As I am working now with windows registries .. I always find the following patterns .. a registry which contains two brackets {} with numbers and letters in between, you can see some examples below:
HKEY_CLASSES_ROOT\Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9}
HKEY_CLASSES_ROOT\CLSID\{00BB2763-6A77-11D0-A535-00C04FD7D062}\InProcServer32
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{64dcb6fa-03c9-11e6-9e9f-806d6172696f}\
Can anyone help me in understanding what does these refer to ? are they generated randomly?
I also tried to parse each registry key and remove whatever between the brackets {} .. as a start, I know this can be done with regular expression but I am really not familiar with them .. any guidance appreciated.
As you tagged the question with Python (tested with 2.7):
import re
string = """
HKEY_CLASSES_ROOT\Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9}
HKEY_CLASSES_ROOT\CLSID\{00BB2763-6A77-11D0-A535-00C04FD7D062}\InProcServer32
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{64dcb6fa-03c9-11e6-9e9f-806d6172696f}
"""
rx = r'\{[^}]+\}\\?'
string = re.sub(rx, '', string)
print string
The snippet gives you all keys without curly braces. Thanks to @Liam for pointing out an error before.
Hint: I am a Mac User, however, I'm pretty sure the braces are somewhat needed, aren't they?