm",
    "deviceClass": "DeviceFamily",
    "deviceId": "t:LocalDeviceID",
    "DeviceId": "t:LocalDeviceID",
    "DL_OSVersion2": "DL_OSVersion",
    "drgng": "r:DurableDeviceRegionGeo",
    "DSS_Enrolled": "r:DSS_Enrolled_State",
    "EdgeStableVersion": "r:EdgeStableVersion",
    "expId": "c:FlightIds",
    "FlightRing": "f:FlightRing",
    "FX_FlightIds": "c:FlightIds",
    "iepe": "g:IsCampaignEdgePromotionEnabled",
    "iste": "g:IsCampaignSegmentTargetingEnabled",
    "IsVM": "a:ISVM",
    "IX_FlightIds": "c:FlightIds",
    "locale": "c:OSUILocale",
    "ms": "t:IsMsftOwned",
    "MX_FlightIds": "c:FlightIds",
    "OEMModel": "c:OEMModelNumber",
    "oemname": "r:SystemManufacturer",
    "OEMName_Uncleaned": "c:OEMManufacturerName",
    "osVer": "t:OSVersionFull",
    "OSVersionFull": "t:OSVersionFull",
    "PhoneTargetingName": "c:OEMModelName",
    "prccn": "c:ProcessorCores",
    "prccs": "c:ProcessorClockSpeed",
    "prcmf": "c:ProcessorManufacturer",
    "procm": "c:ProcessorModel",
    "ram": "c:TotalPhysicalRAM",
    "ring": "f:FlightRing",
    "sampleId": "t:PopVal",
    "sku": "t:OSSkuId",
    "smbiosdm": "r:SystemProductName",
    "TimestampDelta_19H1Subtract19H1Setup": "a:TimestampEpochString_19H1_Subtract_TimestampEpochString_19H1Setup",
    "TimestampDelta_20H1Subtract20H1Setup": "a:TimestampEpochString_20H1_Subtract_TimestampEpochString_20H1Setup",
    "TimestampDelta_21H1Subtract20H1Setup": "a:TimestampEpochString_21H1_Subtract_TimestampEpochString_20H1Setup",
    "TimestampDelta_CO21H2SubtractCO21H2Setup": "a:TimestampEpochString_CO21H2_Subtract_TimestampEpochString_CO21H2Setup",
    "TimestampDelta_GE24H2SubtractGE24H2Setup": "a:TimestampEpochString_GE24H2_Subtract_TimestampEpochString_GE24H2Setup",
    "TimestampDelta_NI22H2SubtractNI22H2Setup": "a:TimestampEpochString_NI22H2_Subtract_TimestampEpochString_NI22H2Setup",
    "TimestampDelta_NI23H2SubtractNI22H2Setup": "a:TimestampEpochString_NI23H2_Subtract_TimestampEpochString_NI22H2Setup",
    "W10ESU": "r:Win10ConsumerESUStatus"
  },
  "Fallback": {
    "r:AhnlabInstalledKey": "r:AhnlabInstalledWowKey",
    "r:AvastBlackScreen": "r:AvgBlackScreen",
    "r:AvastInstalledKey": "r:AvastInstalledWowKey",
    "r:AVGInstalledKey": "r:AVGInstalledWowKey",
    "r:AviraInstalledKey": "r:AviraInstalledWowKey",
    "a:Bios": "a:Bios_RS3",
    "a:Bios_RS3": "a:Bios_RS4",
    "a:Bios_RS4": "a:Bios_RS5",
    "r:BlockFeatureUpdates": "r:BlockWUUpgrades",
    "r:BlockWUUpgrades": "r:BlockWUUpgradesWow",
    "r:BuildFID": "r:BuildFID_WCOS",
    "r:BuildFID_WCOS": "r:BuildFID_WCOS2",
    "r:BullguardInstalledKey": "v:BullguardInstalledVer",
    "a:DataExpDateEpoch_CO21H2": "r:DataExpDateEpoch_CO21H2RegFb",
    "r:DchuAmdGrfxVen": "r:DchuAmdGrfxVen2",
    "r:DchuAmdGrfxVen2": "r:DchuAmdGrfxDeletePending",
    "r:DchuIntelGrfxDeletePending": "r:DchuIntelGrfxNExists",
    "r:DchuIntelGrfxVen": "r:DchuIntelGrfxVen2",
    "r:DchuIntelGrfxVen2": "r:DchuIntelGrfxDeletePending",
    "r:DchuNvidiaGrfxVen": "r:DchuNvidiaGrfxVen2",
    "r:DchuNvidiaGrfxVen2": "r:DchuNvidiaGrfxDeletePending",
    "DL_OSVersion": "OSVersion",
    "r:DriverPartnerRing": "r:OSDataDriverPartnerRing",
    "r:EdgeStableOPV_Native": "r:EdgeStablePV_Native",
    "r:EdgeStablePV_WOW6432": "r:EdgeStableOPV_Native",
    "r:EdgeStableVersion": "r:EdgeStablePV_WOW6432",
    "r:EdgeWithChromiumInstallFailureCount": "r:EdgeWithChromiumInstallFailureCountWow",
    "r:EdgeWithChromiumInstallVersion": "r:EdgeWithChromiumInstallVersionWow",
    "u:EnableWUfBUpgradeGates": "r:EnableWUfBUpgradeGatesRS5",
    "r:ESETInstalledKey": "r:ESETInstalledWowKey",
    "r:ESTSecurityInstalledKey": "r:ESTSecurityInstalledWowKey",
    "f:FlightingBranchName": "c:FlightingBranchName",
    "a:Free": "a:Free_RS3",
    "a:Free_RS3": "a:Free_RS4",
    "a:Free_RS4": "a:Free_RS5",
    "r:FSecureInstalledKey": "r:FSecureInstalledWowKey",
    "a:GatedFeature_NI22H2": "r:Migrated_GatedFeature_NI22H2Setup",
    "a:GStatus_CO21H2": "r:GStatus_CO21H2RegFb",
    "HoloLens": "r:WindowsMixedReality",
    "r:IsEdgeWithChromiumInstalled": "r:IsEdgeWithChromiumInstalledWow",
    "a:ISVM": "a:ISVM_RS3",
    "a:ISVM_RS3": "a:ISVM_RS4",
    "a:ISVM_RS4": "a:ISVM_RS5",
    "r:K7InstalledKey": "r:K7InstalledWowKey",
    "r:KasperskyInstalledKey": "r:KasperskyInstalledWowKey",
    "r:KingsoftInstalledKey": "r:KingsoftInstalledWowKey",
    "r:LenovoInstalledKey": "r:LenovoInstalledWowKey",
    "r:MalwarebytesInstalledKey": "r:MalwarebytesInstalledWowKey",
    "r:McAfeeInstalledKey": "r:McAfeeInstalledWowKey",
    "r:Migrated_GatedFeature_NI22H2Setup": "r:Migrated_GatedFeature_NI22H2",
    "c:OEMModelBaseBoard": "r:OEMModelBaseBoard",
    "r:PandaInstalledKey": "r:PandaInstalledWowKey",
    "r:PandaInstalledWowKey": "v:PandaInstalledVer",
    "r:PonchAllow": "r:PonchAllowKey",
    "r:PonchAllowKey": "r:PonchAllowWow",
    "r:PonchAllowWow": "r:PonchAllowWowKey",
    "r:QUDeadline": "r:QUDeadlineMDM",
    "r:QuickhealInstalledKey1": "r:QuickhealInstalledKey2",
    "r:SophosInstalledKey1": "r:SophosInstalledKey2",
    "r:SymantecInstalledKey": "r:SymantecInstalledWowKey",
    "v:SymantecVer": "v:SymantecVer64",
    "u:TargetReleaseVersion": "r:TargetReleaseVersionGP",
    "r:TargetReleaseVersionGP": "r:TargetReleaseVersionMDM",
    "r:TencentInstalledKey": "r:TencentInstalledWowKey",
    "r:ThreatTrackInstalledKey": "r:ThreatTrackInstalledWowKey",
    "a:TimestampEpochString_CO21H2": "r:TimestampEpochString_CO21H2RegFb",
    "v:TobiiVer": "v:TobiiVerx86",
    "v:TobiiVerx86": "v:TobiiVer1x86",
    "r:TrendInstalledKey": "r:TrendInstalledWowKey",
    "r:TrendInstalledWowKey": "v:TrendInstalledVer",
    "a:UpgEx_CO21H2": "r:UpgEx_CO21H2RegFb",
    "r:UpgradeAccepted": "r:Win11UpgradeAcceptedWUSeeker",
    "r:WebExperience": "r:WebExperienceWow",
    "r:WebrootInstalledKey": "r:WebrootInstalledWowKey"
  },
  "Transform": {
    "AccountFirstChar": {
      "SubLength": 1
    },
    "CX_FlightIds": {
      "Regex": "CX:[^,]*",
      "RegexDelimiter": ","
    },
    "FlightingOptOutState": {
      "Ignore": [
        "0"
      ]
    },
    "FX_FlightIds": {
      "Regex": "FX:[^,]*",
      "RegexDelimiter": ","
    },
    "IppPrinterBadDefaultPdc": {
      "Contains": "V4_No_ChangeID_Present"
    },
    "aipc": {
      "Ignore": [
        "0"
      ]
    },
    "IsDomainJoined": {
      "Ignore": [
        "0"
      ]
    },
    "IsHybridOrXGpu": {
      "Ignore": [
        "0"
      ]
    },
    "IsMsftOwned": {
      "Ignore": [
        "0"
      ]
    },
    "IsPortableOperatingSystem": {
      "Ignore": [
        "0"
      ]
    },
    "IsRemoteDesktopSessionHost": {
      "Contains": "ServerRdsh"
    },
    "IsTestLab": {
      "Ignore": [
        "0"
      ]
    },
    "IsVM": {
      "Ignore": [
        "0"
      ]
    },
    "IX_FlightIds": {
      "Regex": "IX:[^,]*",
      "RegexDelimiter": ","
    },
    "MX_FlightIds": {
      "Regex": "ME:[^,]*|MD:[^,]*",
      "RegexDelimiter": ","
    },
    "OEMModel": {
      "SubLength": 100
    },
    "OEMName_Uncleaned": {
      "SubLength": 100
    },
    "PausedFeatureStatus": {
      "Ignore": [
        "0"
      ]
    },
    "PausedQualityStatus": {
      "Ignore": [
        "0"
      ]
    },
    "PSAKyoceraInstalledName": {
      "Contains": "A97ECD55.KYOCERAPrintCenter"
    },
    "PSATATriumphInstalledName": {
      "Contains": "TATriumph-AdlerGmbH.TAUTAXPrintCenter"
    },
    "SMode": {
      "Ignore": [
        "0"
      ]
    },
    "StayOnWindows10Timestamp": {
      "SubLength": -3,
      "Ignore": [
        ""
      ]
    },
    "XeroxPsaInstalledName": {
      "Contains": "XeroxCorp.PrintExperience"
    }
  },
  "Registry": {
    "AADBrokerPluginNotRegistered": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\WindowsMitigationData\\AADBrokerPluginNotRegistered",
      "IfExists": true
    },
    "AADTenantId": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\CCM",
      "ValueName": "AadTenantId"
    },
    "ActiveHoursEnd": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\WindowsUpdate\\UX\\Settings",
      "ValueName": "ActiveHoursEnd",
      "RegValueType": "REG_DWORD"
    },
    "ActiveHoursStart": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\WindowsUpdate\\UX\\Settings",
      "ValueName": "ActiveHoursStart",
      "RegValueType": "REG_DWORD"
    },
    "AdminOptedIntoRebootlessUpdates_Server": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\Hotpatch\\Environment",
      "ValueName": "AllowRebootlessUpdates",
      "RegValueType": "REG_DWORD"
    },
    "AgileBits1PasswordPluginAuthenticator": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Classes\\PackagedCom\\ClassIndex\\{3C37BDFA-BB51-4FBF-9FCE-082C9DB98DE4}",
      "IfExists": true
    },
    "AhnlabInstalledKey": {
      "FullPath": "SOFTWARE\\Ahnlab",
      "IfExists": true
    },
    "AhnlabInstalledWowKey": {
      "FullPath": "SOFTWARE\\WOW6432Node\\Ahnlab",
      "IfExists": true
    },
    "AhnLabKeyboard": {
      "FullPath": "SYSTEM\\CurrentControlSet\\Services\\Mkd2kfNt",
      "ValueName": "NbTpMsExist"
    },
    "AllowInPlaceUpgrade": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\\\Windows\\\\CurrentVersion",
      "ValueName": "AllowInPlaceUpgrade",
      "RegValueType": "REG_DWORD"
    },
    "AllowUpgradesWithUnsupportedTPMOrCPU": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SYSTEM\\Setup\\MoSetup",
      "ValueName": "AllowUpgradesWithUnsupportedTPMOrCPU",
      "RegValueType": "REG_DWORD"
    },
    "AndroidUserOptinValue": {
      "HKey": "HKEY_CURRENT_USER",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Mobility\\",
      "ValueName": "OptedIn",
      "RegValueType": "REG_DWORD"
    },
    "AppChannels": {
      "FullPath": "SOFTWARE\\Policies\\Microsoft\\WindowsStore\\Apps\\*",
      "ValueName": "ChannelId",
      "EncodingType": "Json"
    },
    "AppRMIDs": {
      "FullPath": "SOFTWARE\\Policies\\Microsoft\\WindowsStore\\Apps\\*",
      "ValueName": "ReleaseManagementId",
      "EncodingType": "Json"
    },
    "ARCHotpatchAttached_State": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Azure Connected Machine Agent\\Windows\\Licenses\\Features\\Hotpatch",
      "ValueName": "Subscription",
      "RegValueType": "REG_DWORD"
    },
    "AutopilotUpdateInProgress": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Provisioning\\AutopilotSettings\\VolatileAutopilotUpdate",
      "ValueName": "AutopilotUpdateInProgress",
      "RegValueType": "REG_DWORD"
    },
    "AvastBlackScreen": {
      "FullPath": "SYSTEM\\CurrentControlSet\\Services\\aswVmm\\Parameters",
      "ValueName": "Win10-1803"
    },
    "AvastInstalledKey": {
      "FullPath": "SOFTWARE\\Avast Software\\Avast",
      "IfExists": true
    },
    "AvastInstalledWowKey": {
      "FullPath": "SOFTWARE\\WOW6432Node\\Avast Software\\Avast",
      "IfExists": true
    },
    "AvastReg": {
      "FullPath": "SYSTEM\\CurrentControlSet\\Services\\aswVmm\\Parameters",
      "ValueName": "QualityCompat"
    },
    "AvgBlackScreen": {
      "FullPath": "SYSTEM\\CurrentControlSet\\Services\\avgVmm\\Parameters",
      "ValueName": "Win10-1803"
    },
    "AVGInstalledKey": {
      "FullPath": "SOFTWARE\\AVG\\Antivirus",
      "IfExists": true
    },
    "AVGInstalledWowKey": {
      "FullPath": "SOFTWARE\\WOW6432Node\\AVG\\Antivirus",
      "IfExists": true
    },
    "AvgReg": {
      "FullPath": "SYSTEM\\CurrentControlSet\\Services\\avgVmm\\Parameters",
      "ValueName": "QualityCompat"
    },
    "AviraInstalledKey": {
      "FullPath": "SOFTWARE\\X-AVCSD\\Workstation\\Antivirus",
      "IfExists": true
    },
    "AviraInstalledWowKey": {
      "FullPath": "SOFTWARE\\WOW6432Node\\X-AVCSD\\Workstation\\Antivirus",
      "IfExists": true
    },
    "BaseBoardManufacturer": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "HARDWARE\\DESCRIPTION\\System\\BIOS",
      "ValueName": "BaseBoardManufacturer"
    },
    "BitDefenderInstalledKey": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{1FCCF41D-5F00-4FE2-9653-162D0486C8B4}",
      "IfExists": true
    },
    "BlockEdgeWithChromiumUpdate": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\EdgeUpdate",
      "ValueName": "DoNotUpdateToEdgeWithChromium",
      "RegValueType": "REG_DWORD"
    },
    "BlockFeatureUpdates": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WindowsUpdate\\OSUpgrade",
      "ValueName": "BlockFeatureUpdates",
      "RegValueType": "REG_DWORD"
    },
    "BlockWUUpgrades": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows10Upgrader\\Volatile",
      "ValueName": "BlockWUUpgrades",
      "RegValueType": "REG_DWORD"
    },
    "BlockWUUpgradesWow": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\WOW6432Node\\Microsoft\\Windows10Upgrader\\Volatile",
      "ValueName": "BlockWUUpgrades",
      "RegValueType": "REG_DWORD"
    },
    "BroadcomInstalledKey": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Symantec\\Symantec Endpoint Protection",
      "IfExists": true
    },
    "BuildFID": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "Software\\Microsoft\\Windows\\CurrentVersion\\Flighting\\Build",
      "ValueName": "EsdFlightData",
      "RegValueType": "REG_SZ"
    },
    "BuildFID_WCOS": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "OSDATA\\Software\\Microsoft\\Windows\\CurrentVersion\\Flighting\\Build",
      "ValueName": "EsdFlightData",
      "RegValueType": "REG_SZ"
    },
    "BuildFID_WCOS2": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "OSDATA\\Microsoft\\Windows\\CurrentVersion\\Flighting\\Build",
      "ValueName": "EsdFlightData",
      "RegValueType": "REG_SZ"
    },
    "BullguardInstalledKey": {
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\BullGuard",
      "IfExists": true
    },
    "BypassNRO": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\OOBE",
      "ValueName": "BypassNRO",
      "RegValueType": "REG_DWORD"
    },
    "ChargeCapacityRatio": {
      "HKey": "HKEY_CURRENT_USER",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\HealthSignals",
      "ValueName": "ChargeCapacityRatio",
      "RegValueType": "REG_DWORD"
    },
    "ChinaTypeApproval_CTA": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\DeviceAccess",
      "ValueName": "ActivePolicyCode",
      "RegValueType": "REG_SZ"
    },
    "CHPE_Disabled": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SYSTEM\\CurrentControlSet\\Control\\Session Manager\\Memory Management",
      "ValueName": "HotPatchRestrictions",
      "RegValueType": "REG_DWORD"
    },
    "CIOptin": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\WindowsUpdate\\UX\\Settings",
      "ValueName": "IsContinuousInnovationOptedIn",
      "RegValueType": "REG_DWORD"
    },
    "ClientHash2": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WindowsUpdate\\SLS",
      "ValueName": "ClientHash2",
      "RegValueType": "REG_DWORD"
    },
    "CloudFilesFilter": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SYSTEM\\CurrentControlSet\\Services\\CldFlt\\Instances\\",
      "ValueName": "DefaultInstance",
      "RegValueType": "REG_SZ"
    },
    "CurrentBranch": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion",
      "ValueName": "BuildBranch",
      "RegValueType": "REG_SZ"
    },
    "DataExpDateEpoch_CO21H2RegFb": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags\\TargetVersionUpgradeExperienceIndicators\\CO21H2",
      "ValueName": "DataExpDateEpoch",
      "RegValueType": "REG_SZ"
    },
    "DaysSince19H1FUOffer": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\rempl\\irplugin",
      "ValueName": "DaysSinceLastOffer",
      "RegValueType": "REG_QWORD"
    },
    "DchuAmdGrfxDeletePending": {
      "FullPath": "SYSTEM\\CurrentControlSet\\Services\\amdkmdag",
      "ValueName": "DriverDelete"
    },
    "DchuAmdGrfxExists": {
      "FullPath": "SYSTEM\\CurrentControlSet\\Services\\amdkmdag",
      "IfExists": true
    },
    "DchuAmdGrfxVen": {
      "FullPath": "SYSTEM\\CurrentControlSet\\Services\\amdkmdag",
      "ValueName": "DCHUVen"
    },
    "DchuAmdGrfxVen2": {
      "FullPath": "SYSTEM\\CurrentControlSet\\Services\\amdkmdag\\Parameters",
      "ValueName": "DCHUVen"
    },
    "DchuIntelGrfxDeletePending": {
      "FullPath": "SYSTEM\\CurrentControlSet\\Services\\igfx",
      "ValueName": "DriverDelete"
    },
    "DchuIntelGrfxExists": {
      "FullPath": "SYSTEM\\CurrentControlSet\\Services\\igfx",
      "IfExists": true
    },
    "DchuIntelGrfxNExists": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SYSTEM\\CurrentControlSet\\Services\\igfxn",
      "IfExists": true
    },
    "DchuIntelGrfxVen": {
      "FullPath": "SYSTEM\\CurrentControlSet\\Services\\igfx",
      "ValueName": "DCHUVen"
    },
    "DchuIntelGrfxVen2": {
      "FullPath": "SYSTEM\\CurrentControlSet\\Services\\igfx\\Parameters",
      "ValueName": "DCHUVen"
    },
    "DchuNvidiaGrfxDeletePending": {
      "FullPath": "SYSTEM\\CurrentControlSet\\Services\\nvlddmkm",
      "ValueName": "DriverDelete"
    },
    "DchuNvidiaGrfxExists": {
      "FullPath": "SYSTEM\\CurrentControlSet\\Services\\nvlddmkm",
      "IfExists": true
    },
    "DchuNvidiaGrfxVen": {
      "FullPath": "SYSTEM\\CurrentControlSet\\Services\\nvlddmkm",
      "ValueName": "DCHUVen"
    },
    "DchuNvidiaGrfxVen2": {
      "FullPath": "SYSTEM\\CurrentControlSet\\Services\\nvlddmkm\\Parameters",
      "ValueName": "DCHUVen"
    },
    "DchuNvidiaGrfxVenTest": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SYSTEM\\CurrentControlSet\\Services\\nvlddmkm",
      "ValueName": "DCHUVenTest",
      "RegValueType": "REG_DWORD"
    },
    "DefaultUserRegion": {
      "HKey": "HKEY_USERS",
      "FullPath": ".DEFAULT\\Control Panel\\International\\Geo",
      "ValueName": "Nation",
      "RegValueType": "REG_SZ"
    },
    "DeviceInfoGatherSuccessful": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Component Based Servicing",
      "ValueName": "DeviceInfoGatherSuccessful",
      "RegValueType": "REG_DWORD"
    },
    "DisableWUfBOfferBlock": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\WindowsUpdate\\UpdatePolicy\\Settings",
      "ValueName": "DisableWUfBOfferBlock",
      "RegValueType": "REG_DWORD"
    },
    "DisconnectedStandby": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SYSTEM\\CurrentControlSet\\Control\\Power",
      "ValueName": "EnforceDisconnectedStandby",
      "RegValueType": "REG_DWORD"
    },
    "DotNetMissingComponentsTroubleshooterSuccess": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\.NETFramework",
      "ValueName": "DotNetMissingComponentsTroubleshooterSuccess",
      "RegValueType": "REG_DWORD"
    },
    "DriverPartnerRing": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\DriverFlighting\\Partner",
      "ValueName": "TargetRing",
      "RegValueType": "REG_SZ"
    },
    "DSS_Enrolled_DF": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\\\Policies\\\\Microsoft\\\\Windows\\\\WindowsUpdate",
      "ValueName": "WUfBDF",
      "RegValueType": "REG_DWORD"
    },
    "DSS_Enrolled_State": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\WufbDS",
      "ValueName": "enrollmenttype",
      "RegValueType": "REG_SZ"
    },
    "DUInternal": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SYSTEM\\Setup\\MoSetup",
      "ValueName": "DynamicUpdateInternalTest",
      "RegValueType": "REG_DWORD"
    },
    "DurableDeviceRegionGeo": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Control Panel\\DeviceRegion",
      "ValueName": "DeviceRegion",
      "RegValueType": "REG_DWORD"
    },
    "EdgeStableOPV_Native": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\EdgeUpdate\\Clients\\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}",
      "ValueName": "opv",
      "RegValueType": "REG_SZ"
    },
    "EdgeStablePV_Native": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\EdgeUpdate\\Clients\\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}",
      "ValueName": "pv",
      "RegValueType": "REG_SZ"
    },
    "EdgeStablePV_WOW6432": {
      "FullPath": "SOFTWARE\\Wow6432Node\\Microsoft\\EdgeUpdate\\Clients\\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}",
      "ValueName": "pv",
      "RegValueType": "REG_SZ"
    },
    "EdgeStableVersion": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Wow6432Node\\Microsoft\\EdgeUpdate\\Clients\\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}",
      "ValueName": "opv",
      "RegValueType": "REG_SZ"
    },
    "EdgeWithChromiumInstallFailureCount": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\EdgeUpdate",
      "ValueName": "WindowsUpdateAttempts"
    },
    "EdgeWithChromiumInstallFailureCountWow": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Wow6432Node\\Microsoft\\EdgeUpdate",
      "ValueName": "WindowsUpdateAttempts"
    },
    "EdgeWithChromiumInstallVersion": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\EdgeUpdate",
      "ValueName": "WindowsUpdateVersion"
    },
    "EdgeWithChromiumInstallVersionWow": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Wow6432Node\\Microsoft\\EdgeUpdate",
      "ValueName": "WindowsUpdateVersion"
    },
    "EKB19H2InstallCount": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SYSTEM\\Setup\\FeatureStaging\\20455539\\2",
      "ValueName": "Count"
    },
    "EKB19H2InstallTimeEpoch": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SYSTEM\\Setup\\FeatureStaging\\20455539\\2",
      "ValueName": "Timestamp"
    },
    "EKB19H2UnInstallCount": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SYSTEM\\Setup\\FeatureStaging\\20455539\\0",
      "ValueName": "Count"
    },
    "EKB19H2UnInstallTimeEpoch": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SYSTEM\\Setup\\FeatureStaging\\20455539\\0",
      "ValueName": "Timestamp"
    },
    "EnableCloudManagedIDS": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags\\IDS",
      "ValueName": "EnableCloudManagedIDS"
    },
    "EnableWUfBUpgradeGatesRS5": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "Software\\Microsoft\\Windows NT\\CurrentVersion\\502505fe-762c-4e80-911e-0c3fa4c63fb0",
      "ValueName": "DataRequireGatedScanForFeatureUpdates",
      "RegValueType": "REG_DWORD"
    },
    "ESETInstalledKey": {
      "FullPath": "SOFTWARE\\ESET\\ESET Security",
      "IfExists": true
    },
    "ESETInstalledWowKey": {
      "FullPath": "SOFTWARE\\WOW6432Node\\ESET\\ESET Security",
      "IfExists": true
    },
    "EsetReg": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SYSTEM\\CurrentControlSet\\Services\\ehdrv\\Parameters",
      "ValueName": "WindowsCompatibilityLevel",
      "RegValueType": "REG_DWORD"
    },
    "ESTSecurityInstalledKey": {
      "FullPath": "SOFTWARE\\ESTsoft",
      "IfExists": true
    },
    "ESTSecurityInstalledWowKey": {
      "FullPath": "SOFTWARE\\WOW6432Node\\ESTsoft",
      "IfExists": true
    },
    "ExpPkgs": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\WindowsSelfhost\\Applicability",
      "ValueName": "ExpPkgs",
      "RegValueType": "REG_SZ"
    },
    "ExpStates": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\WindowsSelfHost\\FIDs",
      "ValueName": "PreviewConfigs",
      "RegValueType": "REG_SZ"
    },
    "FeatureUpdateDeadline": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "Software\\Policies\\Microsoft\\Windows\\WindowsUpdate\\",
      "ValueName": "ConfigureDeadlineForFeatureUpdates",
      "RegValueType": "REG_DWORD"
    },
    "FIDTSRan": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Flighting\\Build\\TS_Crash_56093636_Logs",
      "ValueName": "LastHr"
    },
    "FlightContent": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\WindowsSelfHost\\Applicability",
      "ValueName": "ContentType",
      "RegValueType": "REG_SZ"
    },
    "FlightingOptOutState": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\WindowsSelfHost\\UI\\Selection",
      "ValueName": "OptOutState",
      "RegValueType": "REG_DWORD"
    },
    "FODRetryPending": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Component Based Servicing",
      "ValueName": "FODRetry",
      "RegValueType": "REG_DWORD"
    },
    "FSecureInstalledKey": {
      "FullPath": "SOFTWARE\\F-Secure\\OneClient",
      "IfExists": true
    },
    "FSecureInstalledWowKey": {
      "FullPath": "SOFTWARE\\WOW6432Node\\F-Secure\\OneClient",
      "IfExists": true
    },
    "FSRing": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\WindowsSelfhost\\Applicability",
      "ValueName": "FSRing",
      "RegValueType": "REG_SZ"
    },
    "GamingServicesInstalledKey": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SYSTEM\\CurrentControlSet\\Services\\GamingServices",
      "IfExists": true
    },
    "GridZoneName": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\COAWOS",
      "ValueName": "GridZoneName",
      "RegValueType": "REG_SZ",
      "PersistedSourceId": "COAWOSRoot"
    },
    "GStatus_CO21H2RegFb": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags\\TargetVersionUpgradeExperienceIndicators\\CO21H2",
      "ValueName": "GStatus",
      "RegValueType": "REG_SZ"
    },
    "GStatusBlockIDs_All": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags\\Appraiser\\GWX",
      "ValueName": "SdbEntries",
      "RegValueType": "REG_SZ"
    },
    "HidOverGattReg": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\PnpLockdownFiles\\%SystemRoot%/System32/drivers/UMDF/Microsoft.Bluetooth.Profiles.HidOverGatt.dll",
      "ValueName": "Source",
      "RegValueType": "REG_SZ"
    },
    "HotPatchEKBInstalled": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Update\\TargetingInfo\\DynamicInstalled\\Hotpatch.amd64",
      "IfExists": true
    },
    "HotpatchError": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "Software\\Microsoft\\Windows\\Hotpatch\\Environment",
      "ValueName": "HotpatchError",
      "RegValueType": "REG_DWORD"
    },
    "IIS_ASPNET": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Component Based Servicing\\Notifications\\OptionalFeatures\\IIS-ASPNET",
      "ValueName": "Selection",
      "RegValueType": "REG_DWORD"
    },
    "IIS_NetFxExtensibility": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Component Based Servicing\\Notifications\\OptionalFeatures\\IIS-NetFxExtensibility",
      "ValueName": "Selection",
      "RegValueType": "REG_DWORD"
    },
    "InstallDate": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion",
      "ValueName": "InstallDate",
      "RegValueType": "REG_DWORD"
    },
    "IntelPlatformId": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "HARDWARE\\DESCRIPTION\\System\\CentralProcessor\\0",
      "ValueName": "Platform Specific Field 1",
      "RegValueType": "REG_DWORD"
    },
    "IppPrinterBadDefaultPdc": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Print\\Printers\\*\\PrinterDriverData",
      "ValueName": "V4_PDC_ChangeID",
      "RegValueType": "REG_SZ",
      "EncodingType": "Json"
    },
    "IsAutopilotRegistered": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Provisioning\\AutopilotPolicyCache",
      "ValueName": "ProfileAvailable",
      "RegValueType": "REG_DWORD"
    },
    "IsFlightingEnabled": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\WindowsSelfHost\\Applicability",
      "ValueName": "IsBuildFlightingEnabled",
      "RegValueType": "REG_DWORD"
    },
    "IsCHCapableBuild": {
      "HKey": "HKEY_CLASSES_ROOT",
      "FullPath": "CLSID\\{2C57C51B-FD43-4E74-B077-551AE6228AD6}",
      "IfExists": true
    },
    "IsCldFltSyncRoots": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager\\*",
      "IfExists": true
    },
    "IsConfigMgrEnabled": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\WindowsSelfHost\\ClientState",
      "ValueName": "ConfigMgrEnabled",
      "RegValueType": "REG_DWORD"
    },
    "IsContainerMgrInstalled": {
      "FullPath": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Containers\\CmService",
      "IfExists": true
    },
    "IsEdgeWithChromiumInstalled": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\EdgeUpdate\\Clients\\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}",
      "IfExists": true
    },
    "IsEdgeWithChromiumInstalledWow": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Wow6432Node\\Microsoft\\EdgeUpdate\\Clients\\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}",
      "IfExists": true
    },
    "IsFeedbackHubSelfhost": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Diagnostics\\DiagTrack\\Partners\\IsFeedbackHubSelfhost",
      "IfExists": true
    },
    "IsFSOverlay": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SYSTEM\\CurrentControlSet\\Control\\GlobMerger",
      "ValueName": "IsEnabled",
      "RegValueType": "REG_DWORD"
    },
    "IsHybridOrXGpu": {
      "FullPath": "SOFTWARE\\Microsoft\\DirectX",
      "ValueName": "HybridDeviceApplicableForDxDbGpuPreferences"
    },
    "IsProcessorMode": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Diagnostics\\DiagTrack\\RegionalSettings",
      "ValueName": "IsProcessorMode",
      "RegValueType": "REG_QWORD"
    },
    "IsRemoteDesktopSessionHost": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion",
      "ValueName": "EditionID",
      "RegValueType": "REG_SZ"
    },
    "IsSpotlightEnabledInOEMTheme": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Themes",
      "ValueName": "WindowsSpotlight",
      "RegValueType": "REG_DWORD"
    },
    "IsSpotlightThemeEnabledByOEM": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\DesktopOptimization",
      "ValueName": "WindowsSpotlightTheme",
      "RegValueType": "REG_DWORD"
    },
    "IsVbsEnabled": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SYSTEM\\ControlSet001\\Control\\DeviceGuard",
      "ValueName": "EnableVirtualizationBasedSecurity",
      "RegValueType": "REG_DWORD"
    },
    "IsWDAGEnabled": {
      "FullPath": "SYSTEM\\ControlSet001\\Services\\hvsics",
      "IfExists": true
    },
    "IsWDATPEnabled": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows Advanced Threat Protection\\Status",
      "ValueName": "OnboardingState"
    },
    "K7InstalledKey": {
      "FullPath": "SOFTWARE\\K7 Computing",
      "IfExists": true
    },
    "K7InstalledWowKey": {
      "FullPath": "SOFTWARE\\WOW6432Node\\K7 Computing",
      "IfExists": true
    },
    "KasperskyInstalledKey": {
      "FullPath": "SOFTWARE\\KasperskyLab",
      "IfExists": true
    },
    "KasperskyInstalledWowKey": {
      "FullPath": "SOFTWARE\\WOW6432Node\\KasperskyLab",
      "IfExists": true
    },
    "KasperskyReg": {
      "FullPath": "System\\CurrentControlSet\\Services\\klhk\\Parameters",
      "ValueName": "UseVtHardware"
    },
    "KingsoftInstalledKey": {
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Kingsoft Internet Security",
      "IfExists": true
    },
    "KingsoftInstalledWowKey": {
      "FullPath": "SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Kingsoft Internet Security",
      "IfExists": true
    },
    "KioskMode": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\AssignedAccessCsp\\AutoLogonAccount",
      "ValueName": "ConfigSource",
      "RegValueType": "REG_DWORD"
    },
    "KnownFoldersBackupStatus": {
      "HKey": "HKEY_CURRENT_USER",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StorageProviderStatus",
      "ValueName": "OneDrive",
      "RegValueType": "REG_SZ"
    },
    "LaunchOobeInEndUserSession": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "Software\\Microsoft\\Windows\\CurrentVersion\\OOBE",
      "ValueName": "ContinueOobeInEnduserSession"
    },
    "LaunchUserOOBE": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "Software\\Microsoft\\Windows\\CurrentVersion\\OOBE",
      "ValueName": "LaunchUserOOBE",
      "RegValueType": "REG_DWORD"
    },
    "LCUVer": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion",
      "ValueName": "LCUVer"
    },
    "LenovoInstalledKey": {
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{A9861883-31C5-4324-BD9A-DC9527EEB675}_is1",
      "IfExists": true
    },
    "LenovoInstalledWowKey": {
      "FullPath": "SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{A9861883-31C5-4324-BD9A-DC9527EEB675}_is1",
      "IfExists": true
    },
    "MalwarebytesInstalledKey": {
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1",
      "IfExists": true
    },
    "MalwarebytesInstalledWowKey": {
      "FullPath": "SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1",
      "IfExists": true
    },
    "McAfeeInstalledKey": {
      "FullPath": "SOFTWARE\\McAfee\\MSC\\AppInfo\\Substitute\\QueryParams",
      "IfExists": true
    },
    "McAfeeInstalledWowKey": {
      "FullPath": "SOFTWARE\\WOW6432Node\\McAfee\\MSC\\AppInfo\\Substitute\\QueryParams",
      "IfExists": true
    },
    "MDE4WSLPluginReleaseRing": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Microsoft Defender for Endpoint plug-in for WSL",
      "ValueName": "ReleaseRing",
      "RegValueType": "REG_SZ"
    },
    "MDEWSLPluginReleaseRing": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "Software\\Microsoft\\Windows\\CurrentVersion\\Lxss\\Plugins\\DefenderPlug-in",
      "ValueName": "ReleaseRing",
      "RegValueType": "REG_SZ"
    },
    "Migrated_GatedFeature_NI22H2": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags\\MigratedMarkers\\TargetVersionUpgradeExperienceIndicators\\NI22H2",
      "ValueName": "GatedFeatureSingleString",
      "RegValueType": "REG_SZ"
    },
    "Migrated_GatedFeature_NI22H2Setup": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags\\MigratedMarkers\\TargetVersionUpgradeExperienceIndicators\\NI22H2Setup",
      "ValueName": "GatedFeatureSingleString",
      "RegValueType": "REG_SZ"
    },
    "MSRT_NO_AU": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Policies\\Microsoft\\MRT",
      "ValueName": "DontOfferThroughWUAU",
      "RegValueType": "REG_DWORD"
    },
    "MTPTargetingInfo": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SYSTEM\\Platform\\MTPTargetingInfo",
      "ValueName": "TargetRing"
    },
    "NonSecurityUpdate": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Policies\\Microsoft\\Windows\\WindowsUpdate",
      "ValueName": "NonSecurityRelease",
      "RegValueType": "REG_DWORD"
    },
    "NPU_DeviceId": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SYSTEM\\CurrentControlSet\\Control\\Class\\{f01a9d53-3ff6-48d2-9f97-c8a7004be10c}\\0000",
      "ValueName": "MatchingDeviceId",
      "RegValueType": "REG_SZ"
    },
    "NPUEnabledDevice": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows Media Foundation\\FrameServer\\WindowsCameraEffects",
      "ValueName": "EffectsCameraAvailable",
      "RegValueType": "REG_DWORD"
    },
    "OEMMode": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Office\\16.0\\Common\\OEM",
      "ValueName": "OOBEMode",
      "RegValueType": "REG_SZ"
    },
    "OEMModelBaseBoard": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "HARDWARE\\DESCRIPTION\\System\\BIOS",
      "ValueName": "BaseBoardProduct",
      "RegValueType": "REG_SZ"
    },
    "OemPartnerRing": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SYSTEM\\Platform\\DeviceTargetingInfo",
      "ValueName": "TargetRing",
      "RegValueType": "REG_SZ"
    },
    "OEMSubModel": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "HARDWARE\\DESCRIPTION\\System\\BIOS",
      "ValueName": "SystemSKU",
      "RegValueType": "REG_SZ"
    },
    "OobeNdupAcceptedTarget": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\OOBE\\NDUP\\Updates",
      "ValueName": "Target",
      "RegValueType": "REG_SZ"
    },
    "OobeNdupFU22621CommitChoice": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\NDUP\\Updates\\FeatureUpdate_22621",
      "ValueName": "CommitChoice",
      "RegValueType": "REG_DWORD"
    },
    "OobeNdupFUTarget": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\NDUP\\Updates\\FeatureUpdate_22631",
      "ValueName": "Target",
      "RegValueType": "REG_SZ"
    },
    "OobeSeeker": {
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\OOBE\\Updates",
      "ValueName": "OOBEUpdateStarted"
    },
    "OSDataDriverPartnerRing": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "OSData\\SOFTWARE\\Microsoft\\DriverFlighting\\Partner",
      "ValueName": "TargetRing",
      "RegValueType": "REG_SZ"
    },
    "OSRollbackBuild": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WindowsUpdate\\OSUpgrade\\Rollback",
      "ValueName": "BuildString",
      "RegValueType": "REG_SZ"
    },
    "OSRollbackCount": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WindowsUpdate\\OSUpgrade\\Rollback",
      "ValueName": "Count",
      "RegValueType": "REG_DWORD"
    },
    "OSRollbackDate": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WindowsUpdate\\OSUpgrade\\Rollback",
      "ValueName": "DateStamp",
      "RegValueType": "REG_DWORD"
    },
    "PandaInstalledKey": {
      "FullPath": "SOFTWARE\\Panda Software\\Setup",
      "IfExists": true
    },
    "PandaInstalledWowKey": {
      "FullPath": "SOFTWARE\\WOW6432Node\\Panda Software\\Setup",
      "IfExists": true
    },
    "PausedFeatureStatus": {
      "FullPath": "SOFTWARE\\Microsoft\\WindowsUpdate\\UpdatePolicy\\Settings",
      "ValueName": "PausedFeatureStatus"
    },
    "PausedQualityStatus": {
      "FullPath": "SOFTWARE\\Microsoft\\WindowsUpdate\\UpdatePolicy\\Settings",
      "ValueName": "PausedQualityStatus"
    },
    "PlayFabPartyRelay": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\PlayFabPartyRelay",
      "IfExists": true
    },
    "PonchAllow": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\QualityCompat",
      "ValueName": "cadca5fe-87d3-4b96-b7fb-a231484277cc",
      "RegValueType": "REG_DWORD"
    },
    "PonchAllowKey": {
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\QualityCompat\\cadca5fe-87d3-4b96-b7fb-a231484277cc",
      "IfExists": true
    },
    "PonchAllowWow": {
      "FullPath": "SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\QualityCompat",
      "ValueName": "cadca5fe-87d3-4b96-b7fb-a231484277cc"
    },
    "PonchAllowWowKey": {
      "FullPath": "SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\QualityCompat\\cadca5fe-87d3-4b96-b7fb-a231484277cc",
      "IfExists": true
    },
    "PonchBlock": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\QualityCompat",
      "ValueName": "65d75b03-6f4d-46e9-b870-517731e06cf9",
      "RegValueType": "REG_DWORD"
    },
    "PreviewBuildsManagerEnabled": {
      "FullPath": "SOFTWARE\\Microsoft\\WindowsSelfhost\\Manager",
      "ValueName": "ArePreviewBuildsAllowed"
    },
    "ProductType": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SYSTEM\\CurrentControlSet\\Control\\ProductOptions",
      "ValueName": "ProductType"
    },
    "PSAKyoceraMissingDEH": {
      "HKey": "HKEY_CLASSES_ROOT",
      "FullPath": "Extensions\\ContractId\\Windows.PrintSupportExtension\\PackageId\\A97ECD55.KYOCERAPrintCenter_4.1.11108.0_x64__kqmhh0ktdt7dg",
      "IfExists": true
    },
    "PSATATriumphMissingDEH": {
      "HKey": "HKEY_CLASSES_ROOT",
      "FullPath": "Extensions\\ContractId\\Windows.PrintSupportExtension\\PackageId\\TATriumph-AdlerGmbH.TAUTAXPrintCenter_4.1.11108.0_x64__h5e8vsnevp54y",
      "IfExists": true
    },
    "PSAXeroxMissingDEH": {
      "HKey": "HKEY_CLASSES_ROOT",
      "FullPath": "Extensions\\ContractId\\Windows.PrintSupportExtension\\PackageId\\XeroxCorp.PrintExperience_8.29.32.0_x64__f7egpvdyrs2a8",
      "IfExists": true
    },
    "QihooInstalledKey": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\360TotalSecurity",
      "IfExists": true
    },
    "QUDeadline": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Policies\\Microsoft\\Windows\\WindowsUpdate",
      "ValueName": "ConfigureDeadlineForQualityUpdates",
      "RegValueType": "REG_DWORD"
    },
    "QUDeadlineMDM": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\PolicyManager\\current\\device\\Update",
      "ValueName": "ConfigureDeadlineForQualityUpdates",
      "RegValueType": "REG_DWORD"
    },
    "QuickhealInstalledKey1": {
      "FullPath": "SYSTEM\\CurrentControlSet\\Servicescatflt",
      "IfExists": true
    },
    "QuickhealInstalledKey2": {
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\App Paths\\scanner.exe",
      "IfExists": true
    },
    "RecoveredFromBuild": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "Software\\Microsoft\\WindowsSelfHost\\Applicability\\RecoveredFrom",
      "ValueName": "LastBuild",
      "RegValueType": "REG_DWORD"
    },
    "RecoveredOnDate": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "Software\\Microsoft\\WindowsSelfHost\\Applicability\\RecoveredFrom",
      "ValueName": "DateStamp",
      "RegValueType": "REG_DWORD"
    },
    "ReleaseType": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Update\\TargetingInfo",
      "ValueName": "ReleaseType",
      "RegValueType": "REG_SZ"
    },
    "RobloxPlayer": {
      "HKey": "HKEY_CLASSES_ROOT",
      "FullPath": "roblox-player",
      "RegValueType": "REG_SZ",
      "IfExists": true
    },
    "RobloxStudio": {
      "HKey": "HKEY_CLASSES_ROOT",
      "FullPath": "roblox-studio",
      "RegValueType": "REG_SZ",
      "IfExists": true
    },
    "SetupDisplayedEulaVersion": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\OOBE\\",
      "ValueName": "SetupDisplayedEulaVersion",
      "RegValueType": "REG_DWORD"
    },
    "SH_SIPolicyCleanup": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\PPI\\Settings",
      "ValueName": "SIPolicyCleanup",
      "RegValueType": "REG_DWORD"
    },
    "SmartActiveHoursState": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\WindowsUpdate\\UX\\Settings",
      "ValueName": "SmartActiveHoursState",
      "RegValueType": "REG_DWORD"
    },
    "SophosInstalledKey1": {
      "FullPath": "SYSTEM\\CurrentControlSet\\Services\\SAVService",
      "IfExists": true
    },
    "SophosInstalledKey2": {
      "FullPath": "SYSTEM\\CurrentControlSet\\Services\\hmpalertsvc",
      "IfExists": true
    },
    "StayOnWindows10Timestamp": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\WindowsUpdate\\UX\\Settings",
      "ValueName": "SvOfferDeclined",
      "RegValueType": "REG_QWORD"
    },
    "Steam": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Classes\\Steam",
      "ValueName": "",
      "RegValueType": "REG_SZ"
    },
    "StrictHiveSecurityReg": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\*",
      "ValueName": "StrictHiveSecuritySet"
    },
    "SymantecInstalledKey": {
      "FullPath": "SOFTWARE\\Norton\\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}",
      "IfExists": true
    },
    "SymantecInstalledWowKey": {
      "FullPath": "SOFTWARE\\WOW6432Node\\Norton\\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}",
      "IfExists": true
    },
    "SystemGuard_Enabled": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SYSTEM\\CurrentControlSet\\Control\\DeviceGuard\\Scenarios\\SystemGuard",
      "ValueName": "Enabled",
      "RegValueType": "REG_DWORD"
    },
    "SystemManufacturer": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SYSTEM\\CurrentControlSet\\Control\\SystemInformation",
      "ValueName": "SystemManufacturer",
      "RegValueType": "REG_SZ"
    },
    "SystemProductName": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SYSTEM\\CurrentControlSet\\Control\\SystemInformation",
      "ValueName": "SystemProductName",
      "RegValueType": "REG_SZ"
    },
    "TargetReleaseVersionGP": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Policies\\Microsoft\\Windows\\WindowsUpdate",
      "ValueName": "TargetReleaseVersionInfo",
      "RegValueType": "REG_SZ"
    },
    "TargetReleaseVersionMDM": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\PolicyManager\\current\\device\\Update",
      "ValueName": "TargetReleaseVersion",
      "RegValueType": "REG_SZ"
    },
    "TenantId": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SYSTEM\\CurrentControlSet\\Control\\CloudDomainJoin\\JoinInfo\\*",
      "ValueName": "TenantId"
    },
    "TencentInstalledKey": {
      "FullPath": "SOFTWARE\\Tencent\\QQPCMgr",
      "IfExists": true
    },
    "TencentInstalledWowKey": {
      "FullPath": "SOFTWARE\\WOW6432Node\\Tencent\\QQPCMgr",
      "IfExists": true
    },
    "TencentReg": {
      "FullPath": "SYSTEM\\CurrentControlSet\\services\\TesSafe",
      "ValueName": "LoadStartTime"
    },
    "TencentType": {
      "FullPath": "SYSTEM\\CurrentControlSet\\services\\TesSafe",
      "ValueName": "Type"
    },
    "TestAllowedIDFlags": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\OOBE\\TestHooks",
      "ValueName": "TestAllowedIDFlags",
      "RegValueType": "REG_DWORD"
    },
    "TestRN": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Wosc\\Client\\Persistent\\ClientState\\FCON",
      "ValueName": "TestRing"
    },
    "ThreatTrackInstalledKey": {
      "FullPath": "SOFTWARE\\SBAMSvc",
      "IfExists": true
    },
    "ThreatTrackInstalledWowKey": {
      "FullPath": "SOFTWARE\\WOW6432Node\\SBAMSvc",
      "IfExists": true
    },
    "TimestampEpochString_CO21H2RegFb": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags\\TargetVersionUpgradeExperienceIndicators\\CO21H2",
      "ValueName": "TimestampEpochString",
      "RegValueType": "REG_SZ"
    },
    "TrendInstalledKey": {
      "FullPath": "SOFTWARE\\TrendMicro",
      "IfExists": true
    },
    "TrendInstalledWowKey": {
      "FullPath": "SOFTWARE\\WOW6432Node\\TrendMicro",
      "IfExists": true
    },
    "UHSEnrolled": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion",
      "ValueName": "UHSEnrolled",
      "RegValueType": "REG_SZ",
      "IfExists": true
    },
    "UninstallActive": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "System\\Setup",
      "ValueName": "UninstallActive",
      "RegValueType": "REG_DWORD"
    },
    "UpdateOfferedDays": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WaaSAssessment\\Cache\\",
      "ValueName": "UpToDateDays",
      "RegValueType": "REG_DWORD"
    },
    "UpdatePreference": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Policies\\Microsoft\\Windows\\WindowsUpdate",
      "ValueName": "UpdatePreference",
      "RegValueType": "REG_DWORD"
    },
    "UpgEx_CO21H2RegFb": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags\\TargetVersionUpgradeExperienceIndicators\\CO21H2",
      "ValueName": "UpgEx",
      "RegValueType": "REG_SZ"
    },
    "UpgradeAccepted": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\OOBE\\Updates\\",
      "ValueName": "UpgradeAccepted",
      "RegValueType": "REG_DWORD",
      "IfExists": true
    },
    "UpgradeEligible": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion",
      "ValueName": "UpgradeEligible",
      "RegValueType": "REG_DWORD"
    },
    "UserInPlaceUpgrade": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\\\Windows\\\\CurrentVersion",
      "ValueName": "UserInPlaceUpgrade",
      "RegValueType": "REG_DWORD"
    },
    "UsoScanMitigation": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WindowsUpdate\\Orchestrator\\Mitigation\\",
      "ValueName": "UsoScanNotStartingMitigationCompleted",
      "RegValueType": "REG_DWORD",
      "IfExists": true
    },
    "UtcDataHandlingPolicies": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Diagnostics\\DiagTrack",
      "ValueName": "UtcDataHandlingPolicies",
      "RegValueType": "REG_QWORD"
    },
    "UUSVersion": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WindowsUpdate\\Orchestrator",
      "ValueName": "LastRunVersion",
      "RegValueType": "REG_SZ"
    },
    "WAS_NetFxEnvironment": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Component Based Servicing\\Notifications\\OptionalFeatures\\WAS-NetFxEnvironment",
      "ValueName": "Selection",
      "RegValueType": "REG_DWORD"
    },
    "WCFHTTPActivationNotificationState": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Component Based Servicing\\\\Notifications\\\\OptionalFeatures\\\\WCF-HTTP-Activation",
      "ValueName": "Selection",
      "RegValueType": "REG_DWORD"
    },
    "WCFNonHTTPActivationNotificationState": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Component Based Servicing\\\\Notifications\\\\OptionalFeatures\\\\WCF-NonHTTP-Activation",
      "ValueName": "Selection",
      "RegValueType": "REG_DWORD"
    },
    "WebExperience": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\EdgeUpdate\\Clients\\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}",
      "IfExists": true
    },
    "WebExperienceWow": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\WOW6432Node\\Microsoft\\EdgeUpdate\\Clients\\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}",
      "IfExists": true
    },
    "WebrootInstalledKey": {
      "FullPath": "SOFTWARE\\WRData",
      "IfExists": true
    },
    "WebrootInstalledWowKey": {
      "FullPath": "SOFTWARE\\WOW6432Node\\WRData",
      "IfExists": true
    },
    "Win10ConsumerESUStatus": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\SoftwareProtectionPlatform\\ESU",
      "ValueName": "Win10ConsumerESUStatus",
      "RegValueType": "REG_DWORD"
    },
    "Win11UpgradeAcceptedTimestamp": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\WindowsUpdate\\UX\\Settings",
      "ValueName": "SvOfferAccepted",
      "RegValueType": "REG_QWORD"
    },
    "Win11UpgradeAcceptedWUSeeker": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\WindowsUpdate\\UX\\Settings",
      "ValueName": "SvOfferAccepted",
      "RegValueType": "REG_QWORD",
      "IfExists": true
    },
    "WindowsAccountSyncConsentApplicable": {
      "HKey": "HKEY_CURRENT_USER",
      "FullPath": "Software\\Microsoft\\Windows\\CurrentVersion\\UnifiedConsent\\DEFAULTACCOUNT\\WINDOWSACCOUNTSYNCCONSENT",
      "ValueName": "isApplicable",
      "RegValueType": "REG_DWORD"
    },
    "WindowsAccountSyncConsentPromptAllowed": {
      "HKey": "HKEY_CURRENT_USER",
      "FullPath": "Software\\Microsoft\\Windows\\CurrentVersion\\UnifiedConsent\\DEFAULTACCOUNT\\WINDOWSACCOUNTSYNCCONSENT",
      "ValueName": "isSystemInitiatedPromptAllowed",
      "RegValueType": "REG_DWORD"
    },
    "WindowsAccountSyncConsentState": {
      "HKey": "HKEY_CURRENT_USER",
      "FullPath": "Software\\Microsoft\\Windows\\CurrentVersion\\UnifiedConsent\\DEFAULTACCOUNT\\WINDOWSACCOUNTSYNCCONSENT\\DATASHARING",
      "ValueName": "isConsentAccepted",
      "RegValueType": "REG_DWORD"
    },
    "WindowsMixedReality": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\WUDF\\Services\\HoloLensSensors",
      "ValueName": "WdfMajorVersion",
      "RegValueType": "REG_DWORD"
    },
    "WOSCEndpointsSupported": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Wosc\\Client\\Persistent",
      "ValueName": "EndpointsSupported",
      "RegValueType": "REG_SZ"
    },
    "WSX_Runtime": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSX\\WSXPacks\\CTAC",
      "ValueName": "ExperienceExtensions",
      "RegValueType": "REG_SZ"
    },
    "WSX_Windows_AccountControl": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSX\\WSXPacks\\CTAC",
      "ValueName": "Windows.AccountControl",
      "RegValueType": "REG_SZ"
    },
    "WSX_Windows_AppSample": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSX\\WSXPacks\\CTAC",
      "ValueName": "Windows.AppSample",
      "RegValueType": "REG_SZ"
    },
    "WSX_Windows_Settings_Account": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSX\\WSXPacks\\CTAC",
      "ValueName": "Windows.Settings.Account",
      "RegValueType": "REG_SZ"
    },
    "WSX_Windows_Shell_Start": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSX\\WSXPacks\\CTAC",
      "ValueName": "Windows.Shell.StartMenu",
      "RegValueType": "REG_SZ"
    }
  },
  "UpdatePolicy": {
    "AdminOptedIntoRebootlessUpdates": {
      "PolicyEnum": 59,
      "Enterprise": true
    },
    "AllowOptionalContent": {
      "PolicyEnum": 58,
      "Enterprise": true
    },
    "BranchReadinessLevel": {
      "PolicyEnum": 5,
      "Enterprise": true
    },
    "BranchReadinessLevelSource": {
      "PolicyEnum": 5,
      "Enterprise": true,
      "UseSource": true
    },
    "DeferFeatureUpdatePeriodInDays": {
      "PolicyEnum": 9,
      "Enterprise": true
    },
    "DeferQualityUpdatePeriodInDays": {
      "PolicyEnum": 7,
      "Enterprise": true
    },
    "DisableDualScan": {
      "PolicyEnum": 42,
      "Enterprise": true
    },
    "EnableWUfBUpgradeGates": {
      "PolicyEnum": 51,
      "Enterprise": true
    },
    "TargetProductVersion": {
      "PolicyEnum": 53,
      "Enterprise": true
    },
    "TargetReleaseVersion": {
      "PolicyEnum": 50,
      "Enterprise": true
    },
    "UpdateServiceUrl": {
      "PolicyEnum": 12
    },
    "WUfBClientManaged": {
      "PolicyEnum": 32,
      "Enterprise": true
    }
  },
  "FileInfo": {
    "AvastVer": {
      "Path": "\\system32\\Drivers\\aswVmm.sys",
      "FolderGuid": "{F38BF404-1D43-42F2-9305-67DE0B28FC23}"
    },
    "AvgVer": {
      "Path": "\\system32\\Drivers\\avgVmm.sys",
      "FolderGuid": "{F38BF404-1D43-42F2-9305-67DE0B28FC23}"
    },
    "BullguardInstalledVer": {
      "Path": "\\BullGuard Ltd\\BullGuard\\BullGuard.exe",
      "IfExists": true,
      "FolderGuid": "{905E63B6-C1BF-494E-B29C-65B732D3D21A}"
    },
    "CortanaAppVer": {
      "Path": "\\WindowsApps\\Microsoft.549981C3F5F10_8wekyb3d8bbwe\\CortanaApp.View.exe",
      "FolderGuid": "{905E63B6-C1BF-494E-B29C-65B732D3D21A}"
    },
    "CortanaAppVerTest": {
      "Path": "\\WindowsApps\\3242f7d9-db60-4380-a379-4205ea768bfc_1.0.0.0_x64__zs4v8rx04ex0m\\UndockingTestApp.exe",
      "FolderGuid": "{905E63B6-C1BF-494E-B29C-65B732D3D21A}"
    },
    "CrowdStrikeInstalledVer": {
      "Path": "drivers\\CrowdStrike\\CSAgent.sys",
      "IfExists": true,
      "FolderGuid": "{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}"
    },
    "DmdHpControlPackageEnUs": {
      "Path": "%PROGRAMDATA%\\Microsoft\\Windows\\DeviceMetadataCache\\dmrccache\\en-US\\d3a162c7-a388-4099-b63d-265639514cc0\\PackageInfo.xml",
      "IfExists": true
    },
    "DmdHpControlPackageMultiloc": {
      "Path": "%PROGRAMDATA%\\Microsoft\\Windows\\DeviceMetadataCache\\dmrccache\\multiloc\\d3a162c7-a388-4099-b63d-265639514cc0\\PackageInfo.xml",
      "IfExists": true
    },
    "DmdHpControlPackageTr": {
      "Path": "%PROGRAMDATA%\\Microsoft\\Windows\\DeviceMetadataCache\\dmrccache\\tr\\d3a162c7-a388-4099-b63d-265639514cc0\\PackageInfo.xml",
      "IfExists": true
    },
    "EsetVer": {
      "Path": "\\drivers\\ehdrv.sys",
      "FolderGuid": "{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}"
    },
    "FileExistsMscoreeDll": {
      "Path": "%windir%\\\\system32\\\\mscoree.dll",
      "IfExists": true
    },
    "GDataInstalledVer": {
      "Path": "\\drivers\\MiniIcpt.sys",
      "IfExists": true,
      "FolderGuid": "{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}"
    },
    "HidparseDriversVer": {
      "Path": "%windir%\\system32\\drivers\\hidparse.sys"
    },
    "HidparseSystem32Ver": {
      "Path": "%windir%\\system32"
    },
    "HidparseSystem32Ver1": {
      "Path": "%windir%\\system32\\hidparse.sys"
    },
    "IsNotepadExePresent": {
      "Path": "%windir%\\system32\\notepad.exe",
      "IfExists": true
    },
    "K7InstalledVer": {
      "Path": "\\K7 Computing",
      "IfExists": true,
      "FolderGuid": "{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}"
    },
    "KasperskyVer": {
      "Path": "\\system32\\Drivers\\klhk.sys",
      "FolderGuid": "{F38BF404-1D43-42F2-9305-67DE0B28FC23}"
    },
    "OnnxruntimeVer": {
      "Path": "%windir%\\\\system32\\\\onnxruntime.dll"
    },
    "PandaInstalledVer": {
      "Path": "\\Panda Security",
      "IfExists": true,
      "FolderGuid": "{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}"
    },
    "SkypeRoomSystem": {
      "Path": "%systemdrive%\\Recovery\\OEM\\$oem$\\$1\\Rigel\\x64\\Scripts\\Provisioning\\AutoUnattend.xml",
      "IfExists": true
    },
    "SymantecVer": {
      "Path": "\\Symantec\\Shared\\EENGINE\\eeCtrl.sys",
      "FolderGuid": "{DE974D24-D9C6-4D3E-BF91-F4455120B917}"
    },
    "SymantecVer64": {
      "Path": "\\Symantec\\Shared\\EENGINE\\eeCtrl64.sys",
      "FolderGuid": "{DE974D24-D9C6-4D3E-BF91-F4455120B917}"
    },
    "TobiiVer": {
      "Path": "\\Tobii\\Tobii EyeX Interaction\\Tobii.EyeX.Interaction.exe",
      "FolderGuid": "{905E63B6-C1BF-494E-B29C-65B732D3D21A}"
    },
    "TobiiVer1x86": {
      "Path": "\\Tobii\\tobii EyeX Interaction\\Tobii.EyeX.Interaction.exe",
      "FolderGuid": "{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}"
    },
    "TobiiVerx86": {
      "Path": "\\tobii EyeX Interaction\\Tobii.EyeX.Interaction.exe",
      "FolderGuid": "{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}"
    },
    "TrendInstalledVer": {
      "Path": "\\Trend Micro\\Titanium\\plugin\\plugVizor.dll",
      "IfExists": true,
      "FolderGuid": "{905E63B6-C1BF-494E-B29C-65B732D3D21A}"
    },
    "TrendMicroVer": {
      "Path": "\\drivers\\TMUMH.sys",
      "FolderGuid": "{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}"
    },
    "UCPDVer": {
      "Path": "\\drivers\\UCPD.sys",
      "FolderGuid": "{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}"
    },
    "WASDK_1_2_ARM": {
      "Path": "%programfiles%\\WindowsApps\\Microsoft.WindowsAppRuntime.1.6_6000.311.13.0_arm__8wekyb3d8bbwe\\WindowsAppRuntime.DeploymentExtensions.OneCore.dll",
      "IfExists": true
    },
    "WASDK_1_2_ARM64": {
      "Path": "%programfiles%\\WindowsApps\\Microsoft.WindowsAppRuntime.1.6_6000.311.13.0_arm64__8wekyb3d8bbwe\\WindowsAppRuntime.DeploymentExtensions.OneCore.dll",
      "IfExists": true
    },
    "WASDK_1_2_DLL": {
      "Path": "%programfiles%\\WindowsApps\\Microsoft.WindowsAppRuntime.1.6_6000.311.13.0_x64__8wekyb3d8bbwe\\WindowsAppRuntime.DeploymentExtensions.OneCore.dll",
      "IfExists": true
    },
    "WASDK_1_2_X86": {
      "Path": "%programfiles%\\WindowsApps\\Microsoft.WindowsAppRuntime.1.6_6000.311.13.0_x86__8wekyb3d8bbwe\\WindowsAppRuntime.DeploymentExtensions.OneCore.dll",
      "IfExists": true
    },
    "WuClientVer": {
      "Path": "\\system32\\wuaueng.dll",
      "FolderGuid": "{F38BF404-1D43-42F2-9305-67DE0B28FC23}"
    },
    "XamlCbsActivationStore": {
      "Path": "%ProgramData%\\\\Microsoft\\\\Windows\\\\AppRepository\\\\Packages\\\\Microsoft.UI.Xaml.CBS_8.2205.4001.0_x64__8wekyb3d8bbwe\\\\ActivationStore.dat",
      "IfExists": true
    },
    "XamlCbsActivationStoreArm64": {
      "Path": "%ProgramData%\\\\Microsoft\\\\Windows\\\\AppRepository\\\\Packages\\\\Microsoft.UI.Xaml.CBS_8.2205.4001.0_arm64__8wekyb3d8bbwe\\\\ActivationStore.dat",
      "IfExists": true
    }
  },
  "Licensing": {
    "UpdateManagementGroup": {
      "Name": "UpdatePolicy-UpdateManagementGroup"
    }
  },
  "Policy": {
    "DesiredOcpVersion": {
      "LocUri": "./Device/Vendor/MSFT/DeviceUpdateCenter/DesiredUpdates/OcpVersion/"
    },
    "DesiredOsVersion": {
      "LocUri": "./Device/Vendor/MSFT/DeviceUpdateCenter/DesiredUpdates/OsVersion"
    },
    "DesiredSystemManifestVersion": {
      "LocUri": "./Device/Vendor/MSFT/DeviceUpdateCenter/DesiredUpdates/SystemManifestVersion"
    },
    "DucCustomPackageId": {
      "LocUri": "./Device/Vendor/MSFT/DeviceUpdateCenter/Enrollment/CustomPackageId"
    },
    "DucDeviceModelId": {
      "LocUri": "./Device/Vendor/MSFT/DeviceUpdateCenter/Enrollment/DeviceModelId"
    },
    "DucOemPartnerRing": {
      "LocUri": "./Device/Vendor/MSFT/DeviceUpdateCenter/Enrollment/OemPartnerRing"
    },
    "DucPublisherId": {
      "LocUri": "./Device/Vendor/MSFT/DeviceUpdateCenter/Enrollment/PublisherId"
    },
    "SetPolicyDrivenUpdateSourceForFeatureUpdates": {
      "LocUri": "./Device/Vendor/MSFT/Policy/Config/Update/SetPolicyDrivenUpdateSourceForFeatureUpdates"
    },
    "WSUSconfigured_csp": {
      "LocUri": "./Device/Vendor/MSFT/Policy/Config/Update/UpdateServiceUrl"
    }
  },
  "AppInfo": {
    "AIFabricCBSStableVer": {
      "Name": "Microsoft.WindowsAppRuntime.CBS.1.6"
    },
    "WidgetsAppVer": {
      "Name": "MicrosoftWindows.Client.WebExperience"
    }
  },
  "WMI": {
    "ElanFingerprintDriverVersion": {
      "Query": "SELECT DriverVersion, Manufacturer FROM Win32_PnPSignedDriver WHERE Manufacturer = 'ELAN'",
      "Name": "DriverVersion",
      "Timeout": 2000
    },
    "FirstStorageSpaceDeviceId": {
      "Query": "SELECT DeviceID FROM Win32_DiskDrive WHERE Model = 'Microsoft Storage Space Device'",
      "Name": "DeviceID",
      "Timeout": 2000
    },

Bernd Brot · 27.05.2025, 07:08

Teil 2

Code:

ATTFilter

    "IIS_ASPNET_WMI": {
      "Query": "SELECT * FROM Win32_OptionalFeature WHERE name = 'IIS-ASPNET'",
      "Name": "InstallState",
      "Timeout": 2000
    },
    "IIS_NetFxExtensibility_WMI": {
      "Query": "SELECT * FROM Win32_OptionalFeature WHERE name = 'IIS-NetFxExtensibility'",
      "Name": "InstallState",
      "Timeout": 2000
    },
    "NetFx3State": {
      "Query": "SELECT * FROM Win32_OptionalFeature WHERE name = 'NetFX3'",
      "Name": "InstallState",
      "Timeout": 2000
    },
    "PSAKyoceraInstalledName": {
      "Query": "SELECT Name, ProgramId FROM Win32_InstalledStoreProgram WHERE ProgramId = 'A97ECD55.KYOCERAPrintCenter_4.1.11108.0_x64__kqmhh0ktdt7dg'",
      "Name": "Name",
      "Timeout": 2000
    },
    "PSATATriumphInstalledName": {
      "Query": "SELECT Name, ProgramId FROM Win32_InstalledStoreProgram WHERE ProgramId = 'TATriumph-AdlerGmbH.TAUTAXPrintCenter_4.1.11108.0_x64__h5e8vsnevp54y'",
      "Name": "Name",
      "Timeout": 2000
    },
    "WAS_NetFxEnvironment_WMI": {
      "Query": "SELECT * FROM Win32_OptionalFeature WHERE name = 'WAS-NetFxEnvironment'",
      "Name": "InstallState",
      "Timeout": 2000
    },
    "WCFHTTPActivationState": {
      "Query": "SELECT * FROM Win32_OptionalFeature WHERE name = 'WCF-HTTP-Activation'",
      "Name": "InstallState",
      "Timeout": 2000
    },
    "WCFNonHTTPActivationState": {
      "Query": "SELECT * FROM Win32_OptionalFeature WHERE name = 'WCF-NonHTTP-Activation'",
      "Name": "InstallState",
      "Timeout": 2000
    },
    "XeroxPsaInstalledName": {
      "Query": "SELECT Name, ProgramId FROM Win32_InstalledStoreProgram WHERE ProgramId = 'XeroxCorp.PrintExperience_8.29.32.0_x64__f7egpvdyrs2a8'",
      "Name": "Name",
      "Timeout": 2000
    }
  },
  "RegionPolicy": {
    "IsCampaignEdgePromotionEnabled": {
      "ForceEvaluate": false,
      "PolicyGUID": "{2BF706DE-6DBB-4692-B7EF-84D80C47E927}"
    },
    "IsCampaignSegmentTargetingEnabled": {
      "ForceEvaluate": false,
      "PolicyGUID": "{36996754-E327-483A-902F-523E2BA03239}"
    }
  }
}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsSelfHost\OneSettings]
"TargetingAttributesVerified"="{
  "Version": 311,
  "SchemaVersion": 1,
  "PartA": [
    "App",
    "AppVer",
    "AttrDataVer"
  ],
  "Default": [
    "DeviceFamily",
    "f:FlightRing",
    "t:OSVersionFull"
  ],
  "PartB": {
    "ACSOVERRIDE": [
      "OSArchitecture",
      "c:IsAlwaysOnAlwaysConnectedCapable"
    ],
    "APPTARGETEDFEATUREDB": [
      "c:FlightingBranchName",
      "f:FlightRing",
      "t:OSVersionFull",
      "DeviceFamily"
    ],
    "CASSCLIENT": [
      "OSVersion",
      "c:OSEdition",
      "f:FlightRing",
      "c:OSUILocale",
      "f:FlightingBranchName",
      "r:OEMMode"
    ],
    "CDM": [
      "ChassisTypeId",
      "r:CurrentBranch",
      "DeviceFamily",
      "f:FlightingBranchName",
      "f:FlightRing",
      "c:InstallLanguage",
      "c:IsDomainJoined",
      "t:IsTestLab",
      "OEMModel",
      "OSArchitecture",
      "OSVersion",
      "t:OSSkuId",
      "c:ProcessorIdentifier",
      "c:TelemetryLevel",
      "t:IsMsftOwned",
      "t:WCOSProductId",
      "c:OSUILocale",
      "c:CommercialId",
      "c:ActivationChannel",
      "c:SCCMClientId",
      "c:IsCloudDomainJoined",
      "r:WebExperience",
      "FX_FlightIds",
      "AccountFirstChar",
      "r:WSX_Windows_Settings_Account",
      "r:InstallDate",
      "r:WSX_Runtime",
      "r:DefaultUserRegion",
      "a:GatedFeature_NI22H2",
      "r:WSX_Windows_Shell_Start",
      "a:GatedFeature_CU23H2",
      "r:ExpStates",
      "MX_FlightIds",
      "r:CIOptin",
      "c:ProcessorCores",
      "c:TotalPhysicalRAM",
      "r:TestRN",
      "u:UpdateServiceUrl",
      "u:WUfBClientManaged",
      "r:UUSVersion",
      "DL_OSVersion",
      "r:ExpPkgs",
      "u:AllowOptionalContent",
      "n:IsMicrosoftAAD",
      "q:WidgetsAppVer",
      "c:IsDeviceRetailDemo",
      "r:IsFSOverlay",
      "a:SdbVer_NI22H2",
      "r:EdgeStableVersion",
      "r:Migrated_GatedFeature_NI22H2Setup",
      "a:SdbVer_21H2",
      "a:GatedFeature_21H2",
      "CX_FlightIds",
      "r:UtcDataHandlingPolicies",
      "v:SkypeRoomSystem",
      "r:BypassNRO",
      "c:IsVirtualDevice",
      "s:IsA9CapablePC",
      "a:SdbVer_GE24H2",
      "r:AgileBits1PasswordPluginAuthenticator"
    ],
    "CDM_OS": [
      "+CDM",
      "c:FlightIds"
    ],
    "COMPATLOGGER": [
      "osVer",
      "ring",
      "deviceId"
    ],
    "CONTENT_DELIVERY_MANAGER": [
      "c:OSEdition",
      "t:OSSkuId",
      "c:OSUILocale",
      "a:UpgEx_CO21H2",
      "a:GStatus_CO21H2",
      "a:DataExpDateEpoch_CO21H2",
      "a:TimestampEpochString_CO21H2",
      "r:AndroidUserOptinValue",
      "f:FlightingBranchName",
      "f:FlightRing",
      "r:CurrentBranch",
      "procm",
      "r:NPUEnabledDevice",
      "MX_FlightIds",
      "r:KnownFoldersBackupStatus",
      "c:IsDomainJoined",
      "iepe",
      "iste",
      "drgng",
      "r:WindowsAccountSyncConsentState",
      "r:WindowsAccountSyncConsentApplicable",
      "r:WindowsAccountSyncConsentPromptAllowed",
      "aipc",
      "ram",
      "prccn",
      "prccs",
      "prcmf",
      "ccr",
      "devfm",
      "W10ESU"
    ],
    "CORTANA_GATEKEEPER": [
      "r:CurrentBranch",
      "f:FlightRing",
      "f:IsRetailOS"
    ],
    "CORTANAUWP": [
      "c:OSUILocale",
      "t:OSVersionFull",
      "v:CortanaAppVer",
      "r:TestAllowedIDFlags"
    ],
    "CORTANAUWPTEST": [
      "+CORTANAUWP",
      "v:CortanaAppVerTest"
    ],
    "CTAC": [
      "+FSS",
      "r:FIDTSRan"
    ],
    "DBUPDATE": [
      "c:FirmwareVersion",
      "c:OEMModelBaseBoard",
      "OSArchitecture",
      "c:FirmwareManufacturer",
      "c:OEMModelNumber",
      "r:BaseBoardManufacturer",
      "c:OEMModelSKU",
      "c:OEMManufacturerName",
      "c:OEMName",
      "c:OEMModelBaseBoardVersion",
      "c:OEMModelSystemFamily",
      "c:OEMModelSystemVersion",
      "c:FirmwareReleaseDate"
    ],
    "DDC": [
      "+WU_STORE",
      "+_WU_PTI"
    ],
    "DXDB": [
      "DeviceFamily",
      "f:FlightRing",
      "r:IsHybridOrXGpu",
      "t:OSVersionFull",
      "OSVersion"
    ],
    "EDGE_SERVICEUI": [
      "t:LocalDeviceID",
      "t:LocalUserID"
    ],
    "FCON": [
      "+CDM"
    ],
    "FSS": [
      "r:PreviewBuildsManagerEnabled",
      "f:BranchReadinessLevelRaw",
      "u:BranchReadinessLevelSource",
      "r:BuildFID",
      "t:DeviceFamily",
      "DeviceId",
      "c:EnablePreviewBuilds",
      "f:FlightingPolicyValue",
      "f:IsRetailOS",
      "f:ManagePreviewBuilds",
      "OSVersionFull",
      "t:WCOSProductId",
      "r:SmartActiveHoursState",
      "r:ActiveHoursStart",
      "r:ActiveHoursEnd",
      "r:IsCHCapableBuild",
      "r:FSRing",
      "s:MaxShellVersion",
      "s:MinShellVersion",
      "c:TPMVersion",
      "c:SecureBootCapable",
      "c:ProcessorClockSpeed",
      "c:ProcessorCores",
      "c:TotalPhysicalRAM",
      "t:SMode",
      "c:SystemVolumeTotalCapacity",
      "c:OEMManufacturerName",
      "c:OEMModelNumber",
      "a:ISVM",
      "r:AllowUpgradesWithUnsupportedTPMOrCPU",
      "r:IntelPlatformId",
      "r:IsConfigMgrEnabled",
      "f:IsFlightingEnabled",
      "r:DeviceInfoGatherSuccessful",
      "c:IsVirtualDevice",
      "r:OemPartnerRing",
      "c:FlightingBranchName",
      "a:UpgEx_CO21H2",
      "a:UpgEx_NI22H2",
      "a:UpgEx_GE24H2",
      "sku",
      "r:AADTenantId",
      "r:FIDTSRan"
    ],
    "FXIRISCLIENT": [
      "+IRISCLIENT"
    ],
    "GS": [
      "t:OSSkuId",
      "t:OSVersionFull",
      "r:CurrentBranch",
      "r:DefaultUserRegion",
      "DeviceFamily",
      "c:FlightIds",
      "f:FlightingBranchName",
      "f:FlightRing",
      "c:IsCloudDomainJoined",
      "t:IsMsftOwned",
      "f:IsRetailOS",
      "c:OSUILocale",
      "c:IsDomainJoined"
    ],
    "IDSPCA": [
      "f:FlightRing",
      "f:IsFlightingEnabled",
      "f:FlightingBranchName",
      "f:IsRetailOS",
      "c:OSEdition",
      "c:IsDomainJoined",
      "c:OSUILocale",
      "n:IsMicrosoftAAD",
      "r:CurrentBranch",
      "t:IsMsftOwned",
      "t:IsTestLab",
      "t:DeviceFamily",
      "t:LocalDeviceID",
      "t:OSSkuId",
      "t:OSVersionFull",
      "IsVM",
      "OEMModel",
      "OSVersion",
      "r:EnableCloudManagedIDS",
      "c:AADDeviceId"
    ],
    "IRISCLIENT": [
      "+IRISCLIENTBASE",
      "c:FlightIds"
    ],
    "IRISCLIENTBASE": [
      "DeviceFamily",
      "OSVersion",
      "t:OSSkuId",
      "OSArchitecture",
      "c:TelemetryLevel",
      "f:FlightRing",
      "f:FlightingBranchName",
      "OEMModel",
      "c:OSUILocale",
      "c:OSEdition",
      "r:CurrentBranch",
      "t:WCOSProductId",
      "c:InstallationType",
      "r:InstallDate",
      "c:IsDeviceRetailDemo",
      "f:IsRetailOS",
      "prccs",
      "prccn",
      "prcmf",
      "ram",
      "c:D3DMaxFeatureLevel",
      "c:IsAlwaysOnAlwaysConnectedCapable",
      "t:SMode",
      "t:LocalUserID",
      "r:AndroidUserOptinValue",
      "procm",
      "MX_FlightIds",
      "a:UpgEx_CO21H2",
      "r:KnownFoldersBackupStatus",
      "c:OEMModelSystemFamily",
      "OEMName_Uncleaned",
      "r:IsSpotlightEnabledInOEMTheme",
      "r:IsSpotlightThemeEnabledByOEM",
      "r:WindowsAccountSyncConsentApplicable",
      "r:WindowsAccountSyncConsentState",
      "r:WindowsAccountSyncConsentPromptAllowed",
      "iepe",
      "iste",
      "drgng",
      "aipc",
      "oemname",
      "smbiosdm",
      "ccr",
      "devfm",
      "W10ESU",
      "c:IsCloudDomainJoined"
    ],
    "IRISCLIENTV2": [
      "+IRISCLIENTBASE",
      "IX_FlightIds"
    ],
    "MICROSOFT.WINDOWSFEEDBACKHUB_8WEKYB3D8BBWE": [
      "t:OSVersionFull",
      "t:IsTestLab",
      "f:FlightRing"
    ],
    "MITIGATION": [
      "t:DeviceFamily",
      "f:FlightRing",
      "c:IsDomainJoined",
      "t:IsMsftOwned",
      "f:IsRetailOS",
      "t:IsTestLab",
      "IsVM",
      "OEMModel",
      "c:OSEdition",
      "t:OSSkuId",
      "t:OSVersionFull",
      "c:OSUILocale",
      "t:SMode",
      "f:IsFlightingEnabled",
      "c:FirmwareVersion",
      "c:TelemetryLevel",
      "f:FlightingBranchName",
      "r:CurrentBranch",
      "OSVersion",
      "w:FirstStorageSpaceDeviceId",
      "r:IsCldFltSyncRoots",
      "c:OSInstallType",
      "v:IsNotepadExePresent",
      "r:StrictHiveSecurityReg",
      "a:GatedBlockId_21H1",
      "r:UpdateOfferedDays",
      "r:UsoScanMitigation",
      "r:GamingServicesInstalledKey",
      "v:FileExistsMscoreeDll",
      "w:NetFx3State",
      "r:WCFHTTPActivationNotificationState",
      "w:WCFHTTPActivationState",
      "r:WCFNonHTTPActivationNotificationState",
      "w:WCFNonHTTPActivationState",
      "r:DotNetMissingComponentsTroubleshooterSuccess",
      "r:IIS_ASPNET",
      "w:IIS_ASPNET_WMI",
      "r:IIS_NetFxExtensibility",
      "w:IIS_NetFxExtensibility_WMI",
      "r:WAS_NetFxEnvironment",
      "w:WAS_NetFxEnvironment_WMI",
      "v:XamlCbsActivationStore",
      "v:XamlCbsActivationStoreArm64",
      "v:OnnxruntimeVer",
      "w:ElanFingerprintDriverVersion",
      "r:AADBrokerPluginNotRegistered",
      "r:TenantId",
      "r:IppPrinterBadDefaultPdc",
      "r:FlightingOptOutState",
      "r:CloudFilesFilter",
      "r:PSAKyoceraMissingDEH",
      "r:PSATATriumphMissingDEH",
      "r:PSAXeroxMissingDEH",
      "w:PSAKyoceraInstalledName",
      "w:PSATATriumphInstalledName",
      "w:XeroxPsaInstalledName",
      "v:DmdHpControlPackageEnUs",
      "v:DmdHpControlPackageMultiloc",
      "v:DmdHpControlPackageTr",
      "v:WASDK_1_2_ARM",
      "v:WASDK_1_2_ARM64",
      "v:WASDK_1_2_DLL",
      "v:WASDK_1_2_X86",
      "r:FIDTSRan"
    ],
    "MLMOD": [
      "ChassisTypeId",
      "t:DeviceFamily",
      "f:FlightingBranchName",
      "f:FlightRing",
      "f:IsRetailOS",
      "t:OSSkuId",
      "t:OSVersionFull",
      "c:OSUILocale",
      "OSVersion",
      "c:TelemetryLevel",
      "r:CurrentBranch",
      "t:IsTestLab",
      "c:PrimaryDiskType",
      "FX_FlightIds"
    ],
    "MTP": [
      "+_WU_OS_CORE"
    ],
    "MUSE": [
      "+_WU_FB",
      "ChassisTypeId",
      "deviceClass",
      "deviceId",
      "c:FlightIds",
      "locale",
      "ms",
      "os",
      "osVer",
      "ring",
      "sampleId",
      "sku",
      "r:DaysSince19H1FUOffer",
      "u:DisableDualScan",
      "u:UpdateServiceUrl",
      "c:CommercialId",
      "f:FlightingBranchName",
      "c:SystemVolumeTotalCapacity",
      "c:IsAlwaysOnAlwaysConnectedCapable",
      "c:ProcessorCores",
      "c:PrimaryDiskType",
      "c:TotalPhysicalRAM",
      "c:ProcessorClockSpeed",
      "c:ProcessorIdentifier",
      "c:ProcessorModel",
      "c:ActivationChannel",
      "c:IsCloudDomainJoined",
      "c:isCommercial",
      "c:IsDomainJoined",
      "c:IsMDMEnrolled",
      "c:SCCMClientID",
      "r:OEMSubModel",
      "c:OEMModelNumber",
      "c:OEMManufacturerName",
      "r:OobeSeeker",
      "r:DefaultUserRegion",
      "c:DeviceForm"
    ],
    "NARRATORNNV": [
      "+WU_STORE"
    ],
    "NOISYHAMMER": [
      "+WU_OS"
    ],
    "OPENWITH": [
      "c:OSUILocale"
    ],
    "PHS": [
      "r:GridZoneName",
      "OEMModel",
      "c:OEMManufacturerName",
      "c:OSUILocale",
      "r:OEMSubModel",
      "DeviceFamily"
    ],
    "RULESENGINE": [
      "c:OSEdition",
      "t:OSSkuId",
      "c:OSUILocale",
      "a:UpgEx_CO21H2",
      "a:GStatus_CO21H2",
      "a:DataExpDateEpoch_CO21H2",
      "a:TimestampEpochString_CO21H2",
      "r:AndroidUserOptinValue",
      "f:FlightingBranchName",
      "f:FlightRing",
      "r:CurrentBranch",
      "c:ProcessorModel",
      "r:NPUEnabledDevice",
      "MX_FlightIds",
      "r:KnownFoldersBackupStatus",
      "c:IsDomainJoined",
      "r:WindowsAccountSyncConsentApplicable",
      "r:WindowsAccountSyncConsentState",
      "r:WindowsAccountSyncConsentPromptAllowed",
      "c:FlightIds",
      "c:isCommercial",
      "c:CommercialId",
      "c:SCCMClientID"
    ],
    "RUXIM": [
      "c:ActivationChannel",
      "f:FlightRing",
      "r:InstallDate",
      "f:IsFlightingEnabled",
      "a:ISVM",
      "OEMModel",
      "OSArchitecture",
      "t:OSSkuId",
      "c:SCCMClientID",
      "r:SetupDisplayedEulaVersion",
      "r:KioskMode",
      "r:OobeSeeker",
      "r:UninstallActive",
      "c:OEMManufacturerName",
      "r:OEMSubModel",
      "c:OSUILocale",
      "f:FlightingBranchName"
    ],
    "SEDIMENTPACK": [
      "+WU_OS"
    ],
    "SERVICEEXPERIENCES": [
      "f:FlightingBranchName",
      "f:FlightRing",
      "s:MaxShellVersion",
      "s:MinShellVersion",
      "t:IsTestLab",
      "c:TelemetryLevel",
      "t:OSSkuId",
      "r:CurrentBranch",
      "OSVersion",
      "DeviceFamily",
      "r:WSX_Windows_Settings_Account",
      "c:FlightIds",
      "r:WSX_Runtime",
      "r:WSX_Windows_Shell_Start",
      "r:WSX_Windows_AppSample",
      "r:WSX_Windows_AccountControl"
    ],
    "SERVICING_CBS": [
      "+WU",
      "osVer"
    ],
    "SETUP360": [
      "t:OSSkuId",
      "f:FlightRing"
    ],
    "SMARTOPTOUT": [
      "+CDM"
    ],
    "STORAGEGROVELER": [
      "a:Free",
      "c:TelemetryLevel",
      "f:FlightRing",
      "f:IsFlightingEnabled",
      "IsVM",
      "t:OSVersionFull"
    ],
    "UCPD": [
      "c:OSUILocale",
      "c:IsDomainJoined",
      "v:UCPDVer",
      "c:IsCloudDomainJoined",
      "t:OSSkuId",
      "c:isCommercial"
    ],
    "UNEXPECTEDCODEPATHLOGGING": [
      "+UTC_STATIC",
      "t:LocalDeviceID",
      "OSVersionFull",
      "OEMModel",
      "OEMName_Uncleaned"
    ],
    "UTC": [
      "+UTC_STATIC",
      "osVer",
      "locale",
      "ring",
      "f:PilotRing",
      "f:IsRetailOS",
      "ms",
      "expId",
      "t:SMode",
      "f:FlightingBranchName",
      "c:CommercialId",
      "r:IsFeedbackHubSelfhost",
      "c:AzureVMType",
      "t:IsTestLab",
      "c:TelemetryLevel",
      "c:IsVirtualDevice",
      "r:IsProcessorMode",
      "r:UtcDataHandlingPolicies",
      "s:IsA9CapablePC"
    ],
    "UTC_STATIC": [
      "os",
      "deviceId",
      "sampleId",
      "deviceClass",
      "sku",
      "OEMModel",
      "OEMName_Uncleaned",
      "c:PrimaryDiskType",
      "c:ProcessorModel",
      "c:TotalPhysicalRAM"
    ],
    "UUS": [
      "OSVersion",
      "f:FlightRing",
      "t:IsTestLab",
      "t:OSVersionFull",
      "f:FlightingBranchName",
      "r:CurrentBranch",
      "f:IsFlightingEnabled"
    ],
    "WAASASSESSMENT": [
      "+WU_OS"
    ],
    "WAASMEDIC": [
      "os",
      "osVer",
      "ring",
      "deviceClass",
      "deviceId",
      "locale",
      "sku",
      "c:ActivationChannel",
      "c:CommercialId",
      "r:CurrentBranch",
      "f:FlightingBranchName",
      "c:IsCloudDomainJoined",
      "c:IsDomainJoined",
      "t:IsTestLab",
      "OSVersion",
      "c:SCCMClientID",
      "c:TelemetryLevel",
      "r:FlightingOptOutState"
    ],
    "WOSC": [
      "t:DeviceFamily",
      "f:FlightRing",
      "f:IsFlightingEnabled",
      "t:IsMsftOwned",
      "t:LocalDeviceID",
      "t:OSSkuId",
      "c:OSUILocale",
      "t:OSVersionFull",
      "c:TelemetryLevel",
      "r:IsHybridOrXGpu",
      "r:PlayFabPartyRelay",
      "OSVersion",
      "n:IsMicrosoftAAD",
      "r:WOSCEndpointsSupported",
      "r:FIDTSRan"
    ],
    "WPSHIFT": [
      "+MTP"
    ],
    "WU": [
      "+WU_OS",
      "r:DUInternal"
    ],
    "_WU_AV": [
      "r:AvastReg",
      "r:AvastBlackScreen",
      "v:AvastVer",
      "r:AvgReg",
      "v:AvgVer",
      "r:EsetReg",
      "v:EsetVer",
      "r:KasperskyReg",
      "v:KasperskyVer",
      "v:SymantecVer",
      "r:TencentReg",
      "r:TencentType",
      "r:AhnlabInstalledKey",
      "r:AvastInstalledKey",
      "r:AVGInstalledKey",
      "r:AviraInstalledKey",
      "r:BullguardInstalledKey",
      "r:ESETInstalledKey",
      "r:ESTSecurityInstalledKey",
      "r:FSecureInstalledKey",
      "v:GDataInstalledVer",
      "r:K7InstalledKey",
      "r:KasperskyInstalledKey",
      "r:KingsoftInstalledKey",
      "r:LenovoInstalledKey",
      "r:MalwarebytesInstalledKey",
      "r:McAfeeInstalledKey",
      "r:PandaInstalledKey",
      "r:QuickhealInstalledKey1",
      "r:SophosInstalledKey1",
      "r:SymantecInstalledKey",
      "r:TencentInstalledKey",
      "r:ThreatTrackInstalledKey",
      "r:TrendInstalledKey",
      "r:WebrootInstalledKey",
      "v:K7InstalledVer"
    ],
    "_WU_COMMON": [
      "r:CurrentBranch",
      "r:DefaultUserRegion",
      "DeviceFamily",
      "r:DriverPartnerRing",
      "r:FlightContent",
      "f:FlightingBranchName",
      "f:FlightRing",
      "HoloLens",
      "c:InstallationType",
      "c:InstallLanguage",
      "f:IsFlightingEnabled",
      "r:IsFlightingEnabled",
      "c:MobileOperatorCommercialized",
      "OEMModel",
      "OEMName_Uncleaned",
      "r:OemPartnerRing",
      "OSArchitecture",
      "OSVersion",
      "t:OSSkuId",
      "c:OSUILocale",
      "c:ProcessorManufacturer",
      "r:ReleaseType",
      "v:SkypeRoomSystem",
      "t:SMode",
      "c:TelemetryLevel",
      "r:WindowsMixedReality",
      "v:WuClientVer",
      "p:DucPublisherId",
      "p:DucDeviceModelId",
      "p:DucOemPartnerRing",
      "p:DucCustomPackageId",
      "p:DesiredOsVersion",
      "p:DesiredSystemManifestVersion",
      "r:TenantId"
    ],
    "_WU_FB": [
      "u:BranchReadinessLevel",
      "u:DeferQualityUpdatePeriodInDays",
      "u:DeferFeatureUpdatePeriodInDays",
      "r:PausedFeatureStatus",
      "r:PausedQualityStatus",
      "u:TargetReleaseVersion",
      "r:QUDeadline",
      "r:UpdatePreference",
      "r:UpdateOfferedDays",
      "u:TargetProductVersion",
      "DSS_Enrolled",
      "r:NonSecurityUpdate",
      "u:AdminOptedIntoRebootlessUpdates"
    ],
    "WU_OS": [
      "+_WU_OS_CORE",
      "+_WU_FB"
    ],
    "_WU_OS_CORE": [
      "+_WU_COMMON",
      "+_WU_AV",
      "r:AhnLabKeyboard",
      "a:Bios",
      "r:BlockFeatureUpdates",
      "c:CommercialId",
      "a:DataVer_RS5",
      "r:DisconnectedStandby",
      "r:DchuNvidiaGrfxExists",
      "r:DchuNvidiaGrfxVen",
      "r:DchuIntelGrfxExists",
      "r:DchuIntelGrfxVen",
      "r:DchuAmdGrfxExists",
      "r:DchuAmdGrfxVen",
      "c:FirmwareVersion",
      "a:Free",
      "a:GStatus_RS3",
      "a:GStatus_RS4",
      "a:GStatus_RS5",
      "r:HidOverGattReg",
      "r:InstallDate",
      "c:IsDeviceRetailDemo",
      "c:IsPortableOperatingSystem",
      "IsVM",
      "c:OEMModelBaseBoard",
      "r:OobeSeeker",
      "r:OSRollbackBuild",
      "r:OSRollbackCount",
      "r:OSRollbackDate",
      "PhoneTargetingName",
      "r:PonchAllow",
      "r:PonchBlock",
      "c:ProcessorIdentifier",
      "r:RecoveredFromBuild",
      "r:RecoveredOnDate",
      "r:Steam",
      "v:TobiiVer",
      "v:TrendMicroVer",
      "r:UninstallActive",
      "l:UpdateManagementGroup",
      "a:UpgEx_RS3",
      "a:UpgEx_RS4",
      "a:UpgEx_RS5",
      "a:Version_RS5",
      "r:DisableWUfBOfferBlock",
      "a:UpgEx_19H1",
      "a:SdbVer_19H1",
      "a:GStatus_19H1",
      "a:GStatus_19H1Setup",
      "a:TimestampEpochString_19H1Setup",
      "a:GenTelRunTimestamp_19H1",
      "a:DataExpDateEpoch_19H1",
      "u:EnableWUfBUpgradeGates",
      "r:GStatusBlockIDs_All",
      "TimestampDelta_19H1Subtract19H1Setup",
      "DataExpDateDelta_19H1Subtract19H1Setup",
      "a:DataExpDateEpoch_19H1Setup",
      "a:TimestampEpochString_19H1",
      "r:IsContainerMgrInstalled",
      "r:IsWDAGEnabled",
      "r:MTPTargetingInfo",
      "r:EKB19H2InstallCount",
      "r:EKB19H2UnInstallCount",
      "r:EKB19H2InstallTimeEpoch",
      "r:EKB19H2UnInstallTimeEpoch",
      "r:BlockEdgeWithChromiumUpdate",
      "r:IsWDATPEnabled",
      "r:IsAutopilotRegistered",
      "r:EdgeWithChromiumInstallVersion",
      "r:EdgeWithChromiumInstallFailureCount",
      "r:IsEdgeWithChromiumInstalled",
      "r:KioskMode",
      "c:IsCloudDomainJoined",
      "c:IsDomainJoined",
      "a:DataExpDateEpoch_20H1",
      "a:DataExpDateEpoch_20H1Setup",
      "a:GStatus_20H1",
      "a:GStatus_20H1Setup",
      "a:SdbVer_20H1",
      "a:TimestampEpochString_20H1",
      "a:TimestampEpochString_20H1Setup",
      "DataExpDateDelta_20H1Subtract20H1Setup",
      "TimestampDelta_20H1Subtract20H1Setup",
      "a:UpgEx_20H1",
      "r:AutopilotUpdateInProgress",
      "r:UHSEnrolled",
      "r:HotPatchEKBInstalled",
      "r:LCUVer",
      "c:isCommercial",
      "c:ActivationChannel",
      "c:IsMDMEnrolled",
      "c:SCCMClientID",
      "r:ChinaTypeApproval_CTA",
      "p:DesiredOcpVersion",
      "r:UpgradeEligible",
      "r:AllowInPlaceUpgrade",
      "r:SH_SIPolicyCleanup",
      "r:FeatureUpdateDeadline",
      "a:DataExpDateEpoch_21H1",
      "a:UpgEx_CO21H2",
      "a:GStatus_21H1",
      "DataExpDateDelta_21H1Subtract20H1Setup",
      "TimestampDelta_21H1Subtract20H1Setup",
      "a:TimestampEpochString_21H1",
      "r:OEMSubModel",
      "c:ProcessorModel",
      "c:TPMVersion",
      "r:StayOnWindows10Timestamp",
      "a:GStatus_CO21H2Setup",
      "TimestampDelta_CO21H2SubtractCO21H2Setup",
      "DataExpDateDelta_CO21H2SubtractCO21H2Setup",
      "a:TimestampEpochString_CO21H2Setup",
      "a:DataExpDateEpoch_CO21H2Setup",
      "a:TimestampEpochString_CO21H2",
      "a:DataExpDateEpoch_CO21H2",
      "a:GStatus_CO21H2",
      "p:SetPolicyDrivenUpdateSourceForFeatureUpdates",
      "r:DchuNvidiaGrfxVenTest",
      "a:DataExpDateDelta_21H2Subtract20H1Setup",
      "a:TimestampEpochString_21H2",
      "a:TimestampDelta_21H2Subtract20H1Setup",
      "a:GStatus_21H2",
      "a:DataExpDateEpoch_21H2",
      "r:DSS_Enrolled_DF",
      "r:UpgradeAccepted",
      "r:SetupDisplayedEulaVersion",
      "c:ProcessorCores",
      "c:ProcessorClockSpeed",
      "c:TotalPhysicalRAM",
      "c:SecureBootCapable",
      "c:PrimaryDiskTotalCapacity",
      "r:BitDefenderInstalledKey",
      "r:BroadcomInstalledKey",
      "v:CrowdStrikeInstalledVer",
      "r:QihooInstalledKey",
      "r:Win11UpgradeAcceptedTimestamp",
      "a:UpgEx_NI22H2",
      "r:OobeNdupAcceptedTarget",
      "r:OobeNdupFU22621CommitChoice",
      "a:DataExpDateEpoch_NI22H2",
      "a:GStatus_NI22H2",
      "a:GStatus_NI22H2Setup",
      "a:TimestampEpochString_NI22H2Setup",
      "TimestampDelta_NI22H2SubtractNI22H2Setup",
      "DataExpDateDelta_NI22H2SubtractNI22H2Setup",
      "a:DataExpDateEpoch_NI22H2Setup",
      "a:TimestampEpochString_NI22H2",
      "r:IsVbsEnabled",
      "r:FODRetryPending",
      "r:UserInPlaceUpgrade",
      "v:HidparseDriversVer",
      "v:HidparseSystem32Ver",
      "v:HidparseSystem32Ver1",
      "r:CIOptin",
      "r:FlightingOptOutState",
      "p:WSUSconfigured_csp",
      "a:UpgEx_NI22H2Setup",
      "a:UpgEx_CO21H2Setup",
      "u:WUfBClientManaged",
      "u:UpdateServiceUrl",
      "u:AllowOptionalContent",
      "FX_FlightIds",
      "DL_OSVersion",
      "r:ExpPkgs",
      "r:UUSVersion",
      "MX_FlightIds",
      "r:OobeNdupFUTarget",
      "a:GStatus_NI23H2",
      "a:DataExpDateEpoch_NI23H2",
      "a:TimestampEpochString_NI23H2",
      "DataExpDateDelta_NI23H2SubtractNI22H2Setup",
      "TimestampDelta_NI23H2SubtractNI22H2Setup",
      "r:LaunchUserOOBE",
      "r:RobloxPlayer",
      "r:RobloxStudio",
      "c:VBSState",
      "r:ARCHotpatchAttached_State",
      "r:MDEWSLPluginReleaseRing",
      "r:SystemGuard_Enabled",
      "u:AdminOptedIntoRebootlessUpdates",
      "r:LaunchOobeInEndUserSession",
      "r:MDE4WSLPluginReleaseRing",
      "r:AdminOptedIntoRebootlessUpdates_Server",
      "r:IsRemoteDesktopSessionHost",
      "a:UpgEx_GE24H2",
      "s:IsA9CapablePC",
      "a:UpgEx_GE24H2Setup",
      "r:ProductType",
      "a:DataExpDateEpoch_GE24H2",
      "DataExpDateDelta_GE24H2SubtractGE24H2Setup",
      "a:DataExpDateEpoch_GE24H2Setup",
      "a:GStatus_GE24H2",
      "a:GStatus_GE24H2Setup",
      "a:TimestampEpochString_GE24H2",
      "TimestampDelta_GE24H2SubtractGE24H2Setup",
      "a:TimestampEpochString_GE24H2Setup",
      "q:AIFabricCBSStableVer",
      "c:IsVirtualDevice",
      "a:SdbVer_GE24H2",
      "r:HotpatchError",
      "r:CHPE_Disabled",
      "r:MSRT_NO_AU",
      "r:ClientHash2",
      "r:NPU_DeviceId"
    ],
    "_WU_PTI": [
      "c:FrontFacingCameraResolution",
      "c:RearFacingCameraResolution",
      "c:TotalPhysicalRAM",
      "c:NFCProximity",
      "c:Magnetometer",
      "c:Gyroscope",
      "c:D3DMaxFeatureLevel",
      "c:InternalPrimaryDisplayResolutionHorizontal",
      "c:InternalPrimaryDisplayResolutionVetical"
    ],
    "WU_STORE": [
      "+_WU_COMMON",
      "r:AppChannels",
      "r:AppRMIDs",
      "u:BranchReadinessLevel"
    ]
  },
  "Required": [
    "App",
    "AppVer",
    "AttrDataVer"
  ],
  "Aliases": {
    "AccountFirstChar": "c:MSA_Accounts",
    "aipc": "s:IsA9CapablePC",
    "ccr": "r:ChargeCapacityRatio",
    "ChassisTypeId": "c:ChassisType",
    "CX_FlightIds": "c:CX_FlightIds",
    "DataExpDateDelta_19H1Subtract19H1Setup": "a:DataExpDateEpoch_19H1_Subtract_DataExpDateEpoch_19H1Setup",
    "DataExpDateDelta_20H1Subtract20H1Setup": "a:DataExpDateEpoch_20H1_Subtract_DataExpDateEpoch_20H1Setup",
    "DataExpDateDelta_21H1Subtract20H1Setup": "a:DataExpDateEpoch_21H1_Subtract_DataExpDateEpoch_20H1Setup",
    "DataExpDateDelta_CO21H2SubtractCO21H2Setup": "a:DataExpDateEpoch_CO21H2_Subtract_DataExpDateEpoch_CO21H2Setup",
    "DataExpDateDelta_GE24H2SubtractGE24H2Setup": "a:DataExpDateEpoch_GE24H2_Subtract_DataExpDateEpoch_GE24H2Setup",
    "DataExpDateDelta_NI22H2SubtractNI22H2Setup": "a:DataExpDateEpoch_NI22H2_Subtract_DataExpDateEpoch_NI22H2Setup",
    "DataExpDateDelta_NI23H2SubtractNI22H2Setup": "a:DataExpDateEpoch_NI23H2_Subtract_DataExpDateEpoch_NI22H2Setup",
    "devfm": "c:DeviceForm",
    "deviceClass": "DeviceFamily",
    "deviceId": "t:LocalDeviceID",
    "DeviceId": "t:LocalDeviceID",
    "DL_OSVersion2": "DL_OSVersion",
    "drgng": "r:DurableDeviceRegionGeo",
    "DSS_Enrolled": "r:DSS_Enrolled_State",
    "EdgeStableVersion": "r:EdgeStableVersion",
    "expId": "c:FlightIds",
    "FlightRing": "f:FlightRing",
    "FX_FlightIds": "c:FlightIds",
    "iepe": "g:IsCampaignEdgePromotionEnabled",
    "iste": "g:IsCampaignSegmentTargetingEnabled",
    "IsVM": "a:ISVM",
    "IX_FlightIds": "c:FlightIds",
    "locale": "c:OSUILocale",
    "ms": "t:IsMsftOwned",
    "MX_FlightIds": "c:FlightIds",
    "OEMModel": "c:OEMModelNumber",
    "oemname": "r:SystemManufacturer",
    "OEMName_Uncleaned": "c:OEMManufacturerName",
    "osVer": "t:OSVersionFull",
    "OSVersionFull": "t:OSVersionFull",
    "PhoneTargetingName": "c:OEMModelName",
    "prccn": "c:ProcessorCores",
    "prccs": "c:ProcessorClockSpeed",
    "prcmf": "c:ProcessorManufacturer",
    "procm": "c:ProcessorModel",
    "ram": "c:TotalPhysicalRAM",
    "ring": "f:FlightRing",
    "sampleId": "t:PopVal",
    "sku": "t:OSSkuId",
    "smbiosdm": "r:SystemProductName",
    "TimestampDelta_19H1Subtract19H1Setup": "a:TimestampEpochString_19H1_Subtract_TimestampEpochString_19H1Setup",
    "TimestampDelta_20H1Subtract20H1Setup": "a:TimestampEpochString_20H1_Subtract_TimestampEpochString_20H1Setup",
    "TimestampDelta_21H1Subtract20H1Setup": "a:TimestampEpochString_21H1_Subtract_TimestampEpochString_20H1Setup",
    "TimestampDelta_CO21H2SubtractCO21H2Setup": "a:TimestampEpochString_CO21H2_Subtract_TimestampEpochString_CO21H2Setup",
    "TimestampDelta_GE24H2SubtractGE24H2Setup": "a:TimestampEpochString_GE24H2_Subtract_TimestampEpochString_GE24H2Setup",
    "TimestampDelta_NI22H2SubtractNI22H2Setup": "a:TimestampEpochString_NI22H2_Subtract_TimestampEpochString_NI22H2Setup",
    "TimestampDelta_NI23H2SubtractNI22H2Setup": "a:TimestampEpochString_NI23H2_Subtract_TimestampEpochString_NI22H2Setup",
    "W10ESU": "r:Win10ConsumerESUStatus"
  },
  "Fallback": {
    "r:AhnlabInstalledKey": "r:AhnlabInstalledWowKey",
    "r:AvastBlackScreen": "r:AvgBlackScreen",
    "r:AvastInstalledKey": "r:AvastInstalledWowKey",
    "r:AVGInstalledKey": "r:AVGInstalledWowKey",
    "r:AviraInstalledKey": "r:AviraInstalledWowKey",
    "a:Bios": "a:Bios_RS3",
    "a:Bios_RS3": "a:Bios_RS4",
    "a:Bios_RS4": "a:Bios_RS5",
    "r:BlockFeatureUpdates": "r:BlockWUUpgrades",
    "r:BlockWUUpgrades": "r:BlockWUUpgradesWow",
    "r:BuildFID": "r:BuildFID_WCOS",
    "r:BuildFID_WCOS": "r:BuildFID_WCOS2",
    "r:BullguardInstalledKey": "v:BullguardInstalledVer",
    "a:DataExpDateEpoch_CO21H2": "r:DataExpDateEpoch_CO21H2RegFb",
    "r:DchuAmdGrfxVen": "r:DchuAmdGrfxVen2",
    "r:DchuAmdGrfxVen2": "r:DchuAmdGrfxDeletePending",
    "r:DchuIntelGrfxDeletePending": "r:DchuIntelGrfxNExists",
    "r:DchuIntelGrfxVen": "r:DchuIntelGrfxVen2",
    "r:DchuIntelGrfxVen2": "r:DchuIntelGrfxDeletePending",
    "r:DchuNvidiaGrfxVen": "r:DchuNvidiaGrfxVen2",
    "r:DchuNvidiaGrfxVen2": "r:DchuNvidiaGrfxDeletePending",
    "DL_OSVersion": "OSVersion",
    "r:DriverPartnerRing": "r:OSDataDriverPartnerRing",
    "r:EdgeStableOPV_Native": "r:EdgeStablePV_Native",
    "r:EdgeStablePV_WOW6432": "r:EdgeStableOPV_Native",
    "r:EdgeStableVersion": "r:EdgeStablePV_WOW6432",
    "r:EdgeWithChromiumInstallFailureCount": "r:EdgeWithChromiumInstallFailureCountWow",
    "r:EdgeWithChromiumInstallVersion": "r:EdgeWithChromiumInstallVersionWow",
    "u:EnableWUfBUpgradeGates": "r:EnableWUfBUpgradeGatesRS5",
    "r:ESETInstalledKey": "r:ESETInstalledWowKey",
    "r:ESTSecurityInstalledKey": "r:ESTSecurityInstalledWowKey",
    "f:FlightingBranchName": "c:FlightingBranchName",
    "a:Free": "a:Free_RS3",
    "a:Free_RS3": "a:Free_RS4",
    "a:Free_RS4": "a:Free_RS5",
    "r:FSecureInstalledKey": "r:FSecureInstalledWowKey",
    "a:GatedFeature_NI22H2": "r:Migrated_GatedFeature_NI22H2Setup",
    "a:GStatus_CO21H2": "r:GStatus_CO21H2RegFb",
    "HoloLens": "r:WindowsMixedReality",
    "r:IsEdgeWithChromiumInstalled": "r:IsEdgeWithChromiumInstalledWow",
    "a:ISVM": "a:ISVM_RS3",
    "a:ISVM_RS3": "a:ISVM_RS4",
    "a:ISVM_RS4": "a:ISVM_RS5",
    "r:K7InstalledKey": "r:K7InstalledWowKey",
    "r:KasperskyInstalledKey": "r:KasperskyInstalledWowKey",
    "r:KingsoftInstalledKey": "r:KingsoftInstalledWowKey",
    "r:LenovoInstalledKey": "r:LenovoInstalledWowKey",
    "r:MalwarebytesInstalledKey": "r:MalwarebytesInstalledWowKey",
    "r:McAfeeInstalledKey": "r:McAfeeInstalledWowKey",
    "r:Migrated_GatedFeature_NI22H2Setup": "r:Migrated_GatedFeature_NI22H2",
    "c:OEMModelBaseBoard": "r:OEMModelBaseBoard",
    "r:PandaInstalledKey": "r:PandaInstalledWowKey",
    "r:PandaInstalledWowKey": "v:PandaInstalledVer",
    "r:PonchAllow": "r:PonchAllowKey",
    "r:PonchAllowKey": "r:PonchAllowWow",
    "r:PonchAllowWow": "r:PonchAllowWowKey",
    "r:QUDeadline": "r:QUDeadlineMDM",
    "r:QuickhealInstalledKey1": "r:QuickhealInstalledKey2",
    "r:SophosInstalledKey1": "r:SophosInstalledKey2",
    "r:SymantecInstalledKey": "r:SymantecInstalledWowKey",
    "v:SymantecVer": "v:SymantecVer64",
    "u:TargetReleaseVersion": "r:TargetReleaseVersionGP",
    "r:TargetReleaseVersionGP": "r:TargetReleaseVersionMDM",
    "r:TencentInstalledKey": "r:TencentInstalledWowKey",
    "r:ThreatTrackInstalledKey": "r:ThreatTrackInstalledWowKey",
    "a:TimestampEpochString_CO21H2": "r:TimestampEpochString_CO21H2RegFb",
    "v:TobiiVer": "v:TobiiVerx86",
    "v:TobiiVerx86": "v:TobiiVer1x86",
    "r:TrendInstalledKey": "r:TrendInstalledWowKey",
    "r:TrendInstalledWowKey": "v:TrendInstalledVer",
    "a:UpgEx_CO21H2": "r:UpgEx_CO21H2RegFb",
    "r:UpgradeAccepted": "r:Win11UpgradeAcceptedWUSeeker",
    "r:WebExperience": "r:WebExperienceWow",
    "r:WebrootInstalledKey": "r:WebrootInstalledWowKey"
  },
  "Transform": {
    "AccountFirstChar": {
      "SubLength": 1
    },
    "CX_FlightIds": {
      "Regex": "CX:[^,]*",
      "RegexDelimiter": ","
    },
    "FlightingOptOutState": {
      "Ignore": [
        "0"
      ]
    },
    "FX_FlightIds": {
      "Regex": "FX:[^,]*",
      "RegexDelimiter": ","
    },
    "IppPrinterBadDefaultPdc": {
      "Contains": "V4_No_ChangeID_Present"
    },
    "aipc": {
      "Ignore": [
        "0"
      ]
    },
    "IsDomainJoined": {
      "Ignore": [
        "0"
      ]
    },
    "IsHybridOrXGpu": {
      "Ignore": [
        "0"
      ]
    },
    "IsMsftOwned": {
      "Ignore": [
        "0"
      ]
    },
    "IsPortableOperatingSystem": {
      "Ignore": [
        "0"
      ]
    },
    "IsRemoteDesktopSessionHost": {
      "Contains": "ServerRdsh"
    },
    "IsTestLab": {
      "Ignore": [
        "0"
      ]
    },
    "IsVM": {
      "Ignore": [
        "0"
      ]
    },
    "IX_FlightIds": {
      "Regex": "IX:[^,]*",
      "RegexDelimiter": ","
    },
    "MX_FlightIds": {
      "Regex": "ME:[^,]*|MD:[^,]*",
      "RegexDelimiter": ","
    },
    "OEMModel": {
      "SubLength": 100
    },
    "OEMName_Uncleaned": {
      "SubLength": 100
    },
    "PausedFeatureStatus": {
      "Ignore": [
        "0"
      ]
    },
    "PausedQualityStatus": {
      "Ignore": [
        "0"
      ]
    },
    "PSAKyoceraInstalledName": {
      "Contains": "A97ECD55.KYOCERAPrintCenter"
    },
    "PSATATriumphInstalledName": {
      "Contains": "TATriumph-AdlerGmbH.TAUTAXPrintCenter"
    },
    "SMode": {
      "Ignore": [
        "0"
      ]
    },
    "StayOnWindows10Timestamp": {
      "SubLength": -3,
      "Ignore": [
        ""
      ]
    },
    "XeroxPsaInstalledName": {
      "Contains": "XeroxCorp.PrintExperience"
    }
  },
  "Registry": {
    "AADBrokerPluginNotRegistered": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\WindowsMitigationData\\AADBrokerPluginNotRegistered",
      "IfExists": true
    },
    "AADTenantId": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\CCM",
      "ValueName": "AadTenantId"
    },
    "ActiveHoursEnd": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\WindowsUpdate\\UX\\Settings",
      "ValueName": "ActiveHoursEnd",
      "RegValueType": "REG_DWORD"
    },
    "ActiveHoursStart": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\WindowsUpdate\\UX\\Settings",
      "ValueName": "ActiveHoursStart",
      "RegValueType": "REG_DWORD"
    },
    "AdminOptedIntoRebootlessUpdates_Server": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\Hotpatch\\Environment",
      "ValueName": "AllowRebootlessUpdates",
      "RegValueType": "REG_DWORD"
    },
    "AgileBits1PasswordPluginAuthenticator": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Classes\\PackagedCom\\ClassIndex\\{3C37BDFA-BB51-4FBF-9FCE-082C9DB98DE4}",
      "IfExists": true
    },
    "AhnlabInstalledKey": {
      "FullPath": "SOFTWARE\\Ahnlab",
      "IfExists": true
    },
    "AhnlabInstalledWowKey": {
      "FullPath": "SOFTWARE\\WOW6432Node\\Ahnlab",
      "IfExists": true
    },
    "AhnLabKeyboard": {
      "FullPath": "SYSTEM\\CurrentControlSet\\Services\\Mkd2kfNt",
      "ValueName": "NbTpMsExist"
    },
    "AllowInPlaceUpgrade": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\\\Windows\\\\CurrentVersion",
      "ValueName": "AllowInPlaceUpgrade",
      "RegValueType": "REG_DWORD"
    },
    "AllowUpgradesWithUnsupportedTPMOrCPU": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SYSTEM\\Setup\\MoSetup",
      "ValueName": "AllowUpgradesWithUnsupportedTPMOrCPU",
      "RegValueType": "REG_DWORD"
    },
    "AndroidUserOptinValue": {
      "HKey": "HKEY_CURRENT_USER",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Mobility\\",
      "ValueName": "OptedIn",
      "RegValueType": "REG_DWORD"
    },
    "AppChannels": {
      "FullPath": "SOFTWARE\\Policies\\Microsoft\\WindowsStore\\Apps\\*",
      "ValueName": "ChannelId",
      "EncodingType": "Json"
    },
    "AppRMIDs": {
      "FullPath": "SOFTWARE\\Policies\\Microsoft\\WindowsStore\\Apps\\*",
      "ValueName": "ReleaseManagementId",
      "EncodingType": "Json"
    },
    "ARCHotpatchAttached_State": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Azure Connected Machine Agent\\Windows\\Licenses\\Features\\Hotpatch",
      "ValueName": "Subscription",
      "RegValueType": "REG_DWORD"
    },
    "AutopilotUpdateInProgress": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Provisioning\\AutopilotSettings\\VolatileAutopilotUpdate",
      "ValueName": "AutopilotUpdateInProgress",
      "RegValueType": "REG_DWORD"
    },
    "AvastBlackScreen": {
      "FullPath": "SYSTEM\\CurrentControlSet\\Services\\aswVmm\\Parameters",
      "ValueName": "Win10-1803"
    },
    "AvastInstalledKey": {
      "FullPath": "SOFTWARE\\Avast Software\\Avast",
      "IfExists": true
    },
    "AvastInstalledWowKey": {
      "FullPath": "SOFTWARE\\WOW6432Node\\Avast Software\\Avast",
      "IfExists": true
    },
    "AvastReg": {
      "FullPath": "SYSTEM\\CurrentControlSet\\Services\\aswVmm\\Parameters",
      "ValueName": "QualityCompat"
    },
    "AvgBlackScreen": {
      "FullPath": "SYSTEM\\CurrentControlSet\\Services\\avgVmm\\Parameters",
      "ValueName": "Win10-1803"
    },
    "AVGInstalledKey": {
      "FullPath": "SOFTWARE\\AVG\\Antivirus",
      "IfExists": true
    },
    "AVGInstalledWowKey": {
      "FullPath": "SOFTWARE\\WOW6432Node\\AVG\\Antivirus",
      "IfExists": true
    },
    "AvgReg": {
      "FullPath": "SYSTEM\\CurrentControlSet\\Services\\avgVmm\\Parameters",
      "ValueName": "QualityCompat"
    },
    "AviraInstalledKey": {
      "FullPath": "SOFTWARE\\X-AVCSD\\Workstation\\Antivirus",
      "IfExists": true
    },
    "AviraInstalledWowKey": {
      "FullPath": "SOFTWARE\\WOW6432Node\\X-AVCSD\\Workstation\\Antivirus",
      "IfExists": true
    },
    "BaseBoardManufacturer": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "HARDWARE\\DESCRIPTION\\System\\BIOS",
      "ValueName": "BaseBoardManufacturer"
    },
    "BitDefenderInstalledKey": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{1FCCF41D-5F00-4FE2-9653-162D0486C8B4}",
      "IfExists": true
    },
    "BlockEdgeWithChromiumUpdate": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\EdgeUpdate",
      "ValueName": "DoNotUpdateToEdgeWithChromium",
      "RegValueType": "REG_DWORD"
    },
    "BlockFeatureUpdates": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WindowsUpdate\\OSUpgrade",
      "ValueName": "BlockFeatureUpdates",
      "RegValueType": "REG_DWORD"
    },
    "BlockWUUpgrades": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows10Upgrader\\Volatile",
      "ValueName": "BlockWUUpgrades",
      "RegValueType": "REG_DWORD"
    },
    "BlockWUUpgradesWow": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\WOW6432Node\\Microsoft\\Windows10Upgrader\\Volatile",
      "ValueName": "BlockWUUpgrades",
      "RegValueType": "REG_DWORD"
    },
    "BroadcomInstalledKey": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Symantec\\Symantec Endpoint Protection",
      "IfExists": true
    },
    "BuildFID": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "Software\\Microsoft\\Windows\\CurrentVersion\\Flighting\\Build",
      "ValueName": "EsdFlightData",
      "RegValueType": "REG_SZ"
    },
    "BuildFID_WCOS": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "OSDATA\\Software\\Microsoft\\Windows\\CurrentVersion\\Flighting\\Build",
      "ValueName": "EsdFlightData",
      "RegValueType": "REG_SZ"
    },
    "BuildFID_WCOS2": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "OSDATA\\Microsoft\\Windows\\CurrentVersion\\Flighting\\Build",
      "ValueName": "EsdFlightData",
      "RegValueType": "REG_SZ"
    },
    "BullguardInstalledKey": {
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\BullGuard",
      "IfExists": true
    },
    "BypassNRO": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\OOBE",
      "ValueName": "BypassNRO",
      "RegValueType": "REG_DWORD"
    },
    "ChargeCapacityRatio": {
      "HKey": "HKEY_CURRENT_USER",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\HealthSignals",
      "ValueName": "ChargeCapacityRatio",
      "RegValueType": "REG_DWORD"
    },
    "ChinaTypeApproval_CTA": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\DeviceAccess",
      "ValueName": "ActivePolicyCode",
      "RegValueType": "REG_SZ"
    },
    "CHPE_Disabled": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SYSTEM\\CurrentControlSet\\Control\\Session Manager\\Memory Management",
      "ValueName": "HotPatchRestrictions",
      "RegValueType": "REG_DWORD"
    },
    "CIOptin": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\WindowsUpdate\\UX\\Settings",
      "ValueName": "IsContinuousInnovationOptedIn",
      "RegValueType": "REG_DWORD"
    },
    "ClientHash2": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WindowsUpdate\\SLS",
      "ValueName": "ClientHash2",
      "RegValueType": "REG_DWORD"
    },
    "CloudFilesFilter": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SYSTEM\\CurrentControlSet\\Services\\CldFlt\\Instances\\",
      "ValueName": "DefaultInstance",
      "RegValueType": "REG_SZ"
    },
    "CurrentBranch": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion",
      "ValueName": "BuildBranch",
      "RegValueType": "REG_SZ"
    },
    "DataExpDateEpoch_CO21H2RegFb": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags\\TargetVersionUpgradeExperienceIndicators\\CO21H2",
      "ValueName": "DataExpDateEpoch",
      "RegValueType": "REG_SZ"
    },
    "DaysSince19H1FUOffer": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\rempl\\irplugin",
      "ValueName": "DaysSinceLastOffer",
      "RegValueType": "REG_QWORD"
    },
    "DchuAmdGrfxDeletePending": {
      "FullPath": "SYSTEM\\CurrentControlSet\\Services\\amdkmdag",
      "ValueName": "DriverDelete"
    },
    "DchuAmdGrfxExists": {
      "FullPath": "SYSTEM\\CurrentControlSet\\Services\\amdkmdag",
      "IfExists": true
    },
    "DchuAmdGrfxVen": {
      "FullPath": "SYSTEM\\CurrentControlSet\\Services\\amdkmdag",
      "ValueName": "DCHUVen"
    },
    "DchuAmdGrfxVen2": {
      "FullPath": "SYSTEM\\CurrentControlSet\\Services\\amdkmdag\\Parameters",
      "ValueName": "DCHUVen"
    },
    "DchuIntelGrfxDeletePending": {
      "FullPath": "SYSTEM\\CurrentControlSet\\Services\\igfx",
      "ValueName": "DriverDelete"
    },
    "DchuIntelGrfxExists": {
      "FullPath": "SYSTEM\\CurrentControlSet\\Services\\igfx",
      "IfExists": true
    },
    "DchuIntelGrfxNExists": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SYSTEM\\CurrentControlSet\\Services\\igfxn",
      "IfExists": true
    },
    "DchuIntelGrfxVen": {
      "FullPath": "SYSTEM\\CurrentControlSet\\Services\\igfx",
      "ValueName": "DCHUVen"
    },
    "DchuIntelGrfxVen2": {
      "FullPath": "SYSTEM\\CurrentControlSet\\Services\\igfx\\Parameters",
      "ValueName": "DCHUVen"
    },
    "DchuNvidiaGrfxDeletePending": {
      "FullPath": "SYSTEM\\CurrentControlSet\\Services\\nvlddmkm",
      "ValueName": "DriverDelete"
    },
    "DchuNvidiaGrfxExists": {
      "FullPath": "SYSTEM\\CurrentControlSet\\Services\\nvlddmkm",
      "IfExists": true
    },
    "DchuNvidiaGrfxVen": {
      "FullPath": "SYSTEM\\CurrentControlSet\\Services\\nvlddmkm",
      "ValueName": "DCHUVen"
    },
    "DchuNvidiaGrfxVen2": {
      "FullPath": "SYSTEM\\CurrentControlSet\\Services\\nvlddmkm\\Parameters",
      "ValueName": "DCHUVen"
    },
    "DchuNvidiaGrfxVenTest": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SYSTEM\\CurrentControlSet\\Services\\nvlddmkm",
      "ValueName": "DCHUVenTest",
      "RegValueType": "REG_DWORD"
    },
    "DefaultUserRegion": {
      "HKey": "HKEY_USERS",
      "FullPath": ".DEFAULT\\Control Panel\\International\\Geo",
      "ValueName": "Nation",
      "RegValueType": "REG_SZ"
    },
    "DeviceInfoGatherSuccessful": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Component Based Servicing",
      "ValueName": "DeviceInfoGatherSuccessful",
      "RegValueType": "REG_DWORD"
    },
    "DisableWUfBOfferBlock": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\WindowsUpdate\\UpdatePolicy\\Settings",
      "ValueName": "DisableWUfBOfferBlock",
      "RegValueType": "REG_DWORD"
    },
    "DisconnectedStandby": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SYSTEM\\CurrentControlSet\\Control\\Power",
      "ValueName": "EnforceDisconnectedStandby",
      "RegValueType": "REG_DWORD"
    },
    "DotNetMissingComponentsTroubleshooterSuccess": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\.NETFramework",
      "ValueName": "DotNetMissingComponentsTroubleshooterSuccess",
      "RegValueType": "REG_DWORD"
    },
    "DriverPartnerRing": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\DriverFlighting\\Partner",
      "ValueName": "TargetRing",
      "RegValueType": "REG_SZ"
    },
    "DSS_Enrolled_DF": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\\\Policies\\\\Microsoft\\\\Windows\\\\WindowsUpdate",
      "ValueName": "WUfBDF",
      "RegValueType": "REG_DWORD"
    },
    "DSS_Enrolled_State": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\WufbDS",
      "ValueName": "enrollmenttype",
      "RegValueType": "REG_SZ"
    },
    "DUInternal": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SYSTEM\\Setup\\MoSetup",
      "ValueName": "DynamicUpdateInternalTest",
      "RegValueType": "REG_DWORD"
    },
    "DurableDeviceRegionGeo": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Control Panel\\DeviceRegion",
      "ValueName": "DeviceRegion",
      "RegValueType": "REG_DWORD"
    },
    "EdgeStableOPV_Native": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\EdgeUpdate\\Clients\\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}",
      "ValueName": "opv",
      "RegValueType": "REG_SZ"
    },
    "EdgeStablePV_Native": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\EdgeUpdate\\Clients\\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}",
      "ValueName": "pv",
      "RegValueType": "REG_SZ"
    },
    "EdgeStablePV_WOW6432": {
      "FullPath": "SOFTWARE\\Wow6432Node\\Microsoft\\EdgeUpdate\\Clients\\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}",
      "ValueName": "pv",
      "RegValueType": "REG_SZ"
    },
    "EdgeStableVersion": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Wow6432Node\\Microsoft\\EdgeUpdate\\Clients\\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}",
      "ValueName": "opv",
      "RegValueType": "REG_SZ"
    },
    "EdgeWithChromiumInstallFailureCount": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\EdgeUpdate",
      "ValueName": "WindowsUpdateAttempts"
    },
    "EdgeWithChromiumInstallFailureCountWow": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Wow6432Node\\Microsoft\\EdgeUpdate",
      "ValueName": "WindowsUpdateAttempts"
    },
    "EdgeWithChromiumInstallVersion": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\EdgeUpdate",
      "ValueName": "WindowsUpdateVersion"
    },
    "EdgeWithChromiumInstallVersionWow": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Wow6432Node\\Microsoft\\EdgeUpdate",
      "ValueName": "WindowsUpdateVersion"
    },
    "EKB19H2InstallCount": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SYSTEM\\Setup\\FeatureStaging\\20455539\\2",
      "ValueName": "Count"
    },
    "EKB19H2InstallTimeEpoch": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SYSTEM\\Setup\\FeatureStaging\\20455539\\2",
      "ValueName": "Timestamp"
    },
    "EKB19H2UnInstallCount": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SYSTEM\\Setup\\FeatureStaging\\20455539\\0",
      "ValueName": "Count"
    },
    "EKB19H2UnInstallTimeEpoch": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SYSTEM\\Setup\\FeatureStaging\\20455539\\0",
      "ValueName": "Timestamp"
    },
    "EnableCloudManagedIDS": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags\\IDS",
      "ValueName": "EnableCloudManagedIDS"
    },
    "EnableWUfBUpgradeGatesRS5": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "Software\\Microsoft\\Windows NT\\CurrentVersion\\502505fe-762c-4e80-911e-0c3fa4c63fb0",
      "ValueName": "DataRequireGatedScanForFeatureUpdates",
      "RegValueType": "REG_DWORD"
    },
    "ESETInstalledKey": {
      "FullPath": "SOFTWARE\\ESET\\ESET Security",
      "IfExists": true
    },
    "ESETInstalledWowKey": {
      "FullPath": "SOFTWARE\\WOW6432Node\\ESET\\ESET Security",
      "IfExists": true
    },
    "EsetReg": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SYSTEM\\CurrentControlSet\\Services\\ehdrv\\Parameters",
      "ValueName": "WindowsCompatibilityLevel",
      "RegValueType": "REG_DWORD"
    },
    "ESTSecurityInstalledKey": {
      "FullPath": "SOFTWARE\\ESTsoft",
      "IfExists": true
    },
    "ESTSecurityInstalledWowKey": {
      "FullPath": "SOFTWARE\\WOW6432Node\\ESTsoft",
      "IfExists": true
    },
    "ExpPkgs": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\WindowsSelfhost\\Applicability",
      "ValueName": "ExpPkgs",
      "RegValueType": "REG_SZ"
    },
    "ExpStates": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\WindowsSelfHost\\FIDs",
      "ValueName": "PreviewConfigs",
      "RegValueType": "REG_SZ"
    },
    "FeatureUpdateDeadline": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "Software\\Policies\\Microsoft\\Windows\\WindowsUpdate\\",
      "ValueName": "ConfigureDeadlineForFeatureUpdates",
      "RegValueType": "REG_DWORD"
    },
    "FIDTSRan": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Flighting\\Build\\TS_Crash_56093636_Logs",
      "ValueName": "LastHr"
    },
    "FlightContent": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\WindowsSelfHost\\Applicability",
      "ValueName": "ContentType",
      "RegValueType": "REG_SZ"
    },
    "FlightingOptOutState": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\WindowsSelfHost\\UI\\Selection",
      "ValueName": "OptOutState",
      "RegValueType": "REG_DWORD"
    },
    "FODRetryPending": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Component Based Servicing",
      "ValueName": "FODRetry",
      "RegValueType": "REG_DWORD"
    },
    "FSecureInstalledKey": {
      "FullPath": "SOFTWARE\\F-Secure\\OneClient",
      "IfExists": true
    },
    "FSecureInstalledWowKey": {
      "FullPath": "SOFTWARE\\WOW6432Node\\F-Secure\\OneClient",
      "IfExists": true
    },
    "FSRing": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\WindowsSelfhost\\Applicability",
      "ValueName": "FSRing",
      "RegValueType": "REG_SZ"
    },
    "GamingServicesInstalledKey": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SYSTEM\\CurrentControlSet\\Services\\GamingServices",
      "IfExists": true
    },
    "GridZoneName": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\COAWOS",
      "ValueName": "GridZoneName",
      "RegValueType": "REG_SZ",
      "PersistedSourceId": "COAWOSRoot"
    },
    "GStatus_CO21H2RegFb": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags\\TargetVersionUpgradeExperienceIndicators\\CO21H2",
      "ValueName": "GStatus",
      "RegValueType": "REG_SZ"
    },
    "GStatusBlockIDs_All": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags\\Appraiser\\GWX",
      "ValueName": "SdbEntries",
      "RegValueType": "REG_SZ"
    },
    "HidOverGattReg": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\PnpLockdownFiles\\%SystemRoot%/System32/drivers/UMDF/Microsoft.Bluetooth.Profiles.HidOverGatt.dll",
      "ValueName": "Source",
      "RegValueType": "REG_SZ"
    },
    "HotPatchEKBInstalled": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Update\\TargetingInfo\\DynamicInstalled\\Hotpatch.amd64",
      "IfExists": true
    },
    "HotpatchError": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "Software\\Microsoft\\Windows\\Hotpatch\\Environment",
      "ValueName": "HotpatchError",
      "RegValueType": "REG_DWORD"
    },
    "IIS_ASPNET": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Component Based Servicing\\Notifications\\OptionalFeatures\\IIS-ASPNET",
      "ValueName": "Selection",
      "RegValueType": "REG_DWORD"
    },
    "IIS_NetFxExtensibility": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Component Based Servicing\\Notifications\\OptionalFeatures\\IIS-NetFxExtensibility",
      "ValueName": "Selection",
      "RegValueType": "REG_DWORD"
    },
    "InstallDate": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion",
      "ValueName": "InstallDate",
      "RegValueType": "REG_DWORD"
    },
    "IntelPlatformId": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "HARDWARE\\DESCRIPTION\\System\\CentralProcessor\\0",
      "ValueName": "Platform Specific Field 1",
      "RegValueType": "REG_DWORD"
    },
    "IppPrinterBadDefaultPdc": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Print\\Printers\\*\\PrinterDriverData",
      "ValueName": "V4_PDC_ChangeID",
      "RegValueType": "REG_SZ",
      "EncodingType": "Json"
    },
    "IsAutopilotRegistered": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Provisioning\\AutopilotPolicyCache",
      "ValueName": "ProfileAvailable",
      "RegValueType": "REG_DWORD"
    },
    "IsFlightingEnabled": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\WindowsSelfHost\\Applicability",
      "ValueName": "IsBuildFlightingEnabled",
      "RegValueType": "REG_DWORD"
    },
    "IsCHCapableBuild": {
      "HKey": "HKEY_CLASSES_ROOT",
      "FullPath": "CLSID\\{2C57C51B-FD43-4E74-B077-551AE6228AD6}",
      "IfExists": true
    },
    "IsCldFltSyncRoots": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SyncRootManager\\*",
      "IfExists": true
    },
    "IsConfigMgrEnabled": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\WindowsSelfHost\\ClientState",
      "ValueName": "ConfigMgrEnabled",
      "RegValueType": "REG_DWORD"
    },
    "IsContainerMgrInstalled": {
      "FullPath": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Containers\\CmService",
      "IfExists": true
    },
    "IsEdgeWithChromiumInstalled": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\EdgeUpdate\\Clients\\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}",
      "IfExists": true
    },
    "IsEdgeWithChromiumInstalledWow": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Wow6432Node\\Microsoft\\EdgeUpdate\\Clients\\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}",
      "IfExists": true
    },
    "IsFeedbackHubSelfhost": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Diagnostics\\DiagTrack\\Partners\\IsFeedbackHubSelfhost",
      "IfExists": true
    },
    "IsFSOverlay": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SYSTEM\\CurrentControlSet\\Control\\GlobMerger",
      "ValueName": "IsEnabled",
      "RegValueType": "REG_DWORD"
    },
    "IsHybridOrXGpu": {
      "FullPath": "SOFTWARE\\Microsoft\\DirectX",
      "ValueName": "HybridDeviceApplicableForDxDbGpuPreferences"
    },
    "IsProcessorMode": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Diagnostics\\DiagTrack\\RegionalSettings",
      "ValueName": "IsProcessorMode",
      "RegValueType": "REG_QWORD"
    },
    "IsRemoteDesktopSessionHost": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion",
      "ValueName": "EditionID",
      "RegValueType": "REG_SZ"
    },
    "IsSpotlightEnabledInOEMTheme": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Themes",
      "ValueName": "WindowsSpotlight",
      "RegValueType": "REG_DWORD"
    },
    "IsSpotlightThemeEnabledByOEM": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\DesktopOptimization",
      "ValueName": "WindowsSpotlightTheme",
      "RegValueType": "REG_DWORD"
    },
    "IsVbsEnabled": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SYSTEM\\ControlSet001\\Control\\DeviceGuard",
      "ValueName": "EnableVirtualizationBasedSecurity",
      "RegValueType": "REG_DWORD"
    },
    "IsWDAGEnabled": {
      "FullPath": "SYSTEM\\ControlSet001\\Services\\hvsics",
      "IfExists": true
    },
    "IsWDATPEnabled": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows Advanced Threat Protection\\Status",
      "ValueName": "OnboardingState"
    },
    "K7InstalledKey": {
      "FullPath": "SOFTWARE\\K7 Computing",
      "IfExists": true
    },
    "K7InstalledWowKey": {
      "FullPath": "SOFTWARE\\WOW6432Node\\K7 Computing",
      "IfExists": true
    },
    "KasperskyInstalledKey": {
      "FullPath": "SOFTWARE\\KasperskyLab",
      "IfExists": true
    },
    "KasperskyInstalledWowKey": {
      "FullPath": "SOFTWARE\\WOW6432Node\\KasperskyLab",
      "IfExists": true
    },
    "KasperskyReg": {
      "FullPath": "System\\CurrentControlSet\\Services\\klhk\\Parameters",
      "ValueName": "UseVtHardware"
    },
    "KingsoftInstalledKey": {
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Kingsoft Internet Security",
      "IfExists": true
    },
    "KingsoftInstalledWowKey": {
      "FullPath": "SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Kingsoft Internet Security",
      "IfExists": true
    },
    "KioskMode": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\AssignedAccessCsp\\AutoLogonAccount",
      "ValueName": "ConfigSource",
      "RegValueType": "REG_DWORD"
    },
    "KnownFoldersBackupStatus": {
      "HKey": "HKEY_CURRENT_USER",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StorageProviderStatus",
      "ValueName": "OneDrive",
      "RegValueType": "REG_SZ"
    },
    "LaunchOobeInEndUserSession": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "Software\\Microsoft\\Windows\\CurrentVersion\\OOBE",
      "ValueName": "ContinueOobeInEnduserSession"
    },
    "LaunchUserOOBE": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "Software\\Microsoft\\Windows\\CurrentVersion\\OOBE",
      "ValueName": "LaunchUserOOBE",
      "RegValueType": "REG_DWORD"
    },
    "LCUVer": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion",
      "ValueName": "LCUVer"
    },
    "LenovoInstalledKey": {
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{A9861883-31C5-4324-BD9A-DC9527EEB675}_is1",
      "IfExists": true
    },
    "LenovoInstalledWowKey": {
      "FullPath": "SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{A9861883-31C5-4324-BD9A-DC9527EEB675}_is1",
      "IfExists": true
    },
    "MalwarebytesInstalledKey": {
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1",
      "IfExists": true
    },
    "MalwarebytesInstalledWowKey": {
      "FullPath": "SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1",
      "IfExists": true
    },
    "McAfeeInstalledKey": {
      "FullPath": "SOFTWARE\\McAfee\\MSC\\AppInfo\\Substitute\\QueryParams",
      "IfExists": true
    },
    "McAfeeInstalledWowKey": {
      "FullPath": "SOFTWARE\\WOW6432Node\\McAfee\\MSC\\AppInfo\\Substitute\\QueryParams",
      "IfExists": true
    },
    "MDE4WSLPluginReleaseRing": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Microsoft Defender for Endpoint plug-in for WSL",
      "ValueName": "ReleaseRing",
      "RegValueType": "REG_SZ"
    },
    "MDEWSLPluginReleaseRing": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "Software\\Microsoft\\Windows\\CurrentVersion\\Lxss\\Plugins\\DefenderPlug-in",
      "ValueName": "ReleaseRing",
      "RegValueType": "REG_SZ"
    },
    "Migrated_GatedFeature_NI22H2": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags\\MigratedMarkers\\TargetVersionUpgradeExperienceIndicators\\NI22H2",
      "ValueName": "GatedFeatureSingleString",
      "RegValueType": "REG_SZ"
    },
    "Migrated_GatedFeature_NI22H2Setup": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags\\MigratedMarkers\\TargetVersionUpgradeExperienceIndicators\\NI22H2Setup",
      "ValueName": "GatedFeatureSingleString",
      "RegValueType": "REG_SZ"
    },
    "MSRT_NO_AU": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Policies\\Microsoft\\MRT",
      "ValueName": "DontOfferThroughWUAU",
      "RegValueType": "REG_DWORD"
    },
    "MTPTargetingInfo": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SYSTEM\\Platform\\MTPTargetingInfo",
      "ValueName": "TargetRing"
    },
    "NonSecurityUpdate": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Policies\\Microsoft\\Windows\\WindowsUpdate",
      "ValueName": "NonSecurityRelease",
      "RegValueType": "REG_DWORD"
    },
    "NPU_DeviceId": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SYSTEM\\CurrentControlSet\\Control\\Class\\{f01a9d53-3ff6-48d2-9f97-c8a7004be10c}\\0000",
      "ValueName": "MatchingDeviceId",
      "RegValueType": "REG_SZ"
    },
    "NPUEnabledDevice": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows Media Foundation\\FrameServer\\WindowsCameraEffects",
      "ValueName": "EffectsCameraAvailable",
      "RegValueType": "REG_DWORD"
    },
    "OEMMode": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Office\\16.0\\Common\\OEM",
      "ValueName": "OOBEMode",
      "RegValueType": "REG_SZ"
    },
    "OEMModelBaseBoard": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "HARDWARE\\DESCRIPTION\\System\\BIOS",
      "ValueName": "BaseBoardProduct",
      "RegValueType": "REG_SZ"
    },
    "OemPartnerRing": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SYSTEM\\Platform\\DeviceTargetingInfo",
      "ValueName": "TargetRing",
      "RegValueType": "REG_SZ"
    },
    "OEMSubModel": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "HARDWARE\\DESCRIPTION\\System\\BIOS",
      "ValueName": "SystemSKU",
      "RegValueType": "REG_SZ"
    },
    "OobeNdupAcceptedTarget": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\OOBE\\NDUP\\Updates",
      "ValueName": "Target",
      "RegValueType": "REG_SZ"
    },
    "OobeNdupFU22621CommitChoice": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\NDUP\\Updates\\FeatureUpdate_22621",
      "ValueName": "CommitChoice",
      "RegValueType": "REG_DWORD"
    },
    "OobeNdupFUTarget": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\NDUP\\Updates\\FeatureUpdate_22631",
      "ValueName": "Target",
      "RegValueType": "REG_SZ"
    },
    "OobeSeeker": {
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\OOBE\\Updates",
      "ValueName": "OOBEUpdateStarted"
    },
    "OSDataDriverPartnerRing": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "OSData\\SOFTWARE\\Microsoft\\DriverFlighting\\Partner",
      "ValueName": "TargetRing",
      "RegValueType": "REG_SZ"
    },
    "OSRollbackBuild": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WindowsUpdate\\OSUpgrade\\Rollback",
      "ValueName": "BuildString",
      "RegValueType": "REG_SZ"
    },
    "OSRollbackCount": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WindowsUpdate\\OSUpgrade\\Rollback",
      "ValueName": "Count",
      "RegValueType": "REG_DWORD"
    },
    "OSRollbackDate": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WindowsUpdate\\OSUpgrade\\Rollback",
      "ValueName": "DateStamp",
      "RegValueType": "REG_DWORD"
    },
    "PandaInstalledKey": {
      "FullPath": "SOFTWARE\\Panda Software\\Setup",
      "IfExists": true
    },
    "PandaInstalledWowKey": {
      "FullPath": "SOFTWARE\\WOW6432Node\\Panda Software\\Setup",
      "IfExists": true
    },
    "PausedFeatureStatus": {
      "FullPath": "SOFTWARE\\Microsoft\\WindowsUpdate\\UpdatePolicy\\Settings",
      "ValueName": "PausedFeatureStatus"
    },
    "PausedQualityStatus": {
      "FullPath": "SOFTWARE\\Microsoft\\WindowsUpdate\\UpdatePolicy\\Settings",
      "ValueName": "PausedQualityStatus"
    },
    "PlayFabPartyRelay": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\PlayFabPartyRelay",
      "IfExists": true
    },
    "PonchAllow": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\QualityCompat",
      "ValueName": "cadca5fe-87d3-4b96-b7fb-a231484277cc",
      "RegValueType": "REG_DWORD"
    },
    "PonchAllowKey": {
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\QualityCompat\\cadca5fe-87d3-4b96-b7fb-a231484277cc",
      "IfExists": true
    },
    "PonchAllowWow": {
      "FullPath": "SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\QualityCompat",
      "ValueName": "cadca5fe-87d3-4b96-b7fb-a231484277cc"
    },
    "PonchAllowWowKey": {
      "FullPath": "SOFTWARE\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\QualityCompat\\cadca5fe-87d3-4b96-b7fb-a231484277cc",
      "IfExists": true
    },
    "PonchBlock": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\QualityCompat",
      "ValueName": "65d75b03-6f4d-46e9-b870-517731e06cf9",
      "RegValueType": "REG_DWORD"
    },
    "PreviewBuildsManagerEnabled": {
      "FullPath": "SOFTWARE\\Microsoft\\WindowsSelfhost\\Manager",
      "ValueName": "ArePreviewBuildsAllowed"
    },
    "ProductType": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SYSTEM\\CurrentControlSet\\Control\\ProductOptions",
      "ValueName": "ProductType"
    },
    "PSAKyoceraMissingDEH": {
      "HKey": "HKEY_CLASSES_ROOT",
      "FullPath": "Extensions\\ContractId\\Windows.PrintSupportExtension\\PackageId\\A97ECD55.KYOCERAPrintCenter_4.1.11108.0_x64__kqmhh0ktdt7dg",
      "IfExists": true
    },
    "PSATATriumphMissingDEH": {
      "HKey": "HKEY_CLASSES_ROOT",
      "FullPath": "Extensions\\ContractId\\Windows.PrintSupportExtension\\PackageId\\TATriumph-AdlerGmbH.TAUTAXPrintCenter_4.1.11108.0_x64__h5e8vsnevp54y",
      "IfExists": true
    },
    "PSAXeroxMissingDEH": {
      "HKey": "HKEY_CLASSES_ROOT",
      "FullPath": "Extensions\\ContractId\\Windows.PrintSupportExtension\\PackageId\\XeroxCorp.PrintExperience_8.29.32.0_x64__f7egpvdyrs2a8",
      "IfExists": true
    },
    "QihooInstalledKey": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\360TotalSecurity",
      "IfExists": true
    },
    "QUDeadline": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Policies\\Microsoft\\Windows\\WindowsUpdate",
      "ValueName": "ConfigureDeadlineForQualityUpdates",
      "RegValueType": "REG_DWORD"
    },
    "QUDeadlineMDM": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\PolicyManager\\current\\device\\Update",
      "ValueName": "ConfigureDeadlineForQualityUpdates",
      "RegValueType": "REG_DWORD"
    },
    "QuickhealInstalledKey1": {
      "FullPath": "SYSTEM\\CurrentControlSet\\Servicescatflt",
      "IfExists": true
    },
    "QuickhealInstalledKey2": {
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\App Paths\\scanner.exe",
      "IfExists": true
    },
    "RecoveredFromBuild": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "Software\\Microsoft\\WindowsSelfHost\\Applicability\\RecoveredFrom",
      "ValueName": "LastBuild",
      "RegValueType": "REG_DWORD"
    },
    "RecoveredOnDate": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "Software\\Microsoft\\WindowsSelfHost\\Applicability\\RecoveredFrom",
      "ValueName": "DateStamp",
      "RegValueType": "REG_DWORD"
    },
    "ReleaseType": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Update\\TargetingInfo",
      "ValueName": "ReleaseType",
      "RegValueType": "REG_SZ"
    },
    "RobloxPlayer": {
      "HKey": "HKEY_CLASSES_ROOT",
      "FullPath": "roblox-player",
      "RegValueType": "REG_SZ",
      "IfExists": true
    },
    "RobloxStudio": {
      "HKey": "HKEY_CLASSES_ROOT",
      "FullPath": "roblox-studio",
      "RegValueType": "REG_SZ",
      "IfExists": true
    },
    "SetupDisplayedEulaVersion": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\OOBE\\",
      "ValueName": "SetupDisplayedEulaVersion",
      "RegValueType": "REG_DWORD"
    },
    "SH_SIPolicyCleanup": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\PPI\\Settings",
      "ValueName": "SIPolicyCleanup",
      "RegValueType": "REG_DWORD"
    },
    "SmartActiveHoursState": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\WindowsUpdate\\UX\\Settings",
      "ValueName": "SmartActiveHoursState",
      "RegValueType": "REG_DWORD"
    },
    "SophosInstalledKey1": {
      "FullPath": "SYSTEM\\CurrentControlSet\\Services\\SAVService",
      "IfExists": true
    },
    "SophosInstalledKey2": {
      "FullPath": "SYSTEM\\CurrentControlSet\\Services\\hmpalertsvc",
      "IfExists": true
    },
    "StayOnWindows10Timestamp": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\WindowsUpdate\\UX\\Settings",
      "ValueName": "SvOfferDeclined",
      "RegValueType": "REG_QWORD"
    },
    "Steam": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Classes\\Steam",
      "ValueName": "",
      "RegValueType": "REG_SZ"
    },
    "StrictHiveSecurityReg": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\*",
      "ValueName": "StrictHiveSecuritySet"
    },
    "SymantecInstalledKey": {
      "FullPath": "SOFTWARE\\Norton\\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}",
      "IfExists": true
    },
    "SymantecInstalledWowKey": {
      "FullPath": "SOFTWARE\\WOW6432Node\\Norton\\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}",
      "IfExists": true
    },
    "SystemGuard_Enabled": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SYSTEM\\CurrentControlSet\\Control\\DeviceGuard\\Scenarios\\SystemGuard",
      "ValueName": "Enabled",
      "RegValueType": "REG_DWORD"
    },
    "SystemManufacturer": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SYSTEM\\CurrentControlSet\\Control\\SystemInformation",
      "ValueName": "SystemManufacturer",
      "RegValueType": "REG_SZ"
    },
    "SystemProductName": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SYSTEM\\CurrentControlSet\\Control\\SystemInformation",
      "ValueName": "SystemProductName",
      "RegValueType": "REG_SZ"
    },
    "TargetReleaseVersionGP": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Policies\\Microsoft\\Windows\\WindowsUpdate",
      "ValueName": "TargetReleaseVersionInfo",
      "RegValueType": "REG_SZ"
    },
    "TargetReleaseVersionMDM": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\PolicyManager\\current\\device\\Update",
      "ValueName": "TargetReleaseVersion",
      "RegValueType": "REG_SZ"
    },
    "TenantId": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SYSTEM\\CurrentControlSet\\Control\\CloudDomainJoin\\JoinInfo\\*",
      "ValueName": "TenantId"
    },
    "TencentInstalledKey": {
      "FullPath": "SOFTWARE\\Tencent\\QQPCMgr",
      "IfExists": true
    },
    "TencentInstalledWowKey": {
      "FullPath": "SOFTWARE\\WOW6432Node\\Tencent\\QQPCMgr",
      "IfExists": true
    },
    "TencentReg": {
      "FullPath": "SYSTEM\\CurrentControlSet\\services\\TesSafe",
      "ValueName": "LoadStartTime"
    },
    "TencentType": {
      "FullPath": "SYSTEM\\CurrentControlSet\\services\\TesSafe",
      "ValueName": "Type"
    },
    "TestAllowedIDFlags": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\OOBE\\TestHooks",
      "ValueName": "TestAllowedIDFlags",
      "RegValueType": "REG_DWORD"
    },
    "TestRN": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Wosc\\Client\\Persistent\\ClientState\\FCON",
      "ValueName": "TestRing"
    },
    "ThreatTrackInstalledKey": {
      "FullPath": "SOFTWARE\\SBAMSvc",
      "IfExists": true
    },
    "ThreatTrackInstalledWowKey": {
      "FullPath": "SOFTWARE\\WOW6432Node\\SBAMSvc",
      "IfExists": true
    },
    "TimestampEpochString_CO21H2RegFb": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags\\TargetVersionUpgradeExperienceIndicators\\CO21H2",
      "ValueName": "TimestampEpochString",
      "RegValueType": "REG_SZ"
    },
    "TrendInstalledKey": {
      "FullPath": "SOFTWARE\\TrendMicro",
      "IfExists": true
    },
    "TrendInstalledWowKey": {
      "FullPath": "SOFTWARE\\WOW6432Node\\TrendMicro",
      "IfExists": true
    },
    "UHSEnrolled": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion",
      "ValueName": "UHSEnrolled",
      "RegValueType": "REG_SZ",
      "IfExists": true
    },
    "UninstallActive": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "System\\Setup",
      "ValueName": "UninstallActive",
      "RegValueType": "REG_DWORD"
    },
    "UpdateOfferedDays": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WaaSAssessment\\Cache\\",
      "ValueName": "UpToDateDays",
      "RegValueType": "REG_DWORD"
    },
    "UpdatePreference": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Policies\\Microsoft\\Windows\\WindowsUpdate",
      "ValueName": "UpdatePreference",
      "RegValueType": "REG_DWORD"
    },
    "UpgEx_CO21H2RegFb": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags\\TargetVersionUpgradeExperienceIndicators\\CO21H2",
      "ValueName": "UpgEx",
      "RegValueType": "REG_SZ"
    },
    "UpgradeAccepted": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\OOBE\\Updates\\",
      "ValueName": "UpgradeAccepted",
      "RegValueType": "REG_DWORD",
      "IfExists": true
    },
    "UpgradeEligible": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion",
      "ValueName": "UpgradeEligible",
      "RegValueType": "REG_DWORD"
    },
    "UserInPlaceUpgrade": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\\\Windows\\\\CurrentVersion",
      "ValueName": "UserInPlaceUpgrade",
      "RegValueType": "REG_DWORD"
    },
    "UsoScanMitigation": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WindowsUpdate\\Orchestrator\\Mitigation\\",
      "ValueName": "UsoScanNotStartingMitigationCompleted",
      "RegValueType": "REG_DWORD",
      "IfExists": true
    },
    "UtcDataHandlingPolicies": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Diagnostics\\DiagTrack",
      "ValueName": "UtcDataHandlingPolicies",
      "RegValueType": "REG_QWORD"
    },
    "UUSVersion": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WindowsUpdate\\Orchestrator",
      "ValueName": "LastRunVersion",
      "RegValueType": "REG_SZ"
    },
    "WAS_NetFxEnvironment": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Component Based Servicing\\Notifications\\OptionalFeatures\\WAS-NetFxEnvironment",
      "ValueName": "Selection",
      "RegValueType": "REG_DWORD"
    },
    "WCFHTTPActivationNotificationState": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Component Based Servicing\\\\Notifications\\\\OptionalFeatures\\\\WCF-HTTP-Activation",
      "ValueName": "Selection",
      "RegValueType": "REG_DWORD"
    },
    "WCFNonHTTPActivationNotificationState": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Component Based Servicing\\\\Notifications\\\\OptionalFeatures\\\\WCF-NonHTTP-Activation",
      "ValueName": "Selection",
      "RegValueType": "REG_DWORD"
    },
    "WebExperience": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\EdgeUpdate\\Clients\\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}",
      "IfExists": true
    },
    "WebExperienceWow": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\WOW6432Node\\Microsoft\\EdgeUpdate\\Clients\\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}",
      "IfExists": true
    },
    "WebrootInstalledKey": {
      "FullPath": "SOFTWARE\\WRData",
      "IfExists": true
    },
    "WebrootInstalledWowKey": {
      "FullPath": "SOFTWARE\\WOW6432Node\\WRData",
      "IfExists": true
    },
    "Win10ConsumerESUStatus": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\SoftwareProtectionPlatform\\ESU",
      "ValueName": "Win10ConsumerESUStatus",
      "RegValueType": "REG_DWORD"
    },
    "Win11UpgradeAcceptedTimestamp": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\WindowsUpdate\\UX\\Settings",
      "ValueName": "SvOfferAccepted",
      "RegValueType": "REG_QWORD"
    },
    "Win11UpgradeAcceptedWUSeeker": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\WindowsUpdate\\UX\\Settings",
      "ValueName": "SvOfferAccepted",
      "RegValueType": "REG_QWORD",
      "IfExists": true
    },
    "WindowsAccountSyncConsentApplicable": {
      "HKey": "HKEY_CURRENT_USER",
      "FullPath": "Software\\Microsoft\\Windows\\CurrentVersion\\UnifiedConsent\\DEFAULTACCOUNT\\WINDOWSACCOUNTSYNCCONSENT",
      "ValueName": "isApplicable",
      "RegValueType": "REG_DWORD"
    },
    "WindowsAccountSyncConsentPromptAllowed": {
      "HKey": "HKEY_CURRENT_USER",
      "FullPath": "Software\\Microsoft\\Windows\\CurrentVersion\\UnifiedConsent\\DEFAULTACCOUNT\\WINDOWSACCOUNTSYNCCONSENT",
      "ValueName": "isSystemInitiatedPromptAllowed",
      "RegValueType": "REG_DWORD"
    },
    "WindowsAccountSyncConsentState": {
      "HKey": "HKEY_CURRENT_USER",
      "FullPath": "Software\\Microsoft\\Windows\\CurrentVersion\\UnifiedConsent\\DEFAULTACCOUNT\\WINDOWSACCOUNTSYNCCONSENT\\DATASHARING",
      "ValueName": "isConsentAccepted",
      "RegValueType": "REG_DWORD"
    },
    "WindowsMixedReality": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\WUDF\\Services\\HoloLensSensors",
      "ValueName": "WdfMajorVersion",
      "RegValueType": "REG_DWORD"
    },
    "WOSCEndpointsSupported": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Wosc\\Client\\Persistent",
      "ValueName": "EndpointsSupported",
      "RegValueType": "REG_SZ"
    },
    "WSX_Runtime": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSX\\WSXPacks\\CTAC",
      "ValueName": "ExperienceExtensions",
      "RegValueType": "REG_SZ"
    },
    "WSX_Windows_AccountControl": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSX\\WSXPacks\\CTAC",
      "ValueName": "Windows.AccountControl",
      "RegValueType": "REG_SZ"
    },
    "WSX_Windows_AppSample": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSX\\WSXPacks\\CTAC",
      "ValueName": "Windows.AppSample",
      "RegValueType": "REG_SZ"
    },
    "WSX_Windows_Settings_Account": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSX\\WSXPacks\\CTAC",
      "ValueName": "Windows.Settings.Account",
      "RegValueType": "REG_SZ"
    },
    "WSX_Windows_Shell_Start": {
      "HKey": "HKEY_LOCAL_MACHINE",
      "FullPath": "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSX\\WSXPacks\\CTAC",
      "ValueName": "Windows.Shell.StartMenu",
      "RegValueType": "REG_SZ"
    }
  },
  "UpdatePolicy": {
    "AdminOptedIntoRebootlessUpdates": {
      "PolicyEnum": 59,
      "Enterprise": true
    },
    "AllowOptionalContent": {
      "PolicyEnum": 58,
      "Enterprise": true
    },
    "BranchReadinessLevel": {
      "PolicyEnum": 5,
      "Enterprise": true
    },
    "BranchReadinessLevelSource": {
      "PolicyEnum": 5,
      "Enterprise": true,
      "UseSource": true
    },
    "DeferFeatureUpdatePeriodInDays": {
      "PolicyEnum": 9,
      "Enterprise": true
    },
    "DeferQualityUpdatePeriodInDays": {
      "PolicyEnum": 7,
      "Enterprise": true
    },
    "DisableDualScan": {
      "PolicyEnum": 42,
      "Enterprise": true
    },
    "EnableWUfBUpgradeGates": {
      "PolicyEnum": 51,
      "Enterprise": true
    },
    "TargetProductVersion": {
      "PolicyEnum": 53,
      "Enterprise": true
    },
    "TargetReleaseVersion": {
      "PolicyEnum": 50,
      "Enterprise": true
    },
    "UpdateServiceUrl": {
      "PolicyEnum": 12
    },
    "WUfBClientManaged": {
      "PolicyEnum": 32,
      "Enterprise": true
    }
  },
  "FileInfo": {
    "AvastVer": {
      "Path": "\\system32\\Drivers\\aswVmm.sys",
      "FolderGuid": "{F38BF404-1D43-42F2-9305-67DE0B28FC23}"
    },
    "AvgVer": {
      "Path": "\\system32\\Drivers\\avgVmm.sys",
      "FolderGuid": "{F38BF404-1D43-42F2-9305-67DE0B28FC23}"
    },
    "BullguardInstalledVer": {
      "Path": "\\BullGuard Ltd\\BullGuard\\BullGuard.exe",
      "IfExists": true,
      "FolderGuid": "{905E63B6-C1BF-494E-B29C-65B732D3D21A}"
    },
    "CortanaAppVer": {
      "Path": "\\WindowsApps\\Microsoft.549981C3F5F10_8wekyb3d8bbwe\\CortanaApp.View.exe",
      "FolderGuid": "{905E63B6-C1BF-494E-B29C-65B732D3D21A}"
    },
    "CortanaAppVerTest": {
      "Path": "\\WindowsApps\\3242f7d9-db60-4380-a379-4205ea768bfc_1.0.0.0_x64__zs4v8rx04ex0m\\UndockingTestApp.exe",
      "FolderGuid": "{905E63B6-C1BF-494E-B29C-65B732D3D21A}"
    },
    "CrowdStrikeInstalledVer": {
      "Path": "drivers\\CrowdStrike\\CSAgent.sys",
      "IfExists": true,
      "FolderGuid": "{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}"
    },
    "DmdHpControlPackageEnUs": {
      "Path": "%PROGRAMDATA%\\Microsoft\\Windows\\DeviceMetadataCache\\dmrccache\\en-US\\d3a162c7-a388-4099-b63d-265639514cc0\\PackageInfo.xml",
      "IfExists": true
    },
    "DmdHpControlPackageMultiloc": {
      "Path": "%PROGRAMDATA%\\Microsoft\\Windows\\DeviceMetadataCache\\dmrccache\\multiloc\\d3a162c7-a388-4099-b63d-265639514cc0\\PackageInfo.xml",
      "IfExists": true
    },
    "DmdHpControlPackageTr": {
      "Path": "%PROGRAMDATA%\\Microsoft\\Windows\\DeviceMetadataCache\\dmrccache\\tr\\d3a162c7-a388-4099-b63d-265639514cc0\\PackageInfo.xml",
      "IfExists": true
    },
    "EsetVer": {
      "Path": "\\drivers\\ehdrv.sys",
      "FolderGuid": "{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}"
    },
    "FileExistsMscoreeDll": {
      "Path": "%windir%\\\\system32\\\\mscoree.dll",
      "IfExists": true
    },
    "GDataInstalledVer": {
      "Path": "\\drivers\\MiniIcpt.sys",
      "IfExists": true,
      "FolderGuid": "{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}"
    },
    "HidparseDriversVer": {
      "Path": "%windir%\\system32\\drivers\\hidparse.sys"
    },
    "HidparseSystem32Ver": {
      "Path": "%windir%\\system32"
    },
    "HidparseSystem32Ver1": {
      "Path": "%windir%\\system32\\hidparse.sys"
    },
    "IsNotepadExePresent": {
      "Path": "%windir%\\system32\\notepad.exe",
      "IfExists": true
    },
    "K7InstalledVer": {
      "Path": "\\K7 Computing",
      "IfExists": true,
      "FolderGuid": "{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}"
    },
    "KasperskyVer": {
      "Path": "\\system32\\Drivers\\klhk.sys",
      "FolderGuid": "{F38BF404-1D43-42F2-9305-67DE0B28FC23}"
    },
    "OnnxruntimeVer": {
      "Path": "%windir%\\\\system32\\\\onnxruntime.dll"
    },
    "PandaInstalledVer": {
      "Path": "\\Panda Security",
      "IfExists": true,
      "FolderGuid": "{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}"
    },
    "SkypeRoomSystem": {
      "Path": "%systemdrive%\\Recovery\\OEM\\$oem$\\$1\\Rigel\\x64\\Scripts\\Provisioning\\AutoUnattend.xml",
      "IfExists": true
    },
    "SymantecVer": {
      "Path": "\\Symantec\\Shared\\EENGINE\\eeCtrl.sys",
      "FolderGuid": "{DE974D24-D9C6-4D3E-BF91-F4455120B917}"
    },
    "SymantecVer64": {
      "Path": "\\Symantec\\Shared\\EENGINE\\eeCtrl64.sys",
      "FolderGuid": "{DE974D24-D9C6-4D3E-BF91-F4455120B917}"
    },
    "TobiiVer": {
      "Path": "\\Tobii\\Tobii EyeX Interaction\\Tobii.EyeX.Interaction.exe",
      "FolderGuid": "{905E63B6-C1BF-494E-B29C-65B732D3D21A}"
    },
    "TobiiVer1x86": {
      "Path": "\\Tobii\\tobii EyeX Interaction\\Tobii.EyeX.Interaction.exe",
      "FolderGuid": "{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}"
    },
    "TobiiVerx86": {
      "Path": "\\tobii EyeX Interaction\\Tobii.EyeX.Interaction.exe",
      "FolderGuid": "{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}"
    },
    "TrendInstalledVer": {
      "Path": "\\Trend Micro\\Titanium\\plugin\\plugVizor.dll",
      "IfExists": true,
      "FolderGuid": "{905E63B6-C1BF-494E-B29C-65B732D3D21A}"
    },
    "TrendMicroVer": {
      "Path": "\\drivers\\TMUMH.sys",
      "FolderGuid": "{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}"
    },
    "UCPDVer": {
      "Path": "\\drivers\\UCPD.sys",
      "FolderGuid": "{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}"
    },
    "WASDK_1_2_ARM": {
      "Path": "%programfiles%\\WindowsApps\\Microsoft.WindowsAppRuntime.1.6_6000.311.13.0_arm__8wekyb3d8bbwe\\WindowsAppRuntime.DeploymentExtensions.OneCore.dll",
      "IfExists": true
    },
    "WASDK_1_2_ARM64": {
      "Path": "%programfiles%\\WindowsApps\\Microsoft.WindowsAppRuntime.1.6_6000.311.13.0_arm64__8wekyb3d8bbwe\\WindowsAppRuntime.DeploymentExtensions.OneCore.dll",
      "IfExists": true
    },
    "WASDK_1_2_DLL": {
      "Path": "%programfiles%\\WindowsApps\\Microsoft.WindowsAppRuntime.1.6_6000.311.13.0_x64__8wekyb3d8bbwe\\WindowsAppRuntime.DeploymentExtensions.OneCore.dll",
      "IfExists": true
    },
    "WASDK_1_2_X86": {
      "Path": "%programfiles%\\WindowsApps\\Microsoft.WindowsAppRuntime.1.6_6000.311.13.0_x86__8wekyb3d8bbwe\\WindowsAppRuntime.DeploymentExtensions.OneCore.dll",
      "IfExists": true
    },
    "WuClientVer": {
      "Path": "\\system32\\wuaueng.dll",
      "FolderGuid": "{F38BF404-1D43-42F2-9305-67DE0B28FC23}"
    },
    "XamlCbsActivationStore": {
      "Path": "%ProgramData%\\\\Microsoft\\\\Windows\\\\AppRepository\\\\Packages\\\\Microsoft.UI.Xaml.CBS_8.2205.4001.0_x64__8wekyb3d8bbwe\\\\ActivationStore.dat",
      "IfExists": true
    },
    "XamlCbsActivationStoreArm64": {
      "Path": "%ProgramData%\\\\Microsoft\\\\Windows\\\\AppRepository\\\\Packages\\\\Microsoft.UI.Xaml.CBS_8.2205.4001.0_arm64__8wekyb3d8bbwe\\\\ActivationStore.dat",
      "IfExists": true
    }
  },
  "Licensing": {
    "UpdateManagementGroup": {
      "Name": "UpdatePolicy-UpdateManagementGroup"
    }
  },
  "Policy": {
    "DesiredOcpVersion": {
      "LocUri": "./Device/Vendor/MSFT/DeviceUpdateCenter/DesiredUpdates/OcpVersion/"
    },
    "DesiredOsVersion": {
      "LocUri": "./Device/Vendor/MSFT/DeviceUpdateCenter/DesiredUpdates/OsVersion"
    },
    "DesiredSystemManifestVersion": {
      "LocUri": "./Device/Vendor/MSFT/DeviceUpdateCenter/DesiredUpdates/SystemManifestVersion"
    },
    "DucCustomPackageId": {
      "LocUri": "./Device/Vendor/MSFT/DeviceUpdateCenter/Enrollment/CustomPackageId"
    },
    "DucDeviceModelId": {
      "LocUri": "./Device/Vendor/MSFT/DeviceUpdateCenter/Enrollment/DeviceModelId"
    },
    "DucOemPartnerRing": {
      "LocUri": "./Device/Vendor/MSFT/DeviceUpdateCenter/Enrollment/OemPartnerRing"
    },
    "DucPublisherId": {
      "LocUri": "./Device/Vendor/MSFT/DeviceUpdateCenter/Enrollment/PublisherId"
    },
    "SetPolicyDrivenUpdateSourceForFeatureUpdates": {
      "LocUri": "./Device/Vendor/MSFT/Policy/Config/Update/SetPolicyDrivenUpdateSourceForFeatureUpdates"
    },
    "WSUSconfigured_csp": {
      "LocUri": "./Device/Vendor/MSFT/Policy/Config/Update/UpdateServiceUrl"
    }
  },
  "AppInfo": {
    "AIFabricCBSStableVer": {
      "Name": "Microsoft.WindowsAppRuntime.CBS.1.6"
    },
    "WidgetsAppVer": {
      "Name": "MicrosoftWindows.Client.WebExperience"
    }
  },
  "WMI": {
    "ElanFingerprintDriverVersion": {
      "Query": "SELECT DriverVersion, Manufacturer FROM Win32_PnPSignedDriver WHERE Manufacturer = 'ELAN'",
      "Name": "DriverVersion",
      "Timeout": 2000
    },
    "FirstStorageSpaceDeviceId": {
      "Query": "SELECT DeviceID FROM Win32_DiskDrive WHERE Model = 'Microsoft Storage Space Device'",
      "Name": "DeviceID",
      "Timeout": 2000
    },
    "IIS_ASPNET_WMI": {
      "Query": "SELECT * FROM Win32_OptionalFeature WHERE name = 'IIS-ASPNET'",
      "Name": "InstallState",
      "Timeout": 2000
    },
    "IIS_NetFxExtensibility_WMI": {
      "Query": "SELECT * FROM Win32_OptionalFeature WHERE name = 'IIS-NetFxExtensibility'",
      "Name": "InstallState",
      "Timeout": 2000
    },
    "NetFx3State": {
      "Query": "SELECT * FROM Win32_OptionalFeature WHERE name = 'NetFX3'",
      "Name": "InstallState",
      "Timeout": 2000
    },
    "PSAKyoceraInstalledName": {
      "Query": "SELECT Name, ProgramId FROM Win32_InstalledStoreProgram WHERE ProgramId = 'A97ECD55.KYOCERAPrintCenter_4.1.11108.0_x64__kqmhh0ktdt7dg'",
      "Name": "Name",
      "Timeout": 2000
    },
    "PSATATriumphInstalledName": {
      "Query": "SELECT Name, ProgramId FROM Win32_InstalledStoreProgram WHERE ProgramId = 'TATriumph-AdlerGmbH.TAUTAXPrintCenter_4.1.11108.0_x64__h5e8vsnevp54y'",
      "Name": "Name",
      "Timeout": 2000
    },
    "WAS_NetFxEnvironment_WMI": {
      "Query": "SELECT * FROM Win32_OptionalFeature WHERE name = 'WAS-NetFxEnvironment'",
      "Name": "InstallState",
      "Timeout": 2000
    },
    "WCFHTTPActivationState": {
      "Query": "SELECT * FROM Win32_OptionalFeature WHERE name = 'WCF-HTTP-Activation'",
      "Name": "InstallState",
      "Timeout": 2000
    },
    "WCFNonHTTPActivationState": {
      "Query": "SELECT * FROM Win32_OptionalFeature WHERE name = 'WCF-NonHTTP-Activation'",
      "Name": "InstallState",
      "Timeout": 2000
    },
    "XeroxPsaInstalledName": {
      "Query": "SELECT Name, ProgramId FROM Win32_InstalledStoreProgram WHERE ProgramId = 'XeroxCorp.PrintExperience_8.29.32.0_x64__f7egpvdyrs2a8'",
      "Name": "Name",
      "Timeout": 2000
    }
  },
  "RegionPolicy": {
    "IsCampaignEdgePromotionEnabled": {
      "ForceEvaluate": false,
      "PolicyGUID": "{2BF706DE-6DBB-4692-B7EF-84D80C47E927}"
    },
    "IsCampaignSegmentTargetingEnabled": {
      "ForceEvaluate": false,
      "PolicyGUID": "{36996754-E327-483A-902F-523E2BA03239}"
    }
  }
}"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Avira_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Avira_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Avira Fallback Updater]
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Avira Fallback Updater]
"DisplayName"="Avira Fallback Updater"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Avira Fallback Updater]
"UninstallString"=""C:\Program Files (x86)\Avira\Fallback Updater\Avira.Spotlight.FallbackUpdater.exe" Action=RemoveFallbackUpdater"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Avira Phantom VPN]
[HKEY_USERS\S-1-5-21-76596380-2333717119-1847427047-1003\Control Panel\NotifyIconSettings\1186091603851059062]
"ExecutablePath"="{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\Avira\Security\Avira.Spotlight.Systray.Application.exe"
[HKEY_USERS\S-1-5-21-76596380-2333717119-1847427047-1003\Control Panel\NotifyIconSettings\1186091603851059062]
"Publisher"="Avira Operations GmbH"
[HKEY_USERS\S-1-5-21-76596380-2333717119-1847427047-1003\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_96DPI_PIXEL]
"Avira.Spotlight.UI.Application.exe"="1"
[HKEY_USERS\S-1-5-21-76596380-2333717119-1847427047-1003\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_96DPI_PIXEL]
"Avira.Spotlight.UI.Application.Messaging.exe"="1"
[HKEY_USERS\S-1-5-21-76596380-2333717119-1847427047-1003\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION]
"Avira.Spotlight.UI.Application.exe"="11001"
[HKEY_USERS\S-1-5-21-76596380-2333717119-1847427047-1003\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION]
"Avira.Spotlight.UI.Application.Messaging.exe"="11001"
[HKEY_USERS\S-1-5-21-76596380-2333717119-1847427047-1003\Software\Microsoft\Windows\CurrentVersion\CloudStore\Store\DefaultAccount\Cloud\{9f51af30-9f92-4c3d-b8c5-e92fd787eb41}$windows.data.apps.appmetadata$appmetadatalist\windows.data.apps.appmetadata$avira fallback updater]
[HKEY_USERS\S-1-5-21-76596380-2333717119-1847427047-1003\Software\Microsoft\Windows\CurrentVersion\CloudStore\Store\DefaultAccount\Current\{9f51af30-9f92-4c3d-b8c5-e92fd787eb41}$windows.data.apps.appleveltileinfo$appleveltilelist\windows.data.apps.appleveltileinfo$w~{7c5a40ef-a0fb-4bfc-874a-c0f2e0b9fa8e}avirasecurityavira.spotlight.ui.application.exe]
[HKEY_USERS\S-1-5-21-76596380-2333717119-1847427047-1003\Software\Microsoft\Windows\CurrentVersion\CloudStore\Store\DefaultAccount\Current\{9f51af30-9f92-4c3d-b8c5-e92fd787eb41}$windows.data.apps.appmetadata$appmetadatalist\windows.data.apps.appmetadata$avira fallback updater]
[HKEY_USERS\S-1-5-21-76596380-2333717119-1847427047-1003\Software\Microsoft\Windows\CurrentVersion\CloudStore\Store\DefaultAccount\Current\{9f51af30-9f92-4c3d-b8c5-e92fd787eb41}$windows.data.apps.appmetadata$appmetadatalist\windows.data.apps.appmetadata$avira phantom vpn]
[HKEY_USERS\S-1-5-21-76596380-2333717119-1847427047-1003\Software\Microsoft\Windows\CurrentVersion\CloudStore\Store\DefaultAccount\Current\{9f51af30-9f92-4c3d-b8c5-e92fd787eb41}$windows.data.apps.appmetadata$appmetadatalist\windows.data.apps.appmetadata$avira security_is1]
[HKEY_USERS\S-1-5-21-76596380-2333717119-1847427047-1003\Software\Microsoft\Windows\CurrentVersion\CloudStore\Store\DefaultAccount\Current\{9f51af30-9f92-4c3d-b8c5-e92fd787eb41}$windows.data.apps.appmetadata$appmetadatalist\windows.data.apps.appmetadata$avira system speedup_is1]
[HKEY_USERS\S-1-5-21-76596380-2333717119-1847427047-1003\Software\Microsoft\Windows\CurrentVersion\CloudStore\Store\DefaultAccount\Current\{9f51af30-9f92-4c3d-b8c5-e92fd787eb41}$windows.data.apps.appmetadata$appmetadatalist\windows.data.apps.appmetadata$avirasecurityuninstaller]
[HKEY_USERS\S-1-5-21-76596380-2333717119-1847427047-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\AppBadgeUpdated]
"{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\Avira\Security\Avira.Spotlight.UI.Application.exe"="2"
[HKEY_USERS\S-1-5-21-76596380-2333717119-1847427047-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FeatureUsage\AppSwitched]
"{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\Avira\Security\Avira.Spotlight.UI.Application.exe"="2"
[HKEY_USERS\S-1-5-21-76596380-2333717119-1847427047-1003\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Users\emqi-\Downloads\avira_de_sptl1_0bdd1ff358e0d358__pavwws-spotlight-release.exe"="0x5341435001000000000000000700000028000000506D68004C43690001000000000000000000000A00210000503116E5042ADB0100000000000000000200000028000000000000000000004000000000000000000000000000000000AAC80100000000000100000001000000"
[HKEY_USERS\S-1-5-21-76596380-2333717119-1847427047-1003\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Program Files (x86)\Avira\VPN\Avira.WebAppHost.exe"="0x534143500100000000000000070000002800000020E20C008B5A0D0001000000000000000000000A75220000503116E5042ADB01000000000000000002000000280000000000000000000000000000002000000000000000000000000A010000000000000100000001000000"
[HKEY_USERS\S-1-5-21-76596380-2333717119-1847427047-1003\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Bootstrapper.exe"="0x5341435001000000000000000700000028000000506D68004C43690003000000000000000000000A00210000503116E5042ADB010000000000000000"
[HKEY_USERS\S-1-5-21-76596380-2333717119-1847427047-1003\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Program Files (x86)\Avira\Security\Avira.Spotlight.UI.AdministrativeRightsProvider.exe"="0x534143500100000000000000070000002800000030870300C6E9030001000000000000000000000A00210000503116E5042ADB0100000000000000000200000028000000000000000000004000000000200000000000000000000000CB000000000000000100000001000000"


====== Ende von Suche ======

M-K-D-B · 27.05.2025, 16:37

Danke für die Logs.

Da sind nur noch Reste von Avira. Diese entfernen wir und überprüfen die Systemdateien auf Fehler. Dies kann länger dauern, bitte gedulde dich, während die Reparatur läuft.
Du solltest auch nebenbei nichts am System arbeiten.

Reparatur mit FRST
HINWEIS AN ALLE MITLESER:
Dieses FRST-Skript ist ausschließlich für diesen Nutzer gedacht und sollte niemals 1:1 für ein anderes System verwendet werden!

Speichere deine Arbeiten und schließe alle offenen Programme, damit keine Daten verloren gehen.

Markiere den gesamten Inhalt der folgenden Code-Box mit der Maus und kopiere ihn (gleichzeitiges Drücken der beiden Tasten "STRG" + "C"):

Code:

ATTFilter

Start::
CreateRestorePoint:
CloseProcesses:
DeleteKey: HKLM\Software\Google\Chrome
DeleteKey: HKLM\Software\Wow6432Node\Google\Chrome
C:\Windows\SystemTemp\Avira*.*
C:\Windows\Prefetch\AVIRA*.*
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\Avira.Spotlight.UI.Application.Messaging.exe
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Avira_RASAPI32
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Avira_RASMANCS
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Avira
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Avira_RASAPI32
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Avira_RASMANCS
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Avira Fallback Updater
CMD: cscript /nologo %systemroot%\System32\slmgr.vbs /dlv
CMD: netsh winsock reset
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh winhttp reset proxy
CMD: Bitsadmin /Reset /Allusers
CMD: Winmgmt /salvagerepository 
CMD: Winmgmt /verifyrepository
CMD: "%WINDIR%\SYSTEM32\lodctr.exe" /R
CMD: "%WINDIR%\SysWOW64\lodctr.exe" /R
CMD: "%WINDIR%\SYSTEM32\lodctr.exe" /R
CMD: "%WINDIR%\SysWOW64\lodctr.exe" /R
CMD: dism /online /cleanup-image /restorehealth
CMD: sfc /scannow
Hosts:
RemoveProxy:
EmptyTemp:
End::

Starte nun FRST und klicke direkt auf den Button Reparieren.
Wichtig: Du brauchst den Inhalt der Code-Box nirgends einfügen, da sich FRST den Code aus der Zwischenablage holt!
Das Tool führt die gewünschten Schritte aus und erstellt die Datei fixlog.txt im selben Verzeichnis, in dem sich FRST befindet.
Zum Abschluss wird das System neu gestartet.
Poste mir den Inhalt der Datei fixlog.txt mit deiner nächsten Antwort.

Bernd Brot · 27.05.2025, 18:07

Hier die fixlog.txt: (recaptcha meckert immer noch)

Code:

ATTFilter

Entfernungsergebnis von Farbar Recovery Scan Tool (x64) Version: 22-05-2025
durchgeführt von emqi- (27-05-2025 17:52:21) Run:1
Gestartet von C:\Users\emqi-\Downloads
Geladene Profile: emqi-
Start-Modus: Normal
==============================================

fixlist Inhalt:
*****************
Start::
CreateRestorePoint:
CloseProcesses:
DeleteKey: HKLM\Software\Google\Chrome
DeleteKey: HKLM\Software\Wow6432Node\Google\Chrome
C:\Windows\SystemTemp\Avira*.*
C:\Windows\Prefetch\AVIRA*.*
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\Avira.Spotlight.UI.Application.Messaging.exe
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Avira_RASAPI32
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Avira_RASMANCS
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Avira
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Avira_RASAPI32
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Avira_RASMANCS
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Avira Fallback Updater
CMD: cscript /nologo %systemroot%\System32\slmgr.vbs /dlv
CMD: netsh winsock reset
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh winhttp reset proxy
CMD: Bitsadmin /Reset /Allusers
CMD: Winmgmt /salvagerepository 
CMD: Winmgmt /verifyrepository
CMD: "%WINDIR%\SYSTEM32\lodctr.exe" /R
CMD: "%WINDIR%\SysWOW64\lodctr.exe" /R
CMD: "%WINDIR%\SYSTEM32\lodctr.exe" /R
CMD: "%WINDIR%\SysWOW64\lodctr.exe" /R
CMD: dism /online /cleanup-image /restorehealth
CMD: sfc /scannow
Hosts:
RemoveProxy:
EmptyTemp:
End::
*****************

Wiederherstellungspunkt wurde erfolgreich erstellt.
Prozesse erfolgreich geschlossen.
"HKLM\Software\Google\Chrome" => erfolgreich entfernt
HKLM\Software\Wow6432Node\Google\Chrome => erfolgreich entfernt

=========== "C:\Windows\SystemTemp\Avira*.*" ==========

C:\Windows\SystemTemp\Avira_Spotlight_Bootstrapper_2025-05-15_06-32-44.log => erfolgreich verschoben
C:\Windows\SystemTemp\Avira_Spotlight_Bootstrapper_2025-05-15_16-27-00.log => erfolgreich verschoben
C:\Windows\SystemTemp\Avira_Spotlight_Bootstrapper_2025-05-16_09-47-11.log => erfolgreich verschoben

========= Ende -> "C:\Windows\SystemTemp\Avira*.*" ========


=========== "C:\Windows\Prefetch\AVIRA*.*" ==========

C:\Windows\Prefetch\AVIRA.SPOTLIGHT.BOOTSTRAPPER.-4A5AABF5.pf => erfolgreich verschoben
C:\Windows\Prefetch\AVIRA.SPOTLIGHT.BOOTSTRAPPER.-7AEF070C.pf => erfolgreich verschoben
C:\Windows\Prefetch\AVIRA.SPOTLIGHT.UI.ADMINISTRA-80E1237E.pf => erfolgreich verschoben
C:\Windows\Prefetch\AVIRA.SPOTLIGHT.UI.APPLICATIO-17D20DBA.pf => erfolgreich verschoben
C:\Windows\Prefetch\AVIRA.SPOTLIGHT.UI.APPLICATIO-8506823E.pf => erfolgreich verschoben
C:\Windows\Prefetch\AVIRA_OPTIMIZER_HOST.TMP-6E50DB22.pf => erfolgreich verschoben
C:\Windows\Prefetch\AVIRA_SPOTLIGHT_SETUP_PAVWWS.-8DBC0226.pf => erfolgreich verschoben
C:\Windows\Prefetch\AVIRA_SYSTEM_SPEEDUP.TMP-40918EEC.pf => erfolgreich verschoben

========= Ende -> "C:\Windows\Prefetch\AVIRA*.*" ========

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\Avira.Spotlight.UI.Application.Messaging.exe => erfolgreich entfernt
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Avira_RASAPI32 => erfolgreich entfernt
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Avira_RASMANCS => erfolgreich entfernt
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Avira" => erfolgreich entfernt
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Avira_RASAPI32 => erfolgreich entfernt
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\Avira_RASMANCS => erfolgreich entfernt
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Avira Fallback Updater => erfolgreich entfernt

========= cscript /nologo %systemroot%\System32\slmgr.vbs /dlv =========

Softwarelizenzierungsdienst-Version: 10.0.26100.3912

Name: Windows(R), Professional edition
Beschreibung: Windows(R) Operating System, VOLUME_MAK channel
Aktivierungs-ID: 49cd895b-53b2-4dc4-a5f7-b18aa019ad37
Anwendungs-ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Erweiterte PID: 03612-03312-003-387534-03-1031-26100.0000-0622025
Product Key-Kanal: Volume:MAK
Installations-ID: 357282190847456363003978684366485540676525023173184725049838642
Lizenz-URL verwenden: https://activation-v2.sls.microsoft.com/SLActivateProduct/SLActivateProduct.asmx?configextension=Retail
URL fr die šberprfung: https://validation-v2.sls.microsoft.com/SLWGA/slwga.asmx
Teil-Product Key: XD73B
Lizenzstatus: Lizenziert
Verbleibende Windows Rearm-Anzahl: 1000
Verbleibende SKU Rearm-Anzahl: 1001
Vertrauenswrdige Zeit: 27.05.2025 17:52:30




========= Ende von CMD: =========


========= netsh winsock reset =========


Der Winsock-Katalog wurde zurückgesetzt.
Sie müssen den Computer neu starten, um den Vorgang abzuschließen.



========= Ende von CMD: =========


========= netsh advfirewall reset =========

OK.



========= Ende von CMD: =========


========= netsh advfirewall set allprofiles state ON =========

OK.



========= Ende von CMD: =========


========= netsh winhttp reset proxy =========


Aktuelle WinHTTP-Proxyeinstellungen:

    DirectAccess (kein Proxyserver).



========= Ende von CMD: =========


========= Bitsadmin /Reset /Allusers =========


BITSADMIN version 3.0
BITS administration utility.
(C) Copyright Microsoft Corp.

0 out of 0 jobs canceled.


========= Ende von CMD: =========


========= Winmgmt /salvagerepository =========

Das WMI-Repository ist konsistent.


========= Ende von CMD: =========


========= Winmgmt /verifyrepository =========

Das WMI-Repository ist konsistent.


========= Ende von CMD: =========


========= "%WINDIR%\SYSTEM32\lodctr.exe" /R =========


Info: Die Leistungsindikatoreinstellungen wurden erfolgreich aus dem Systemsicherungsspeicher neu erstellt.


========= Ende von CMD: =========


========= "%WINDIR%\SysWOW64\lodctr.exe" /R =========


Info: Die Leistungsindikatoreinstellungen wurden erfolgreich aus dem Systemsicherungsspeicher neu erstellt.


========= Ende von CMD: =========


========= "%WINDIR%\SYSTEM32\lodctr.exe" /R =========


Info: Die Leistungsindikatoreinstellungen wurden erfolgreich aus dem Systemsicherungsspeicher neu erstellt.


========= Ende von CMD: =========


========= "%WINDIR%\SysWOW64\lodctr.exe" /R =========


Info: Die Leistungsindikatoreinstellungen wurden erfolgreich aus dem Systemsicherungsspeicher neu erstellt.


========= Ende von CMD: =========


========= dism /online /cleanup-image /restorehealth =========


Tool zur Imageverwaltung fr die Bereitstellung
Version: 10.0.26100.1150

Abbildversion: 10.0.26100.4061


[==                         3.8%                           ] 

[==                         4.8%                           ] 

[===                        5.7%                           ] 

[===                        6.7%                           ] 

[====                       7.7%                           ] 

[=====                      8.7%                           ] 

[=====                      9.7%                           ] 

[======                     10.6%                          ] 

[======                     11.6%                          ] 

[=======                    12.6%                          ] 

[=======                    13.6%                          ] 

[========                   14.6%                          ] 

[========                   15.4%                          ] 

[=========                  16.2%                          ] 

[=========                  17.2%                          ] 

[==========                 18.2%                          ] 

[===========                19.2%                          ] 

[===========                20.2%                          ] 

[============               21.1%                          ] 

[============               22.1%                          ] 

[=============              23.1%                          ] 

[=============              23.1%                          ] 

[=============              23.5%                          ] 

[==============             24.5%                          ] 

[==============             25.4%                          ] 

[===============            26.3%                          ] 

[===============            27.3%                          ] 

[================           28.3%                          ] 

[================           29.3%                          ] 

[=================          30.3%                          ] 

[==================         31.2%                          ] 

[==================         32.0%                          ] 

[==================         32.6%                          ] 

[===================        33.6%                          ] 

[====================       34.6%                          ] 

[====================       34.9%                          ] 

[====================       35.0%                          ] 

[====================       35.8%                          ] 

[=====================      36.8%                          ] 

[=====================      37.7%                          ] 

[======================     38.6%                          ] 

[======================     39.2%                          ] 

[=======================    40.2%                          ] 

[=======================    41.1%                          ] 

[========================   42.1%                          ] 

[========================   43.1%                          ] 

[=========================  44.1%                          ] 

[========================== 45.1%                          ] 

[========================== 46.0%                          ] 

[===========================47.0%                          ] 

[===========================48.0%                          ] 

[===========================49.0%                          ] 

[===========================50.0%                          ] 

[===========================50.9%                          ] 

[===========================51.9%                          ] 

[===========================52.0%                          ] 

[===========================52.1%                          ] 

[===========================52.2%                          ] 

[===========================52.5%                          ] 

[===========================52.7%                          ] 

[===========================52.8%                          ] 

[===========================52.9%                          ] 

[===========================53.0%                          ] 

[===========================53.1%                          ] 

[===========================53.2%                          ] 

[===========================53.3%                          ] 

[===========================53.4%                          ] 

[===========================53.4%                          ] 

[===========================53.5%                          ] 

[===========================53.6%                          ] 

[===========================53.7%                          ] 

[===========================53.7%                          ] 

[===========================53.8%                          ] 

[===========================53.8%                          ] 

[===========================53.9%                          ] 

[===========================54.0%                          ] 

[===========================54.0%                          ] 

[===========================54.1%                          ] 

[===========================54.2%                          ] 

[===========================54.3%                          ] 

[===========================54.5%                          ] 

[===========================54.6%                          ] 

[===========================54.8%                          ] 

[===========================54.9%                          ] 

[===========================55.0%                          ] 

[===========================55.3%                          ] 

[===========================55.3%                          ] 

[===========================55.4%                          ] 

[===========================56.0%                          ] 

[===========================57.0%=                         ] 

[===========================58.0%=                         ] 

[===========================58.9%==                        ] 

[===========================59.0%==                        ] 

[===========================59.1%==                        ] 

[===========================60.1%==                        ] 

[===========================62.3%====                      ] 

[===========================77.4%============              ] 

[===========================84.9%=================         ] 

[===========================86.7%==================        ] 

[===========================88.7%===================       ] 

[===========================90.5%====================      ] 

[===========================92.5%=====================     ] 

[==========================100.0%==========================] 
Der Wiederherstellungsvorgang wurde erfolgreich abgeschlossen.
Der Vorgang wurde erfolgreich beendet.


========= Ende von CMD: =========


========= sfc /scannow =========


Systemsuche wird gestartet. Dieser Vorgang kann einige Zeit dauern.

Überprüfungsphase der Systemsuche wird gestartet.

Überprüfung 0 % abgeschlossen.
Überprüfung 0 % abgeschlossen.
Überprüfung 1 % abgeschlossen.
Überprüfung 1 % abgeschlossen.
Überprüfung 2 % abgeschlossen.
Überprüfung 2 % abgeschlossen.
Überprüfung 3 % abgeschlossen.
Überprüfung 3 % abgeschlossen.
Überprüfung 4 % abgeschlossen.
Überprüfung 4 % abgeschlossen.
Überprüfung 5 % abgeschlossen.
Überprüfung 5 % abgeschlossen.
Überprüfung 6 % abgeschlossen.
Überprüfung 6 % abgeschlossen.
Überprüfung 7 % abgeschlossen.
Überprüfung 7 % abgeschlossen.
Überprüfung 8 % abgeschlossen.
Überprüfung 8 % abgeschlossen.
Überprüfung 9 % abgeschlossen.
Überprüfung 9 % abgeschlossen.
Überprüfung 10 % abgeschlossen.
Überprüfung 10 % abgeschlossen.
Überprüfung 11 % abgeschlossen.
Überprüfung 11 % abgeschlossen.
Überprüfung 12 % abgeschlossen.
Überprüfung 12 % abgeschlossen.
Überprüfung 13 % abgeschlossen.
Überprüfung 13 % abgeschlossen.
Überprüfung 14 % abgeschlossen.
Überprüfung 14 % abgeschlossen.
Überprüfung 15 % abgeschlossen.
Überprüfung 15 % abgeschlossen.
Überprüfung 16 % abgeschlossen.
Überprüfung 16 % abgeschlossen.
Überprüfung 17 % abgeschlossen.
Überprüfung 17 % abgeschlossen.
Überprüfung 18 % abgeschlossen.
Überprüfung 18 % abgeschlossen.
Überprüfung 19 % abgeschlossen.
Überprüfung 19 % abgeschlossen.
Überprüfung 20 % abgeschlossen.
Überprüfung 20 % abgeschlossen.
Überprüfung 21 % abgeschlossen.
Überprüfung 21 % abgeschlossen.
Überprüfung 22 % abgeschlossen.
Überprüfung 22 % abgeschlossen.
Überprüfung 23 % abgeschlossen.
Überprüfung 23 % abgeschlossen.
Überprüfung 24 % abgeschlossen.
Überprüfung 24 % abgeschlossen.
Überprüfung 25 % abgeschlossen.
Überprüfung 25 % abgeschlossen.
Überprüfung 26 % abgeschlossen.
Überprüfung 26 % abgeschlossen.
Überprüfung 27 % abgeschlossen.
Überprüfung 27 % abgeschlossen.
Überprüfung 28 % abgeschlossen.
Überprüfung 28 % abgeschlossen.
Überprüfung 29 % abgeschlossen.
Überprüfung 29 % abgeschlossen.
Überprüfung 30 % abgeschlossen.
Überprüfung 30 % abgeschlossen.
Überprüfung 31 % abgeschlossen.
Überprüfung 31 % abgeschlossen.
Überprüfung 32 % abgeschlossen.
Überprüfung 32 % abgeschlossen.
Überprüfung 33 % abgeschlossen.
Überprüfung 33 % abgeschlossen.
Überprüfung 34 % abgeschlossen.
Überprüfung 34 % abgeschlossen.
Überprüfung 35 % abgeschlossen.
Überprüfung 35 % abgeschlossen.
Überprüfung 36 % abgeschlossen.
Überprüfung 36 % abgeschlossen.
Überprüfung 37 % abgeschlossen.
Überprüfung 37 % abgeschlossen.
Überprüfung 38 % abgeschlossen.
Überprüfung 38 % abgeschlossen.
Überprüfung 38 % abgeschlossen.
Überprüfung 39 % abgeschlossen.
Überprüfung 39 % abgeschlossen.
Überprüfung 40 % abgeschlossen.
Überprüfung 40 % abgeschlossen.
Überprüfung 41 % abgeschlossen.
Überprüfung 41 % abgeschlossen.
Überprüfung 42 % abgeschlossen.
Überprüfung 42 % abgeschlossen.
Überprüfung 43 % abgeschlossen.
Überprüfung 43 % abgeschlossen.
Überprüfung 44 % abgeschlossen.
Überprüfung 44 % abgeschlossen.
Überprüfung 45 % abgeschlossen.
Überprüfung 45 % abgeschlossen.
Überprüfung 46 % abgeschlossen.
Überprüfung 46 % abgeschlossen.
Überprüfung 47 % abgeschlossen.
Überprüfung 47 % abgeschlossen.
Überprüfung 48 % abgeschlossen.
Überprüfung 48 % abgeschlossen.
Überprüfung 49 % abgeschlossen.
Überprüfung 49 % abgeschlossen.
Überprüfung 50 % abgeschlossen.
Überprüfung 50 % abgeschlossen.
Überprüfung 51 % abgeschlossen.
Überprüfung 51 % abgeschlossen.
Überprüfung 52 % abgeschlossen.
Überprüfung 52 % abgeschlossen.
Überprüfung 53 % abgeschlossen.
Überprüfung 53 % abgeschlossen.
Überprüfung 54 % abgeschlossen.
Überprüfung 54 % abgeschlossen.
Überprüfung 55 % abgeschlossen.
Überprüfung 55 % abgeschlossen.
Überprüfung 56 % abgeschlossen.
Überprüfung 56 % abgeschlossen.
Überprüfung 57 % abgeschlossen.
Überprüfung 57 % abgeschlossen.
Überprüfung 58 % abgeschlossen.
Überprüfung 58 % abgeschlossen.
Überprüfung 59 % abgeschlossen.
Überprüfung 59 % abgeschlossen.
Überprüfung 60 % abgeschlossen.
Überprüfung 60 % abgeschlossen.
Überprüfung 61 % abgeschlossen.
Überprüfung 61 % abgeschlossen.
Überprüfung 62 % abgeschlossen.
Überprüfung 62 % abgeschlossen.
Überprüfung 63 % abgeschlossen.
Überprüfung 63 % abgeschlossen.
Überprüfung 64 % abgeschlossen.
Überprüfung 64 % abgeschlossen.
Überprüfung 65 % abgeschlossen.
Überprüfung 65 % abgeschlossen.
Überprüfung 66 % abgeschlossen.
Überprüfung 66 % abgeschlossen.
Überprüfung 67 % abgeschlossen.
Überprüfung 67 % abgeschlossen.
Überprüfung 68 % abgeschlossen.
Überprüfung 68 % abgeschlossen.
Überprüfung 69 % abgeschlossen.
Überprüfung 69 % abgeschlossen.
Überprüfung 70 % abgeschlossen.
Überprüfung 70 % abgeschlossen.
Überprüfung 71 % abgeschlossen.
Überprüfung 71 % abgeschlossen.
Überprüfung 72 % abgeschlossen.
Überprüfung 72 % abgeschlossen.
Überprüfung 73 % abgeschlossen.
Überprüfung 73 % abgeschlossen.
Überprüfung 74 % abgeschlossen.
Überprüfung 74 % abgeschlossen.
Überprüfung 75 % abgeschlossen.
Überprüfung 75 % abgeschlossen.
Überprüfung 76 % abgeschlossen.
Überprüfung 76 % abgeschlossen.
Überprüfung 77 % abgeschlossen.
Überprüfung 77 % abgeschlossen.
Überprüfung 77 % abgeschlossen.
Überprüfung 78 % abgeschlossen.
Überprüfung 78 % abgeschlossen.
Überprüfung 79 % abgeschlossen.
Überprüfung 79 % abgeschlossen.
Überprüfung 80 % abgeschlossen.
Überprüfung 80 % abgeschlossen.
Überprüfung 81 % abgeschlossen.
Überprüfung 81 % abgeschlossen.
Überprüfung 82 % abgeschlossen.
Überprüfung 82 % abgeschlossen.
Überprüfung 83 % abgeschlossen.
Überprüfung 83 % abgeschlossen.
Überprüfung 84 % abgeschlossen.
Überprüfung 84 % abgeschlossen.
Überprüfung 85 % abgeschlossen.
Überprüfung 85 % abgeschlossen.
Überprüfung 86 % abgeschlossen.
Überprüfung 86 % abgeschlossen.
Überprüfung 87 % abgeschlossen.
Überprüfung 87 % abgeschlossen.
Überprüfung 88 % abgeschlossen.
Überprüfung 88 % abgeschlossen.
Überprüfung 89 % abgeschlossen.
Überprüfung 89 % abgeschlossen.
Überprüfung 90 % abgeschlossen.
Überprüfung 90 % abgeschlossen.
Überprüfung 91 % abgeschlossen.
Überprüfung 91 % abgeschlossen.
Überprüfung 92 % abgeschlossen.
Überprüfung 92 % abgeschlossen.
Überprüfung 93 % abgeschlossen.
Überprüfung 93 % abgeschlossen.
Überprüfung 94 % abgeschlossen.
Überprüfung 94 % abgeschlossen.
Überprüfung 95 % abgeschlossen.
Überprüfung 95 % abgeschlossen.
Überprüfung 96 % abgeschlossen.
Überprüfung 96 % abgeschlossen.
Überprüfung 97 % abgeschlossen.
Überprüfung 97 % abgeschlossen.
Überprüfung 98 % abgeschlossen.
Überprüfung 98 % abgeschlossen.
Überprüfung 99 % abgeschlossen.
Überprüfung 99 % abgeschlossen.
Überprüfung 100 % abgeschlossen.

Der Windows-Ressourcenschutz hat keine Integritätsverletzungen gefunden.


========= Ende von CMD: =========

C:\Windows\System32\Drivers\etc\hosts => erfolgreich verschoben
Hosts erfolgreich wiederhergestellt.

========= RemoveProxy: =========

"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => erfolgreich entfernt
"HKU\S-1-5-21-76596380-2333717119-1847427047-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => erfolgreich entfernt
"HKU\S-1-5-21-76596380-2333717119-1847427047-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => erfolgreich entfernt


========= Ende von RemoveProxy: =========


=========== EmptyTemp: ==========

FlushDNS => abgeschlossen
BITS transfer queue => 1572864 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 17011370 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 0 B
Windows/system/drivers => 28563487 B
Edge => 0 B
Firefox => 1130793515 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 9328 B
emqi- => 458081513 B

RecycleBin => 321713 B
EmptyTemp: => 1.5 GB temporäre Dateien entfernt.

================================


Das System musste neu gestartet werden.

==== Ende von Fixlog 18:48:55 ====

M-K-D-B · 27.05.2025, 18:48

Ok, gut gemacht.

Wir lassen noch ein Tool laufen.

Bitte downloade dir DoesNotBelong (DNB) auf deinen Desktop.

Bitte speichere alle Arbeiten und schließe alle offenen Programme, da dieses Tool alle nicht-notwendigen Prozesse während der Bereinigung beendet.
Rechtsklicke auf DNB und wähle Als Administrator ausführen.
Klicke auf Ja, um fortzufahren.
Bitte gedulde dich, während das Tool läuft.
Am Ende wird auf dem Desktop eine Datei mit dem Namen DoesNotBelong_[DatumUhrzeit].txt abgespeichert.
Poste mir den Inhalt dieser Datei mit deiner nächsten Antwort.

Falls der Smartscreenfilter DoesNotBelong blockieren sollte, kannst du den hier deaktivieren:
Start > Einstellungen > Datenschutz und Sicherheit > Windows-Sicherheit > App- und Browsersteuerung > Zuverlässigkeitsbasierter Schutz

25.05.2025, 18:44	#21
M-K-D-B /// TB-Ausbilder	Win 11 Auf Facebook Warnmeldung hereingefallen, PC läuft langsamer , MS Defender wird blockiert Ja, hau weg das Teil. Danach den Rechner neu starten.

26.05.2025, 14:11	#23
M-K-D-B /// TB-Ausbilder	Win 11 Auf Facebook Warnmeldung hereingefallen, PC läuft langsamer , MS Defender wird blockiert Servus, poste bitte aktuelle Logs von FRST.

Win 11 Auf Facebook Warnmeldung hereingefallen, PC läuft langsamer , MS Defender wird blockiert

Log-Analyse und Auswertung: Win 11 Auf Facebook Warnmeldung hereingefallen, PC läuft langsamer , MS Defender wird blockiert