Add(MainForm,4431776,21,105)
{
 Left=20
 Top=105
 link(onCreate,8663976:doRead,[(69,125)(69,76)])
}
Add(Registry,13184027,273,70)
{
 HKey=1
 Key="Software\Microsoft\Windows\CurrentVersion\Explorer\CabinetState"
 Value="FullPath"
 DataType=0
 Data="1"
}
Add(Hub,3415724,196,84)
{
 link(onEvent1,13184027:doWrite,[(250,90)(250,83)])
 link(onEvent2,15557039:doFindName,[(254,97)(254,218)])
}
Add(Memory,8935412,281,142)
{
 Default=String(explorer.exe)
}
Add(EnumProcess,15557039,281,191)
{
 Point(doFindName)
 Point(onFind)
 Point(doGetProcessAccount)
 Point(Name)
 Point(onGetProc)
 Point(doGetProc)
 Point(doGetProcBoost)
 Point(onGetProcBoost)
 link(onFind,15156200:doEvent1,[(325,204)(325,202)])
 link(Name,8935412:Value,[(294,183)(287,183)])
}
Add(WinExec,10737314,399,203)
{
 FileName="explorer.exe"
}
Add(Hub,15156200,336,196)
{
 link(onEvent1,15557039:doKill,[(380,202)(380,206)(269,206)(269,211)])
 link(onEvent2,10737314:doExec,[])
}
Add(Registry,8663976,84,70)
{
 HKey=1
 Key="Software\Microsoft\Windows\CurrentVersion\Explorer\CabinetState"
 Value="FullPath"
 DataType=0
 link(onRead,2584408:doCompare,[])
}
Add(If_else,2584408,133,70)
{
 Op2=Integer(0)
 link(onTrue,3415724:doEvent1,[(181,76)(181,90)])
}