[r2nwcnydc]

A colleague came across this registry path (\Registry\A\..) today, which is something I haven't noticed before. I found a small bit of information about it, but not much. I thought it looked interesting so I figured I'd share. If anyone has more information please let me know.

http://stackoverflow.com/questions/4611 ... registry-a

[EP_X0FF]

The driver which is responsible for this hive is discache.sys Hive itself on disk located in "System Volume Information\Syscache.hve" file.
Root key created by function ScpInitializeCache->DisCreateObjectAttributeStore->DispBuildRootKeyName, which also allocates special security descriptor (DispCreateDefaultSecurityDescriptor).
According to handles they all used by driver itself (search for \A\ with ProcExp).

Some sort of special database for file caching purposes.

[Vrtule]

I ran accross this strange hive some time ago during writting driver for direct registry hive scanning. Its contents looked like as a kind of cache. I only noticed that the hive is mounted (or created) when I started regedit.exe.

Thanks for the information.