From dac3c80764bfb04e69fb124ac50bd3dfa4bb65a9 Mon Sep 17 00:00:00 2001
From: svch0stz <8684257+svch0stz@users.noreply.github.com>
Date: Tue, 17 Oct 2023 11:53:13 +1100
Subject: [PATCH 1/2] Adding MSIX/APPX Registry Targets

---
 Targets/Windows/RegistryHivesMSIXApps.tkape | 25 +++++++++++++++++++++
 1 file changed, 25 insertions(+)
 create mode 100644 Targets/Windows/RegistryHivesMSIXApps.tkape

diff --git a/Targets/Windows/RegistryHivesMSIXApps.tkape b/Targets/Windows/RegistryHivesMSIXApps.tkape
new file mode 100644
index 000000000..22b832933
--- /dev/null
+++ b/Targets/Windows/RegistryHivesMSIXApps.tkape
@@ -0,0 +1,25 @@
+Description: MSIX/APPX App Hives
+Author: Zach Stanford / Mari DeGrazia
+Version: 1.0
+Id: 932a7d2b-3cb7-4e35-ab89-60dfa1e55c8e
+RecreateDirectories: true
+Targets:
+    -
+        Name: Registry.dat MSIX Hive
+        Category: Registry
+        Path: C:\Users\%user%\AppData\Local\Packages\*\SystemAppData\Helium\
+        FileMask: Registry.dat*
+    -
+        Name: User.dat MSIX Hive
+        Category: Registry
+        Path: C:\Users\%user%\AppData\Local\Packages\*\SystemAppData\Helium\
+        FileMask: User.dat*
+    -
+        Name: UserClasses.dat MSIX Hive
+        Category: Registry
+        Path: C:\Users\%user%\AppData\Local\Packages\*\SystemAppData\Helium\
+        FileMask: UserClasses.dat*
+  
+# Documentation
+# https://www.zerofox.com/blog/the-registry-hives-you-may-be-msix-ing-registry-redirection-with-ms-msix/
+# https://github.com/ydkhatri/Appx-Analysis/blob/master/winapps_appx_mus_2019.pdf

From f746f233462df7166159124b69c9f8fba2392c57 Mon Sep 17 00:00:00 2001
From: Andrew Rathbun <36825567+AndrewRathbun@users.noreply.github.com>
Date: Mon, 16 Oct 2023 21:22:48 -0400
Subject: [PATCH 2/2] Update RegistryHivesMSIXApps.tkape

remove whitespace on line 22
---
 Targets/Windows/RegistryHivesMSIXApps.tkape | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Targets/Windows/RegistryHivesMSIXApps.tkape b/Targets/Windows/RegistryHivesMSIXApps.tkape
index 22b832933..071f67ccc 100644
--- a/Targets/Windows/RegistryHivesMSIXApps.tkape
+++ b/Targets/Windows/RegistryHivesMSIXApps.tkape
@@ -19,7 +19,7 @@ Targets:
         Category: Registry
         Path: C:\Users\%user%\AppData\Local\Packages\*\SystemAppData\Helium\
         FileMask: UserClasses.dat*
-  
+
 # Documentation
 # https://www.zerofox.com/blog/the-registry-hives-you-may-be-msix-ing-registry-redirection-with-ms-msix/
 # https://github.com/ydkhatri/Appx-Analysis/blob/master/winapps_appx_mus_2019.pdf