What is CompanyLogoDesignerE_Trial.exe?
CompanyLogoDesignerE_Trial.exe is part of Company Logo Designer and developed by ITSTH according to the CompanyLogoDesignerE_Trial.exe version information.
CompanyLogoDesignerE_Trial.exe's description is "Company Logo Designer Setup "
CompanyLogoDesignerE_Trial.exe is digitally signed by Holz Thomas.
CompanyLogoDesignerE_Trial.exe is usually located in the 'c:\downloads\' folder.
None of the anti-virus scanners at VirusTotal reports anything malicious about CompanyLogoDesignerE_Trial.exe.
If you have additional information about the file, please share it with the FreeFixer users by posting a comment at the bottom of this page.
Vendor and version information [?]
The following is the available information on CompanyLogoDesignerE_Trial.exe:
| Property | Value |
|---|---|
| Product name | Company Logo Designer |
| Company name | ITSTH |
| File description | Company Logo Designer Setup |
| Comments | This installation was built with Inno Setup. |
| Legal copyright | |
| Product version | |
| File version |
Here's a screenshot of the file properties when displayed by Windows Explorer:
| Product name | Company Logo Designer .. |
| Company name | ITSTH .. |
| File description | Company Logo Designer Setup .. |
| Comments | This installation was built with Inn.. |
| Legal copyright | .. |
| Product version | |
| File version |
Digital signatures [?]
CompanyLogoDesignerE_Trial.exe has a valid digital signature.
| Property | Value |
|---|---|
| Signer name | Holz Thomas |
| Certificate issuer name | UTN-USERFirst-Object |
| Certificate serial number | 72c4d01fd010f7a99909f95763393496 |
VirusTotal report
None of the 66 anti-virus programs at VirusTotal detected the CompanyLogoDesignerE_Trial.exe file.
Sandbox Report
The following information was gathered by executing the file inside Cuckoo Sandbox.
Summary
Successfully executed process in sandbox.
Summary
{
"file_opened": [
"",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\1E6CC88205509B4729347C79C048D6FEE47BA702",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4A7B3B12544D1B7ECC140DBCC7F13159E5C2811A",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\116C29D749EF02BBC3455756D834442785F9A388",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Slim.CompanyLogo",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\desktop.ini",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\406A03EE0E91037465ACB2B4F4105250A54F282B",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\C7BCCD2D2CA294B38AE834D818CF5D5C0C7A65BE",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\1657114595AmcateirvtiSty.sqlite",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\F17F04878A68505AE5481A71D8B733C5FFC6F285",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\5DE23E815D1A97B1F4BEA115D8FEE9A592A6F071",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\80C4BD9CF4D3178043F25467076DC8E0EDCA7FA2",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\25BA5C2B3FD98507850409FC3A4FD981B4B57A95",
"C:\\Windows\\System32\\displayswitch.exe",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\0C2824F70ADF87E5071FE4771AF36357A5500643",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-9GL0H.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\mozplugin-block-digest256.pset",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\sessionCheckpoints.json",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\53DAE4B1D7BFF6744CCAF7207DE631267F9883DC",
"C:\\Users\\Public\\Pictures",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\12C5797F729FEAC529B8B47C188D14EB02D8CB76",
"C:\\Program Files (x86)\\windows media player\\wmplayer.exe",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-phish-proto.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\B7DB036074231ACC212F58CA5B8AF0545A418060",
"C:\\Windows\\System32\\en-US\\wfsr.dll.mui",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-downloadwhite-proto.metadata",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\A698B6CF98F43F9B0EE1C1DAF3F2CB9BFF09A47C",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Media Player.lnk",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\XPS Viewer.lnk",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\464DAA9FB3675E2054BC44273AFC184FA46471CB",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-NN1B9.tmp",
"C:\\Windows\\Globalization\\Sorting\\sortdefault.nls",
"C:\\Program Files (x86)\\CompanyLogoDesigner",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\7B303216787123E2E98A2B9594CDF8211C77C0EA",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-harmful-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\A2FD2AEC52AD764EF05C6E7CE3A4CE4B752EA5F0",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\14C9FC10F03F11BB6CBD75EA217AB33E64DCC1D8",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-16P9J.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\7129FF815464CD6B0D2D26BA6F4172DEB37EEEAD",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\addons.json",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\SiteSecurityServiceState.txt",
"C:\\Windows\\System32\\imageres.dll",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\9548F9611999ED8CA357720E12017816424CFB6F",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\B871BCA40A90227E35C39797525C79C94A1D99BE",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-downloadwhite-proto.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\except-flashsubdoc-digest256.pset",
"C:\\Windows\\Fonts\\segoeuii.ttf",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-utility-l1-1-0.dll",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\5910B209536948818F465D83D2569E7CE0895207",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\content-prefs.sqlite",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\89ACBB962943FAF1EF2F1C7CA72502C77A714625",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-phish-proto.metadata",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\CutInRect.CompanyLogo",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\is-NG65S.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Raster.CompanyLogo",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\is-R4L7R.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_1024.db",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Deception.CompanyLogo",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\89DBE1DF558BB8439E2062ECC3272086F2E3FF1F",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-U84VV.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4945586D32183A203E85FAFFD463A7684FD62668",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-malware-proto.metadata",
"C:\\Windows\\System32\\DeviceCenter.dll",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-JFQKN.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\6052DF2D478CD99FDE4D4B2D810BB2BA580793EC",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D6BFEAEE7117A9C7FDE6A10EAB400F894E4195A8",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\2FD2E2A71F89E3A92F68CB796207228217259289",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Python 2.7",
"C:\\Windows\\Fonts\\staticcache.dat",
"\\??\\C:",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-math-l1-1-0.dll",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-TEL73.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_sr.db",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\BF13DDDC114B55CF8532A4CD90403A99233AEC0E",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4E7F371E5CFBFD3AFD85C29D7EEFFFE842B3C777",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\A41FBA22DC5012AD425DF960BDD5033BAB7C7CB6",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-VJOP5.tmp",
"C:\\Windows\\System32\\calc.exe",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-GV6JJ.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\EFE71EF03AD3DD79AAEBAA0A3F9596521CBA2FFE",
"C:\\Users\\cuck\\AppData",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\allow-flashallow-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\scriptCache-current.bin",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-8V3S9.tmp",
"C:\\Windows\\resources\\Themes\\Aero\\Shell\\NormalColor\\ShellStyle.dll",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\handlers.json",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\B028362E3889BEAC998CED49FD74BA83B106FF93",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\698AC159A6BCBA0D13FE6F10F1A38E498F826F33",
"C:\\Program Files (x86)\\Mozilla Firefox\\defaults\\pref\\channel-prefs.js",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\46E3AF25E304979396708B69DA68563169275511",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-KHB0Q.tmp",
"C:\\Program Files (x86)\\Mozilla Firefox\\xul.dll",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Remote Desktop Connection.lnk",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\onboarding@mozilla.org.xpi",
"C:\\Program Files (x86)\\Mozilla Firefox\\gmp-clearkey\\0.1\\manifest.json",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\17AFA6B228D2D87514B84B53E61306EC9F76A8AE",
"C:\\Windows\\System32\\SnippingTool.exe",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\179F6D8969C48967D77229126C8892C5E40DBC29",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Rays.CompanyLogo",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-746GF.tmp",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Games\\desktop.ini",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000004.db",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Music.library-ms",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D5E6BECED2D69F7DA21EFD7B80D6C386F459CAF3",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default",
"C:\\Program Files (x86)\\Mozilla Firefox\\firefox.exe",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\53A3BB8B513161BF46CD7ED76BE06E8E633BE492",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cookies.sqlite",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Extras\\is-LQBRF.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\92B5C9352DD00CE3BC97E4D5F624D41C2B3E8A45",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-phish-simple.sbstore",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Company Logo Designer",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-2A0AD.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-harmful-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\2B0BB856207559EBA5FC5511DF6FF5F51DFB5146",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\E771454BB360CA5F7AA169E5416B493549BC2F59",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4FA5EE242D6F5B358CE45D291E80054726F198AC",
"C:\\Windows\\System32\\cmd.exe",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\addonStartup.json.lz4",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\EE34617993BEF52E93EC1819B22D42B99366214A",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\AC09BBF6FF451E6C03BF3FB18C85B1A52662C4FC",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\F18D85F52EBBBA2AB081EF739ED0D6E8A76D497C",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\blocklist.xml",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\96ABC2EA8266E6EA2ABE62F8766B67BC8CA527BD",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\AlternateServices.txt",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-multibyte-l1-1-0.dll",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-badbinurl-proto.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D1B90B03F8D7A2BA6BA1E9251F8101DECDB2CBEC",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Command Prompt.lnk",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\AFE5FBBD40656A0DF79CF1E5D0A1DF072C6B9AE9",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Vertical.CompanyLogo",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\base-track-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\08F6935A08DB711CA491DE732807CFAEAB3E4D3B",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-SA73C.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\64E75C732D9C3F23724ACEF48E9B6C566BC6D9BE",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-LD5H3.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Stilvoll.CompanyLogo",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Internet Explorer.lnk",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\followonsearch@mozilla.com.xpi",
"C:\\Windows\\System32\\wshqos.dll",
"C:\\",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Explorer.lnk",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\22C4B7AADA22F61015D43F2AC3959E959BFA7C92",
"C:\\Program Files (x86)\\Mozilla Firefox\\fonts\\EmojiOneMozilla.ttf",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\B25B8C1B43CF7FBFAE6666322FAC0E83376388E2",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\24AB539CB6640E15DB1604220F3951544785212C",
"C:\\Program Files (x86)\\Mozilla Firefox\\lgpllibs.dll",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D88DC229735F2EE8DFE494C6D1F37FA7BB2227CE",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\BA91797ACB41F0E0E1E95742571EEE322A6A70F0",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\webext.sc.lz4",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Company Logo Designer\\Company Logo Designer.lnk",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\is-O4ICM.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-5675S.tmp",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Windows Fax and Scan.lnk",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\773ADD9F62EEAF7F2246C8AD56A9F1B7BAA7B703",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\2E3648501A7ACB740BAFCE7FC3EAF3D4DC4E995D",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\9BA38CD17924C08AD334BFB3903E3E7CD5627B1B",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\2DDBF58F5F7BF1E52CD38B42B90ABC8A4B082461",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-block-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\mozplugin-block-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\E7EAFD1748127CEAA48DCDD05E7998E3CAA95B8C",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\C4FA0268E64A0AD9E2040B07A1F10F120BD4EB0C",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-MT7ED.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\EAF97F7535E2FBDA3D23E536591F7BBFE203FAC1",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\shield-preference-experiments.json",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Sektor.CompanyLogo",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D5D7B247774E63182A9E2C82B62424AAB64C79A8",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\745D8B14DE6A12F1FAB4E03C1DDDB18AADB91107",
"C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\6E1FED29EBE0BFDE3E498E4192938BE957FF9246",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\1E1444ABF82EF1DC8EE0944028E4CDA455D636F3",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\xulstore.json",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\A9004750076EB06EEC33AA7B9CC6D2557CD44CF4",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-malware-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\0CB83587A5F8FCB502CB86AC361A93E2B36E861C",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-phish-simple.sbstore",
"C:\\Windows\\System32\\WFS.exe",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\2F8B15C93D75669CC70EBF85BF71871359837EAF",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-unwanted-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\1679441B8AA7B4D31717C773CC4E86A25B37532B",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\C9BC79B1EF4DD1EF133FEDF6433E235214534AB1",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\search.json.mozlz4",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\54EF37D18C4E81EE554527CBAE4A41871ECA817A",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-O233C.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\19AE0F43DA3528C6C3423A49A8C88E2268C93A9F",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\is-EF23G.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\A9970A5D52CA09C13D9BD1531BCA7CF8B73E283E",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\desktop.ini",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-0P8NQ.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\719CE0C009C49A27AA9874570F196BC7E8FB4270",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\except-flashsubdoc-digest256.sbstore",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Extras\\is-GDUIF.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Extras\\is-7NA2T.tmp",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\Desktop.ini",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\block-flash-digest256.sbstore",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-3SDIU.tmp",
"C:\\Program Files (x86)",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-DSNRI.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\6301F538B782708AB243E2D7E05058C93BB83863",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\DF08D94982E136FE7C4F2C94421F9E48C2C74A77",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-harmful-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_idx.db",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\C664ABAE6A070392F60C7BFF721450AA0CF7DBA0",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Sail.CompanyLogo",
"C:\\Users\\Public\\Desktop",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\B10EA6E071F884F477118DC8A00E82FC8DE58639",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\key4.db",
"C:\\Program Files (x86)\\Mozilla Firefox\\omni.ja",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-NQGA9.tmp",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cert9.db",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Extras\\is-CAFMC.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-badbinurl-proto.metadata",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Welcome Center.lnk",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\E8F333B9BE75EC8017017DAE4ACE9DCC6677A983",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\B597DA2E9B2D181DF7F2FB8D2BAEC133C8DBA0A3",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Caches\\cversions.1.db",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-block-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache",
"C:\\Users\\Public\\Desktop\\desktop.ini",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\05582FF5C196A4485F189490FEC9ECEA0890DA32",
"C:\\Windows\\SysWOW64\\en-US\\KERNELBASE.dll.mui",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-AHG54.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\589D8E1EA927649272150213A47BD1143DECB82A",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\ED89A8241905354BB4530DC06257CEF53C1580A2",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-A8MRF.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-D352V.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-phish-simple.pset",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-QGVV7.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\BFF1B70350A6A2E0FDC6CD336ADB9119D951BACD",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Calculator.lnk",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-string-l1-1-0.dll",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-trackwhite-simple.pset",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Puzzle.CompanyLogo",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\is-HEP33.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\66F684AF9CC570C6247262B47C769C601C2A338B",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\63FFF734326AB3EF836515DFE9353A5E12B66B71",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\1FD79E550E990A5DE8BC811C9BBECF380A66A9DF",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\containers.json",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_256.db",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\prefs.js",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\ComplexSystem.CompanyLogo",
"C:\\Windows\\System32\\xpsrchvw.exe",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D1A8E6A06938A84BEC26B6A4F8D583FB4A3E4875",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\archived",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\1D7A050D55E3C4EE69402F8D55391DE5B50ADDB9",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\pkcs11.txt",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\6C9B846926C287B15F67D64CE91F1CFA7D812660",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\except-flashallow-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\C57B57965CBA09581E320B5AA0337D210F8F93D2",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-phish-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing",
"C:\\Windows\\System32\\en-US\\calc.exe.mui",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-harmful-simple.pset",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\CompanyLogoDesigner.exe",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Tablet PC",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\32D3D40B1A49D72C523AF9C518AFE673224DF48F",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Extras\\is-7NRNE.tmp",
"C:\\Windows\\System32\\en-US\\DeviceCenter.dll.mui",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\times.json",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\E2E836DA4479746F0312710A7F9EE78D7DFD4750",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\profiles.ini",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-UIQ6T.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\2E51A9404F7D0D33DB132CAF4A9C7B8FA64549AA",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-unwanted-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4966EE335F8967FC706E89E6D02E8524E946F1B9",
"C:\\Users\\Public",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\2361C75DF0C4148925BB777DAFEA1BF4F9552B47",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\favicons.sqlite-wal",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\3A472858AE5D0DD4813DF4EFC9F1037A487B1A64",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-block-simple.sbstore",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-locale-l1-1-0.dll",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\CA53C817FAB68ABF181745737562B15E8CCB7039",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\C03DE41C9476F437402F1B6C64B0E4AB01A863E0",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4E83181E964BD40E1FE4C41BAFED645D4BA363B1",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\361B548BA913570AB336F9E5FA9152F01E567AB9",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\25D9FE4CEA5B58770648CDAF3242ACDE286A6CBF",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\extensions\\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi",
"C:\\Users\\cuck\\Pictures\\desktop.ini",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-track-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4AFCE23AA61A96885DF21D2DE2FFB502C41EBD3C",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\3561288849sdhlie.sqlite",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Rotated Comic.CompanyLogo",
"C:\\Program Files (x86)\\Mozilla Firefox\\nss3.dll",
"C:\\Users\\cuck",
"C:\\Windows\\Fonts\\times.ttf",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-malware-simple.sbstore",
"C:\\Windows\\System32\\mstsc.exe",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\mozstd-trackwhite-digest256.pset",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-KAMBP.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-A2QPS.tmp",
"C:\\ProgramData",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\9843E084E02CC996A82AAAF091B968B2F443AA96",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\base-track-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\webappsstore.sqlite-wal",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\F456E8433011E699C016D5F1A2CD66D7F02F61A1",
"C:\\Users\\Public\\Documents\\desktop.ini",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\63F48F4F7F1BC3195F5AB831F9794F3DBA2D30E1",
"C:\\Users\\Public\\Pictures\\desktop.ini",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\desktop.ini",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\favicons.sqlite",
"C:\\Windows\\System32\\netmsg.dll",
"C:\\Program Files (x86)\\Mozilla Firefox\\",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\LightDome.CompanyLogo",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-9KSEH.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\7F2254AA2A8BC4A627A43E0A537084540A1E884B",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\aushelper@mozilla.org.xpi",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\BD75785200C0E1E894D78880C72AC03D1B02A575",
"C:\\Program Files (x86)\\Mozilla Firefox\\chrome.manifest",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-3N144.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\950506BC89C1114E4E75E993855000430CECD9D9",
"C:\\Windows\\System32\\shell32.dll",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\GeneticSuccess.CompanyLogo",
"C:\\Program Files (x86)\\windows media player\\en-US\\wmplayer.exe.mui",
"C:\\Windows\\explorer.exe",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-track-simple.pset",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Feathers.CompanyLogo",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Extras\\is-49LIO.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-VQT8K.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-23GBJ.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\1F3A3A34BAF218785600EB46E9182918B9928898",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4824C8FFDEE786A5D8721AF47836EA89F72B9E63",
"C:\\Users\\Public\\desktop.ini",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Windows PowerShell",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\startupCache.4.little",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\compatibility.ini",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\235A8ED310BFD65966E1EE36D0FD4BE498C8B73C",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\SecurityPreloadState.txt",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\thumbnails\\f8f5d529d35334f2fb264d19f656224e.png",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\is-GTBAF.tmp",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\.metadata-v2",
"\\\\?\\PIPE\\samr",
"C:\\Windows\\System32\\spool\\drivers\\color\\sRGB Color Space Profile.icm",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\7ADD52E257AB16553D632B8F4B6830030878A19E",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-time-l1-1-0.dll",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\5E4954707B44E5A4B4ACF5F22B52219A1DCA477F",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\AA109EF5680522CB655C98111C00F5A6B7B092B2",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D7152E928865BCA4A03E2E2EA4F70459D0A65CA9",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\1AB027184D2B00AF60C1FC40EDE4333DEACDB184",
"C:\\Windows\\System32\\StikyNot.exe",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\65C9C9A27B78717F1015DE362F028E04C3945DEC",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\crashes\\store.json.mozlz4",
"C:\\Program Files (x86)\\Mozilla Firefox\\dependentlibs.list",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\webappsstore.sqlite",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\desktop.ini",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\TRRBlacklist.txt",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\FF55B8192FB0DF5264A1A67E55A281598969EDD1",
"C:\\Users\\cuck\\AppData\\Roaming",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-trackwhite-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-malware-proto.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\block-flashsubdoc-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\BA3014356B4F6ECADF1B5288B6841EB407783B99",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\75E50D054B90189E74DAB0C86F5E8680BE580C29",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Snipping Tool.lnk",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\session-state.json",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\34D9B2F464DD8C129F58DFEE470B079556A7A3F9",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Pyramide.CompanyLogo",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\167493A5CFB1A41265EC1B95DA06580C32BCF814",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\activity-stream.tippytop.json",
"C:\\ProgramData\\Microsoft\\Windows",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\68B1EB9E09D4BD74CA7A9C1BB118BE821BD39E93",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\DC933A410E769DFD115C892EAF014A6E15ED59CE",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D172C03F361E7325D8F391F992106A828306767D",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\911B0C61350C012E383F7D0845A33B4D64F1AD2A",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\10506E8A46D6B713DA6BAF52F85CF29652AB094C",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Extras\\is-SD3UV.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-JT1DF.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D381FB47D731C2651FB103E2F7BC18AF380F7B1F",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Sticky Notes.lnk",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Swish.CompanyLogo",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\0FEBD8BDBFAC8B82791945DC7E04F675419B2F42",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\block-flash-digest256.pset",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-runtime-l1-1-0.dll",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Bookstore.CompanyLogo",
"C:\\Users\\cuck\\AppData\\LocalLow\\Mozilla\\Temp-{30125161-3c7f-4c5a-bdb3-beadc01f5994}",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\7A140995F2B1632A4366B29F84525E129CE8019A",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-block-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\13AD07F4960A54F2D183ACF9E94C5128138B1927",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\scriptCache-child-current.bin",
"C:\\Program Files (x86)\\Windows Media Player\\wmplayer.exe",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-NENM4.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\",
"C:\\Users",
"C:\\Program Files (x86)\\Mozilla Firefox\\VCRUNTIME140.dll",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_96.db",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-unwanted-proto.metadata",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\481A82674A6B66F0DE510C9A714F8CD8C49CECDC",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Internet Explorer",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\CCB2BB2D87699CA64DCF0C60BDECD1E30D1D6A11",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories",
"C:\\ProgramData\\Microsoft\\User Account Pictures\\user.bmp",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\InstallTime20180605171542",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\B3F357E619352C003E94A8CF5A48F89305F38330",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D56D07CBF04B0388B53B943F61C75FC6620FA0A9",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\symbols.box",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4EC268BEC38CFB516EF780E0EBE4E401AF241132",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-RJS1H.tmp",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Extras\\is-P7TJO.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\796EA7DED8F33BFD4F2F0CD98C76865D063E1FE1",
"C:\\Program Files (x86)\\Mozilla Firefox\\mozglue.dll",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating",
"C:\\Windows\\System32\\rundll32.exe",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Desktop.ini",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Extras\\is-2SO9J.tmp",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Tablet PC\\Desktop.ini",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D8779A474EF9F188508C00F92B9CE49A7892A0AD",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\allow-flashallow-digest256.sbstore",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\87526A8EBFB030E474085D20EF15DC8C63814072",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-HSVE1.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-9A7JP.tmp",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\screenshots@mozilla.org.xpi",
"c:\\Users\\cuck\\AppData\\Local\\Temp\\is-MNA02.tmp\\891abfbc1df80ee834d4790b35a3ad27723867dcfaa28deee423bf1ac3eab95b.tmp",
"C:\\Windows\\System32",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\0EDDF8C091E2FED62E44BEDDDC1723F5BF38FE4F",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-CPUC7.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\except-flash-digest256.sbstore",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-NUBVH.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-track-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-trackwhite-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\8322BC5E83D3D80175E749D29197F9800286F253",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\3105ECE5A1F29E3F4D2F5EDF3C6DC5FE4443FD4A",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-3OL6P.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\93B95B92B63A5C2327A8048A4BF57824C56B8CF1",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Accent.CompanyLogo",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\2732BCC97E7EB9EC9DE3E8EA8F56D7971CBDCD22",
"C:\\Windows\\Fonts\\segoeui.ttf",
"C:\\PROGRAM FILES (X86)\\MOZILLA FIREFOX\\fonts\\EMOJIONEMOZILLA.TTF",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\9B1007AC2F741C4FD7099C41A741D0FD35957BB8",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\places.sqlite-wal",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\120B4106EC203FC932984367D86BBE11C2B9B93C",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-094S8.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\except-flashallow-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_32.db",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\196BCA845E91608F7B4CA6127A60D20AF55413AC",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-QDTC3.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\F8AC72083E334F70A553AE68455FBDF0E65C5221",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\E59C4C731883450D84A0BAE7FDD94546BBC8DE04",
"c:\\program files (x86)\\mozilla firefox\\firefox.exe",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D3AEF13BE0B76F1272C2F5536D4AF952DE6D2579",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-unwanted-simple.pset",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-1RKMN.tmp",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\03C2D63D520038594126B6B542E92CB503EF60B6",
"C:\\Windows\\System32\\snippingtool.exe",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\Desktop.ini",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Documents.library-ms",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\desktop.ini",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\8366CD083751DA973B30F80B11D910A45A6D920D",
"C:\\Users\\cuck\\Desktop\\desktop.ini",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\webcompat@mozilla.org.xpi",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\6509930F4539DB79DA356F2C5D01976D46756302",
"C:\\ProgramData\\Microsoft",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-track-simple.pset",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Firefox.lnk",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\except-flash-digest256.pset",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-JO89P.tmp",
"C:\\Windows\\System32\\wship6.dll",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\E910D1FCE8BF27F5536B88567A4DC32624377CC3",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\B2D65EE14ED1EB19E1A3B4C871D8C24A13F52918",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\desktop.ini",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\firefox@getpocket.com.xpi",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\7A8D3A9360CC37F0AD80962D4AEA72B6D0F0B2B3",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\OddManTheory.CompanyLogo",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\is-MNA02.tmp\\891abfbc1df80ee834d4790b35a3ad27723867dcfaa28deee423bf1ac3eab95b.tmp",
"C:\\Windows\\AppPatch\\sysmain.sdb",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Spaceboxes.CompanyLogo",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-CA9EM.tmp",
"C:\\Users\\cuck\\Pictures",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-trackwhite-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\AC5E012C1887C7B691A8EA00C4E754025E25C235",
"C:\\Users\\Public\\Pictures\\Sample Pictures\\desktop.ini",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\is-GE0IB.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-malware-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\F2BD0701B9399ABF52C338C39C42391FD12832D2",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Pictures.library-ms",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\01B2BB0FC84221A3593CA7991D57E56AC2CAE656",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\F10983A15DD515D828BE4E816299B9E87852132A",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\891abfbc1df80ee834d4790b35a3ad27723867dcfaa28deee423bf1ac3eab95b.bin",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-filesystem-l1-1-0.dll",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\B43D30F6F6BD7155ECCE1FFC98748C5FE69D8051",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-heap-l1-1-0.dll",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-unwanted-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\71E6B979E60B9BE891481CC4F4A274E2DECFFCD7",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\EA9C51236A8D1BE9B123FE65F49772A97F2EAAEC",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-UC7KO.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\EFC872FB5405AFC377348FFCDD26E62BBB612D81",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\499B8F86D3D7ACD12153BFF4E7D9C21E20E57862",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4DE8480C465A21C0F01AA2B6F4E13E551F78BBB1",
"C:\\Program Files (x86)\\desktop.ini",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\chrome.manifest",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\8763F97414AC5D93807FCCBC67DBAAAEE2972A52",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\F6C3C960F259CC3B54FF1DAD70E2F2E9E5020CA6",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-VQSLA.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\505DF13F4DA2C53FEB1945E0598B23F47FDBDCC7",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\F85DD1E57E8C61DF501ABFFCE74943A8035E83A6",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\state.json",
"\\Device\\NamedPipe\\",
"C:\\Program Files (x86)\\Mozilla Firefox\\msvcp140.dll",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\8C98F893C7DC5F2C401AD1482A81572B54197408",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\permissions.sqlite",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\sessionstore.jsonlz4",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\448A2AB129B26377E2408BBC44A6B4E984B0F25D",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\omni.ja",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\006309EAFFD4653F45B69F09BF6F930B6C5B394C",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\639DC9A240AA5E77CE1A930EDDD634BE796CBFA8",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\displayswitch.lnk",
"C:\\Windows\\System32\\ExplorerFrame.dll",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\0CDAD0FEE8D457A239E21FCEAC3C12851FD524BB",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\extensions.json",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Globe.CompanyLogo",
"C:\\Users\\desktop.ini",
"C:\\Windows\\System32\\mspaint.exe",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-environment-l1-1-0.dll",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\2918063365piupsah.sqlite",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-unwanted-proto.pset",
"c:\\program files (x86)\\internet explorer\\iexplore.exe",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\A3031C2052A395A7FE246EFE1783C6205B841295",
"C:\\Windows\\System32\\WFSR.dll",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\E600EF8778C4BFEC40D87FF56E5C46E3377094F0",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\desktop.ini",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\16114BA75206B6FA4C51ADC8A73DB4C6635F6AF9",
"C:\\Program Files (x86)\\Mozilla Firefox",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\2F0CC71C57B06F9DEA5A4A190CC4CF489D97C1F4",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\mozstd-trackwhite-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\9B10ECC55593004CB6F9763CF9201C09433055FD",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-EGFKL.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\79AEB0050B19F23A061AD4C2045261954485EF33",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\WithLove.CompanyLogo",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\88A3A91F296EB21A832CB76FA4FDB06CCDE147B9",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\5014D54D3346C39B07AF70090657B2AD092771C7",
"C:\\Users\\cuck\\Desktop",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\6D0B804EDDF9F0A04ED44C3E1673404FC2EF042D",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\crashes\\events",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Paint.lnk",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\25FCAA86CF448D2943B56A5788C3C21E5EA8DBC4",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\urlCache-current.bin",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Games",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows\\Libraries",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\events",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\places.sqlite",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\10822A86FA4EA4E601152426CBC79395A1336DF4",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage.sqlite",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\BB03D28C0A5842A9006EBFBFCDEC58959BE6B505",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\activity-stream@mozilla.org.xpi",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\53B7A8254D12E292946E4514B3D598C1E6539AE8",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-stdio-l1-1-0.dll",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-NTJ3U.tmp",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-convert-l1-1-0.dll",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\70F12FE0F788181112B9AEE541D1E9E7E0FAEDE3",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\formautofill@mozilla.org.xpi",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Windows PowerShell\\desktop.ini",
"C:\\Windows\\Branding\\ShellBrd\\shellbrd.dll",
"C:\\Windows\\System32\\KBDUS.DLL",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\723D2D7D52AD8AD9A4B8D12D69CBCD97CB4FFC65",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Floater.CompanyLogo",
"c:\\program files (x86)\\internet explorer\\en-US\\iexplore.exe.mui",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\FDC043D6190638980733E805CC7517F27A931511",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Seal.CompanyLogo",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-malware-simple.pset",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-0RQQ1.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\symbols.dat",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\24C085D72E4DC34C183B0875733BBC71612D9696",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\block-flashsubdoc-digest256.sbstore",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Desktop.ini",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\thumbnails\\ad5a4453bea49203135688a7b8db842d.png",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\ABA24AAB8A9EA0E34C3E86EFD7EE2992CE614003"
],
"regkey_opened": [
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\PropertyBag",
"HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows NT\\DnsClient",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\KnownFolderSettings",
"HKEY_CLASSES_ROOT\\Directory",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\0F4DC93AAA8AD1D448BC4E6A207F4FE0",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{0000897b-83df-4b96-be07-0fb58b01c4a4}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.htm\\ShellEx\\IconHandler",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer",
"HKEY_CLASSES_ROOT\\.wsh",
"HKEY_CLASSES_ROOT\\.wsc",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.html",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\0EF52818FCE3E7B488427C1F8266654E",
"HKEY_CLASSES_ROOT\\.wsf",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\669C9DC1419C0F240B35B36B99AAB50C",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\PropertyBag",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\Interface\\{9556DC99-828C-11CF-A37E-00AA003240C7}\\ProxyStubClsid32",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{E429B25A-E5D3-4D1F-9BE3-0C608477E3A1}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_CURRENT_USER\\FirefoxHTML-E7CF176E110C211B\\shell\\open\\ddeexec",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\1E82F31DC0D05AA4CB291B7BAA23FC8E",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{905E63B6-C1BF-494E-B29C-65B732D3D21A}\\PropertyBag",
"HKEY_CLASSES_ROOT\\Drive\\shellex\\FolderExtensions",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\Managed\\S-1-5-21-699399860-4089948139-3198924279-1001\\Installer\\Features\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\LSA\\AccessProviders",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\A7E9995902A24964C9C5D461E1C86F19",
"HKEY_CLASSES_ROOT\\.js",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\4486F7CE8F022FB4EB0154C5226C27A0",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\App Paths\\891abfbc1df80ee834d4790b35a3ad27723867dcfaa28deee423bf1ac3eab95b.tmp",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Shell Icons",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Tracing\\firefox_RASMANCS",
"HKEY_CURRENT_USER\\Software\\Lenovo\\TrackPoint",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Applications\\cmd.exe\\TaskbarExceptionsIcons",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Mozilla\\Firefox\\32to64DidMigrate",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\0411990C889EE9B47BB0B5D356564877",
"HKEY_LOCAL_MACHINE\\Software\\Mozilla\\Firefox\\TaskBarIDs",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\9F5ED6B416EF0A1448D94799D0FF20BA",
"HKEY_CURRENT_USER\\Interface\\{9556DC99-828C-11CF-A37E-00AA003240C7}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\PropertyBag",
"HKEY_CLASSES_ROOT\\.com",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\7BF7ABF4D25C03F4582D4BC3082FB208",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Associations",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\000000000003",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\CF65AB832507EDB4BB357F9D8E0431BD",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{905E63B6-C1BF-494E-B29C-65B732D3D21A}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion",
"HKEY_CLASSES_ROOT\\.its",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}",
"HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ICM\\RegisteredProfiles",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\PropertyBag",
"HKEY_CURRENT_USER\\Software\\Policies",
"HKEY_LOCAL_MACHINE\\Software\\Classes\\Installer\\Features\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_CLASSES_ROOT\\.ws",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{DCBD6FA8-032F-11D3-B5B1-00C04FC324A1}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\DocObject",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\B4BBDDC88CEE4DD439E8BB261CE222A8",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{3f5cc1b5-70f9-11e8-b07b-806e6f6e6963}\\",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\Compatibility\\CompanyLogoDesigner.exe",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\PropertyBag",
"HKEY_CURRENT_USER\\Software\\Microsoft\\CTF\\LayoutIcon\\0409\\0000041d",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\3D197E722531D614AB40C182904D9A31",
"HKEY_CLASSES_ROOT\\.pcd",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\Interface\\{D4781CD6-E5D3-44DF-AD94-930EFE48A887}\\ProxyStubClsid32",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Applications\\explorer.exe\\TaskbarExceptionsIcons",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{32EF7022-B623-4B6A-B41D-400558207243}_is1",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\A558E619ABC4CE5479C1DA5070EFBF81",
"HKEY_CURRENT_USER\\Software\\Lenovo\\UltraNav",
"HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows NT\\Rpc",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\Winsock2\\Parameters",
"HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\ShellEx\\IconHandler",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Avalon.Graphics",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AutoComplete",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocHandler",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\E40FDF839772BEB41AC977860DBB4853",
"HKEY_CLASSES_ROOT\\FirefoxHTML-E7CF176E110C211B\\shell\\open\\command",
"HKEY_CLASSES_ROOT\\.shb",
"HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ThumbnailCache",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32",
"HKEY_CLASSES_ROOT\\.shs",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\Interface\\{1C1C45EE-4395-11D2-B60B-00104B703EFD}\\ProxyStubClsid32",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\895805CC90C04694887EF6BD140A622D",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\863CA21BBA4DFCE489FDF96EAB898616",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\Clsid",
"HKEY_CURRENT_USER\\Keyboard Layout\\Toggle",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\PropertyBag",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{531FDEBF-9B4C-4A43-A2AA-960E8FCDC732}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_CLASSES_ROOT\\CLSID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}",
"HKEY_LOCAL_MACHINE\\Software\\The Silicon Realms Toolworks\\Armadillo",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\FBEAAA6C37E8AF24B87AAEA0047433BD",
"HKEY_CLASSES_ROOT\\.ade",
"HKEY_CURRENT_USER\\SOFTWARE\\Policies",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\AppId_Catalog\\3255956E",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer",
"HKEY_CLASSES_ROOT\\.adp",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\FontSubstitutes",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\F356843B045CC0A4BA0D83C1D85AAAFD",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Installer\\Products\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\D725CB8E57307E64EB574E04214D8B5F",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\18F5DB38C45303843B06B1B5025E4820",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\Progid",
"HKEY_CURRENT_USER\\Control Panel\\Desktop",
"HKEY_CLASSES_ROOT\\.mshxml",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\C4040CC509FB0DC4886F590DDF6B6132",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\F21868A51A175874BB819DCA5FAA40A3",
"HKEY_CURRENT_USER\\FirefoxHTML-E7CF176E110C211B\\(Default)",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StartPage\\NewShortcuts",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\F41A458014D57E54E8DBD0B0CBC361A2",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\8D0CBB37A94C46943A90AC5008CF1CC9",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\9E40FDB6330EBA242A4BD5F4FDD0B803",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\5E3DAE67887931944BCD7171908FA775",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{1FB7C45A-32CD-2E2B-4525-067F3CE3C107}\\InprocServer32",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\965742E8F65116F4BB2CB01341464FA7",
"HKEY_CLASSES_ROOT\\.csh",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\335F6F64CD461D9469519574D34757EB",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\17E23EF6C775D324DB90E0E2B7D1CA72",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\95EE473833000D6409127D1B85882AC9",
"HKEY_CURRENT_USER\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}",
"HKEY_CURRENT_USER\\FirefoxHTML-E7CF176E110C211B\\Progid",
"HKEY_CLASSES_ROOT\\.htm",
"HKEY_CURRENT_USER\\Software\\Elantech",
"HKEY_CLASSES_ROOT\\.hta",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\75B368B60C908BA4E87C31F66B02F3F0",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Products\\586A8930D8DF3B6489614C37910BFCF5\\Features",
"HKEY_CLASSES_ROOT\\.mcf",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\Progid",
"HKEY_LOCAL_MACHINE\\Software\\MozillaPlugins",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\F05C8358C56DAD54BB81D0A11DD52F41",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontLink\\SystemLink",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\NameSpace_Catalog5",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\33AB3CD4D27277545B5A93CD4ECB96B4",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\AppId_Catalog",
"HKEY_CLASSES_ROOT\\C:\\Program Files (x86)\\CompanyLogoDesigner\\CompanyLogoDesigner.exe\\DefaultIcon",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\B06071FE021ECB04E8B3BF1E39AD5BB3",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\8020CF43278B2644190F51544810251E",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies",
"HKEY_LOCAL_MACHINE\\Software",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\PropertyBag",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\App Paths\\firefox.exe",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}",
"HKEY_CLASSES_ROOT\\.cer",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\PropertyBag",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\D3541DFF9B79C584284E8981624C04CB",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\E85E64F0A7FC58E47A87E5AB98A6F2DD",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\5E429E5BC27530F4786481EC687D9EC9",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\315C767EFC72D8445B1D2D16F72653F0",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.html\\UserChoice",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Shell\\Associations\\UrlAssociations\\http",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\B1D5EA6004F809D48B117CE563261011",
"HKEY_CURRENT_USER\\FirefoxHTML-E7CF176E110C211B\\shell\\open\\DropTarget",
"HKEY_CLASSES_ROOT\\.reg",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\5B04950B5EC5C924B8F428B5484A2720",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{03B5835F-F03C-411B-9CE2-AA23E1171E36}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_CLASSES_ROOT\\.pif",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\(Default)",
"HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\Explorer",
"HKEY_CURRENT_USER\\SOFTWARE\\Mozilla\\Firefox\\Extensions",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3D644C9B-1FB8-4F30-9B45-F670235F79C0}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\000000000010",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\DnsCache\\Parameters",
"HKEY_CURRENT_USER\\Software\\Mozilla\\Firefox",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\63B1AF366905AF641BA514CCBAE803C4",
"HKEY_CLASSES_ROOT\\.vb",
"HKEY_CLASSES_ROOT\\.cpl",
"HKEY_CURRENT_USER\\FirefoxHTML-E7CF176E110C211B\\ShellEx\\IconHandler",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\Managed\\S-1-5-21-699399860-4089948139-3198924279-1001\\Installer\\Products\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\285499F23409ED14FB4A01230F5DFA91",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}",
"HKEY_CURRENT_USER\\Software\\Microsoft\\CTF\\DirectSwitchHotkeys",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{04DA8451-7F63-4870-A4D7-F55BE66BFDFB}",
"HKEY_LOCAL_MACHINE\\System\\Setup",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\CB2182A03B6B11341A1F09A021991CE1",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\7FEB01D34D0F67E4F9CD810B432C1B91",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\4514EC211C8947C4B9BA24F353AFFD50",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\NameSpace_Catalog5\\00000028",
"HKEY_CLASSES_ROOT\\CompanyLogoDesigner\\shell\\open\\command",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\7814D91294731FF4DBBB840810BEB3BB",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\67C12EF40671B7342A2F990919031A57",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\PropertyBag",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\IceExt",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{3f5cc1b6-70f9-11e8-b07b-806e6f6e6963}\\",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\PropertyBag",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\B690B72A999998C47B5F93C94A8D43B2",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\PropertyBag",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\LanmanWorkstation\\Parameters",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\ClusSvc",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.htm\\DocObject",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\7C0477DE66D1A6749864FCE02A6DCB6C",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\BrowseInPlace",
"HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AutoComplete",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\1",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\PropertyBag",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Video\\{6FABAC3A-B3E4-4C2F-82E9-AA53D01C5093}\\0000",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\Tcpip\\Parameters",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}",
"HKEY_CLASSES_ROOT\\SystemFileAssociations\\document",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Setup",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\\InprocHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\PropertyBag",
"HKEY_CLASSES_ROOT\\Drive\\shellex\\FolderExtensions\\{fbeb8a05-beee-4442-804e-409d6c4515e9}",
"HKEY_CURRENT_USER\\FirefoxHTML-E7CF176E110C211B\\BrowseInPlace",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\Interface\\{027947E1-D731-11CE-A357-000000000001}\\ProxyStubClsid32",
"HKEY_CLASSES_ROOT\\.tmp",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\PropertyBag",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\89BBBC8A0D32B014696C4BA3C20CDD34",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\9DD74C0626DC33C479C1929714AB5295",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Associations",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\5B5C8B2FB95B57147954C18085D53ACE",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\53F08364FFD17F14B8FD7CA7F52FAE76",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}",
"HKEY_CURRENT_USER\\Interface\\{1C1C45EE-4395-11D2-B60B-00104B703EFD}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\KindMap",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\A0256FF64030E0746A4AA95D3FFD0BE4",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\00000005",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\8D04063BE69797D4D8505462827A0D19",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\73964AA699D5B5140ADC41ED3F7DB38A",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\Compatibility\\891abfbc1df80ee834d4790b35a3ad27723867dcfaa28deee423bf1ac3eab95b.tmp",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\9753E3A35E3BDFB468DF95B5D19C8A04",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Avalon.Graphics\\DISPLAY1",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\MMDevices\\Audio\\Render\\{6fcf1fb3-47c2-4dea-98cf-b6fd0420a46f}",
"HKEY_CLASSES_ROOT\\.CompanyLogo",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{78CB5B0E-26ED-4FCC-854C-77E8F3D1AA80}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ICM\\RegisteredProfiles",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\PropertyBag",
"HKEY_LOCAL_MACHINE\\Software\\Policies",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\AD21E12039BB3BC47B1938BC4ABDFEE2",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\MS Sans Serif",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.html\\(Default)",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\034A8F8E06031EF46BCB4C10469098E5",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\84BBAC70FB00B6046881B55CB3122F0F",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}",
"HKEY_CLASSES_ROOT\\.bas",
"HKEY_CLASSES_ROOT\\.bat",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\\PropertyBag",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\PropertyBag",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\E116C831A95AB5B4787CE3086FE83631",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}",
"HKEY_CLASSES_ROOT\\.asp",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontSubstitutes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\PropertyBag",
"HKEY_LOCAL_MACHINE\\Software\\Cisco Systems\\VPN Client",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}",
"HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ICM",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\\Progid",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\PropertyBag",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\7636A94AA21EDBB48B6AFFB17E5907B8",
"HKEY_CLASSES_ROOT\\.cmd",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\MMDevices\\Audio\\Render\\{c8ce7349-e519-42ea-bfb7-698f1844ee25}",
"HKEY_CURRENT_USER\\Software\\Synaptics\\SynTPEnh\\UltraNavPS2",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList",
"HKEY_CLASSES_ROOT\\.gadget",
"HKEY_CLASSES_ROOT\\FirefoxHTML-E7CF176E110C211B",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\9BA984AD4F03E284382FFBB7A68BEE27",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\BE0BD5097A638224EB0DAAE870267F03",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\040E2A370D6DB2F45AE45A0032BC2179",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\30FAECE2400494D4FB69207288EB5B73",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\KnownClasses",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\App Paths\\firefox.exe",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\000000000008",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\000000000009",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{C1EE01F2-B3B6-4A6A-9DDD-E988C088EC82}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\Clsid",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\000000000001",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\000000000002",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\000000000004",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\000000000005",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\000000000006",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\000000000007",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{04DA8451-7F63-4870-A4D7-F55BE66BFDFB}\\InprocServer32",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\FFFA6DF7EA9EDFC45A1F02FE6DF8F067",
"HKEY_CLASSES_ROOT\\.lnk",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-699399860-4089948139-3198924279-1001",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\87C48B95924E3294FBC1766C9225DD0C",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\DataStore_V1.0",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\ShellEx\\IconHandler",
"HKEY_CURRENT_USER\\Software\\Elantech\\MainOption",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\7FE547D6F0D72534A80F89C4AB727618",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\89DF671CDA74E9D4EB10275B10D5CF3F",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{618736E0-3C3D-11CF-810C-00AA00389B71}\\ProxyStubClsid32",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\9D22CD4619F5DBC499A083AAD70FE7B3",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3D644C9B-1FB8-4F30-9B45-F670235F79C0}\\PropertyBag",
"HKEY_CLASSES_ROOT\\.vbs",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{81D4E9C9-1D3B-41BC-9E6C-4B40BF79E35E}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\PropertySystem\\PropertyHandlers\\.ini",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\CE5B971A0DBB8FD4F83AE0DADC348104",
"HKEY_CLASSES_ROOT\\.vbe",
"HKEY_CURRENT_USER\\FirefoxHTML-E7CF176E110C211B\\shell\\open",
"HKEY_CURRENT_USER\\Software\\Policies\\Mozilla\\Firefox",
"HKEY_CLASSES_ROOT\\.mde",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{32EF7022-B623-4B6A-B41D-400558207243}_is1",
"HKEY_CLASSES_ROOT\\.pst",
"HKEY_CLASSES_ROOT\\.mda",
"HKEY_CLASSES_ROOT\\.mdb",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Websense\\Agent",
"HKEY_CLASSES_ROOT\\.mdz",
"HKEY_CLASSES_ROOT\\.mdt",
"HKEY_CLASSES_ROOT\\.mdw",
"HKEY_CLASSES_ROOT\\CLSID\\{00BB2763-6A77-11D0-A535-00C04FD7D062}\\InProcServer32",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Windows",
"HKEY_LOCAL_MACHINE\\Hardware\\Description\\System",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Shell\\Associations\\UrlAssociations\\Directory",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Mozilla\\Firefox\\TaskBarIDs",
"HKEY_CLASSES_ROOT\\CLSID\\{03C036F1-A186-11D0-824A-00AA005B4383}\\InProcServer32",
"HKEY_LOCAL_MACHINE\\Software\\Licenses",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.htm\\OpenWithProgids",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AutoComplete",
"HKEY_LOCAL_MACHINE\\Software\\Synaptics\\SynTP\\Install",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\RFC1156Agent\\CurrentVersion\\Parameters",
"HKEY_CLASSES_ROOT\\.ops",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\0A191B45599EEB74CA305184EA3C2A94",
"HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\System\\DNSClient",
"HKEY_CURRENT_USER\\Interface\\{027947E1-D731-11CE-A357-000000000001}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\04C56B5D827A9194FA2CBFD014EAD0DA",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\18D84E9490A485948A17A1F02CDAA62A",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\8D38A6F5FC8262149A9FAAE8C621EE3F",
"HKEY_CLASSES_ROOT\\.msi",
"HKEY_CLASSES_ROOT\\.msh",
"HKEY_CLASSES_ROOT\\Folder",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\ShellCompatibility\\ProgIDs\\FirefoxHTML-E7CF176E110C211B",
"HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\DWM",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{AE6BE008-07FB-400D-8BEB-337A64F7051F}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_CLASSES_ROOT\\.msc",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\PropertyBag",
"HKEY_CURRENT_USER\\Software\\Alps\\Apoint\\TrackPoint",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\95E2C34402A93A14FA8CB3420B85375C",
"HKEY_CLASSES_ROOT\\.mst",
"HKEY_CLASSES_ROOT\\.msp",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\App Paths\\891abfbc1df80ee834d4790b35a3ad27723867dcfaa28deee423bf1ac3eab95b.tmp",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.pdf",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\C1EF68F348457B246A0AD0C18B3079AF",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\1C1ED53B8F25FD248955C15232E46886",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.htm",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\PropertySystem\\PropertyHandlers\\.library-ms",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\LDAP",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Shell\\Associations\\UrlAssociations\\http\\UserChoice",
"HKEY_CURRENT_USER\\Software",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\WinSock2\\Parameters",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\1A0857155A8EF604FA5D1648CF382DC7",
"HKEY_LOCAL_MACHINE\\SOFTWARE",
"HKEY_CLASSES_ROOT\\.fxp",
"HKEY_CLASSES_ROOT\\.app",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\PropertyBag",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{07EB03D6-B001-41DF-9192-BF9B841EE71F}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_CURRENT_USER\\CLSID\\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ShellCompatibility\\Applications\\891abfbc1df80ee834d4790b35a3ad27723867dcfaa28deee423bf1ac3eab95b.tmp",
"HKEY_CLASSES_ROOT\\.exe",
"HKEY_CLASSES_ROOT\\AllFilesystemObjects",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\\TreatAs",
"HKEY_CLASSES_ROOT\\SystemFileAssociations\\.htm",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\DocObject",
"HKEY_CLASSES_ROOT\\CLSID\\{1FB7C45A-32CD-2E2B-4525-067F3CE3C107}",
"HKEY_LOCAL_MACHINE\\software\\microsoft\\windows\\currentversion\\setup\\PnpLockdownFiles",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\OLEAUT",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\PropertyBag",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\PropertySystem\\PropertyHandlers\\.bmp",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{A028AE76-01B1-46C2-99C4-ACD9858AE02F}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.htm\\BrowseInPlace",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AutoComplete",
"HKEY_CLASSES_ROOT\\.htm\\OpenWithProgids",
"HKEY_CLASSES_ROOT\\.grp",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\TreatAs",
"HKEY_CLASSES_ROOT\\.ksh",
"HKEY_CURRENT_USER\\FirefoxHTML-E7CF176E110C211B\\CurVer",
"HKEY_CLASSES_ROOT\\FirefoxURL-E7CF176E110C211B\\shell\\open\\command",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\PropertyBag",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{8613E14C-D0C0-4161-AC0F-1DD2563286BC}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions",
"HKEY_CLASSES_ROOT\\.pl",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\CDBF699A8F2EAC2438564C3D50E9E638",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Class\\{4d36e968-e325-11ce-bfc1-08002be10318}\\0000",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\CTF\\TIP\\{0000897b-83df-4b96-be07-0fb58b01c4a4}\\LanguageProfile\\0x00000000\\{0001bea3-ed56-483d-a2e2-aeae25577436}",
"HKEY_CURRENT_USER\\Software\\Classes\\.pdf",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows Media Foundation\\Platform",
"HKEY_CURRENT_USER\\FirefoxHTML-E7CF176E110C211B\\shell",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Session Manager",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\PropertyBag",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\103857F24A2EDA54A800A41FA570861F",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries",
"HKEY_CURRENT_USER\\FirefoxHTML-E7CF176E110C211B\\shell\\open\\(Default)",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.htm\\UserChoice",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\958C4A0DE6C8D5C428C6E9D875BC33B6",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\msasn1",
"HKEY_CURRENT_USER\\FirefoxHTML-E7CF176E110C211B\\DocObject",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion",
"HKEY_CLASSES_ROOT\\.mag",
"HKEY_CLASSES_ROOT\\.maf",
"HKEY_CLASSES_ROOT\\.mad",
"HKEY_CLASSES_ROOT\\.ins",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\AE5A0040C41ACA642AF6DB16F4D2F638",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\2FA90A429E82313489DAA2E2C2F0872C",
"HKEY_CLASSES_ROOT\\.mam",
"HKEY_CLASSES_ROOT\\.sct",
"HKEY_CLASSES_ROOT\\.scr",
"HKEY_CLASSES_ROOT\\.maw",
"HKEY_CLASSES_ROOT\\.mav",
"HKEY_CLASSES_ROOT\\.mau",
"HKEY_CLASSES_ROOT\\.mat",
"HKEY_CLASSES_ROOT\\.mas",
"HKEY_CLASSES_ROOT\\.mar",
"HKEY_CLASSES_ROOT\\.maq",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\62293D511DB84E5489074C5AFA18E882",
"HKEY_CLASSES_ROOT\\.scf",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows Media Foundation\\RT",
"HKEY_LOCAL_MACHINE\\HARDWARE\\DESCRIPTION\\System\\CentralProcessor\\0",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\FF9FDEA72CD9DDC47A6DAB85F9F76B81",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\Clsid",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}",
"HKEY_LOCAL_MACHINE\\Software\\Classes\\Installer\\Products\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\8691BCC36FF121849A90B085BFAF5E5E",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\D5FD8239A83FE564F97379EA15CE8CB6",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer",
"HKEY_CLASSES_ROOT\\.inf",
"HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\Explorer",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{F25E9F57-2FC8-4EB3-A41A-CCE5F08541E6}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_CLASSES_ROOT\\C:\\Program Files (x86)\\CompanyLogoDesigner\\CompanyLogoDesigner.exe",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\4FE19F224928A59468049F045950CB08",
"HKEY_CURRENT_USER\\Software\\Synaptics\\SynTPEnh\\UltraNavUSB",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\Interface\\{423EC01E-2E35-11D2-B604-00104B703EFD}\\ProxyStubClsid32",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\84C584688CFC74A4E9D36E5EE2E02FA7",
"HKEY_CLASSES_ROOT\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\BrowseInPlace",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\4FE462B32EFD81040A184ED17E00452B",
"HKEY_CURRENT_USER\\Interface\\{423EC01E-2E35-11D2-B604-00104B703EFD}",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Installer\\Features\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\296744B7EBFEB2741A47781AE6E32269",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\92F9143E715DEF045A539256438E41FB",
"HKEY_CURRENT_USER\\FirefoxHTML-E7CF176E110C211B\\shell\\open\\command",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\CurVer",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\16AC40BE991DF1643B2800729063B2F9",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.htm\\(Default)",
"HKEY_LOCAL_MACHINE\\Software\\Alps\\Apoint",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\4626147D107665540A84D43A5908E74D",
"HKEY_CLASSES_ROOT\\.crt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\PropertyBag",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\DocObject",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\1\\KnownFolders",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Mozilla\\MaintenanceService",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\PropertyBag",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\Shell\\RegisteredApplications\\UrlAssociations\\Directory\\OpenWithProgids",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\MMDevices\\Audio\\Render\\",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\PropertyBag",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AutoComplete",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\8ECC347096FA78C4E8291F449F71E16E",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\FE056816E41FD2F4CACD03E7A2CA2E6E",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\MMDevices\\Audio\\Render\\{c8ce7349-e519-42ea-bfb7-698f1844ee25}\\Properties",
"HKEY_CURRENT_USER\\Interface\\{D4781CD6-E5D3-44DF-AD94-930EFE48A887}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\RNG",
"HKEY_CLASSES_ROOT\\.vsmacros",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{F89E9E58-BD2F-4008-9AC2-0F816C09F4EE}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\PropertyBag",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}\\PropertyBag",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{1FB7C45A-32CD-2E2B-4525-067F3CE3C107}\\yqxcegf",
"HKEY_CURRENT_USER\\SOFTWARE\\Mozilla\\Firefox\\32to64DidMigrate",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries\\000000000006",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries\\000000000004",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries\\000000000005",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries\\000000000002",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries\\000000000003",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries\\000000000001",
"HKEY_CLASSES_ROOT\\.prg",
"HKEY_CLASSES_ROOT\\.prf",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\PropertySystem\\PropertyHandlers\\.png",
"HKEY_CURRENT_USER\\Software\\MozillaPlugins",
"HKEY_CLASSES_ROOT\\htmlfile",
"HKEY_CLASSES_ROOT\\.jse",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Mozilla\\Firefox\\Extensions",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Websense\\Agent",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Mozilla\\Firefox",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{03022430-ABC4-11D0-BDE2-00AA001A1953}\\InProcServer32",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\application\/pdf",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\ShellEx\\IconHandler",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\crypt32",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\\Progid",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\PropertyBag",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Class\\{4D36E96E-E325-11CE-BFC1-08002BE10318}\\0000",
"HKEY_CLASSES_ROOT\\.hlp",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\3C68656E520593A45925ADFB41F821B5",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\90860AAA7BD3DE34EB32330DD29CAD62",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\002F6EFFA8A0A40498F3035BD153685A",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\PropertyBag",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\\InprocHandler32",
"HKEY_CLASSES_ROOT\\.url",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\F591EF48DE97A00428A5BC1AFFFAA868",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\11E2BA15171FE704B98E7505E58D7749",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\717591555BCB1604BA9777E8A55D0E41",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\PropertyBag",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{3697C5FA-60DD-4B56-92D4-74A569205C16}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AutoComplete\\Client\\",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\0FD387D006FD9734FA65B249F36DE42A",
"HKEY_CURRENT_USER\\FirefoxHTML-E7CF176E110C211B\\Clsid",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\\InprocServer32",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\EEF8AA9EB45B5DB4BBE46B8634C910CD",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocHandler32",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\BrowseInPlace",
"HKEY_CLASSES_ROOT\\.isp",
"HKEY_CLASSES_ROOT\\.chm",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.htm\\Clsid",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}"
],
"guid": [
"{62ce7e72-4c71-4d20-b15d-452831a87d9d}",
"{a95664d2-9614-4f35-a746-de8db63617e6}",
"{c43dc798-95d1-4bea-9030-bb99e2983a1a}",
"{14ce31dc-abc2-484c-b061-cf3416aed8ff}",
"{8be2d872-86aa-4d47-b776-32cca40c7018}",
"{00021401-0000-0000-c000-000000000046}",
"{591209c7-767b-42b2-9fba-44ee4615f2c7}",
"{b2952b16-0e07-4e5a-b993-58c52cb94cae}",
"{4657278a-411b-11d2-839a-00c04fd918d0}",
"{4e530b0a-e611-4c77-a3ac-9031d022281b}",
"{5762f2a7-4658-4c7a-a4ac-bdabfe154e0d}",
"{00000000-0000-0000-c000-000000000046}",
"{17072f7b-9abe-4a74-a261-1eb76b55107a}",
"{427fd3d4-f30a-4033-84ef-cbb1a955d9f7}",
"{0000015b-0000-0000-c000-000000000046}",
"{de5bf786-477a-11d2-839d-00c04fd918d0}",
"{33c53a50-f456-4884-b049-85fd643ecfed}",
"{dc12a687-737f-11cf-884d-00aa004b2e24}",
"{00000323-0000-0000-c000-000000000046}",
"{75121952-e0d0-43e5-9380-1d80483acf72}",
"{77f10cf0-3db5-4966-b520-b7c54fd35ed6}",
"{8ded7393-5db1-475c-9e71-a39111b0ff67}",
"{0000034b-0000-0000-c000-000000000046}",
"{64bc32b5-4eec-4de7-972d-bd8bd0324537}",
"{3c708557-c99d-4fa3-9231-56518418b4e4}",
"{0c733a8a-2a1c-11ce-ade5-00aa0044773d}",
"{50ef4544-ac9f-4a8e-b21b-8a26180db13f}",
"{807c1e6c-1d00-453f-b920-b61bb7cdd997}",
"{e77cc89b-7401-4c04-8ced-149db35add04}",
"{6ccb7be0-6807-11d0-b810-00c04fd706ec}",
"{7cc7aed8-290e-49bc-8945-c1401cc9306c}",
"{00bb2763-6a77-11d0-a535-00c04fd7d062}",
"{ea69859a-db5b-4c4a-8a8f-ae9759027534}",
"{ae054212-3535-4430-83ed-d501aa6680e6}",
"{f678fcde-eb44-4b6e-9b75-cc4a661f5263}",
"{b8967f85-58ae-4f46-9fb2-5d7904798f4b}",
"{76765b11-3f95-4af2-ac9d-ea55d8994f1a}",
"{000214e6-0000-0000-c000-000000000046}",
"{bcde0395-e52f-467c-8e3d-c4579291692e}",
"{a4b544a1-438d-4b41-9325-869523e2d6c7}",
"{ab8902b4-09ca-4bb6-b78d-a8f59079a8d5}",
"{1f02b6c5-7842-4ee6-8a0b-9a24183a95ca}",
"{71d222e1-432f-429e-8c13-b6dafde5077a}",
"{bbd20037-bc0e-42f1-913f-e2936bb0ea0c}",
"{f309ad18-d86a-11d0-a075-00c04fb68820}",
"{aa80e801-2021-11d2-93e0-0060b067b86e}",
"{7c857801-7381-11cf-884d-00aa004b2e24}",
"{03c036f1-a186-11d0-824a-00aa005b4383}",
"{ea1afb91-9e28-4b86-90e9-9e9f8a5eefaf}",
"{3ce74de4-53d3-4d74-8b83-431b3828ba53}",
"{fdada2fa-894d-47d8-ae78-adf1fd7f28df}",
"{54410b83-6787-4418-9735-5aaaabe83a9a}",
"{05a232fd-2bfb-4349-9d48-4787f317f50a}",
"{8bc3f05e-d86b-11d0-a075-00c04fb68820}",
"{529a9e6b-6587-4f23-ab9e-9c7d683e3c50}",
"{c0a6c367-c264-4385-a704-9088bdc3640e}",
"{32d186a7-218f-4c75-8876-dd77273a8999}",
"{6332debf-87b5-4670-90c0-5e57b408a49e}",
"{ec5ec8a9-c395-4314-9c77-54d7a935ff70}",
"{7d39402f-5b52-4b34-b528-b95f66927e1d}",
"{bf94c121-5b05-4e6f-8000-ba598961414d}",
"{c3acefb5-f69d-4905-938f-fcadcf4be830}",
"{1c1800c1-3258-44c2-be80-3deadb6c5e39}",
"{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}",
"{674b6698-ee92-11d0-ad71-00c04fd8fdff}",
"{6746c347-576b-4f73-9012-cdfeea251bc4}",
"{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}",
"{14074e0b-7216-4862-96e6-53cada442a56}",
"{111f7c32-0546-4227-8b7f-c53a0b114a0f}",
"{6e682784-1eca-4cf2-988d-96b6e89e9a4d}",
"{56fdf344-fd6d-11d0-958a-006097c9a090}",
"{000214ee-0000-0000-c000-000000000046}",
"{eac04bc0-3791-11d2-bb95-0060977b464c}",
"{000214fa-0000-0000-c000-000000000046}",
"{1f3427c8-5c10-4210-aa03-2ee45287d668}",
"{dc8f8556-efbd-4efa-8b64-bba84b4ecd7f}",
"{722a338c-6e8e-4e72-ac27-1417fb0c81c2}",
"{46a6eeff-908e-4dc6-92a6-64be9177b41c}",
"{1685d4ab-a51b-4af1-a4e5-cee87002431d}",
"{4f6bcd94-c2a5-42ce-8dbc-31e794be4630}",
"{44aca674-e8fc-11d0-a07c-00c04fb68820}",
"{603d3800-bd81-11d0-a3a5-00c04fd706ec}",
"{934d4698-6a59-48f8-9f29-9fb30670320e}",
"{660b90c8-73a9-4b58-8cae-355b7f55341b}",
"{00bb2765-6a77-11d0-a535-00c04fd7d062}",
"{db6efb73-5153-43b7-8078-c6ffc4c0238c}",
"{4590f811-1d3a-11d0-891f-00aa004b2e24}",
"{00000146-0000-0000-c000-000000000046}",
"{cef04fdf-fe72-11d2-87a5-00c04f6837cf}",
"{d5f569d0-593b-101a-b569-08002b2dbf7a}",
"{5e078e03-8265-4bbe-9487-d242edbef910}",
"{28b4d88b-e072-49e6-804d-26edbe21a7b9}",
"{cacaf262-9370-4615-a13b-9f5539da4c0a}",
"{4df0c730-df9d-4ae3-9153-aa6b82e9795a}",
"{9cfc2df3-6ba3-46ef-a836-e519e81f0ec4}",
"{f676c15d-596a-4ce2-8234-33996f445db1}",
"{4657278b-411b-11d2-839a-00c04fd918d0}",
"{ed6ae9cf-ad35-46b7-ac30-3f8b9eb5349f}"
],
"file_deleted": [
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-downloadwhite-proto.metadata",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cookies.sqlite-wal",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\3561288849sdhlie.sqlite-wal",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\mozstd-trackwhite-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\is-1QMIS.tmp\\ServiceHelper.exe",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-unwanted-proto.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\except-flash-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-phish-simple.pset",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\xulstore.json",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-block-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-badbinurl-proto.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-unwanted-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\except-flashsubdoc-digest256.pset",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cookies.sqlite-shm",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\is-1QMIS.tmp\\_isetup\\_RegDLL.tmp",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\healthreport.sqlite-wal",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-unwanted-proto.metadata",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-block-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-harmful-simple.pset",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\session-state.json",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\2918063365piupsah.sqlite-wal",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Company Logo Designer\\Company Logo Designer.pif",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\mozstd-trackwhite-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-unwanted-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\allow-flashallow-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\.startup-incomplete",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-trackwhite-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-malware-proto.metadata",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\3561288849sdhlie.sqlite-shm",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\block-flash-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-harmful-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-downloadwhite-proto.pset",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Company Logo Designer\\Company Logo Designer.lnk",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-malware-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\sessionCheckpoints.json",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\archived\\2018-06\\1529094127628.b6c0f8ae-6867-461f-8b4e-0e5ad121f572.new-profile.jsonlz4",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\except-flashsubdoc-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-track-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-trackwhite-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-phish-proto.pset",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Company Logo Designer\\Company Logo Designer.url",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\is-1QMIS.tmp\\_isetup\\_shfoldr.dll",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\except-flashallow-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-track-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\is-1QMIS.tmp\\_isetup\\_setup64.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\except-flashallow-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\allow-flashallow-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-phish-proto.metadata",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\mozplugin-block-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-malware-proto.pset",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\archived\\2018-06\\1529094127657.3ee56f54-bdce-46eb-a6d1-98f68cca4570.main.jsonlz4",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-badbinurl-proto.metadata",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\1657114595AmcateirvtiSty.sqlite-shm",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\base-track-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\except-flash-digest256.pset",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\1657114595AmcateirvtiSty.sqlite-wal",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\block-flash-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\is-MNA02.tmp\\891abfbc1df80ee834d4790b35a3ad27723867dcfaa28deee423bf1ac3eab95b.tmp",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\archived\\2018-06\\1529094538341.9c7aca19-57fd-4e4f-b088-84d9d1e147b1.main.jsonlz4",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\mozplugin-block-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-malware-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-phish-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\block-flashsubdoc-digest256.pset",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\archived\\2018-06\\1529094432250.8d1c7fee-79f4-470a-abe5-30f64452b184.main.jsonlz4",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\healthreport.sqlite",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\archived\\2018-06\\1529094127660.769b1bb0-a4dd-45df-94dc-162afa98b7dc.first-shutdown.jsonlz4",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\block-flashsubdoc-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\base-track-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\2918063365piupsah.sqlite-shm",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\addons.json",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\healthreport.sqlite-shm"
],
"regkey_written": [
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{32EF7022-B623-4B6A-B41D-400558207243}_is1\\Publisher",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{32EF7022-B623-4B6A-B41D-400558207243}_is1\\Inno Setup: User",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{32EF7022-B623-4B6A-B41D-400558207243}_is1\\Inno Setup: Selected Tasks",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{32EF7022-B623-4B6A-B41D-400558207243}_is1\\Inno Setup: App Path",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Licenses\\{K7C0DB872A3F777C0}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{32EF7022-B623-4B6A-B41D-400558207243}_is1\\UninstallString",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CompanyLogoDesigner\\shell\\open\\command\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{32EF7022-B623-4B6A-B41D-400558207243}_is1\\DisplayName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\C:\\Program Files (x86)\\CompanyLogoDesigner\\CompanyLogoDesigner.exe\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{32EF7022-B623-4B6A-B41D-400558207243}_is1\\HelpLink",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Licenses\\{R7C0DB872A3F777C0}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{1FB7C45A-32CD-2E2B-4525-067F3CE3C107}\\InprocServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{32EF7022-B623-4B6A-B41D-400558207243}_is1\\Inno Setup: Language",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{32EF7022-B623-4B6A-B41D-400558207243}_is1\\NoModify",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{32EF7022-B623-4B6A-B41D-400558207243}_is1\\EstimatedSize",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{32EF7022-B623-4B6A-B41D-400558207243}_is1\\Inno Setup: Setup Version",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StartPage2\\ProgramsCache",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\GlobalAssocChangedCounter",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StartPage\\NewShortcuts\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Company Logo Designer\\Company Logo Designer.lnk",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{32EF7022-B623-4B6A-B41D-400558207243}_is1\\InstallDate",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StartPage\\NewShortcuts\\C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Company Logo Designer\\Company Logo Designer.lnk",
"HKEY_CURRENT_USER\\Local Settings\\MuiCache\\2\\52C64B7E\\LanguageList",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{32EF7022-B623-4B6A-B41D-400558207243}_is1\\NoRepair",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{1FB7C45A-32CD-2E2B-4525-067F3CE3C107}\\InprocServer32\\ThreadingModel",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\RFC1156Agent\\CurrentVersion\\Parameters\\TrapPollTimeMilliSecs",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{32EF7022-B623-4B6A-B41D-400558207243}_is1\\QuietUninstallString",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{32EF7022-B623-4B6A-B41D-400558207243}_is1\\InstallLocation",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{32EF7022-B623-4B6A-B41D-400558207243}_is1\\Inno Setup: Deselected Tasks",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.CompanyLogo\\(Default)",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\HRZR_PGYFRFFVBA",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{32EF7022-B623-4B6A-B41D-400558207243}_is1\\URLInfoAbout",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Licenses\\{I6AE2E3CF39AF8F6C}",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\\pzq.rkr",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\C:\\Program Files (x86)\\CompanyLogoDesigner\\CompanyLogoDesigner.exe\\DefaultIcon\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Licenses\\{06AE2E3CF39AF8F6C}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{32EF7022-B623-4B6A-B41D-400558207243}_is1\\Inno Setup: Icon Group",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{32EF7022-B623-4B6A-B41D-400558207243}_is1\\URLUpdateInfo"
],
"file_copied": [
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\block-flashsubdoc-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\block-flashsubdoc-digest256.pset"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-track-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-track-simple.pset"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-malware-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-malware-simple.pset"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\except-flashallow-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\except-flashallow-digest256.sbstore"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-phish-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-phish-simple.sbstore"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-harmful-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-harmful-simple.pset"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-trackwhite-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-trackwhite-simple.pset"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\allow-flashallow-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\allow-flashallow-digest256.pset"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-block-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-block-simple.pset"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-badbinurl-proto.metadata",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-badbinurl-proto.metadata"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-harmful-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-harmful-simple.sbstore"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\block-flash-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\block-flash-digest256.pset"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\except-flashallow-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\except-flashallow-digest256.pset"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\except-flash-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\except-flash-digest256.pset"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-downloadwhite-proto.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-downloadwhite-proto.pset"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-malware-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-malware-simple.sbstore"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-phish-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-phish-simple.pset"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-malware-proto.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-malware-proto.pset"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-unwanted-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-unwanted-simple.sbstore"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\mozstd-trackwhite-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\mozstd-trackwhite-digest256.pset"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\mozplugin-block-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\mozplugin-block-digest256.pset"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-malware-proto.metadata",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-malware-proto.metadata"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-trackwhite-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-trackwhite-simple.sbstore"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\allow-flashallow-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\allow-flashallow-digest256.sbstore"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\mozplugin-block-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\mozplugin-block-digest256.sbstore"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-badbinurl-proto.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-badbinurl-proto.pset"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-block-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-block-simple.sbstore"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-unwanted-proto.metadata",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-unwanted-proto.metadata"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\mozstd-trackwhite-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\mozstd-trackwhite-digest256.sbstore"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-track-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-track-simple.sbstore"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\block-flashsubdoc-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\block-flashsubdoc-digest256.sbstore"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-downloadwhite-proto.metadata",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-downloadwhite-proto.metadata"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-unwanted-proto.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-unwanted-proto.pset"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\except-flashsubdoc-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\except-flashsubdoc-digest256.pset"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\base-track-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\base-track-digest256.pset"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\base-track-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\base-track-digest256.sbstore"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\except-flashsubdoc-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\except-flashsubdoc-digest256.sbstore"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-unwanted-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-unwanted-simple.pset"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-phish-proto.metadata",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-phish-proto.metadata"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\except-flash-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\except-flash-digest256.sbstore"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\block-flash-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\block-flash-digest256.sbstore"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-phish-proto.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-phish-proto.pset"
]
],
"command_line": [
"\"C:\\Users\\cuck\\AppData\\Local\\Temp\\is-1QMIS.tmp\\ServiceHelper.exe\" \/setup C:\\Users\\cuck\\AppData\\Local\\Temp\\891abfbc1df80ee834d4790b35a3ad27723867dcfaa28deee423bf1ac3eab95b.bin",
"\"C:\\Program Files (x86)\\Mozilla Firefox\\firefox.exe\" -osint -url \"C:\\Program Files (x86)\\CompanyLogoDesigner\\cld-readme.htm\"",
"\"C:\\Program Files (x86)\\Mozilla Firefox\\firefox.exe\" -contentproc --channel=\"2868.6.1925183474\\992608054\" -childID 2 -isForBrowser -boolPrefs 299:0| -stringPrefs 285:38;{30125161-3c7f-4c5a-bdb3-beadc01f5994}| -schedulerPrefs 0001,2 -greomni \"C:\\Program Files (x86)\\Mozilla Firefox\\omni.ja\" -appomni \"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\omni.ja\" -appdir \"C:\\Program Files (x86)\\Mozilla Firefox\\browser\" 2868 \"\\\\.\\pipe\\gecko-crash-server-pipe.2868\" 2544 tab",
"\"C:\\Program Files (x86)\\Mozilla Firefox\\firefox.exe\" -contentproc --channel=\"2868.0.616846624\\751223851\" -childID 1 -isForBrowser -boolPrefs 299:0| -stringPrefs 285:38;{30125161-3c7f-4c5a-bdb3-beadc01f5994}| -schedulerPrefs 0001,2 -greomni \"C:\\Program Files (x86)\\Mozilla Firefox\\omni.ja\" -appomni \"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\omni.ja\" -appdir \"C:\\Program Files (x86)\\Mozilla Firefox\\browser\" 2868 \"\\\\.\\pipe\\gecko-crash-server-pipe.2868\" 1432 tab",
"\"C:\\Users\\cuck\\AppData\\Local\\Temp\\is-MNA02.tmp\\891abfbc1df80ee834d4790b35a3ad27723867dcfaa28deee423bf1ac3eab95b.tmp\" \/SL5=\"$1902E6,1858858,114688,C:\\Users\\cuck\\AppData\\Local\\Temp\\891abfbc1df80ee834d4790b35a3ad27723867dcfaa28deee423bf1ac3eab95b.bin\" ",
"\"C:\\Program Files (x86)\\CompanyLogoDesigner\\CompanyLogoDesigner.exe\"",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\cld-readme.htm"
],
"regkey_deleted": [
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{1FB7C45A-32CD-2E2B-4525-067F3CE3C107}\\0",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{32EF7022-B623-4B6A-B41D-400558207243}_is1",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{32EF7022-B623-4B6A-B41D-400558207243}_is1",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{1FB7C45A-32CD-2E2B-4525-067F3CE3C107}\\Version"
],
"mutex": [
"RAL8C92EF75",
"Global\\C::Users:cuck:AppData:Local:Microsoft:Windows:Explorer:thumbcache_idx.db!rwReaderRefs",
"Global\\C::Users:cuck:AppData:Local:Microsoft:Windows:Explorer:thumbcache_32.db!dfMaintainer",
"Global\\C::Users:cuck:AppData:Local:Microsoft:Windows:Explorer:thumbcache_256.db!dfMaintainer",
"Local\\FirefoxStartupMutex",
"Global\\MozillaUpdateMutex-AWkbzLFmEHPmIFtactC8kpT7UdM=",
"DILLOCREATE",
"Global\\C::Users:cuck:AppData:Local:Microsoft:Windows:Explorer:thumbcache_sr.db!dfMaintainer",
"230::DAFCEABB6B",
"8C92EF75::WK",
"Global\\C::Users:cuck:AppData:Local:Microsoft:Windows:Explorer:thumbcache_1024.db!dfMaintainer",
"Global\\C::Users:cuck:AppData:Local:Microsoft:Windows:Explorer:thumbcache_idx.db!ThumbnailCacheInit",
"Global\\C::Users:cuck:AppData:Local:Microsoft:Windows:Explorer:thumbcache_idx.db!11396c",
"Global\\C::Users:cuck:AppData:Local:Microsoft:Windows:Explorer:thumbcache_96.db!dfMaintainer",
"Global\\C::Users:cuck:AppData:Local:Microsoft:Windows:Explorer:thumbcache_idx.db!rwWriterMutex",
"DILLOOEP"
],
"wmi_query": [
"SELECT * FROM Win32_BIOS"
],
"file_read": [
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\1E6CC88205509B4729347C79C048D6FEE47BA702",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4A7B3B12544D1B7ECC140DBCC7F13159E5C2811A",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\116C29D749EF02BBC3455756D834442785F9A388",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Slim.CompanyLogo",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\desktop.ini",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\406A03EE0E91037465ACB2B4F4105250A54F282B",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\C7BCCD2D2CA294B38AE834D818CF5D5C0C7A65BE",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\1657114595AmcateirvtiSty.sqlite",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\F17F04878A68505AE5481A71D8B733C5FFC6F285",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\InstallTime20180605171542",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\80C4BD9CF4D3178043F25467076DC8E0EDCA7FA2",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\25BA5C2B3FD98507850409FC3A4FD981B4B57A95",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\0C2824F70ADF87E5071FE4771AF36357A5500643",
"C:\\Program Files (x86)\\Mozilla Firefox\\defaults\\pref\\channel-prefs.js",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\mozplugin-block-digest256.pset",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\sessionCheckpoints.json",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\53DAE4B1D7BFF6744CCAF7207DE631267F9883DC",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\12C5797F729FEAC529B8B47C188D14EB02D8CB76",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-phish-proto.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\B7DB036074231ACC212F58CA5B8AF0545A418060",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-downloadwhite-proto.metadata",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\A698B6CF98F43F9B0EE1C1DAF3F2CB9BFF09A47C",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Media Player.lnk",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\XPS Viewer.lnk",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\464DAA9FB3675E2054BC44273AFC184FA46471CB",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\7B303216787123E2E98A2B9594CDF8211C77C0EA",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-harmful-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\14C9FC10F03F11BB6CBD75EA217AB33E64DCC1D8",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\7129FF815464CD6B0D2D26BA6F4172DEB37EEEAD",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\addons.json",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\SiteSecurityServiceState.txt",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\03C2D63D520038594126B6B542E92CB503EF60B6",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\9548F9611999ED8CA357720E12017816424CFB6F",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\B871BCA40A90227E35C39797525C79C94A1D99BE",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-downloadwhite-proto.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\except-flashsubdoc-digest256.pset",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-utility-l1-1-0.dll",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\5910B209536948818F465D83D2569E7CE0895207",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\content-prefs.sqlite",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\89ACBB962943FAF1EF2F1C7CA72502C77A714625",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-phish-proto.metadata",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\CutInRect.CompanyLogo",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Raster.CompanyLogo",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\BD75785200C0E1E894D78880C72AC03D1B02A575",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Deception.CompanyLogo",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\89DBE1DF558BB8439E2062ECC3272086F2E3FF1F",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-malware-proto.metadata",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\6052DF2D478CD99FDE4D4B2D810BB2BA580793EC",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D6BFEAEE7117A9C7FDE6A10EAB400F894E4195A8",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\2FD2E2A71F89E3A92F68CB796207228217259289",
"C:\\Windows\\Fonts\\staticcache.dat",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-math-l1-1-0.dll",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\BF13DDDC114B55CF8532A4CD90403A99233AEC0E",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4E7F371E5CFBFD3AFD85C29D7EEFFFE842B3C777",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\A41FBA22DC5012AD425DF960BDD5033BAB7C7CB6",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\EFE71EF03AD3DD79AAEBAA0A3F9596521CBA2FFE",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\allow-flashallow-digest256.pset",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\permissions.sqlite",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\handlers.json",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\B028362E3889BEAC998CED49FD74BA83B106FF93",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\698AC159A6BCBA0D13FE6F10F1A38E498F826F33",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\46E3AF25E304979396708B69DA68563169275511",
"C:\\Program Files (x86)\\Mozilla Firefox\\xul.dll",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Remote Desktop Connection.lnk",
"C:\\Program Files (x86)\\Mozilla Firefox\\gmp-clearkey\\0.1\\manifest.json",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\17AFA6B228D2D87514B84B53E61306EC9F76A8AE",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\179F6D8969C48967D77229126C8892C5E40DBC29",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Rays.CompanyLogo",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Games\\desktop.ini",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D5E6BECED2D69F7DA21EFD7B80D6C386F459CAF3",
"C:\\Program Files (x86)\\Mozilla Firefox\\firefox.exe",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\53A3BB8B513161BF46CD7ED76BE06E8E633BE492",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cookies.sqlite",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\92B5C9352DD00CE3BC97E4D5F624D41C2B3E8A45",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-phish-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-harmful-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\2B0BB856207559EBA5FC5511DF6FF5F51DFB5146",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\E771454BB360CA5F7AA169E5416B493549BC2F59",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4FA5EE242D6F5B358CE45D291E80054726F198AC",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\addonStartup.json.lz4",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\EE34617993BEF52E93EC1819B22D42B99366214A",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\F18D85F52EBBBA2AB081EF739ED0D6E8A76D497C",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\blocklist.xml",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\96ABC2EA8266E6EA2ABE62F8766B67BC8CA527BD",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\FDC043D6190638980733E805CC7517F27A931511",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-multibyte-l1-1-0.dll",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-badbinurl-proto.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D1B90B03F8D7A2BA6BA1E9251F8101DECDB2CBEC",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Command Prompt.lnk",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\AFE5FBBD40656A0DF79CF1E5D0A1DF072C6B9AE9",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Vertical.CompanyLogo",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\base-track-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\08F6935A08DB711CA491DE732807CFAEAB3E4D3B",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\64E75C732D9C3F23724ACEF48E9B6C566BC6D9BE",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Stilvoll.CompanyLogo",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Internet Explorer.lnk",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\9843E084E02CC996A82AAAF091B968B2F443AA96",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Explorer.lnk",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-track-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\22C4B7AADA22F61015D43F2AC3959E959BFA7C92",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\FF55B8192FB0DF5264A1A67E55A281598969EDD1",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\B25B8C1B43CF7FBFAE6666322FAC0E83376388E2",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\24AB539CB6640E15DB1604220F3951544785212C",
"C:\\Program Files (x86)\\Mozilla Firefox\\lgpllibs.dll",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\505DF13F4DA2C53FEB1945E0598B23F47FDBDCC7",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\BA91797ACB41F0E0E1E95742571EEE322A6A70F0",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\webext.sc.lz4",
"C:\\Program Files (x86)\\Mozilla Firefox\\mozglue.dll",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\CCB2BB2D87699CA64DCF0C60BDECD1E30D1D6A11",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Windows Fax and Scan.lnk",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\773ADD9F62EEAF7F2246C8AD56A9F1B7BAA7B703",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\2E3648501A7ACB740BAFCE7FC3EAF3D4DC4E995D",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\9BA38CD17924C08AD334BFB3903E3E7CD5627B1B",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\2DDBF58F5F7BF1E52CD38B42B90ABC8A4B082461",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-block-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\mozplugin-block-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\E7EAFD1748127CEAA48DCDD05E7998E3CAA95B8C",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\C4FA0268E64A0AD9E2040B07A1F10F120BD4EB0C",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\EAF97F7535E2FBDA3D23E536591F7BBFE203FAC1",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Sektor.CompanyLogo",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D5D7B247774E63182A9E2C82B62424AAB64C79A8",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\745D8B14DE6A12F1FAB4E03C1DDDB18AADB91107",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\6E1FED29EBE0BFDE3E498E4192938BE957FF9246",
"C:\\Users\\Public\\Desktop\\desktop.ini",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\xulstore.json",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\A9004750076EB06EEC33AA7B9CC6D2557CD44CF4",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-malware-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\0CB83587A5F8FCB502CB86AC361A93E2B36E861C",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-phish-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\2F8B15C93D75669CC70EBF85BF71871359837EAF",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-unwanted-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\5014D54D3346C39B07AF70090657B2AD092771C7",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\C9BC79B1EF4DD1EF133FEDF6433E235214534AB1",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\search.json.mozlz4",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\10506E8A46D6B713DA6BAF52F85CF29652AB094C",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\19AE0F43DA3528C6C3423A49A8C88E2268C93A9F",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\A9970A5D52CA09C13D9BD1531BCA7CF8B73E283E",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\desktop.ini",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\A2FD2AEC52AD764EF05C6E7CE3A4CE4B752EA5F0",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\719CE0C009C49A27AA9874570F196BC7E8FB4270",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\except-flashsubdoc-digest256.sbstore",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\Desktop.ini",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\block-flash-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\6301F538B782708AB243E2D7E05058C93BB83863",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\DF08D94982E136FE7C4F2C94421F9E48C2C74A77",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\C664ABAE6A070392F60C7BFF721450AA0CF7DBA0",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Sail.CompanyLogo",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\B10EA6E071F884F477118DC8A00E82FC8DE58639",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\key4.db",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cert9.db",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-badbinurl-proto.metadata",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\thumbnails\\f8f5d529d35334f2fb264d19f656224e.png",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\E8F333B9BE75EC8017017DAE4ACE9DCC6677A983",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-block-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\1E1444ABF82EF1DC8EE0944028E4CDA455D636F3",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\05582FF5C196A4485F189490FEC9ECEA0890DA32",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\589D8E1EA927649272150213A47BD1143DECB82A",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\ED89A8241905354BB4530DC06257CEF53C1580A2",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Calculator.lnk",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-phish-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\BFF1B70350A6A2E0FDC6CD336ADB9119D951BACD",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-string-l1-1-0.dll",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-trackwhite-simple.pset",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Puzzle.CompanyLogo",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\66F684AF9CC570C6247262B47C769C601C2A338B",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\639DC9A240AA5E77CE1A930EDDD634BE796CBFA8",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\containers.json",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\prefs.js",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\ComplexSystem.CompanyLogo",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D1A8E6A06938A84BEC26B6A4F8D583FB4A3E4875",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\1D7A050D55E3C4EE69402F8D55391DE5B50ADDB9",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\pkcs11.txt",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\6C9B846926C287B15F67D64CE91F1CFA7D812660",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\except-flashallow-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\C57B57965CBA09581E320B5AA0337D210F8F93D2",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-phish-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-harmful-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\0CDAD0FEE8D457A239E21FCEAC3C12851FD524BB",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\CompanyLogoDesigner.exe",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\87526A8EBFB030E474085D20EF15DC8C63814072",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\times.json",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\E2E836DA4479746F0312710A7F9EE78D7DFD4750",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-trackwhite-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\2E51A9404F7D0D33DB132CAF4A9C7B8FA64549AA",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-unwanted-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\120B4106EC203FC932984367D86BBE11C2B9B93C",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\2361C75DF0C4148925BB777DAFEA1BF4F9552B47",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\E910D1FCE8BF27F5536B88567A4DC32624377CC3",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-block-simple.sbstore",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-locale-l1-1-0.dll",
"C:\\Users\\desktop.ini",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\65C9C9A27B78717F1015DE362F028E04C3945DEC",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4E83181E964BD40E1FE4C41BAFED645D4BA363B1",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\25D9FE4CEA5B58770648CDAF3242ACDE286A6CBF",
"C:\\Users\\cuck\\Pictures\\desktop.ini",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4AFCE23AA61A96885DF21D2DE2FFB502C41EBD3C",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\3561288849sdhlie.sqlite",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\1FD79E550E990A5DE8BC811C9BBECF380A66A9DF",
"C:\\Program Files (x86)\\Mozilla Firefox\\nss3.dll",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-malware-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\361B548BA913570AB336F9E5FA9152F01E567AB9",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\mozstd-trackwhite-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\base-track-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\F456E8433011E699C016D5F1A2CD66D7F02F61A1",
"C:\\Users\\Public\\Documents\\desktop.ini",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\63F48F4F7F1BC3195F5AB831F9794F3DBA2D30E1",
"C:\\Users\\Public\\Pictures\\desktop.ini",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\desktop.ini",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\favicons.sqlite",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4945586D32183A203E85FAFFD463A7684FD62668",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\LightDome.CompanyLogo",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\7F2254AA2A8BC4A627A43E0A537084540A1E884B",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\950506BC89C1114E4E75E993855000430CECD9D9",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\GeneticSuccess.CompanyLogo",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-track-simple.pset",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Feathers.CompanyLogo",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\1F3A3A34BAF218785600EB46E9182918B9928898",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4824C8FFDEE786A5D8721AF47836EA89F72B9E63",
"C:\\Users\\Public\\desktop.ini",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\startupCache.4.little",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\compatibility.ini",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\235A8ED310BFD65966E1EE36D0FD4BE498C8B73C",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Welcome Center.lnk",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\.metadata-v2",
"\\\\?\\PIPE\\samr",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\7ADD52E257AB16553D632B8F4B6830030878A19E",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-time-l1-1-0.dll",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\5E4954707B44E5A4B4ACF5F22B52219A1DCA477F",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\AA109EF5680522CB655C98111C00F5A6B7B092B2",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\1AB027184D2B00AF60C1FC40EDE4333DEACDB184",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\B597DA2E9B2D181DF7F2FB8D2BAEC133C8DBA0A3",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\C03DE41C9476F437402F1B6C64B0E4AB01A863E0",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\crashes\\store.json.mozlz4",
"C:\\Program Files (x86)\\Mozilla Firefox\\dependentlibs.list",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\webappsstore.sqlite",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\desktop.ini",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-trackwhite-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-malware-proto.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\block-flashsubdoc-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\BA3014356B4F6ECADF1B5288B6841EB407783B99",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\75E50D054B90189E74DAB0C86F5E8680BE580C29",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Snipping Tool.lnk",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\session-state.json",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\34D9B2F464DD8C129F58DFEE470B079556A7A3F9",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Pyramide.CompanyLogo",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\167493A5CFB1A41265EC1B95DA06580C32BCF814",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\activity-stream.tippytop.json",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\68B1EB9E09D4BD74CA7A9C1BB118BE821BD39E93",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\DC933A410E769DFD115C892EAF014A6E15ED59CE",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D172C03F361E7325D8F391F992106A828306767D",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\911B0C61350C012E383F7D0845A33B4D64F1AD2A",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D381FB47D731C2651FB103E2F7BC18AF380F7B1F",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Sticky Notes.lnk",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Swish.CompanyLogo",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\0FEBD8BDBFAC8B82791945DC7E04F675419B2F42",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\block-flash-digest256.pset",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-runtime-l1-1-0.dll",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Bookstore.CompanyLogo",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\7A140995F2B1632A4366B29F84525E129CE8019A",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-block-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\13AD07F4960A54F2D183ACF9E94C5128138B1927",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\8C98F893C7DC5F2C401AD1482A81572B54197408",
"C:\\Program Files (x86)\\Mozilla Firefox\\VCRUNTIME140.dll",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\10822A86FA4EA4E601152426CBC79395A1336DF4",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\481A82674A6B66F0DE510C9A714F8CD8C49CECDC",
"C:\\ProgramData\\Microsoft\\User Account Pictures\\user.bmp",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\5DE23E815D1A97B1F4BEA115D8FEE9A592A6F071",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\B3F357E619352C003E94A8CF5A48F89305F38330",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\6D0B804EDDF9F0A04ED44C3E1673404FC2EF042D",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\symbols.box",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4EC268BEC38CFB516EF780E0EBE4E401AF241132",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\796EA7DED8F33BFD4F2F0CD98C76865D063E1FE1",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Company Logo Designer\\Company Logo Designer.lnk",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Desktop.ini",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Paint.lnk",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D8779A474EF9F188508C00F92B9CE49A7892A0AD",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\allow-flashallow-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\32D3D40B1A49D72C523AF9C518AFE673224DF48F",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\AC09BBF6FF451E6C03BF3FB18C85B1A52662C4FC",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\0EDDF8C091E2FED62E44BEDDDC1723F5BF38FE4F",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D7152E928865BCA4A03E2E2EA4F70459D0A65CA9",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\except-flash-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-track-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\profiles.ini",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\3105ECE5A1F29E3F4D2F5EDF3C6DC5FE4443FD4A",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-harmful-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\93B95B92B63A5C2327A8048A4BF57824C56B8CF1",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Accent.CompanyLogo",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-track-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\9B1007AC2F741C4FD7099C41A741D0FD35957BB8",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4966EE335F8967FC706E89E6D02E8524E946F1B9",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\except-flashallow-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\196BCA845E91608F7B4CA6127A60D20AF55413AC",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\F8AC72083E334F70A553AE68455FBDF0E65C5221",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\E59C4C731883450D84A0BAE7FDD94546BBC8DE04",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D3AEF13BE0B76F1272C2F5536D4AF952DE6D2579",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-unwanted-simple.pset",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\desktop.ini",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\8366CD083751DA973B30F80B11D910A45A6D920D",
"C:\\Users\\cuck\\Desktop\\desktop.ini",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\6509930F4539DB79DA356F2C5D01976D46756302",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\8322BC5E83D3D80175E749D29197F9800286F253",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\2732BCC97E7EB9EC9DE3E8EA8F56D7971CBDCD22",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Firefox.lnk",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\except-flash-digest256.pset",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\Desktop.ini",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\3A472858AE5D0DD4813DF4EFC9F1037A487B1A64",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\B2D65EE14ED1EB19E1A3B4C871D8C24A13F52918",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\desktop.ini",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\7A8D3A9360CC37F0AD80962D4AEA72B6D0F0B2B3",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\OddManTheory.CompanyLogo",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\is-MNA02.tmp\\891abfbc1df80ee834d4790b35a3ad27723867dcfaa28deee423bf1ac3eab95b.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Spaceboxes.CompanyLogo",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-trackwhite-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\AC5E012C1887C7B691A8EA00C4E754025E25C235",
"C:\\Users\\Public\\Pictures\\Sample Pictures\\desktop.ini",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-malware-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\F2BD0701B9399ABF52C338C39C42391FD12832D2",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\01B2BB0FC84221A3593CA7991D57E56AC2CAE656",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\F10983A15DD515D828BE4E816299B9E87852132A",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\891abfbc1df80ee834d4790b35a3ad27723867dcfaa28deee423bf1ac3eab95b.bin",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-filesystem-l1-1-0.dll",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\B43D30F6F6BD7155ECCE1FFC98748C5FE69D8051",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-heap-l1-1-0.dll",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-unwanted-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\71E6B979E60B9BE891481CC4F4A274E2DECFFCD7",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\EA9C51236A8D1BE9B123FE65F49772A97F2EAAEC",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\EFC872FB5405AFC377348FFCDD26E62BBB612D81",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\499B8F86D3D7ACD12153BFF4E7D9C21E20E57862",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4DE8480C465A21C0F01AA2B6F4E13E551F78BBB1",
"C:\\Program Files (x86)\\desktop.ini",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\8763F97414AC5D93807FCCBC67DBAAAEE2972A52",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\F6C3C960F259CC3B54FF1DAD70E2F2E9E5020CA6",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D88DC229735F2EE8DFE494C6D1F37FA7BB2227CE",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\F85DD1E57E8C61DF501ABFFCE74943A8035E83A6",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\state.json",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\shield-preference-experiments.json",
"C:\\Program Files (x86)\\Mozilla Firefox\\msvcp140.dll",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\sessionstore.jsonlz4",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\006309EAFFD4653F45B69F09BF6F930B6C5B394C",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\63FFF734326AB3EF836515DFE9353A5E12B66B71",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\displayswitch.lnk",
"C:\\Windows\\System32\\ExplorerFrame.dll",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\54EF37D18C4E81EE554527CBAE4A41871ECA817A",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\extensions.json",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Globe.CompanyLogo",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\CA53C817FAB68ABF181745737562B15E8CCB7039",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-environment-l1-1-0.dll",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\2918063365piupsah.sqlite",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-unwanted-proto.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\A3031C2052A395A7FE246EFE1783C6205B841295",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\E600EF8778C4BFEC40D87FF56E5C46E3377094F0",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\desktop.ini",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\16114BA75206B6FA4C51ADC8A73DB4C6635F6AF9",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Rotated Comic.CompanyLogo",
"C:\\Windows\\System32\\spool\\drivers\\color\\sRGB Color Space Profile.icm",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\2F0CC71C57B06F9DEA5A4A190CC4CF489D97C1F4",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\mozstd-trackwhite-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\9B10ECC55593004CB6F9763CF9201C09433055FD",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\79AEB0050B19F23A061AD4C2045261954485EF33",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\WithLove.CompanyLogo",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\88A3A91F296EB21A832CB76FA4FDB06CCDE147B9",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\1679441B8AA7B4D31717C773CC4E86A25B37532B",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D56D07CBF04B0388B53B943F61C75FC6620FA0A9",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Tablet PC\\Desktop.ini",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\25FCAA86CF448D2943B56A5788C3C21E5EA8DBC4",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\places.sqlite",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-unwanted-proto.metadata",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage.sqlite",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\BB03D28C0A5842A9006EBFBFCDEC58959BE6B505",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\53B7A8254D12E292946E4514B3D598C1E6539AE8",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-stdio-l1-1-0.dll",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-convert-l1-1-0.dll",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\24C085D72E4DC34C183B0875733BBC71612D9696",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Windows PowerShell\\desktop.ini",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\723D2D7D52AD8AD9A4B8D12D69CBCD97CB4FFC65",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Floater.CompanyLogo",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\448A2AB129B26377E2408BBC44A6B4E984B0F25D",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Seal.CompanyLogo",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-malware-simple.pset",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\symbols.dat",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\70F12FE0F788181112B9AEE541D1E9E7E0FAEDE3",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\block-flashsubdoc-digest256.sbstore",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Desktop.ini",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\thumbnails\\ad5a4453bea49203135688a7b8db842d.png",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\ABA24AAB8A9EA0E34C3E86EFD7EE2992CE614003"
],
"regkey_read": [
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\0A191B45599EEB74CA305184EA3C2A94\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\LocalizedName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{905E63B6-C1BF-494E-B29C-65B732D3D21A}\\Name",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries\\000000000003\\ProviderId",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\DataStore_V1.0\\DataFilePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3D644C9B-1FB8-4F30-9B45-F670235F79C0}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}\\{28636AA6-953D-11D2-B5D6-00C04FD918D0} 34",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\Roamable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.bmp\\BrowseInPlace",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{E44E5D18-0652-4508-A4E2-8A090067BCB0}\\SortOrderIndex",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.lnk\\BrowseInPlace",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\PnpLockdownFiles\\%SystemDrive%\\Program Files (x86)\\CompanyLogoDesigner\\cld.gif",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\InfoTip",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StartPage2\\ProgramsCacheSMP",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2559A1F1-21D7-11D4-BDAF-00C04F60B9F0}\\ShellFolder\\NoFileFolderJunction",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Tracing\\firefox_RASAPI32\\EnableConsoleTracing",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\image\\ThumbnailCutoff",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\PnpLockdownFiles\\%SystemDrive%\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Sail.CompanyLogo",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\AccListViewV6",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\PnpLockdownFiles\\%SystemDrive%\\Program Files (x86)\\CompanyLogoDesigner\\cld-readme.htm",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Licenses\\{I6AE2E3CF39AF8F6C}",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\Zvpebfbsg.NhgbTrarengrq.{NN198O3P-PQ8P-7QR1-98Q1-O460S637193O}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{00021401-0000-0000-C000-000000000046}\\DisableProcessIsolation",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{645FF040-5081-101B-9F08-00AA002F954E}\\LocalizedString",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\PnpLockdownFiles\\%SystemDrive%\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Accent.CompanyLogo",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\ParsingName",
"HKEY_CURRENT_USER\\.pdf\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\ParsingName",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowMyMusic_ShouldShow",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.exe\\Content Type",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\StartMenuFavorites",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{905E63B6-C1BF-494E-B29C-65B732D3D21A}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StartPage\\FavoritesRemovedChanges",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.scr\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\LocalizedName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\Security",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StartPage\\StartPanel_FadeDelay",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\DocObject",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowMyDocs_ShouldShow",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\\cevagznantrzrag.zfp",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.prf\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\InfoTip",
"HKEY_CURRENT_USER\\.htm\\(Default)",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\Zvpebfbsg.Jvaqbjf.TrggvatFgnegrq",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\F356843B045CC0A4BA0D83C1D85AAAFD\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\App Paths\\firefox.exe\\PATH",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.bmp\\AlwaysShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WindowsUpdate\\Auto Update\\UAS\\UpdateCount",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\PublishExpandedPath",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Npprffbevrf\\Flfgrz Gbbyf\\qsethv.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\103857F24A2EDA54A800A41FA570861F\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\RegisteredOrganization",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace\\DelegateFolders\\{9113A02D-00A3-46B9-BC5F-9C04DADDD5D7}\\SuppressionPolicy",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\Security",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{EEA0C191-DDA8-4656-8FC4-72BDEDBA8A78}\\OverrideFileSystemProperties\\System.FileName",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoStartMenuMyMusic",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\MapNetDrvBtn",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\95E2C34402A93A14FA8CB3420B85375C\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\PnpLockdownFiles\\%SystemDrive%\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Rotated Comic.CompanyLogo",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StartPage\\StartPanel_TopMatch",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\InfoTip",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Npprffbevrf\\Pnyphyngbe.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\PnpLockdownFiles\\%SystemDrive%\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Slim.CompanyLogo",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2559A1F1-21D7-11D4-BDAF-00C04F60B9F0}\\ShellFolder\\HideFolderVerbs",
"HKEY_CURRENT_USER\\Local Settings\\MuiCache\\2\\52C64B7E\\@C:\\Windows\\system32\\SnippingTool.exe,-15051",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\en",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\WantsFORPARSING",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\ShowTypeOverlay",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\HideFileExt",
"HKEY_CURRENT_USER\\FirefoxHTML-E7CF176E110C211B\\shell\\open\\command\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\IsShortcut",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Nqzvavfgengvir Gbbyf\\Jvaqbjf CbjreFuryy Zbqhyrf.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{00BB2763-6A77-11D0-A535-00C04FD7D062}\\InProcServer32\\(Default)",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Favorites",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries\\000000000002\\StoresServiceClassInfo",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{905E63B6-C1BF-494E-B29C-65B732D3D21A}\\Security",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\PropertySystem\\PropertyHandlers\\.library-ms\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\SESSION MANAGER\\PendingFileRenameOperations2",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\9BA984AD4F03E284382FFBB7A68BEE27\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3D644C9B-1FB8-4F30-9B45-F670235F79C0}\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\Roamable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\image\\BrowseInPlace",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\MUI\\UILanguages\\en-US\\Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\PnpLockdownFiles\\%SystemDrive%\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Nice Feathers.CompanyLogo",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Paint.Picture\\AlwaysShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\Security",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\Interface\\{027947E1-D731-11CE-A357-000000000001}\\ProxyStubClsid32\\(Default)",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\ListviewShadow",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoWebView",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\StreamResource",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\My Pictures",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_AutoCascade",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\PnpLockdownFiles\\%SystemDrive%\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Puzzle.CompanyLogo",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{S38OS404-1Q43-42S2-9305-67QR0O28SP23}\\rkcybere.rkr",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.lnk\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2559A1F2-21D7-11D4-BDAF-00C04F60B9F0}\\SortOrderIndex",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\17E23EF6C775D324DB90E0E2B7D1CA72\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\4626147D107665540A84D43A5908E74D\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Fvqrone.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\7C0477DE66D1A6749864FCE02A6DCB6C\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\4486F7CE8F022FB4EB0154C5226C27A0\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\\qsethv.rkr",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\PnpLockdownFiles\\%SystemDrive%\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Rotated.CompanyLogo",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{ED228FDF-9EA8-4870-83B1-96B02CFE0D52}\\SortOrderIndex",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\Icon",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries\\000000000005\\ProviderInfo",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\9D22CD4619F5DBC499A083AAD70FE7B3\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\PnpLockdownFiles\\%SystemDrive%\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Spacy.CompanyLogo",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\Description",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3D644C9B-1FB8-4F30-9B45-F670235F79C0}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\002F6EFFA8A0A40498F3035BD153685A\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{031E4825-7B94-4DC3-B131-E946B44C8DD5}\\SortOrderIndex",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\LDAP\\UseOldHostResolutionOrder",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{6Q809377-6NS0-444O-8957-N3773S02200R}\\Pbzzba Svyrf\\Zvpebfbsg Funerq\\Vax\\zvc.rkr",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\717591555BCB1604BA9777E8A55D0E41\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\search\\shell\\open\\command\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\Description",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\\bqopnq32.rkr",
"HKEY_CURRENT_USER\\Local Settings\\MuiCache\\2\\52C64B7E\\@C:\\Windows\\system32\\displayswitch.exe,-320",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\Security",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\Icon",
"HKEY_CURRENT_USER\\FirefoxURL-E7CF176E110C211B\\shell\\open\\command\\(Default)",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\R7PS176R110P211O",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\safer\\codeidentifiers\\ExecutableTypes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.grp\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\\{28636AA6-953D-11D2-B5D6-00C04FD918D0} 34",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\PnpLockdownFiles\\%SystemDrive%\\Program Files (x86)\\CompanyLogoDesigner\\CompanyLogoDesigner.exe",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Locale\\00000409",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\3C68656E520593A45925ADFB41F821B5\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\\SuppressionPolicy",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\000000000002\\PackedCatalogItem",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\text\\NeverShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\LocalizedName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2559A1F1-21D7-11D4-BDAF-00C04F60B9F0}\\DefaultIcon\\(Default)",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Npprffbevrf\\Jbeqcnq.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\FolderTypeID",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Zrqvn Pragre.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\HideDesktopIcons\\NewStartPanel\\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\Security",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3D644C9B-1FB8-4F30-9B45-F670235F79C0}\\LocalRedirectOnly",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\PnpLockdownFiles\\%SystemDrive%\\Program Files (x86)\\CompanyLogoDesigner\\Extras\\Mail1.htm",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.JSE\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowMyMusic",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\LocalRedirectOnly",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\{645FF040-5081-101B-9F08-00AA002F954E}\\SuppressionPolicy",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\PublishExpandedPath",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\\erpqvfp.rkr",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\HomeGroup\\UIStatusCache\\UIStatus",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\inifile\\DocObject",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\DefaultIcon\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\CE5B971A0DBB8FD4F83AE0DADC348104\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Tcpip\\Parameters\\Hostname",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\PnpLockdownFiles\\%SystemDrive%\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\CutInRect.CompanyLogo",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\863CA21BBA4DFCE489FDF96EAB898616\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\LocalRedirectOnly",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\PnpLockdownFiles\\%SystemDrive%\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\GeneticSuccess.CompanyLogo",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\AccessProviders\\MartaExtension",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Nqzvavfgengvir Gbbyf\\Rirag Ivrjre.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\InfoTip",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Npprffbevrf\\Gnoyrg CP\\GnoGvc.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\HideDesktopIcons\\NewStartPanel\\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries\\000000000005\\Enabled",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowNetPlaces",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\PnpLockdownFiles\\%SystemDrive%\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\SimpleMolecule.CompanyLogo",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries\\000000000002\\AddressFamily",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Mozilla\\Firefox\\32to64DidMigrate\\C:\\Program Files (x86)\\Mozilla Firefox",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\958C4A0DE6C8D5C428C6E9D875BC33B6\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\\System.HideOnDesktop",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Licenses\\{R7C0DB872A3F777C0}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\NeverShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{14074E0B-7216-4862-96E6-53CADA442A56}\\UseInProcHandlerCache",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\Stream",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{905E63B6-C1BF-494E-B29C-65B732D3D21A}\\Stream",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\Security",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\Description",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3D644C9B-1FB8-4F30-9B45-F670235F79C0}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.msp\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\image\\DocObject",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\PreCreate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\Roamable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\ParsingName",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowNetPlaces_ShouldShow",
"HKEY_CURRENT_USER\\FirefoxHTML-E7CF176E110C211B\\NoStaticDefaultVerb",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\StreamResource",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\Zvpebfbsg.NhgbTrarengrq.{P1P6S8NP-40N3-0S5P-146S-65N9QP70OOO4}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\PropertySystem\\PropertyHandlers\\.png\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\PreCreate",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowMyDocs",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\Stream",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\Security",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.exe\\BrowseInPlace",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\Security",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\StreamResourceType",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Npprffbevrf\\Flap Pragre.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1685D4AB-A51B-4AF1-A4E5-CEE87002431D}\\InProcServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\Stream",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\Roamable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.sct\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\PreCreate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoInternetIcon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\5B04950B5EC5C924B8F428B5484A2720\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\LibraryFolder\\DocObject",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Paint.Picture\\DefaultIcon\\(Default)",
"HKEY_CURRENT_USER\\Local Settings\\MuiCache\\2\\52C64B7E\\@C:\\Windows\\explorer.exe,-7021",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowControlPanel_ShouldShow",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\Category",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Npprffbevrf\\Zngu Vachg Cnary.yax",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Npprffbevrf\\Npprffvovyvgl\\Fcrrpu Erpbtavgvba.yax",
"HKEY_LOCAL_MACHINE\\HARDWARE\\DESCRIPTION\\System\\CentralProcessor\\0\\Identifier",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\User Shell Folders\\{3D644C9B-1FB8-4F30-9B45-F670235F79C0}",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Npprffbevrf\\Jvaqbjf CbjreFuryy\\Jvaqbjf CbjreFuryy VFR.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{14074E0B-7216-4862-96E6-53CADA442A56}\\InProcServer32\\LoadWithoutCOM",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\FBEAAA6C37E8AF24B87AAEA0047433BD\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\{daf95313-e44d-46af-be1b-cbacea2c3065}\\SuppressionPolicy",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Clguba 2.7\\Clguba (pbzznaq yvar).yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowVideos",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\crypt32\\DebugHeapFlags",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Nqzvavfgengvir Gbbyf\\Cresbeznapr Zbavgbe.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\image\\TypeOverLay",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoSMMyDocs",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\Stream",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2559A1F1-21D7-11D4-BDAF-00C04F60B9F0}\\ShellFolder\\WantsFORDISPLAY",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\Category",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\\bfx.rkr",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\PnpLockdownFiles\\%SystemDrive%\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Spaceboxes.CompanyLogo",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries\\000000000003\\StoresServiceClassInfo",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\PublishExpandedPath",
"HKEY_CURRENT_USER\\FirefoxHTML-E7CF176E110C211B\\shell\\open\\NeverDefault",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries\\000000000001\\AddressFamily",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_TrackProgs",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\Zvpebfbsg.NhgbTrarengrq.{7SR8Q22N-SO1Q-N8OR-01R3-6P8693961R6R}",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{6Q809377-6NS0-444O-8957-N3773S02200R}\\Pbzzba Svyrf\\Zvpebfbsg Funerq\\Vax\\FuncrPbyyrpgbe.rkr",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_LargeMFUIcons",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\PnpLockdownFiles\\%SystemDrive%\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\LightDome.CompanyLogo",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowMyComputer",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Tracing\\firefox_RASAPI32\\MaxFileSize",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\Description",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\StreamResourceType",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowMyComputer",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\\qvfcynlfjvgpu.rkr",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\{F3F5824C-AD58-4728-AF59-A1EBE3392799}\\SuppressionPolicy",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\Security",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\CallForAttributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\PnpLockdownFiles\\%SystemDrive%\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Extrem.CompanyLogo",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{905E63B6-C1BF-494E-B29C-65B732D3D21A}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\SYSTEM\\Setup\\Upgrade",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\Zvpebfbsg.NhgbTrarengrq.{P804OON7-SN5S-POS7-8O55-2096R5S972PO}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\text\\BrowseInPlace",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\Stream",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Npprffbevrf\\Jvaqbjf CbjreFuryy\\Jvaqbjf CbjreFuryy (k86).yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.cpl\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{905E63B6-C1BF-494E-B29C-65B732D3D21A}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{EEA0C191-DDA8-4656-8FC4-72BDEDBA8A78}\\OverrideFileSystemProperties\\System.Kind",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowDownloads",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{EEA0C191-DDA8-4656-8FC4-72BDEDBA8A78}\\NoOplock",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\\kcfepuij.rkr",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\Description",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\2FA90A429E82313489DAA2E2C2F0872C\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{N77S5Q77-2R2O-44P3-N6N2-NON601054N51}\\Npprffbevrf\\Pbzznaq Cebzcg.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\HasNavigationEnum",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\User Shell Folders\\CommonPictures",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{EEA0C191-DDA8-4656-8FC4-72BDEDBA8A78}\\OverrideFileSystemProperties\\System.ItemFolderNameDisplay",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\Roamable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Tracing\\firefox_RASAPI32\\EnableFileTracing",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\\aneengbe.rkr",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Clguba 2.7\\Zbqhyr Qbpf.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\Roamable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\000000000006\\PackedCatalogItem",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\LocalizedName",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowPrinters",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.wsc\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A4A1A128-768F-41E0-BF75-E4FDDD701CBA}\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\335F6F64CD461D9469519574D34757EB\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\LocalizedName",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Shell Folders\\Cache",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{EEA0C191-DDA8-4656-8FC4-72BDEDBA8A78}\\OverrideFileSystemProperties\\System.ItemPathDisplayNarrow",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\F41A458014D57E54E8DBD0B0CBC361A2\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{645FF040-5081-101B-9F08-00AA002F954E}\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\lnkfile\\shellex\\IconHandler\\(Default)",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\NoNetCrawling",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane13",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\\LocalizedName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{645FF040-5081-101B-9F08-00AA002F954E}\\{28636AA6-953D-11D2-B5D6-00C04FD918D0} 34",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\ForceRunOnStartMenu",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\7814D91294731FF4DBBB840810BEB3BB\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane16",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\Description",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\\SuppressionPolicy",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\pngfile\\IsShortcut",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\Security",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane10",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane11",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane12",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\LocalRedirectOnly",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane14",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane15",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\DWM\\AccentColor",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowRun_ShouldShow",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries\\000000000006\\Enabled",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.cmd\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Paint.Picture\\DocObject",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2559A1F1-21D7-11D4-BDAF-00C04F60B9F0}\\ShellFolder\\RestrictedAttributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\8D0CBB37A94C46943A90AC5008CF1CC9\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowHomegroup",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\Description",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\\Stream",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontSubstitutes\\Segoe UI",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\System.HideOnDesktop",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\HomeGroup\\UIStatusCache\\OnlyMember",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowMyPics",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowRecordedTV",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\BrowseInPlace",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\Roamable",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowMyComputer_ShouldShow",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Npprffbevrf\\ArgjbexCebwrpgvba.yax",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{Q65231O0-O2S1-4857-N4PR-N8R7P6RN7Q27}\\JvaqbjfCbjreFuryy\\i1.0\\CbjreFuryy_VFR.rkr",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\PnpLockdownFiles\\%SystemDrive%\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Raster.CompanyLogo",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\Public",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\E116C831A95AB5B4787CE3086FE83631\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\8D38A6F5FC8262149A9FAAE8C621EE3F\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Unknown\\AlwaysShowExt",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries\\000000000005\\DisplayString",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StartPage\\StartPanel_FadeOut",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\User Shell Folders\\Common Startup",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\Security",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\PublishExpandedPath",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_NotifyNewApps",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\Category",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Serial_Access_Num",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\Description",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Nqzvavfgengvir Gbbyf\\freivprf.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1F3427C8-5C10-4210-AA03-2EE45287D668}\\InProcServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\Security",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Clguba 2.7\\VQYR (Clguba THV).yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2559A1F1-21D7-11D4-BDAF-00C04F60B9F0}\\ShellFolder\\HideInWebView",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\AE5A0040C41ACA642AF6DB16F4D2F638\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_SortByName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\LocalRedirectOnly",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowUser_ShouldShow",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3D644C9B-1FB8-4F30-9B45-F670235F79C0}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}\\Description",
"HKEY_CURRENT_USER\\FirefoxHTML-E7CF176E110C211B\\shell\\open\\SetWorkingDirectoryFromTarget",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}\\InfoTip",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Nqzvavfgengvir Gbbyf\\Zrzbel Qvntabfgvpf Gbby.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\Description",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\LocalRedirectOnly",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\image\\AlwaysShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\lnkfile\\NeverShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{E44E5D18-0652-4508-A4E2-8A090067BCB0}\\DefaultIcon\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\Stream",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Npprffbevrf\\Flfgrz Gbbyf\\Flfgrz Vasbezngvba.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\Description",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{00021401-0000-0000-C000-000000000046}\\UseInProcHandlerCache",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\GRE_Initialize\\DisableMetaFiles",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\PnpLockdownFiles\\%SystemDrive%\\Program Files (x86)\\CompanyLogoDesigner\\symbols.dat",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\RelativePath",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Sversbk.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\\SortOrderIndex",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\\zfpbasvt.rkr",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Hidden",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowRun",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Jvaqbjf QIQ Znxre.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\CB2182A03B6B11341A1F09A021991CE1\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StartPage\\StartPanel_FadeDelay",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Mozilla\\MaintenanceService\\Installed",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowPrinters_ShouldShow",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries\\000000000005\\ProviderId",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Unknown\\NeverShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\RestrictRun",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\11E2BA15171FE704B98E7505E58D7749\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AutoComplete\\Client\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\PnpLockdownFiles\\%SystemDrive%\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Stylish Rect.CompanyLogo",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\MMDevices\\Audio\\Render\\{c8ce7349-e519-42ea-bfb7-698f1844ee25}\\Protocol",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\Roamable",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries\\000000000001\\ProviderId",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\75B368B60C908BA4E87C31F66B02F3F0\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.WSH\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\67C12EF40671B7342A2F990919031A57\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\90860AAA7BD3DE34EB32330DD29CAD62\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_PowerButtonAction",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\\rhqprqvg.rkr",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Npprffbevrf\\Erzbgr Qrfxgbc Pbaarpgvba.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{C90250F3-4D7D-4991-9B69-A5C5BC1C2AE6}\\InProcServer32\\ThreadingModel",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2559A1F1-21D7-11D4-BDAF-00C04F60B9F0}\\ShellFolder\\UseDropHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoSetFolders",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\ParsingName",
"HKEY_LOCAL_MACHINE\\HARDWARE\\DESCRIPTION\\System\\SystemBiosVersion",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3D644C9B-1FB8-4F30-9B45-F670235F79C0}\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\DisableImprovedZoneCheck",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\Description",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\LibraryFolder\\NeverShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\Stream",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\PreCreate",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\\zntavsl.rkr",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\PnpLockdownFiles\\%SystemDrive%\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Radioactive.CompanyLogo",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\AlwaysShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}\\System.HideOnDesktop",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\InitFolderHandler",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{6Q809377-6NS0-444O-8957-N3773S02200R}\\QIQ Znxre\\QIQZnxre.rkr",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Next_Catalog_Entry_ID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\InstallDate",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries\\000000000006\\LibraryPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\PnpLockdownFiles\\%SystemDrive%\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Butterfly.CompanyLogo",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\WantsAliasedNotifications",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_NotifyNewApps",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\LibraryFolder\\BrowseInPlace",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Taskband\\FavoritesChanges",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries\\000000000003\\LibraryPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\285499F23409ED14FB4A01230F5DFA91\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\PnpLockdownFiles\\%SystemDrive%\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Diagonal.CompanyLogo",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}\\System.DateModified",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}\\Security",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\A7E9995902A24964C9C5D461E1C86F19\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{EEA0C191-DDA8-4656-8FC4-72BDEDBA8A78}\\OverrideFileSystemProperties\\System.ItemFolderPathDisplayNarrow",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\\InprocServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\PnpLockdownFiles\\%SystemDrive%\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\OddManTheory.CompanyLogo",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowNetConn_ShouldShow",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Video\\{6FABAC3A-B3E4-4C2F-82E9-AA53D01C5093}\\0000\\InstalledDisplayDrivers",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Security",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\InitFolderHandler",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\\DefaultIcon\\OpenIcon",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\DontPrettyPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\62293D511DB84E5489074C5AFA18E882\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\\DefaultIcon\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\PnpLockdownFiles\\%SystemDrive%\\Program Files (x86)\\CompanyLogoDesigner\\Extras\\Logo.jpg",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{7P5N40RS-N0SO-4OSP-874N-P0S2R0O9SN8R}\\PbzcnalYbtbQrfvtare\\PbzcnalYbtbQrfvtare.rkr",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\PnpLockdownFiles\\%SystemDrive%\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Fireball.CompanyLogo",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\image\\Treatment",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\Description",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\LocalRedirectOnly",
"HKEY_CURRENT_USER\\Local Settings\\MuiCache\\2\\52C64B7E\\@C:\\Windows\\system32\\unregmp2.exe,-4",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\en-US",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\search\\shell\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}\\System.HideOnDesktop",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.inf\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3D644C9B-1FB8-4F30-9B45-F670235F79C0}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\LocalizedName",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{N77S5Q77-2R2O-44P3-N6N2-NON601054N51}\\Vagrearg Rkcybere (64-ovg).yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{905E63B6-C1BF-494E-B29C-65B732D3D21A}\\LocalRedirectOnly",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\Zvpebfbsg.Jvaqbjf.ZrqvnCynlre32",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3D644C9B-1FB8-4F30-9B45-F670235F79C0}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries\\000000000006\\AddressFamily",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.js\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoNetHood",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\Roamable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{905E63B6-C1BF-494E-B29C-65B732D3D21A}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\RelativePath",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{9R3995NO-1S9P-4S13-O827-48O24O6P7174}\\GnfxOne\\Jvaqbjf Rkcybere.yax",
"HKEY_CURRENT_USER\\Keyboard Layout\\Preload\\1",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\8ECC347096FA78C4E8291F449F71E16E\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ICM\\RegisteredProfiles\\sRGB",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\DataStore_V1.0\\Disable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32\\InprocServer32",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\PnpLockdownFiles\\%SystemDrive%\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Exotic.CompanyLogo",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\PreCreate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\LibraryFolder\\shellex\\LibraryDescriptionHandler\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\SeparateProcess",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Npprffbevrf\\Gnoyrg CP\\Jvaqbjf Wbheany.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\ProfilesDirectory",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\Description",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries\\000000000001\\ProviderInfo",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\SortOrderIndex",
"HKEY_CURRENT_USER\\Control Panel\\International\\Geo\\Nation",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\895805CC90C04694887EF6BD140A622D\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries\\000000000002\\Version",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\MMDevices\\Audio\\Render\\{c8ce7349-e519-42ea-bfb7-698f1844ee25}\\DeviceState",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\89BBBC8A0D32B014696C4BA3C20CDD34\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2559A1F1-21D7-11D4-BDAF-00C04F60B9F0}\\ShellFolder\\QueryForInfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\ParentFolder",
"HKEY_CURRENT_USER\\Local Settings\\MuiCache\\2\\52C64B7E\\@C:\\Windows\\system32\\DeviceCenter.dll,-1000",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\StreamResourceType",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\ListviewAlphaSelect",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{F3F5824C-AD58-4728-AF59-A1EBE3392799}\\SortOrderIndex",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{0000897b-83df-4b96-be07-0fb58b01c4a4}\\LanguageProfile\\0x00000000\\{0001bea3-ed56-483d-a2e2-aeae25577436}\\Enable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\F05C8358C56DAD54BB81D0A11DD52F41\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Paint.Picture\\TypeOverLay",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\PnpLockdownFiles\\%SystemDrive%\\Program Files (x86)\\CompanyLogoDesigner\\unins000.exe",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\DocObject",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_TrackProgs",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{C90250F3-4D7D-4991-9B69-A5C5BC1C2AE6}\\InProcServer32\\InprocServer32",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\000000000010\\PackedCatalogItem",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\App Paths\\firefox.exe\\AppendPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\RestrictedAttributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\NeverShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\ParsingName",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\\efgehv.rkr",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\PnpLockdownFiles\\%SystemDrive%\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Feathers.CompanyLogo",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\PnpLockdownFiles\\%SystemDrive%\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Globe.CompanyLogo",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\Security",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{645FF040-5081-101B-9F08-00AA002F954E}\\DefaultIcon\\OpenIcon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2559A1F1-21D7-11D4-BDAF-00C04F60B9F0}\\ShellFolder\\WantsUniversalDelegate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoStartMenuMyGames",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.library-ms\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\9753E3A35E3BDFB468DF95B5D19C8A04\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{645FF040-5081-101B-9F08-00AA002F954E}\\System.HideOnDesktop",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\LocalRedirectOnly",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\Roamable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\InitFolderHandler",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\Zvpebfbsg.NhgbTrarengrq.{Q4N262QQ-PR44-Q105-S36O-9Q77N8PO65N4}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\NoFileFolderJunction",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\000000000008\\PackedCatalogItem",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.lnk\\Content Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{EEA0C191-DDA8-4656-8FC4-72BDEDBA8A78}\\OverrideFileSystemProperties\\System.ItemFolderPathDisplay",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_AutoCascade",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.msc\\(Default)",
"HKEY_LOCAL_MACHINE\\HARDWARE\\DESCRIPTION\\System\\CentralProcessor\\0\\~Mhz",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{905E63B6-C1BF-494E-B29C-65B732D3D21A}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.png\\(Default)",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Jvaqbjf Zrqvn Cynlre.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\4514EC211C8947C4B9BA24F353AFFD50\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\Category",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Cached\\{1F3427C8-5C10-4210-AA03-2EE45287D668} {000214E6-0000-0000-C000-000000000046} 0xFFFF",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{26EE0668-A00A-44D7-9371-BEB064C98683}\\{28636AA6-953D-11D2-B5D6-00C04FD918D0} 34",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\Attributes",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\My Music",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\LocalRedirectOnly",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\My Video",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\A0256FF64030E0746A4AA95D3FFD0BE4\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\\LocalRedirectOnly",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.htm\\DocObject",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\{e345f35f-9397-435c-8f95-4e922c26259e}\\SuppressionPolicy",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\BrowseInPlace",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.com\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\image\\IsShortcut",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\\zboflap.rkr",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\Roamable",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\P:\\Clguba27\\clguba.rkr",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\Stream",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\D725CB8E57307E64EB574E04214D8B5F\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}\\{B725F130-47EF-101A-A5F1-02608C9EEBAC} 14",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Npprffbevrf\\Flfgrz Gbbyf\\Punenpgre Znc.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.lnk\\AlwaysShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Tracing\\firefox_RASAPI32\\FileDirectory",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Startup",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\Security",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\LocalizedName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows Media Foundation\\Platform\\FreeWppTrace",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\LocalRedirectOnly",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\IsShortcut",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoPropertiesRecycleBin",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoPropertiesMyComputer",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\{59031a47-3f72-44a7-89c5-5595fe6b30ee}\\SuppressionPolicy",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum\\{E44E5D18-0652-4508-A4E2-8A090067BCB0}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\PropertySystem\\PropertyHandlers\\.bmp\\(Default)",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_AdminToolsRoot_ShouldShow",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries\\000000000001\\SupportedNameSpace",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\AutoComplete\\Client\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries\\000000000005\\Version",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShellState",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\\Icon",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Znvagranapr\\Perngr Erpbirel Qvfp.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\LocalizedName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.bmp\\Treatment",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2559A1F1-21D7-11D4-BDAF-00C04F60B9F0}\\DefaultIcon\\OpenIcon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\LocalizedName",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\DefaultIcon\\OpenIcon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\lnkfile\\IsShortcut",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\PreCreate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A38B883C-1682-497E-97B0-0A3A9E801682}\\UseOutOfProcHandlerCache",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Drive\\shellex\\FolderExtensions\\{fbeb8a05-beee-4442-804e-409d6c4515e9}\\DriveMask",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{3f5cc1b6-70f9-11e8-b07b-806e6f6e6963}\\Generation",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\LocalizedName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoControlPanel",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2559A1F1-21D7-11D4-BDAF-00C04F60B9F0}\\ShellFolder\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2559A1F1-21D7-11D4-BDAF-00C04F60B9F0}\\ShellFolder\\HasNavigationEnum",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\LocalRedirectOnly",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\Stream",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\ProgramFilesDir",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\LocalRedirectOnly",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.pif\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\B06071FE021ECB04E8B3BF1E39AD5BB3\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\User Shell Folders\\Common Desktop",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\84BBAC70FB00B6046881B55CB3122F0F\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowUser",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowControlPanel",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowRun",
"HKEY_LOCAL_MACHINE\\HARDWARE\\DESCRIPTION\\System\\CentralProcessor\\0\\Update Signature",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Npprffbevrf\\Fgvpxl Abgrf.yax",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StartPage2\\ProgramsCacheTBP",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Num_Catalog_Entries",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DontShowSuperHidden",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries\\000000000002\\Enabled",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\Roamable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\LocalizedName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3D644C9B-1FB8-4F30-9B45-F670235F79C0}\\Description",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries\\000000000004\\ProviderId",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\000000000003\\PackedCatalogItem",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\\ArgCebw.rkr",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\MapNetDriveVerbs",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.library-ms\\PerceivedType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\QueryForInfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\Icon",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{N77S5Q77-2R2O-44P3-N6N2-NON601054N51}\\Npprffbevrf\\Abgrcnq.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}\\SuppressionPolicy",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Roamable",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Local AppData",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.VBE\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A38B883C-1682-497E-97B0-0A3A9E801682}\\DisableProcessIsolation",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\PnpLockdownFiles\\%SystemDrive%\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Rotated2.CompanyLogo",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\Zvpebfbsg.Jvaqbjf.ErzbgrQrfxgbc",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{905E63B6-C1BF-494E-B29C-65B732D3D21A}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\Attributes",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Npprffbevrf\\Fbhaq Erpbeqre.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{450D8FBA-AD25-11D0-98A8-0800361B1103}\\SortOrderIndex",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Unknown\\BrowseInPlace",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries\\000000000006\\SupportedNameSpace",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\9F5ED6B416EF0A1448D94799D0FF20BA\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\04C56B5D827A9194FA2CBFD014EAD0DA\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\HideFolderVerbs",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoNetCrawling",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{E345F35F-9397-435C-8F95-4E922C26259E}\\SortOrderIndex",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E96E-E325-11CE-BFC1-08002BE10318}\\0000\\ProfileEnumMode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{00021401-0000-0000-C000-000000000046}\\NoOplock",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Npprffbevrf\\Favccvat Gbby.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\PnpLockdownFiles\\%SystemDrive%\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Pyramide.CompanyLogo",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries\\000000000005\\SupportedNameSpace",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\MMDevices\\Audio\\Render\\{6fcf1fb3-47c2-4dea-98cf-b6fd0420a46f}\\DeviceState",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\InitFolderHandler",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\(Default)",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\\FbhaqErpbeqre.rkr",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\\zvtjvm\\cbfgzvt.rkr",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowNetPlaces",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Nqzvavfgengvir Gbbyf\\Cevag Znantrzrag.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\92F9143E715DEF045A539256438E41FB\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\RelativePath",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\EnableBalloonTips",
"HKEY_CURRENT_USER\\Local Settings\\MuiCache\\2\\52C64B7E\\@C:\\Windows\\System32\\ie4uinit.exe,-734",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\PreCreate",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{N77S5Q77-2R2O-44P3-N6N2-NON601054N51}\\Npprffbevrf\\Npprffvovyvgl\\Zntavsl.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\Interface\\{9556DC99-828C-11CF-A37E-00AA003240C7}\\ProxyStubClsid32\\(Default)",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{6Q809377-6NS0-444O-8957-N3773S02200R}\\Jvaqbjf Wbheany\\Wbheany.rkr",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries\\000000000004\\DisplayString",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.png\\Content Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\F591EF48DE97A00428A5BC1AFFFAA868\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\Category",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\000000000007\\PackedCatalogItem",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\pngfile\\AlwaysShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\{ED228FDF-9EA8-4870-83b1-96b02CFE0D52}\\SuppressionPolicy",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\Roamable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\PreCreate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\LocalizedName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\87C48B95924E3294FBC1766C9225DD0C\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\LocalizedName",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\ShowSuperHidden",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\B1D5EA6004F809D48B117CE563261011\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\PnpLockdownFiles\\%SystemDrive%\\Program Files (x86)\\CompanyLogoDesigner\\Extras\\Brief1.rtf",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\Roamable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{905E63B6-C1BF-494E-B29C-65B732D3D21A}\\LocalizedName",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\\zfvasb32.rkr",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\PreCreate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\AutoComplete\\Always Use Tab",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\LocalizedName",
"HKEY_CURRENT_USER\\Keyboard Layout\\Toggle\\Hotkey",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\LocalizedName",
"HKEY_CURRENT_USER\\FirefoxHTML-E7CF176E110C211B\\shell\\open\\command\\DelegateExecute",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\\ZqFpurq.rkr",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\LibraryFolder\\CLSID\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\16AC40BE991DF1643B2800729063B2F9\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoUserFolderInStartMenu",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Description",
"HKEY_CURRENT_USER\\Local Settings\\MuiCache\\2\\52C64B7E\\@C:\\Windows\\system32\\OobeFldr.dll,-33056",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.exe\\DocObject",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\Description",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}\\LocalizedName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\safer\\codeidentifiers\\TransparentEnabled",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\LocalizedName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows NT\\CurrentVersion\\Windows\\LoadAppInit_DLLs",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{C90250F3-4D7D-4991-9B69-A5C5BC1C2AE6}\\InProcServer32\\(Default)",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Nqzvavfgengvir Gbbyf\\vFPFV Vavgvngbe.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\DontLoadAuthUIInExplorer",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\HideDesktopIcons\\NewStartPanel\\{645FF040-5081-101B-9F08-00AA002F954E}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\Roamable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowHelp",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\ClassicShell",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ICM\\RegisteredProfiles\\camp",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{905E63B6-C1BF-494E-B29C-65B732D3D21A}\\Roamable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\WantsParseDisplayName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.vbs\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\PnpLockdownFiles\\%SystemDrive%\\Program Files (x86)\\CompanyLogoDesigner\\Extras\\Mail2.htm",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Unknown\\DocObject",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\IconsOnly",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\Security",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\HideOnDesktopPerUser",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowDownloads",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\0FD387D006FD9734FA65B249F36DE42A\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\Name",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries\\000000000003\\Version",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ProgramFilesDir",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\Zvpebfbsg.NhgbTrarengrq.{OO044OSQ-25O7-2SNN-22N8-6371N93R0456}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\FFFA6DF7EA9EDFC45A1F02FE6DF8F067\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E968-E325-11CE-BFC1-08002BE10318}\\0000\\DriverDate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{9343812E-1C37-4A49-A12E-4B2D810D956B}\\SortOrderIndex",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}\\LocalRedirectOnly",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.bmp\\IsShortcut",
"HKEY_CURRENT_USER\\Control Panel\\Desktop\\PreferredUILanguages",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\Stream",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries\\000000000002\\ProviderId",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\Icon",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowVideos",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\LocalRedirectOnly",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries\\000000000003\\SupportedNameSpace",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.lnk\\ShellEx\\{000214F9-0000-0000-C000-000000000046}\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\EEF8AA9EB45B5DB4BBE46B8634C910CD\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Npprffbevrf\\Flfgrz Gbbyf\\Jvaqbjf Rnfl Genafsre.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\PreCreate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.bmp\\TypeOverLay",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries\\000000000003\\Enabled",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\LibraryFolder\\shellex\\IconHandler\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries\\000000000006\\ProviderId",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\Security",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2559A1F1-21D7-11D4-BDAF-00C04F60B9F0}\\LocalizedString",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\Description",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries\\000000000002\\LibraryPath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries\\000000000004\\Enabled",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.asp\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Mozilla\\MaintenanceService\\Attempted",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Paint.Picture\\Treatment",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\PreCreate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{905E63B6-C1BF-494E-B29C-65B732D3D21A}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2559A1F1-21D7-11D4-BDAF-00C04F60B9F0}\\ShellFolder\\CallForAttributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\Security",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\Security",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.scf\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{905E63B6-C1BF-494E-B29C-65B732D3D21A}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Language\\InstallLanguageFallback",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\LocalRedirectOnly",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Pbzcnal Ybtb Qrfvtare\\Pbzcnal Ybtb Qrfvtare.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\IsShortcut",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.bmp\\DocObject",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\PnpLockdownFiles\\%SystemDrive%\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\CoolEnding.CompanyLogo",
"HKEY_CURRENT_USER\\Local Settings\\MuiCache\\2\\52C64B7E\\@C:\\Windows\\system32\\XpsRchVw.exe,-102",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\5B5C8B2FB95B57147954C18085D53ACE\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries\\000000000001\\Enabled",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\BrowseInPlace",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\DocObject",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.exe\\NeverShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\pngfile\\BrowseInPlace",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\\pbzrkc.zfp",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoRecentDocsMenu",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\PnpLockdownFiles\\%SystemDrive%\\Program Files (x86)\\CompanyLogoDesigner\\Extras\\page2.htm",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries\\000000000002\\SupportedNameSpace",
"HKEY_CURRENT_USER\\FirefoxHTML-E7CF176E110C211B\\IsShortcut",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\PnpLockdownFiles\\%SystemDrive%\\Program Files (x86)\\CompanyLogoDesigner\\symbols.box",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\HideDesktopIcons\\NewStartPanel\\{031E4825-7B94-4DC3-B131-E946B44C8DD5}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.png\\NeverShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\CF65AB832507EDB4BB357F9D8E0431BD\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.hlp\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\E85E64F0A7FC58E47A87E5AB98A6F2DD\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\StartMenuFavorites",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.png\\IsShortcut",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\8D04063BE69797D4D8505462827A0D19\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{905E63B6-C1BF-494E-B29C-65B732D3D21A}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Num_Catalog_Entries",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Tcpip\\Parameters\\Domain",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Znvagranapr\\Erzbgr Nffvfgnapr.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\Stream",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\LocalizedName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries\\000000000001\\StoresServiceClassInfo",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\text\\IsShortcut",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoCommonGroups",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\Attributes",
"HKEY_LOCAL_MACHINE\\HARDWARE\\DESCRIPTION\\System\\CentralProcessor\\0\\VendorIdentifier",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\1E82F31DC0D05AA4CB291B7BAA23FC8E\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoSMHelp",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries\\000000000006\\DisplayString",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Paint.Picture\\ThumbnailCutoff",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StartPage\\StartPanel_FadeOut",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\0411990C889EE9B47BB0B5D356564877\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\LocalRedirectOnly",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\LocalizedName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\D3541DFF9B79C584284E8981624C04CB\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\7BF7ABF4D25C03F4582D4BC3082FB208\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\8691BCC36FF121849A90B085BFAF5E5E\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\search\\shell\\open\\NeverDefault",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StartPage2\\FavoritesChanges",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\PnpLockdownFiles\\%SystemDrive%\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Shockwave.CompanyLogo",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\{450D8FBA-AD25-11D0-98A8-0800361B1103}\\SuppressionPolicy",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\\FavccvatGbby.rkr",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoFavoritesMenu",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\AllowFileCLSIDJunctions",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_LargeMFUIcons",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2559A1F1-21D7-11D4-BDAF-00C04F60B9F0}\\ShellFolder\\HideOnDesktopPerUser",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\PreCreate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{645FF040-5081-101B-9F08-00AA002F954E}\\{B725F130-47EF-101A-A5F1-02608C9EEBAC} 13",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{645FF040-5081-101B-9F08-00AA002F954E}\\{B725F130-47EF-101A-A5F1-02608C9EEBAC} 14",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\LibraryFolder\\IsShortcut",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\PreCreate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowRecordedTV",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Taskband\\FavoritesRemovedChanges",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\LanmanWorkstation\\Parameters\\RpcCacheTimeout",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1F3427C8-5C10-4210-AA03-2EE45287D668}\\InProcServer32\\LoadWithoutCOM",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\inifile\\NeverShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\LocalRedirectOnly",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace\\DelegateFolders\\{b155bdf8-02f0-451e-9a26-ae317cfd7779}\\SuppressionPolicy",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoChangeStartMenu",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\ParentFolder",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\Zvpebfbsg.NhgbTrarengrq.{15067OP1-P5N8-425R-37P6-SN0O891674S9}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Security",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\HideDesktopIcons\\NewStartPanel\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\Stream",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\UseDefaultTile",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowRecentDocs_ShouldShow",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Search\\Preferences\\WriteLog",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\DevicePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\{89D83576-6BD1-4c86-9454-BEB04E94C819}\\SuppressionPolicy",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2559A1F1-21D7-11D4-BDAF-00C04F60B9F0}\\ShellFolder\\WantsAliasedNotifications",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E968-E325-11CE-BFC1-08002BE10318}\\0000\\DriverVersion",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{EEA0C191-DDA8-4656-8FC4-72BDEDBA8A78}\\OverrideFileSystemProperties\\System.IsPinnedToNameSpaceTree",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\89DF671CDA74E9D4EB10275B10D5CF3F\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\\zfcnvag.rkr",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\\JvaqbjfCbjreFuryy\\i1.0\\cbjrefuryy.rkr",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{645FF040-5081-101B-9F08-00AA002F954E}\\System.FileAttributes",
"HKEY_CURRENT_USER\\Control Panel\\Desktop\\SmoothScroll",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\Roamable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\PnpLockdownFiles\\%SystemDrive%\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Rollercoaster.CompanyLogo",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{9R3995NO-1S9P-4S13-O827-48O24O6P7174}\\GnfxOne\\Jvaqbjf Zrqvn Cynlre.yax",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Jvaqbjf Nalgvzr Hctenqr.yax",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries\\000000000006\\StoresServiceClassInfo",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{N77S5Q77-2R2O-44P3-N6N2-NON601054N51}\\Vagrearg Rkcybere.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\PnpLockdownFiles\\%SystemDrive%\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\60er.CompanyLogo",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\Security",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\BrowseInPlace",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\Stream",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\Name",
"HKEY_CURRENT_USER\\Local Settings\\MuiCache\\2\\52C64B7E\\@C:\\Windows\\system32\\SNTSearch.dll,-505",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\MMDevices\\Audio\\Render\\{c8ce7349-e519-42ea-bfb7-698f1844ee25}\\Properties\\{5a9125b7-f367-4924-ace2-0803a4a3a471},0",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\9DD74C0626DC33C479C1929714AB5295\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\InheritConsoleHandles",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\PnpLockdownFiles\\%SystemDrive%\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Deception.CompanyLogo",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{84BA9C75-6C22-4590-9BDC-5584EADE039E}\\ProxyStubClsid32\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\PreCreate",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\DefaultIcon\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries\\000000000005\\LibraryPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{C90250F3-4D7D-4991-9B69-A5C5BC1C2AE6}\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries\\000000000004\\LibraryPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\LocalizedName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\NeverShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\pngfile\\CLSID\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{905E63B6-C1BF-494E-B29C-65B732D3D21A}\\Attributes",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Video\\{6FABAC3A-B3E4-4C2F-82E9-AA53D01C5093}\\0000\\HardwareInformation.qwMemorySize",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\PnpLockdownFiles\\%SystemDrive%\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Simpel.CompanyLogo",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\AlwaysShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowRecentDocs",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Tracing\\firefox_RASAPI32\\ConsoleTracingMask",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{98D99750-0B8A-4C59-9151-589053683D73}\\SortOrderIndex",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Npprffbevrf\\Flfgrz Gbbyf\\Erfbhepr Zbavgbe.yax",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries\\000000000004\\ProviderInfo",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\Description",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowUser",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\\Roamable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries\\000000000003\\AddressFamily",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\LocalizedName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\Name",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{9R3995NO-1S9P-4S13-O827-48O24O6P7174}\\GnfxOne\\Vagrearg Rkcybere.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\PnpLockdownFiles\\%SystemDrive%\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Floater.CompanyLogo",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\lnkfile\\BrowseInPlace",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowSetProgramAccessAndDefaults_ShouldShow",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\PreCreate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\PinToNameSpaceTree",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\LocalRedirectOnly",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\PnpLockdownFiles\\%SystemDrive%\\Program Files (x86)\\CompanyLogoDesigner\\border.gif",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\LocalizedName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\Stream",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\User Shell Folders\\CommonMusic",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{FE5AFCF2-E681-4ADA-9703-EF39B8ECB9BF}\\UseOutOfProcHandlerCache",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\InitFolderHandler",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowHelp_ShouldShow",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A38B883C-1682-497E-97B0-0A3A9E801682}\\NoOplock",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\{28636AA6-953D-11D2-B5D6-00C04FD918D0} 34",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\GlobalAssocChangedCounter",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.htm\\UserChoice\\Progid",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\000000000009\\PackedCatalogItem",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Paint.Picture\\IsShortcut",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\InitFolderHandler",
"HKEY_CURRENT_USER\\FirefoxHTML-E7CF176E110C211B\\AlwaysShowExt",
"HKEY_CURRENT_USER\\FirefoxHTML-E7CF176E110C211B\\BrowseInPlace",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StartPage\\StartPanel_FadeIn",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{EEA0C191-DDA8-4656-8FC4-72BDEDBA8A78}\\UseOutOfProcHandlerCache",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\Description",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\ShowCompColor",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\PreCreate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}\\{28636AA6-953D-11D2-B5D6-00C04FD918D0} 34",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.library-ms\\Content Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{031E4825-7B94-4DC3-B131-E946B44C8DD5}\\System.HideOnDesktop",
"HKEY_CURRENT_USER\\FirefoxHTML-E7CF176E110C211B\\EditFlags",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\LocalRedirectOnly",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\text\\DocObject",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\Zvpebfbsg.VagreargRkcybere.64Ovg",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\inifile\\BrowseInPlace",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\000000000004\\PackedCatalogItem",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StartPage2\\FavoritesRemovedChanges",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}\\SortOrderIndex",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Licenses\\{06AE2E3CF39AF8F6C}",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{9R3995NO-1S9P-4S13-O827-48O24O6P7174}\\GnfxOne\\Sversbk.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\Security",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\3D197E722531D614AB40C182904D9A31\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\LibraryFolder\\AlwaysShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries\\000000000002\\DisplayString",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\Description",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace\\DelegateFolders\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\LocalizedName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\Description",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane8",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane9",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane6",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane7",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane4",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane2",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane3",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane1",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_EnableDragDrop",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\Security",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\PublishExpandedPath",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{Q65231O0-O2S1-4857-N4PR-N8R7P6RN7Q27}\\JvaqbjfCbjreFuryy\\i1.0\\cbjrefuryy.rkr",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\PnpLockdownFiles\\%SystemDrive%\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Vertical.CompanyLogo",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\PreCreate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\Name",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Ws2_32NumHandleBuckets",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\pngfile\\NeverShowExt",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\MUI\\StringCacheSettings\\StringCacheGeneration",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\\JS.zfp",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{6Q809377-6NS0-444O-8957-N3773S02200R}\\Pbzzba Svyrf\\Zvpebfbsg Funerq\\Vax\\GnoGvc.rkr",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\LocalizedName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A4A1A128-768F-41E0-BF75-E4FDDD701CBA}\\InProcServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\PnpLockdownFiles\\%SystemDrive%\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Biotech.CompanyLogo",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\63B1AF366905AF641BA514CCBAE803C4\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\Stream",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries\\000000000001\\Version",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\PreCreate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowControlPanel",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3D644C9B-1FB8-4F30-9B45-F670235F79C0}\\Roamable",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{3f5cc1b5-70f9-11e8-b07b-806e6f6e6963}\\Generation",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{14074E0B-7216-4862-96E6-53CADA442A56}\\InProcServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\HARDWARE\\DESCRIPTION\\System\\SystemBiosDate",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Video\\{6FABAC3A-B3E4-4C2F-82E9-AA53D01C5093}\\0000\\HardwareInformation.MemorySize",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\\JSF.rkr",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.bmp\\NeverShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\PnpLockdownFiles\\%SystemDrive%\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Rays.CompanyLogo",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\040E2A370D6DB2F45AE45A0032BC2179\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\PreCreate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\LocalizedName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\Description",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\E40FDF839772BEB41AC977860DBB4853\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Tracing\\firefox_RASMANCS\\FileDirectory",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowMyPics",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\Roamable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\84C584688CFC74A4E9D36E5EE2E02FA7\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\LocalRedirectOnly",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\RelativePath",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{3f5cc1b6-70f9-11e8-b07b-806e6f6e6963}\\Data",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\Stream",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\Security",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\Security",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Paint.Picture\\CLSID\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\\PreCreate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\LocalizedName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\PublishExpandedPath",
"HKEY_CURRENT_USER\\FirefoxHTML-E7CF176E110C211B\\shell\\open\\ddeexec\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\StreamResource",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\Zvpebfbsg.NhgbTrarengrq.{53123611-QN37-S8QN-SNP9-03R76QO9Q64Q}",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Nqzvavfgengvir Gbbyf\\Flfgrz Pbasvthengvba.yax",
"HKEY_CURRENT_USER\\Local Settings\\MuiCache\\2\\52C64B7E\\@C:\\Windows\\system32\\mstsc.exe,-4000",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\InfoTip",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Programs",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\Stream",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\Description",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries\\000000000004\\AddressFamily",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{59D6F31B-FA6B-4FBA-8AF3-197FF140C714}\\ProxyStubClsid32\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{E44E5D18-0652-4508-A4E2-8A090067BCB0}\\DefaultIcon\\OpenIcon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\RegisteredOwner",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\PreCreate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\HideInWebView",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowPrinters",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\LocalRedirectOnly",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowSetProgramAccessAndDefaults",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries\\000000000005\\AddressFamily",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\PnpLockdownFiles\\%SystemDrive%\\Program Files (x86)\\CompanyLogoDesigner\\Extras\\page1.htm",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Shell\\Associations\\UrlAssociations\\http\\UserChoice\\Progid",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\LocalRedirectOnly",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\PreCreate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\System.NamespaceCLSID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\C1EF68F348457B246A0AD0C18B3079AF\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.gadget\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3D644C9B-1FB8-4F30-9B45-F670235F79C0}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\4FE19F224928A59468049F045950CB08\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\669C9DC1419C0F240B35B36B99AAB50C\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\pngfile\\DocObject",
"HKEY_CURRENT_USER\\FirefoxHTML-E7CF176E110C211B\\shell\\open\\NoWorkingDirectory",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\NameSpace_Callout",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\\{28636AA6-953D-11D2-B5D6-00C04FD918D0} 34",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\Stream",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\AppData",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries\\000000000001\\DisplayString",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\000000000005\\PackedCatalogItem",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\{031E4825-7B94-4dc3-B131-E946B44C8DD5}\\SuppressionPolicy",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\ThumbnailCutoff",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\PnpLockdownFiles\\%SystemDrive%\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Swish.CompanyLogo",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.ini\\PerceivedType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.bmp\\ThumbnailCutoff",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Stream",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2559A1F1-21D7-11D4-BDAF-00C04F60B9F0}\\ShellFolder\\WantsFORPARSING",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\Zvpebfbsg.NhgbTrarengrq.{8NOQ94SO-R7Q6-84N6-N997-P918RQQR0NR5}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\LDAP\\UseHostnameAsAlias",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\PnpLockdownFiles\\%SystemDrive%\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Bookstore.CompanyLogo",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\Interface\\{618736E0-3C3D-11CF-810C-00AA00389B71}\\ProxyStubClsid32\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Tracing\\firefox_RASMANCS\\EnableFileTracing",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowMyGames",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3D644C9B-1FB8-4F30-9B45-F670235F79C0}\\LocalizedName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3D644C9B-1FB8-4F30-9B45-F670235F79C0}\\Stream",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\B690B72A999998C47B5F93C94A8D43B2\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\WantsUniversalDelegate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\QueryForOverlay",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_PowerButtonAction",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\Description",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\5E3DAE67887931944BCD7171908FA775\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}\\ParentFolder",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowVideos_ShouldShow",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\\JvaqbjfCbjreFuryy\\i1.0\\CbjreFuryy_VFR.rkr",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{N77S5Q77-2R2O-44P3-N6N2-NON601054N51}\\Npprffbevrf\\Npprffvovyvgl\\Aneengbe.yax",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\000000000001\\PackedCatalogItem",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Paint.Picture\\BrowseInPlace",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3D644C9B-1FB8-4F30-9B45-F670235F79C0}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\HideDesktopIcons\\NewStartPanel\\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\InfoTip",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{6Q809377-6NS0-444O-8957-N3773S02200R}\\Jvaqbjf AG\\Npprffbevrf\\jbeqcnq.rkr",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\LDAP\\LdapClientIntegrity",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoSMMyPictures",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\Stream",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\\zfen.rkr",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Products\\586A8930D8DF3B6489614C37910BFCF5\\Features\\TclTk",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}\\DefaultIcon\\OpenIcon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\LocalRedirectOnly",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\PnpLockdownFiles\\%SystemDrive%\\Program Files (x86)\\CompanyLogoDesigner\\Extras\\Brief3.rtf",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\\pyrnazte.rkr",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\MUI\\UILanguages\\en-US\\AlternateCodePage",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\RelativePath",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowRecentDocs",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\text\\AlwaysShowExt",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{N77S5Q77-2R2O-44P3-N6N2-NON601054N51}\\Npprffbevrf\\Npprffvovyvgl\\Ba-Fperra Xrlobneq.yax",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\FolderTypeID",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Npprffbevrf\\Jrypbzr Pragre.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.png\\AlwaysShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3D644C9B-1FB8-4F30-9B45-F670235F79C0}\\PreCreate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\Roamable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\AD21E12039BB3BC47B1938BC4ABDFEE2\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3D644C9B-1FB8-4F30-9B45-F670235F79C0}\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\18F5DB38C45303843B06B1B5025E4820\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\BE0BD5097A638224EB0DAAE870267F03\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowHomegroup",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\\InprocServer32\\InprocServer32",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\Security",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{4336A54D-038B-4685-AB02-99BB52D3FB8B}\\SortOrderIndex",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\MMDevices\\Audio\\Render\\{6fcf1fb3-47c2-4dea-98cf-b6fd0420a46f}\\Protocol",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Tracing\\firefox_RASMANCS\\MaxFileSize",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\CDBF699A8F2EAC2438564C3D50E9E638\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Security_HKLM_only",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\Icon",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_SearchFiles",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.lnk\\DocObject",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\\vfpfvpcy.rkr",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\MMDevices\\Audio\\Render\\{c8ce7349-e519-42ea-bfb7-698f1844ee25}\\Role:1",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{EEA0C191-DDA8-4656-8FC4-72BDEDBA8A78}\\UseInProcHandlerCache",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\{26EE0668-A00A-44D7-9371-BEB064C98683}\\SuppressionPolicy",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\1C1ED53B8F25FD248955C15232E46886\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\\zvtjvm\\zvtjvm.rkr",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\30FAECE2400494D4FB69207288EB5B73\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A8A91A66-3A7D-4424-8D24-04E180695C7A}\\DefaultIcon\\OpenIcon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\Security",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SQMClient\\Windows\\CEIPEnable",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E96E-E325-11CE-BFC1-08002BE10318}\\0000\\ICMProfile",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\RFC1156Agent\\CurrentVersion\\Parameters\\TrapPollTimeMilliSecs",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Description",
"HKEY_CURRENT_USER\\Local Settings\\MuiCache\\2\\52C64B7E\\@\"%windir%\\System32\\ie4uinit.exe\",-732",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\Roamable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\StreamResourceType",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Personal",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.reg\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Serial_Access_Num",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A4A1A128-768F-41E0-BF75-E4FDDD701CBA}\\InProcServer32\\ThreadingModel",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2559A1F1-21D7-11D4-BDAF-00C04F60B9F0}\\ShellFolder\\QueryForOverlay",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-699399860-4089948139-3198924279-1001\\ProfileImagePath",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\Zvpebfbsg.VagreargRkcybere.Qrsnhyg",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\RelativePath",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Npprffbevrf\\Gnoyrg CP\\FuncrPbyyrpgbe.yax",
"HKEY_CURRENT_USER\\.htm\\Content Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{E44E5D18-0652-4508-A4E2-8A090067BCB0}\\LocalizedString",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Cryptography\\RNG\\Seed",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Nqzvavfgengvir Gbbyf\\Jvaqbjf Sverjnyy jvgu Nqinaprq Frphevgl.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\inifile\\AlwaysShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.bmp\\Content Type",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries\\000000000003\\DisplayString",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.png\\BrowseInPlace",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{645FF040-5081-101B-9F08-00AA002F954E}\\DefaultIcon\\(Default)",
"HKEY_CURRENT_USER\\Local Settings\\MuiCache\\2\\52C64B7E\\@C:\\Windows\\system32\\FXSRESM.dll,-114",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.cer\\(Default)",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\HideIcons",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.bat\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\\System.HideOnDesktop",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\AutoCheckSelect",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\Stream",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Stream",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Cached\\{14074E0B-7216-4862-96E6-53CADA442A56} {000214FA-0000-0000-C000-000000000046} 0xFFFF",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\B4BBDDC88CEE4DD439E8BB261CE222A8\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\Zvpebfbsg.Jvaqbjf.FgvpxlAbgrf",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_AdminToolsRoot",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2559A1F1-21D7-11D4-BDAF-00C04F60B9F0}\\ShellFolder\\WantsParseDisplayName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2559A1F1-21D7-11D4-BDAF-00C04F60B9F0}\\ShellFolder\\PinToNameSpaceTree",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\App Paths\\firefox.exe\\UseShortName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.htm\\IsShortcut",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\IsShortcut",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\EMPTY",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.bmp\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\CommonFilesDir",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\Security",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\lnkfile\\AlwaysShowExt",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Jvaqbjf Snk naq Fpna.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.exe\\IsShortcut",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\{BD7A2E7B-21CB-41b2-A086-B309680C6B7E}\\SuppressionPolicy",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\Stream",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{14074E0B-7216-4862-96E6-53CADA442A56}\\NoOplock",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\FE056816E41FD2F4CACD03E7A2CA2E6E\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\Description",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries\\000000000006\\ProviderInfo",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowSetProgramAccessAndDefaults",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{03022430-ABC4-11D0-BDE2-00AA001A1953}\\InProcServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{DAF95313-E44D-46AF-BE1B-CBACEA2C3065}\\SortOrderIndex",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\Name",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\WebView",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\CommonFilesDir",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2559A1F1-21D7-11D4-BDAF-00C04F60B9F0}\\ShellFolder\\MapNetDriveVerbs",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\StreamResourceType",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\\freivprf.zfp",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\PnpLockdownFiles\\%SystemDrive%\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Overlap.CompanyLogo",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\GlobalAssocChangedCounter",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\PnpLockdownFiles\\%SystemDrive%\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Seal.CompanyLogo",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\7FEB01D34D0F67E4F9CD810B432C1B91\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\FF9FDEA72CD9DDC47A6DAB85F9F76B81\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\LocalRedirectOnly",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Npprffbevrf\\Flfgrz Gbbyf\\Qvfx Pyrnahc.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\296744B7EBFEB2741A47781AE6E32269\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Licenses\\{K7C0DB872A3F777C0}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\Attributes",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{N77S5Q77-2R2O-44P3-N6N2-NON601054N51}\\Npprffbevrf\\Jvaqbjf Rkcybere.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.chm\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.hta\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Tracing\\firefox_RASMANCS\\FileTracingMask",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\PnpLockdownFiles\\%SystemDrive%\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\StripeMayhem.CompanyLogo",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\7636A94AA21EDBB48B6AFFB17E5907B8\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{3f5cc1b5-70f9-11e8-b07b-806e6f6e6963}\\Data",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\{98D99750-0B8A-4c59-9151-589053683D73}\\SuppressionPolicy",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\Zvpebfbsg.NhgbTrarengrq.{OQ3S924R-55SO-N1ON-9QR6-O50S9S2460NP}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\5E429E5BC27530F4786481EC687D9EC9\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_CURRENT_USER\\FirefoxHTML-E7CF176E110C211B\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\Description",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.exe\\AlwaysShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\Description",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\image\\NeverShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Unknown\\IsShortcut",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\\pnyp.rkr",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Npprffbevrf\\Jvaqbjf CbjreFuryy\\Jvaqbjf CbjreFuryy VFR (k86).yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\Interface\\{D4781CD6-E5D3-44DF-AD94-930EFE48A887}\\ProxyStubClsid32\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{EEA0C191-DDA8-4656-8FC4-72BDEDBA8A78}\\OverrideFileSystemProperties\\System.ItemNameDisplay",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\Roamable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Products\\586A8930D8DF3B6489614C37910BFCF5\\Features\\DefaultFeature",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\PreCreate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_MinMFU",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{N77S5Q77-2R2O-44P3-N6N2-NON601054N51}\\Npprffbevrf\\Flfgrz Gbbyf\\Cevingr Punenpgre Rqvgbe.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\LocalizedName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\Roamable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.WSF\\(Default)",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\Setup\\SystemSetupInProgress",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{031E4825-7B94-4DC3-B131-E946B44C8DD5}\\{28636AA6-953D-11D2-B5D6-00C04FD918D0} 34",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Keyboard Layout\\d0010409",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries\\000000000004\\Version",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.ini\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\PnpLockdownFiles\\%SystemDrive%\\Program Files (x86)\\CompanyLogoDesigner\\Extras\\Mail3.htm",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\SourcePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\LocalRedirectOnly",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowRecordedTV_ShouldShow",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\StreamResource",
"HKEY_CURRENT_USER\\FirefoxHTML-E7CF176E110C211B\\shell\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A38B883C-1682-497E-97B0-0A3A9E801682}\\UseInProcHandlerCache",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_MinMFU",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\search\\NoStaticDefaultVerb",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\Roamable",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Current_Protocol_Catalog",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\LocalRedirectOnly",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Features\\586A8930D8DF3B6489614C37910BFCF5\\DefaultFeature",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\4FE462B32EFD81040A184ED17E00452B\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}\\SortOrderIndex",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\inifile\\IsShortcut",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\Security",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\KCF Ivrjre.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\PreCreate",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\en",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\PnpLockdownFiles\\%SystemDrive%\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\ComplexSystem.CompanyLogo",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}\\PreCreate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\8020CF43278B2644190F51544810251E\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\KindMap\\.bmp",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}\\Icon",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowDownloads_ShouldShow",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{14074E0B-7216-4862-96E6-53CADA442A56}\\UseOutOfProcHandlerCache",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\C4040CC509FB0DC4886F590DDF6B6132\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3D644C9B-1FB8-4F30-9B45-F670235F79C0}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\{11016101-E366-4D22-BC06-4ADA335C892B}\\SuppressionPolicy",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{26EE0668-A00A-44D7-9371-BEB064C98683}\\System.HideOnDesktop",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\PnpLockdownFiles\\%SystemDrive%\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Circle.CompanyLogo",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\0EF52818FCE3E7B488427C1F8266654E\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\HideDesktopIcons\\NewStartPanel\\{59031A47-3F72-44A7-89C5-5595FE6B30EE}",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_SortByName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\pngfile\\DefaultIcon\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace\\DelegateFolders\\{35786D3C-B075-49b9-88DD-029876E11C01}\\SuppressionPolicy",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{374DE290-123F-4565-9164-39C4925E467B}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\0F4DC93AAA8AD1D448BC4E6A207F4FE0\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A4A1A128-768F-41E0-BF75-E4FDDD701CBA}\\InProcServer32\\InprocServer32",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{00021401-0000-0000-C000-000000000046}\\EnableShareDenyNone",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\Description",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\PnpLockdownFiles\\%SystemDrive%\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\GreenTriangle.CompanyLogo",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\Stream",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Desktop",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\Roamable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{FE5AFCF2-E681-4ADA-9703-EF39B8ECB9BF}\\DisableProcessIsolation",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Tracing\\firefox_RASMANCS\\EnableConsoleTracing",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{905E63B6-C1BF-494E-B29C-65B732D3D21A}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.URL\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\PreCreate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\LocalizedName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\LocalRedirectOnly",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.msi\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A8A91A66-3A7D-4424-8D24-04E180695C7A}\\LocalizedString",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Icon",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Nqzvavfgengvir Gbbyf\\Qngn Fbheprf (BQOP).yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\315C767EFC72D8445B1D2D16F72653F0\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\MMDevices\\Audio\\Render\\{c8ce7349-e519-42ea-bfb7-698f1844ee25}\\Properties\\{f3e80bef-1723-4ff2-bcc4-7f83dc5e46d4},3",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\{28636AA6-953D-11D2-B5D6-00C04FD918D0} 6",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Paint.Picture\\NeverShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3D644C9B-1FB8-4F30-9B45-F670235F79C0}\\Security",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows NT\\CurrentVersion\\Windows\\AppInit_DLLs",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries\\000000000001\\LibraryPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Tracing\\firefox_RASAPI32\\FileTracingMask",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{89D83576-6BD1-4C86-9454-BEB04E94C819}\\SortOrderIndex",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ICM\\RegisteredProfiles\\ri",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{FE5AFCF2-E681-4ADA-9703-EF39B8ECB9BF}\\NoOplock",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\PreCreate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\Roamable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace\\DelegateFolders\\SuppressionPolicy",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries\\000000000004\\StoresServiceClassInfo",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\Security",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\Category",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowMyMusic",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\LocalRedirectOnly",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\1A0857155A8EF604FA5D1648CF382DC7\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\PnpLockdownFiles\\%SystemDrive%\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Sektor.CompanyLogo",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ICM\\RegisteredProfiles\\rip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\{8FD8B88D-30E1-4F25-AC2B-553D3D65F0EA}\\SuppressionPolicy",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries\\000000000006\\Version",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoNetworkConnections",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Nqzvavfgengvir Gbbyf\\Pbzcbarag Freivprf.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\SuppressionPolicy",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Tracing\\firefox_RASMANCS\\ConsoleTracingMask",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries\\000000000002\\ProviderInfo",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{56784854-C6CB-462B-8169-88E350ACB882}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A8A91A66-3A7D-4424-8D24-04E180695C7A}\\SortOrderIndex",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows Search\\SystemIndexNormalization",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\Name",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.html\\UserChoice\\Progid",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\Icon",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Nqzvavfgengvir Gbbyf\\Gnfx Fpurqhyre.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\RelativePath",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Filter",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\{9343812e-1c37-4a49-a12e-4b2d810d956b}\\SuppressionPolicy",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\WantsFORDISPLAY",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\CTF\\EnableAnchorContext",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{905E63B6-C1BF-494E-B29C-65B732D3D21A}\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Mozilla\\Firefox\\TaskBarIDs\\C:\\Program Files (x86)\\Mozilla Firefox",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.ini\\Content Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\\InprocServer32\\ThreadingModel",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3D644C9B-1FB8-4F30-9B45-F670235F79C0}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\LocalRedirectOnly",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\\pzq.rkr",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\User Shell Folders\\CommonVideo",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Npprffbevrf\\Cnvag.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.crt\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\lnkfile\\CLSID\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowNetConn",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\User Shell Folders\\Common Documents",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries\\000000000003\\ProviderInfo",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\LocalRedirectOnly",
"HKEY_CURRENT_USER\\Keyboard Layout\\Toggle\\Layout Hotkey",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.htm\\NeverShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}\\SuppressionPolicy",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\53F08364FFD17F14B8FD7CA7F52FAE76\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\\JvaqbjfNalgvzrHctenqrHV.rkr",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\UseDropHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.htm\\AlwaysShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\PreCreate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\Category",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Npprffbevrf\\Flfgrz Gbbyf\\Flfgrz Erfgber.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\Roamable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.bas\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoStartMenuMorePrograms",
"HKEY_CURRENT_USER\\FirefoxHTML-E7CF176E110C211B\\NeverShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\PreCreate",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowNetConn",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\\puneznc.rkr",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\Interface\\{423EC01E-2E35-11D2-B604-00104B703EFD}\\ProxyStubClsid32\\(Default)",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowMyPics_ShouldShow",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{FE5AFCF2-E681-4ADA-9703-EF39B8ECB9BF}\\UseInProcHandlerCache",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\InitFolderHandler",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowHelp",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\\abgrcnq.rkr",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StartPage\\StartMenu_Balloon_Time",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\Description",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\034A8F8E06031EF46BCB4C10469098E5\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.pl\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\Category",
"HKEY_CURRENT_USER\\FirefoxHTML-E7CF176E110C211B\\shell\\open\\command\\command",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum\\{2559A1F1-21D7-11D4-BDAF-00C04F60B9F0}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\TurnOffSPIAnimations",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.png\\DocObject",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Name",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\UseDoubleClickTimer",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1685D4AB-A51B-4AF1-A4E5-CEE87002431D}\\InProcServer32\\LoadWithoutCOM",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{EEA0C191-DDA8-4656-8FC4-72BDEDBA8A78}\\OverrideFileSystemProperties\\System.SFGAOFlags",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Roamable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A8A91A66-3A7D-4424-8D24-04E180695C7A}\\DefaultIcon\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\PnpLockdownFiles\\%SystemDrive%\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\CutOff.CompanyLogo",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{905E63B6-C1BF-494E-B29C-65B732D3D21A}\\PreCreate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32\\ThreadingModel",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\Icon",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\en-US",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowHomegroup_ShouldShow",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\KindMap\\.htm",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\\Description",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Npprffbevrf\\Flfgrz Gbbyf\\Jvaqbjf Rnfl Genafsre Ercbegf.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{EEA0C191-DDA8-4656-8FC4-72BDEDBA8A78}\\OverrideFileSystemProperties\\System.IconPath",
"HKEY_LOCAL_MACHINE\\HARDWARE\\DESCRIPTION\\System\\CentralProcessor\\0\\Update Revision",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\LocalizedName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\DocObject",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\Zvpebfbsg.NhgbTrarengrq.{8NN47365-O2O3-1961-69RO-S866R376O12S}",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\Zvpebfbsg.Jvaqbjf.ZrqvnPragre",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Npprffbevrf\\Flfgrz Gbbyf\\Gnfx Fpurqhyre.yax",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\ShowInfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.htm\\BrowseInPlace",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{00021401-0000-0000-C000-000000000046}\\UseOutOfProcHandlerCache",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\Stream",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowMyDocs",
"HKEY_CURRENT_USER\\Keyboard Layout\\Toggle\\Language Hotkey",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2559A1F1-21D7-11D4-BDAF-00C04F60B9F0}\\SortOrderIndex",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\LocalRedirectOnly",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11016101-E366-4D22-BC06-4ADA335C892B}\\SortOrderIndex",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\PreCreate",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Nqzvavfgengvir Gbbyf\\Frphevgl Pbasvthengvba Znantrzrag.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\Stream",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StartPage\\StartPanel_TopMatch",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{EEA0C191-DDA8-4656-8FC4-72BDEDBA8A78}\\DisableProcessIsolation",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries\\000000000004\\SupportedNameSpace",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\7FE547D6F0D72534A80F89C4AB727618\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Mozilla\\Firefox\\32to64DidMigrate\\Never",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{03C036F1-A186-11D0-824A-00AA005B4383}\\InProcServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}\\DefaultIcon\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Language Groups\\1",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\33AB3CD4D27277545B5A93CD4ECB96B4\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_CURRENT_USER\\FirefoxHTML-E7CF176E110C211B\\DocObject",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\Zvpebfbsg.NhgbTrarengrq.{QNN168QR-4306-P8OP-8P11-O596240OQQRQ}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_AdminToolsRoot",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\SESSION MANAGER\\PendingFileRenameOperations",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}\\Stream",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\*\\ThumbnailCutoff",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\D5FD8239A83FE564F97379EA15CE8CB6\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries\\000000000005\\StoresServiceClassInfo",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\PnpLockdownFiles\\%SystemDrive%\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\InNameGap.CompanyLogo",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\StartMenuFavorites_ShouldShow",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontSubstitutes\\MS Shell Dlg",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{EEA0C191-DDA8-4656-8FC4-72BDEDBA8A78}\\OverrideFileSystemProperties\\System.ItemPathDisplay",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{905E63B6-C1BF-494E-B29C-65B732D3D21A}\\Description",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\Roamable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\NeverShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\AutoComplete\\AutoSuggest",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{645FF040-5081-101B-9F08-00AA002F954E}\\System.DateModified",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\\Security",
"HKEY_CURRENT_USER\\Control Panel\\Desktop\\MuiCached\\MachinePreferredUILanguages",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\PreCreate",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\SeparateProcess",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\LocalizedName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\PreCreate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Features\\586A8930D8DF3B6489614C37910BFCF5\\TclTk",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\95EE473833000D6409127D1B85882AC9\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisallowRun",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\LocalizedString",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Npprffbevrf\\Zbovyvgl Pragre.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\Description",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\965742E8F65116F4BB2CB01341464FA7\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\Stream",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{14074E0B-7216-4862-96E6-53CADA442A56}\\DisableProcessIsolation",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\73964AA699D5B5140ADC41ED3F7DB38A\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\Interface\\{1C1C45EE-4395-11D2-B60B-00104B703EFD}\\ProxyStubClsid32\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{BD7A2E7B-21CB-41B2-A086-B309680C6B7E}\\SortOrderIndex",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\PnpLockdownFiles\\%SystemDrive%\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\SmallDots.CompanyLogo",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\InfoTip",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Npprffbevrf\\Jvaqbjf CbjreFuryy\\Jvaqbjf CbjreFuryy.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\Stream",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\Stream",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Nqzvavfgengvir Gbbyf\\Pbzchgre Znantrzrag.yax",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Npprffbevrf\\qvfcynlfjvgpu.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\Stream",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}\\Roamable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\LocalizedName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoStartMenuNetworkPlaces",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\Roamable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StartPage\\StartMenu_Balloon_Time",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{8FD8B88D-30E1-4F25-AC2B-553D3D65F0EA}\\SortOrderIndex",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\PnpLockdownFiles\\%SystemDrive%\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Stilvoll.CompanyLogo",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\RelativePath",
"HKEY_CURRENT_USER\\Local Settings\\MuiCache\\2\\52C64B7E\\@C:\\Windows\\system32\\sud.dll,-1",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StartPage\\StartPanel_FadeIn",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\9E40FDB6330EBA242A4BD5F4FDD0B803\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\LocalRedirectOnly",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\lnkfile\\DocObject",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.exe\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoNTSecurity",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\F21868A51A175874BB819DCA5FAA40A3\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoSimpleStartMenu",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\18D84E9490A485948A17A1F02CDAA62A\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\PnpLockdownFiles\\%SystemDrive%\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\WithLove.CompanyLogo",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\PnpLockdownFiles\\%SystemDrive%\\Program Files (x86)\\CompanyLogoDesigner\\Extras\\Brief2.rtf",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\A558E619ABC4CE5479C1DA5070EFBF81\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\Roamable",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\WinSock_Registry_Version",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\RelativePath"
],
"file_created": [
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-KAMBP.tmp",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cookies.sqlite-wal",
"C:\\Users\\cuck\\AppData\\Roaming\\Itsth\\Company Logo Designer\\cld.cfg",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\webappsstore.sqlite-wal",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cookies.sqlite-shm",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-23GBJ.tmp",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\3561288849sdhlie.sqlite-wal",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\.startup-incomplete",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-9KSEH.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\is-1QMIS.tmp\\ServiceHelper.exe",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-9GL0H.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-3N144.tmp",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Company Logo Designer\\Company Logo Designer.lnk",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\is-O4ICM.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-5675S.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Extras\\is-49LIO.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-VQT8K.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-JO89P.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-1RKMN.tmp",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\1657114595AmcateirvtiSty.sqlite-shm",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-NN1B9.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-track-simple-1.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-malware-simple-1.sbstore",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-746GF.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\is-MNA02.tmp\\891abfbc1df80ee834d4790b35a3ad27723867dcfaa28deee423bf1ac3eab95b.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\is-GTBAF.tmp",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\addons.json.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\unins000.dat",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-CA9EM.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-block-simple-1.sbstore",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-O233C.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-A2QPS.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\is-EF23G.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-unwanted-simple-1.sbstore",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-0P8NQ.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\is-GE0IB.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\is-NG65S.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\is-R4L7R.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Extras\\is-GDUIF.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Extras\\is-7NA2T.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-3SDIU.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-JT1DF.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-DSNRI.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-JFQKN.tmp",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\crashes\\store.json.mozlz4.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-UC7KO.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Extras\\is-SD3UV.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-U84VV.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\scriptCache-child-new.bin",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-TEL73.tmp",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\2918063365piupsah.sqlite-shm",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-NQGA9.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\scriptCache-new.bin",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Extras\\is-CAFMC.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-VQSLA.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-phish-simple-1.sbstore",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-VJOP5.tmp",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\session-state.json.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\is-1QMIS.tmp\\_isetup\\_RegDLL.tmp",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\aborted-session-ping.tmp",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\2918063365piupsah.sqlite-wal",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\prefs-1.js",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-AHG54.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-NENM4.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-8V3S9.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-D352V.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-QGVV7.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-harmful-simple-1.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-trackwhite-simple-1.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\is-1QMIS.tmp\\_isetup\\_shfoldr.dll",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-KHB0Q.tmp",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\favicons.sqlite-shm",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-16P9J.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-RJS1H.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Extras\\is-P7TJO.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Extras\\is-LQBRF.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-EGFKL.tmp",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\xulstore.json.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-GV6JJ.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-MT7ED.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Extras\\is-2SO9J.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-2A0AD.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-HSVE1.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-9A7JP.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Extras\\is-7NRNE.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-UIQ6T.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-CPUC7.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\urlCache-new.bin",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-NUBVH.tmp",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\3561288849sdhlie.sqlite-shm",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-094S8.tmp",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\favicons.sqlite-wal",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\is-HEP33.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-NTJ3U.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-3OL6P.tmp",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\places.sqlite-shm",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\is-1QMIS.tmp\\_isetup\\_setup64.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-A8MRF.tmp",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\1657114595AmcateirvtiSty.sqlite-wal",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-SA73C.tmp",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\sessionCheckpoints.json.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-0RQQ1.tmp",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\places.sqlite-wal",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\webappsstore.sqlite-shm",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-LD5H3.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-QDTC3.tmp"
],
"dll_loaded": [
"C:\\Windows\\system32\\sfc.dll",
"C:\\Windows\\system32\\pnrpnsp.dll",
"LINKINFO.dll",
"DNSAPI.dll",
"UxTheme.dll",
"MsftEdit.dll",
"C:\\Windows\\system32\\ole32.dll",
"dwmapi.dll",
"slc.dll",
"C:\\Program Files (x86)\\Mozilla Firefox\\mozavutil.dll",
"PROPSYS.dll",
"C:\\Program Files (x86)\\Mozilla Firefox\\lgpllibs.dll",
"API-MS-Win-Core-LocalRegistry-L1-1-0.dll",
"API-MS-WIN-Service-winsvc-L1-1-0.dll",
"comctl32",
"ole32.dll",
"SHLWAPI.dll",
"ws2_32.dll",
"USER32.dll",
"C:\\Program Files (x86)\\Mozilla Firefox\\mozglue.dll",
"C:\\Windows\\system32\\shlwapi.dll",
"WINTRUST.dll",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-runtime-l1-1-0.dll",
"C:\\Windows\\System32\\mswsock.dll",
"SHELL32.dll",
"C:\\Program Files (x86)\\Mozilla Firefox\\mozavcodec.dll",
"C:\\Windows\\system32\\shell32.dll",
"Kernel32",
"WINMM.dll",
"CFGMGR32.dll",
"Dnsapi.dll",
"Kernel32.dll",
"samcli.dll",
"COMCTL32.DLL",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-convert-l1-1-0.dll",
"WINSTA.dll",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-time-l1-1-0.dll",
"kernel32.dll",
"C:\\Windows\\system32\\IMM32.DLL",
"POWRPROF.DLL",
"ntdll.dll",
"C:\\Windows\\system32\\napinsp.dll",
"dwrite.dll",
"WININET.dll",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-utility-l1-1-0.dll",
"SHFOLDER.DLL",
"cryptbase.dll",
"C:\\Windows\\WinSxS\\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_2b24536c71ed437a\\gdiplus.dll",
"C:\\Program Files (x86)\\Mozilla Firefox\\freebl3.dll",
"C:\\Windows\\system32\\uxtheme.dll",
"IMM32.dll",
"comdlg32.dll",
"rtutils.dll",
"Iphlpapi.dll",
"ADVAPI32.dll",
"uxtheme.dll",
"profapi.dll",
"rpcrt4.dll",
"comctl32.dll",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-filesystem-l1-1-0.dll",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-heap-l1-1-0.dll",
"GDI32.dll",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-math-l1-1-0.dll",
"DEVRTL.dll",
"user32.dll",
"gdi32.dll",
"KERNEL32.dll",
"shfolder.dll",
"C:\\PROGRA~2\\MOZILL~1\\nssckbi.dll",
"C:\\Windows\\syswow64\\MSCTF.dll",
"C:\\Windows\\system32\\dxva2.dll",
"mscms.dll",
"C:\\Program Files (x86)\\Mozilla Firefox\\VCRUNTIME140.dll",
"CRYPTSP.dll",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-string-l1-1-0.dll",
"inetmib1.dll",
"kbdus.dll",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-environment-l1-1-0.dll",
"C:\\Windows\\system32\\xmllite.dll",
"netutils.dll",
"C:\\Windows\\system32\\NLAapi.dll",
"Gdi32.dll",
"C:\\Windows\\system32\\dxgi.dll",
"C:\\Program Files (x86)\\Mozilla Firefox\\MSVCP140.dll",
"C:\\Program Files (x86)\\Mozilla Firefox\\firefox.exe",
"shell32.dll",
"SETUPAPI.dll",
"WS2_32.dll",
"dbghelp.dll",
"kernel32",
"srvcli.dll",
"C:\\Program Files (x86)\\Mozilla Firefox\\xul.dll",
"AUDIOSES.DLL",
"ntmarta.dll",
"API-MS-WIN-Service-Management-L1-1-0.dll",
"C:\\Program Files (x86)\\Mozilla Firefox\\softokn3.dll",
"KERNEL32.DLL",
"OLEAUT32.DLL",
"RASMAN.DLL",
"setupapi.dll",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-stdio-l1-1-0.dll",
"COMCTL32.dll",
"WINSPOOL.DRV",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-locale-l1-1-0.dll",
"API-MS-Win-Security-SDDL-L1-1-0.dll",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-multibyte-l1-1-0.dll",
"OLEAUT32.dll",
"C:\\Windows\\system32\\evr.dll",
"RPCRT4.dll",
"C:\\Windows\\System32\\winrnr.dll",
"C:\\Windows\\system32\\mf.dll",
"C:\\Windows\\system32\\mfplat.dll",
"C:\\Program Files (x86)\\Mozilla Firefox\\nss3.dll",
"snmpapi.dll",
"SAMLIB.dll",
"ntshrui.dll",
"xul.dll",
"Msimg32.dll"
],
"file_moved": [
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\urlCache.bin",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\urlCache-current.bin"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-trackwhite-simple-1.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-trackwhite-simple.sbstore"
],
[
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\session-state.json.tmp",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\session-state.json"
],
[
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\addons.json.tmp",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\addons.json"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\urlCache-new.bin",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\urlCache.bin"
],
[
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\sessionCheckpoints.json.tmp",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\sessionCheckpoints.json"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\scriptCache-child.bin",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\scriptCache-child-current.bin"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-harmful-simple-1.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-harmful-simple.sbstore"
],
[
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\aborted-session-ping.tmp",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\aborted-session-ping"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-block-simple-1.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-block-simple.sbstore"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-backup",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing"
],
[
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\prefs-1.js",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\prefs.js"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-phish-simple-1.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-phish-simple.sbstore"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-backup"
],
[
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\crashes\\store.json.mozlz4.tmp",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\crashes\\store.json.mozlz4"
],
[
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\xulstore.json.tmp",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\xulstore.json"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\scriptCache-child-new.bin",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\scriptCache-child.bin"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-unwanted-simple-1.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-unwanted-simple.sbstore"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-malware-simple-1.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-malware-simple.sbstore"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\scriptCache-new.bin",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\scriptCache.bin"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-track-simple-1.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-track-simple.sbstore"
]
],
"file_written": [
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-KAMBP.tmp",
"C:\\Users\\cuck\\AppData\\Roaming\\Itsth\\Company Logo Designer\\cld.cfg",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-23GBJ.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-9KSEH.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\is-1QMIS.tmp\\ServiceHelper.exe",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-9GL0H.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-3N144.tmp",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Company Logo Designer\\Company Logo Designer.lnk",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\is-O4ICM.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-5675S.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-track-simple.pset",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Extras\\is-49LIO.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-VQT8K.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-JO89P.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-1RKMN.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-NN1B9.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-track-simple-1.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-malware-simple-1.sbstore",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-746GF.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\startupCache.4.little",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\is-MNA02.tmp\\891abfbc1df80ee834d4790b35a3ad27723867dcfaa28deee423bf1ac3eab95b.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\is-GTBAF.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-malware-simple.pset",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\addons.json.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\unins000.dat",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-CA9EM.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-block-simple-1.sbstore",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-O233C.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-A2QPS.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\is-EF23G.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-unwanted-simple-1.sbstore",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-0P8NQ.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\is-GE0IB.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\is-NG65S.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\is-R4L7R.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Extras\\is-GDUIF.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Extras\\is-7NA2T.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-3SDIU.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-JT1DF.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-DSNRI.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-JFQKN.tmp",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\crashes\\store.json.mozlz4.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-UC7KO.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Extras\\is-SD3UV.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-U84VV.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\scriptCache-child-new.bin",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-TEL73.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-NQGA9.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\scriptCache-new.bin",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Extras\\is-CAFMC.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-VQSLA.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-phish-simple-1.sbstore",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-VJOP5.tmp",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\session-state.json.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\is-1QMIS.tmp\\_isetup\\_RegDLL.tmp",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\aborted-session-ping.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-block-simple.pset",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\prefs-1.js",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-AHG54.tmp",
"\\\\?\\PIPE\\samr",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-NENM4.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-8V3S9.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-D352V.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-QGVV7.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-harmful-simple-1.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-trackwhite-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-trackwhite-simple-1.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-phish-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\is-1QMIS.tmp\\_isetup\\_shfoldr.dll",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-KHB0Q.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-16P9J.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-RJS1H.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Extras\\is-P7TJO.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Extras\\is-LQBRF.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-EGFKL.tmp",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\xulstore.json.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-GV6JJ.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-MT7ED.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Extras\\is-2SO9J.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-2A0AD.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-harmful-simple.pset",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-HSVE1.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-9A7JP.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Extras\\is-7NRNE.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-UIQ6T.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-unwanted-simple.pset",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-CPUC7.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\urlCache-new.bin",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-NUBVH.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-094S8.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\is-HEP33.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-NTJ3U.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-3OL6P.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\is-1QMIS.tmp\\_isetup\\_setup64.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D1B90B03F8D7A2BA6BA1E9251F8101DECDB2CBEC",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-A8MRF.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-SA73C.tmp",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\sessionCheckpoints.json.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-0RQQ1.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-LD5H3.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-QDTC3.tmp"
],
"file_recreated": [
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-malware-simple.pset",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\unins000.dat",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-phish-simple.pset",
"\\Device\\KsecDD",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-harmful-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-block-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-block-simple-1.sbstore",
"\\??\\SCSI0:",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\prefs-1.js",
"\\??\\MountPointManager",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-unwanted-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-unwanted-simple-1.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-phish-simple-1.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-harmful-simple-1.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-trackwhite-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-trackwhite-simple-1.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-track-simple.pset",
"\\??\\PHYSICALDRIVE0",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\parent.lock",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-track-simple-1.sbstore",
"\\??\\C:",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-malware-simple-1.sbstore",
"\\??\\Nsi"
],
"directory_created": [
"C:\\Users\\cuck\\AppData\\LocalLow\\Mozilla",
"C:\\Users\\cuck\\AppData\\Roaming\\Itsth\\Company Logo Designer\\",
"C:\\Users\\cuck\\AppData\\LocalLow",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting",
"C:\\Users\\cuck\\AppData",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default",
"C:\\Users\\cuck\\AppData\\LocalLow\\Mozilla\\Temp-{30125161-3c7f-4c5a-bdb3-beadc01f5994}",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\crashes\\events",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\crashes",
"C:\\ProgramData\\TEMP",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\events",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\bookmarkbackups",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Extras",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\is-MNA02.tmp",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Company Logo Designer",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla",
"C:\\Users\\cuck\\AppData\\Roaming",
"C:\\Users",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\gmp\\WINNT_x86-msvc",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\is-1QMIS.tmp",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\is-1QMIS.tmp\\_isetup",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Caches",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Pending Pings",
"C:\\Users\\cuck\\AppData\\Local",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox",
"C:\\Program Files (x86)\\CompanyLogoDesigner",
"C:\\Users\\cuck\\AppData\\Roaming\\Itsth\\",
"C:\\Users\\cuck",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Projekte",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Explorer",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\gmp",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating"
],
"file_failed": [
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\user.js",
"C:\\Windows\\System32\\twinapi.appcore.dll",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\uz.res",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\nn.res",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\bs.res",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\kk.res",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\prefs.js",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\be.res",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\fa.res",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\pt.res",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\ln.res",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\CompanyLogoDesigner.INI",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-unwanted-proto.sbstore",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\en_US_POSIX.res",
"C:\\Windows\\System32\\DataExchange.dll",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\hy.res",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\sk.res",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Lua\\obj_base.lua",
"C:\\ProgramData\\TEMP\\6319FF34.TMP",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\mn.res",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_32.db",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\ig.res",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Lua\\obj_3d.lua",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l.dat",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\ga.res",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\sv_SE.res",
"C:\\Windows\\winsxs\\FileMaps\\program_files_x86_companylogodesigner_5b9056e8d31ed5eb.cdf-ms",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\postSigningData",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\aborted-session-ping",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\or.res",
"\\??\\SIWVID",
"C:\\Program Files (x86)\\CompanyLogoDesigner",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\el.res",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\wae.res",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-phish-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-unwanted-simple.sbstore",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\uk.res",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\gl.res",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-phish-proto.sbstore",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\dz.res",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\pa.res",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\hu.res",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\sw.res",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\uts46.nrm",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\lt.res",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\my.res",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\cy.res",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\ha.res",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\6AE2E3CF.RREF",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\yo.res",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\ps.res",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\th.res",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\chr.res",
"C:\\Windows\\winsxs\\FileMaps\\program_files_x86_companylogodesigner_extras_cdf3750032a33a06.cdf-ms",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\pl.res",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\az.res",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\ShutdownDuration.json",
"\\??\\SuperBPMDev0",
"C:\\Program Files (x86)\\Mozilla Firefox\\distribution\\policies.json",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\fr_CA.res",
"C:\\Windows\\winsxs\\FileMaps\\program_files_x86_companylogodesigner_vorlagen_ccaf965889f49025.cdf-ms",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\fo.res",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-trackwhite-simple.sbstore",
"C:\\ProgramData\\TEMP:6319FF34",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\km.res",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\mt.res",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\res_index.res",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-harmful-simple.sbstore",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\ta.res",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-malware-simple.sbstore",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\om.res",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-downloadwhite-proto.sbstore",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\likelySubtags.res",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\mr.res",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\eo.res",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\he.res",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\hsb.res",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Lua\\obj_2d.lua",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\zh.res",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\pending-deletion-ping",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\ky.res",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\ml.res",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Lua\\obj_verlauf.lua",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\fa_AF.res",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\am.res",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\da.res",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\ee.res",
"C:\\Windows\\System32\\twinapi.dll",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\se.res",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\res_index.res",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\et.res",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\si.res",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\te.res",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\cs.res",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\hi.res",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\tr.res",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\to.res",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\kl.res",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-block-simple.sbstore",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\lb.res",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\lo.res",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\fil.res",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\is.res",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\ne.res",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\logins.json",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\zu.res",
"C:\\cuckoo_1788.ini",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\de.res",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\hr.res",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\as.res",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\sq.res",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cert_override.txt",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\dsb.res",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\ms.res",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Lua\\obj_lissajous.lua",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\kok.res",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\vi.res",
"\\??\\SIWDEBUG",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-badbinurl-proto.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\ko.res",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\fi.res",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\gu.res",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\updates\\0\\update.version",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\desktop.ini",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Lua\\obj_gen2lissa.lua",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\yi.res",
"\\??\\NTICE",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\ug.res",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\sl.res",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\nl.res",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\ro.res",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\kn.res",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Lua\\obj_real.lua",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\mk.res",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Lua\\obj_fract.lua",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\sr.res",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\af.res",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\6AE2E3CF39AF8F6C.TMP",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\it.res",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\ar.res",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\ur.res",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\lkt.res",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\es.res",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Lua\\obj_siegel.lua",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\sv.res",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\6319FF34.TMP",
"\\??\\BCMDMCCP",
"C:\\ProgramData\\Microsoft\\desktop.ini",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\smn.res",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\wo.res",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-track-simple.sbstore",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\lv.res",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\zh_Hant.res",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\ka.res",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\cnvalias.icu",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\en_US.res",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\en.res",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\ucadata.icu",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\sr_Latn.res",
"\\??\\SICE",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\bo.res",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\root.res",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-malware-proto.sbstore",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\haw.res",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\ja.res",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\bn.res",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\ru.res",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Lua\\cldlib.lua",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\experiments.json",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\id.res",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Lua\\cldbasics.lua",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\de_AT.res",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\bs_Cyrl.res",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\nb.res",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\ca.res",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Lua\\obj_genlissa.lua",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\downloads.json",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\fr.res",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\bg.res"
],
"resolves_host": [
"aus5.mozilla.org",
"tiles.services.mozilla.com",
"search.services.mozilla.com",
"ciscobinary.openh264.org",
"shavar.services.mozilla.com",
"detectportal.firefox.com",
"safebrowsing.googleapis.com",
"redirector.gvt1.com",
"services.addons.mozilla.org",
"versioncheck-bg.addons.mozilla.org"
],
"connects_ip": [
"127.0.0.1"
],
"directory_removed": [
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\archived\\2018-06",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\is-1QMIS.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\is-1QMIS.tmp\\_isetup",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\is-MNA02.tmp"
],
"file_exists": [
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\1E6CC88205509B4729347C79C048D6FEE47BA702",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cookies.sqlite-wal",
"C:\\Windows\\SysWOW64",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Slim.CompanyLogo",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\406A03EE0E91037465ACB2B4F4105250A54F282B",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\C7BCCD2D2CA294B38AE834D818CF5D5C0C7A65BE",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\1657114595AmcateirvtiSty.sqlite",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\F17F04878A68505AE5481A71D8B733C5FFC6F285",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4A7B3B12544D1B7ECC140DBCC7F13159E5C2811A",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\onboarding@mozilla.org.xpi\\install.rdf",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\5DE23E815D1A97B1F4BEA115D8FEE9A592A6F071",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\80C4BD9CF4D3178043F25467076DC8E0EDCA7FA2",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\plugins",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\25BA5C2B3FD98507850409FC3A4FD981B4B57A95",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\116C29D749EF02BBC3455756D834442785F9A388",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\is-EF23G.tmp",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\chrome\\userContent.css",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\0C2824F70ADF87E5071FE4771AF36357A5500643",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-malware-proto.metadata",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-9GL0H.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\mozplugin-block-digest256.pset",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\sessionCheckpoints.json",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\53DAE4B1D7BFF6744CCAF7207DE631267F9883DC",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\12C5797F729FEAC529B8B47C188D14EB02D8CB76",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\A9970A5D52CA09C13D9BD1531BCA7CF8B73E283E",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-phish-proto.pset",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\webcompat@mozilla.org.xpi\\manifest.json",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Extras\\Brief3.rtf",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\B7DB036074231ACC212F58CA5B8AF0545A418060",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-downloadwhite-proto.metadata",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\A698B6CF98F43F9B0EE1C1DAF3F2CB9BFF09A47C",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\1657114595AmcateirvtiSty.sqlite-shm",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Deception.CompanyLogo",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\464DAA9FB3675E2054BC44273AFC184FA46471CB",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-NN1B9.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-track-simple-1.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-harmful-simple.sbstore",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\60er.CompanyLogo",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\14C9FC10F03F11BB6CBD75EA217AB33E64DCC1D8",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-746GF.tmp",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\7129FF815464CD6B0D2D26BA6F4172DEB37EEEAD",
"C:\\Program Files (x86)\\Mozilla Firefox\\gmp-clearkey\\0.1\\clearkey.info",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\addons.json",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\03C2D63D520038594126B6B542E92CB503EF60B6",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4EC268BEC38CFB516EF780E0EBE4E401AF241132",
"C:\\Program Files (x86)\\Mozilla Firefox\\*",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\589D8E1EA927649272150213A47BD1143DECB82A",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\9548F9611999ED8CA357720E12017816424CFB6F",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\B871BCA40A90227E35C39797525C79C94A1D99BE",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-downloadwhite-proto.pset",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\except-flashsubdoc-digest256.pset",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Extras\\page2.htm",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\mozstd-trackwhite-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\allow-flashallow-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\5910B209536948818F465D83D2569E7CE0895207",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\ED89A8241905354BB4530DC06257CEF53C1580A2",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\content-prefs.sqlite",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4",
"C:\\Program Files (x86)\\Mozilla Firefox\\dictionaries",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-phish-proto.metadata",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\CutInRect.CompanyLogo",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\is-NG65S.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Raster.CompanyLogo",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\Cache",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\is-R4L7R.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\BD75785200C0E1E894D78880C72AC03D1B02A575",
"C:\\Program Files (x86)\\Mozilla Firefox\\distribution\\searchplugins",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\except-flashallow-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\89DBE1DF558BB8439E2062ECC3272086F2E3FF1F",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-U84VV.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4945586D32183A203E85FAFFD463A7684FD62668",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-malware-proto.metadata",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-JFQKN.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\6052DF2D478CD99FDE4D4B2D810BB2BA580793EC",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\2918063365piupsah.files",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\2FD2E2A71F89E3A92F68CB796207228217259289",
"C:\\Program Files (x86)\\Mozilla Firefox\\dictionaries\\sv.aff",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-NUBVH.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\scriptCache-child-new.bin",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\cld-readme.htm",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-TEL73.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\scriptCache-new.bin",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\BF13DDDC114B55CF8532A4CD90403A99233AEC0E",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\3561288849sdhlie.sqlite-wal",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4E7F371E5CFBFD3AFD85C29D7EEFFFE842B3C777",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-phish-simple-1.sbstore",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\A41FBA22DC5012AD425DF960BDD5033BAB7C7CB6",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-VJOP5.tmp",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage.sqlite-wal",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\plugins",
"C:\\Users\\cuck\\AppData\\LocalLow",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\prefs-1.js",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Extras\\Mail1.htm",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Company Logo Designer",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\allow-flashallow-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\scriptCache-current.bin",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\permissions.sqlite",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\mozplugin-block-digest256.pset",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Extras\\Brief2.rtf",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\B028362E3889BEAC998CED49FD74BA83B106FF93",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\aushelper@mozilla.org.xpi\\install.rdf",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\499B8F86D3D7ACD12153BFF4E7D9C21E20E57862",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\698AC159A6BCBA0D13FE6F10F1A38E498F826F33",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\extensions\\staged",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-trackwhite-simple-1.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\46E3AF25E304979396708B69DA68563169275511",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\chrome\\custom-strings.txt",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\serviceworker.txt",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\onboarding@mozilla.org.xpi",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\2B0BB856207559EBA5FC5511DF6FF5F51DFB5146",
"C:\\Program Files (x86)\\Mozilla Firefox\\gmp-clearkey\\0.1\\manifest.json",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\17AFA6B228D2D87514B84B53E61306EC9F76A8AE",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\B0DBEFA19CF4EB70FB9678C501E2A489072B125D",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\179F6D8969C48967D77229126C8892C5E40DBC29",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Rays.CompanyLogo",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\content-prefs.sqlite-wal",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-16P9J.tmp",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\1657114595AmcateirvtiSty.sqlite-journal",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Music.library-ms",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D5E6BECED2D69F7DA21EFD7B80D6C386F459CAF3",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default",
"C:\\Program Files (x86)\\Mozilla Firefox\\firefox.exe",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\53A3BB8B513161BF46CD7ED76BE06E8E633BE492",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cookies.sqlite",
"C:\\Windows\\System32\\spool\\drivers\\color\\Photo.gmmp",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\92B5C9352DD00CE3BC97E4D5F624D41C2B3E8A45",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-phish-simple.sbstore",
"C:\\Users\\cuck\\AppData",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\2918063365piupsah.sqlite-journal",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-2A0AD.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-harmful-simple.pset",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\SimpleMolecule.CompanyLogo",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\extensions",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\E771454BB360CA5F7AA169E5416B493549BC2F59",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4FA5EE242D6F5B358CE45D291E80054726F198AC",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\OfflineCache",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\places.sqlite-journal",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\scriptCache.bin",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\B10EA6E071F884F477118DC8A00E82FC8DE58639",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\favicons.sqlite-journal",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\EE34617993BEF52E93EC1819B22D42B99366214A",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\3561288849sdhlie.sqlite-shm",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\B43D30F6F6BD7155ECCE1FFC98748C5FE69D8051",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\F18D85F52EBBBA2AB081EF739ED0D6E8A76D497C",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\aushelper@mozilla.org.xpi\\manifest.json",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\except-flashsubdoc-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\Cache",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\96ABC2EA8266E6EA2ABE62F8766B67BC8CA527BD",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\FDC043D6190638980733E805CC7517F27A931511",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\allow-flashallow-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-badbinurl-proto.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D1B90B03F8D7A2BA6BA1E9251F8101DECDB2CBEC",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Vertical.CompanyLogo",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\base-track-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\08F6935A08DB711CA491DE732807CFAEAB3E4D3B",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\2918063365piupsah.sqlite-shm",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-SA73C.tmp",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\.metadata",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\webappsstore.sqlite-shm",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-LD5H3.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Stilvoll.CompanyLogo",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\followonsearch@mozilla.com.xpi",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\9843E084E02CC996A82AAAF091B968B2F443AA96",
"C:\\",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-downloadwhite-proto.metadata",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-CPUC7.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\22C4B7AADA22F61015D43F2AC3959E959BFA7C92",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\index.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\FF55B8192FB0DF5264A1A67E55A281598969EDD1",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\B25B8C1B43CF7FBFAE6666322FAC0E83376388E2",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\minidumps",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D88DC229735F2EE8DFE494C6D1F37FA7BB2227CE",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\BA91797ACB41F0E0E1E95742571EEE322A6A70F0",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Company Logo Designer\\Company Logo Designer.lnk",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\is-O4ICM.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-5675S.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\unins000.exe",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\1F3A3A34BAF218785600EB46E9182918B9928898",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\2E3648501A7ACB740BAFCE7FC3EAF3D4DC4E995D",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\9BA38CD17924C08AD334BFB3903E3E7CD5627B1B",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\2DDBF58F5F7BF1E52CD38B42B90ABC8A4B082461",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-block-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\mozplugin-block-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\E7EAFD1748127CEAA48DCDD05E7998E3CAA95B8C",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\C4FA0268E64A0AD9E2040B07A1F10F120BD4EB0C",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Exotic.CompanyLogo",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-MT7ED.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\EAF97F7535E2FBDA3D23E536591F7BBFE203FAC1",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Sektor.CompanyLogo",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Extensions\\*",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D5D7B247774E63182A9E2C82B62424AAB64C79A8",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\745D8B14DE6A12F1FAB4E03C1DDDB18AADB91107",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-malware-simple-1.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Extrem.CompanyLogo",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\7B303216787123E2E98A2B9594CDF8211C77C0EA",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\6E1FED29EBE0BFDE3E498E4192938BE957FF9246",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\xulstore.json",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\A9004750076EB06EEC33AA7B9CC6D2557CD44CF4",
"C:\\Windows\\System32\\propsys.dll",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Fireball.CompanyLogo",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\0CB83587A5F8FCB502CB86AC361A93E2B36E861C",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\A3031C2052A395A7FE246EFE1783C6205B841295",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\2F8B15C93D75669CC70EBF85BF71871359837EAF",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-unwanted-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\1679441B8AA7B4D31717C773CC4E86A25B37532B",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\C9BC79B1EF4DD1EF133FEDF6433E235214534AB1",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-block-simple-1.sbstore",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\onboarding@mozilla.org.xpi\\manifest.json",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Rollercoaster.CompanyLogo",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-O233C.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\10506E8A46D6B713DA6BAF52F85CF29652AB094C",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-GV6JJ.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\19AE0F43DA3528C6C3423A49A8C88E2268C93A9F",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\border.gif",
"C:\\Python27\\python.exe",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\87526A8EBFB030E474085D20EF15DC8C63814072",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\base-track-digest256.sbstore",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Spacy.CompanyLogo",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\InNameGap.CompanyLogo",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-0P8NQ.tmp",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cert9.db-wal",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\719CE0C009C49A27AA9874570F196BC7E8FB4270",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Company Logo Designer\\Company Logo Designer",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\except-flashsubdoc-digest256.sbstore",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Extras\\page1.htm",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Extras\\is-GDUIF.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Extras\\is-7NA2T.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\block-flash-digest256.sbstore",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-3SDIU.tmp",
"C:\\Program Files (x86)",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\mozplugin-block-digest256.sbstore",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-DSNRI.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\6301F538B782708AB243E2D7E05058C93BB83863",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\parent.lock",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\DF08D94982E136FE7C4F2C94421F9E48C2C74A77",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\crashreporter-override.ini",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\C664ABAE6A070392F60C7BFF721450AA0CF7DBA0",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\block-flash-digest256.sbstore",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Sail.CompanyLogo",
"C:\\Users\\Public\\Desktop",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\activity-stream@mozilla.org.xpi\\install.rdf",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\key4.db",
"C:\\Program Files (x86)\\Mozilla Firefox\\omni.ja",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\webappsstore.sqlite-journal",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-NQGA9.tmp",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cert9.db",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Extras\\is-CAFMC.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-badbinurl-proto.metadata",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\E8F333B9BE75EC8017017DAE4ACE9DCC6677A983",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Stylish Rect.CompanyLogo",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\plugins",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-block-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\d3d11layers.guard",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\1E1444ABF82EF1DC8EE0944028E4CDA455D636F3",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\05582FF5C196A4485F189490FEC9ECEA0890DA32",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\Cache.Trash28485",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\2918063365piupsah.sqlite-wal",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Biotech.CompanyLogo",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-AHG54.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Extras\\Brief1.rtf",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-to_delete",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-D352V.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-phish-simple.pset",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-QGVV7.tmp",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\3561288849sdhlie.files",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\SmallDots.CompanyLogo",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\BFF1B70350A6A2E0FDC6CD336ADB9119D951BACD",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\content-prefs.sqlite-journal",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-trackwhite-simple.pset",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Puzzle.CompanyLogo",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\is-HEP33.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\is-MNA02.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\66F684AF9CC570C6247262B47C769C601C2A338B",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\63FFF734326AB3EF836515DFE9353A5E12B66B71",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\1FD79E550E990A5DE8BC811C9BBECF380A66A9DF",
"C:\\Users\\cuck",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Overlap.CompanyLogo",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\chrome\\userChrome.css",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\followonsearch@mozilla.com.xpi\\manifest.json",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\5E4954707B44E5A4B4ACF5F22B52219A1DCA477F",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\ComplexSystem.CompanyLogo",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\extensions",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\dictionaries",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-backup",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\1657114595AmcateirvtiSty.files",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\1D7A050D55E3C4EE69402F8D55391DE5B50ADDB9",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\.purgecaches",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\except-flashallow-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\except-flash-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\C57B57965CBA09581E320B5AA0337D210F8F93D2",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-phish-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\64E75C732D9C3F23724ACEF48E9B6C566BC6D9BE",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-harmful-simple.pset",
"C:\\Python27\\pythonw.exe",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\chrome",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\CompanyLogoDesigner.exe",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\10822A86FA4EA4E601152426CBC79395A1336DF4",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Circle.CompanyLogo",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Extras\\is-7NRNE.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\E2E836DA4479746F0312710A7F9EE78D7DFD4750",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-trackwhite-simple.sbstore",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-UIQ6T.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\2E51A9404F7D0D33DB132CAF4A9C7B8FA64549AA",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-unwanted-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\urlCache-new.bin",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-phish-proto.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4966EE335F8967FC706E89E6D02E8524E946F1B9",
"C:\\Users\\Public",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\2361C75DF0C4148925BB777DAFEA1BF4F9552B47",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\favicons.sqlite-wal",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\3A472858AE5D0DD4813DF4EFC9F1037A487B1A64",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-block-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\CA53C817FAB68ABF181745737562B15E8CCB7039",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\C03DE41C9476F437402F1B6C64B0E4AB01A863E0",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4E83181E964BD40E1FE4C41BAFED645D4BA363B1",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Butterfly.CompanyLogo",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\25D9FE4CEA5B58770648CDAF3242ACDE286A6CBF",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\places.sqlite-shm",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\extensions\\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\urlCache.bin",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Explorer\\ThumbCacheToDelete",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\3561288849sdhlie.sqlite",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\SystemExtensionsDev",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Rotated Comic.CompanyLogo",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-malware-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cert9.db-journal",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\361B548BA913570AB336F9E5FA9152F01E567AB9",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\mozstd-trackwhite-digest256.pset",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-KAMBP.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\base-track-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\webappsstore.sqlite-wal",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\F456E8433011E699C016D5F1A2CD66D7F02F61A1",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\F8AC72083E334F70A553AE68455FBDF0E65C5221",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\63F48F4F7F1BC3195F5AB831F9794F3DBA2D30E1",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\prefs.js",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\extensions\\*",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\favicons.sqlite",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-badbinurl-proto.metadata",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\LightDome.CompanyLogo",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-9KSEH.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\7F2254AA2A8BC4A627A43E0A537084540A1E884B",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\aushelper@mozilla.org.xpi",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Shockwave.CompanyLogo",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-3N144.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\950506BC89C1114E4E75E993855000430CECD9D9",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-unwanted-simple-1.sbstore",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\GeneticSuccess.CompanyLogo",
"C:\\Windows\\explorer.exe",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-track-simple.pset",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Feathers.CompanyLogo",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Extras\\is-49LIO.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-VQT8K.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-malware-proto.pset",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Extras\\is-LQBRF.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-23GBJ.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D1A8E6A06938A84BEC26B6A4F8D583FB4A3E4875",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\profiles.ini",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4824C8FFDEE786A5D8721AF47836EA89F72B9E63",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-phish-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\89ACBB962943FAF1EF2F1C7CA72502C77A714625",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\3561288849sdhlie.sqlite-journal",
"C:\\Program Files (x86)\\Mozilla Firefox\\fonts",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\startupCache.4.little",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\CoolEnding.CompanyLogo",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\235A8ED310BFD65966E1EE36D0FD4BE498C8B73C",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\key4.db-wal",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\is-GTBAF.tmp",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\.metadata-v2",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\LastCrash",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\firefox@getpocket.com.xpi\\install.rdf",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\7ADD52E257AB16553D632B8F4B6830030878A19E",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\CB29EDE1FD7262A61FFAB793A382D515CAC77D01",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\773ADD9F62EEAF7F2246C8AD56A9F1B7BAA7B703",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\AA109EF5680522CB655C98111C00F5A6B7B092B2",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D7152E928865BCA4A03E2E2EA4F70459D0A65CA9",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\1AB027184D2B00AF60C1FC40EDE4333DEACDB184",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\B597DA2E9B2D181DF7F2FB8D2BAEC133C8DBA0A3",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\65C9C9A27B78717F1015DE362F028E04C3945DEC",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Extras",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\webappsstore.sqlite",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D3AEF13BE0B76F1272C2F5536D4AF952DE6D2579",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-A2QPS.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\43CB3924B4D48AD39D6282AE7C1F2C500B3D6732",
"C:\\Users\\cuck\\AppData\\Roaming",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-trackwhite-simple.pset",
"C:\\Windows\\SysWOW64\\propsys.dll",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\block-flashsubdoc-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\BA3014356B4F6ECADF1B5288B6841EB407783B99",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\75E50D054B90189E74DAB0C86F5E8680BE580C29",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-downloadwhite-proto.pset",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\is-1QMIS.tmp",
"C:\\Users\\cuck\\AppData\\LocalLow\\Mozilla\\Temp-{30125161-3c7f-4c5a-bdb3-beadc01f5994}\\*",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Company Logo Designer\\Company Logo Designer.url",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\34D9B2F464DD8C129F58DFEE470B079556A7A3F9",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Pyramide.CompanyLogo",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\167493A5CFB1A41265EC1B95DA06580C32BCF814",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\webcompat@mozilla.org.xpi\\install.rdf",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\68B1EB9E09D4BD74CA7A9C1BB118BE821BD39E93",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\DC933A410E769DFD115C892EAF014A6E15ED59CE",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D172C03F361E7325D8F391F992106A828306767D",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cookies.sqlite-journal",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Extras\\is-SD3UV.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-JT1DF.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Simpel.CompanyLogo",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D381FB47D731C2651FB103E2F7BC18AF380F7B1F",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\6C9B846926C287B15F67D64CE91F1CFA7D812660",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Swish.CompanyLogo",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\0FEBD8BDBFAC8B82791945DC7E04F675419B2F42",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\block-flash-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-unwanted-proto.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\24AB539CB6640E15DB1604220F3951544785212C",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Bookstore.CompanyLogo",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\GreenTriangle.CompanyLogo",
"C:\\Users\\cuck\\AppData\\LocalLow\\Mozilla\\Temp-{30125161-3c7f-4c5a-bdb3-beadc01f5994}",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\7A140995F2B1632A4366B29F84525E129CE8019A",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-block-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\13AD07F4960A54F2D183ACF9E94C5128138B1927",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-NENM4.tmp",
"C:\\cuckoo_1788.ini",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\updates\\0\\update.status",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\permissions.sqlite-wal",
"C:\\Users",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Nice Feathers.CompanyLogo",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D6BFEAEE7117A9C7FDE6A10EAB400F894E4195A8",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\is-1QMIS.tmp\\_isetup",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\481A82674A6B66F0DE510C9A714F8CD8C49CECDC",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Extensions\\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\CCB2BB2D87699CA64DCF0C60BDECD1E30D1D6A11",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\InstallTime20180605171542",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\B3F357E619352C003E94A8CF5A48F89305F38330",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\favicons.sqlite-shm",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D56D07CBF04B0388B53B943F61C75FC6620FA0A9",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\scriptCache-child.bin",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\54EF37D18C4E81EE554527CBAE4A41871ECA817A",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\symbols.box",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\1657114595AmcateirvtiSty.files\\journals",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-RJS1H.tmp",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Extras\\is-P7TJO.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\796EA7DED8F33BFD4F2F0CD98C76865D063E1FE1",
"C:\\Windows\\System32\\spool\\drivers\\color\\D65.camp",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\mozstd-trackwhite-digest256.pset",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\formautofill@mozilla.org.xpi\\install.rdf",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Extras\\is-2SO9J.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D8779A474EF9F188508C00F92B9CE49A7892A0AD",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\allow-flashallow-digest256.sbstore",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Extras\\Logo.jpg",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-HSVE1.tmp",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage.sqlite-journal",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-9A7JP.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\except-flashsubdoc-digest256.pset",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\screenshots@mozilla.org.xpi",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\cld.gif",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\AC09BBF6FF451E6C03BF3FB18C85B1A52662C4FC",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\0EDDF8C091E2FED62E44BEDDDC1723F5BF38FE4F",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-track-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\except-flash-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\block-flashsubdoc-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\session-state.json",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-track-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\except-flashallow-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\6509930F4539DB79DA356F2C5D01976D46756302",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\formautofill@mozilla.org.xpi\\manifest.json",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\3105ECE5A1F29E3F4D2F5EDF3C6DC5FE4443FD4A",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-3OL6P.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\93B95B92B63A5C2327A8048A4BF57824C56B8CF1",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\index.log",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Accent.CompanyLogo",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\2732BCC97E7EB9EC9DE3E8EA8F56D7971CBDCD22",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-A8MRF.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\9B1007AC2F741C4FD7099C41A741D0FD35957BB8",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\block-flashsubdoc-digest256.pset",
"C:\\Program Files (x86)\\Mozilla Firefox\\distribution\\extensions",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\places.sqlite-wal",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\120B4106EC203FC932984367D86BBE11C2B9B93C",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-094S8.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Extras\\Mail2.htm",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\except-flashallow-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_32.db",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\196BCA845E91608F7B4CA6127A60D20AF55413AC",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-QDTC3.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Rotated.CompanyLogo",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\chrome\\icons\\default\\main-window.ico",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Rotated2.CompanyLogo",
"C:\\Users\\cuck\\AppData\\Roaming\\Itsth\\Company Logo Designer\\cld.cfg",
"C:\\Users\\cuck\\AppData\\Local\\Temp",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\E59C4C731883450D84A0BAE7FDD94546BBC8DE04",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cookies.sqlite-shm",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\chrome\\*",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\activity-stream@mozilla.org.xpi\\manifest.json",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-unwanted-simple.pset",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Extensions",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\.startup-incomplete",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-1RKMN.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Extras\\Mail3.htm",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\pluginreg.dat",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\screenshots@mozilla.org.xpi\\install.rdf",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Documents.library-ms",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\8366CD083751DA973B30F80B11D910A45A6D920D",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\A2FD2AEC52AD764EF05C6E7CE3A4CE4B752EA5F0",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\CutOff.CompanyLogo",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\webcompat@mozilla.org.xpi",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\StripeMayhem.CompanyLogo",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\8322BC5E83D3D80175E749D29197F9800286F253",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-track-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\except-flash-digest256.pset",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-JO89P.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\base-track-digest256.pset",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\aborted-session-ping",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\E910D1FCE8BF27F5536B88567A4DC32624377CC3",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\B2D65EE14ED1EB19E1A3B4C871D8C24A13F52918",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\SystemExtensionsDev\\*",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\followonsearch@mozilla.com.xpi\\install.rdf",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\chrome\\icons\\default\\default.ico",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\firefox@getpocket.com.xpi",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\7A8D3A9360CC37F0AD80962D4AEA72B6D0F0B2B3",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\OddManTheory.CompanyLogo",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\is-MNA02.tmp\\891abfbc1df80ee834d4790b35a3ad27723867dcfaa28deee423bf1ac3eab95b.tmp",
"C:\\Users\\cuck\\AppData\\LocalLow\\Mozilla",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\280DEB31796CE454CD8D9594397E4D89E8E5D64F",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\screenshots@mozilla.org.xpi\\manifest.json",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\archived\\2018-06",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-CA9EM.tmp",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\chrome",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-trackwhite-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\block-flash-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\AC5E012C1887C7B691A8EA00C4E754025E25C235",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\is-GE0IB.tmp",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\extensions\\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi\\install.rdf",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-malware-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\index",
"C:\\Users\\cuck\\Documents",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\F2BD0701B9399ABF52C338C39C42391FD12832D2",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Radioactive.CompanyLogo",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Pictures.library-ms",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\01B2BB0FC84221A3593CA7991D57E56AC2CAE656",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\F10983A15DD515D828BE4E816299B9E87852132A",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\EFE71EF03AD3DD79AAEBAA0A3F9596521CBA2FFE",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\persdict.dat",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-unwanted-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\71E6B979E60B9BE891481CC4F4A274E2DECFFCD7",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\EA9C51236A8D1BE9B123FE65F49772A97F2EAAEC",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-UC7KO.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Projekte",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\32D3D40B1A49D72C523AF9C518AFE673224DF48F",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\EFC872FB5405AFC377348FFCDD26E62BBB612D81",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\defaults\\preferences",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\permissions.sqlite-journal",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4DE8480C465A21C0F01AA2B6F4E13E551F78BBB1",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\AFE5FBBD40656A0DF79CF1E5D0A1DF072C6B9AE9",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-malware-proto.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\8763F97414AC5D93807FCCBC67DBAAAEE2972A52",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\F6C3C960F259CC3B54FF1DAD70E2F2E9E5020CA6",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-VQSLA.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\505DF13F4DA2C53FEB1945E0598B23F47FDBDCC7",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\F85DD1E57E8C61DF501ABFFCE74943A8035E83A6",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\extensions\\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi\\manifest.json",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\E9B5F1423155DB2E35FD739FC2008DB01C93DE1E",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\8C98F893C7DC5F2C401AD1482A81572B54197408",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-8V3S9.tmp",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\firefox@getpocket.com.xpi\\manifest.json",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\omni.ja",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\2918063365piupsah.files\\journals",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-malware-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\006309EAFFD4653F45B69F09BF6F930B6C5B394C",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4AFCE23AA61A96885DF21D2DE2FFB502C41EBD3C",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\639DC9A240AA5E77CE1A930EDDD634BE796CBFA8",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\0CDAD0FEE8D457A239E21FCEAC3C12851FD524BB",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\extensions.json",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-harmful-simple-1.sbstore",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Globe.CompanyLogo",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\911B0C61350C012E383F7D0845A33B4D64F1AD2A",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\2918063365piupsah.sqlite",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-unwanted-proto.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-unwanted-proto.metadata",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\E600EF8778C4BFEC40D87FF56E5C46E3377094F0",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-badbinurl-proto.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\16114BA75206B6FA4C51ADC8A73DB4C6635F6AF9",
"C:\\Program Files (x86)\\Mozilla Firefox",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\2F0CC71C57B06F9DEA5A4A190CC4CF489D97C1F4",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\mozstd-trackwhite-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\9B10ECC55593004CB6F9763CF9201C09433055FD",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-EGFKL.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\79AEB0050B19F23A061AD4C2045261954485EF33",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\WithLove.CompanyLogo",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\88A3A91F296EB21A832CB76FA4FDB06CCDE147B9",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\key4.db-journal",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\5014D54D3346C39B07AF70090657B2AD092771C7",
"C:\\Users\\cuck\\Desktop",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\6D0B804EDDF9F0A04ED44C3E1673404FC2EF042D",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\25FCAA86CF448D2943B56A5788C3C21E5EA8DBC4",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\places.sqlite",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-unwanted-proto.metadata",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage.sqlite",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Diagonal.CompanyLogo",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\BB03D28C0A5842A9006EBFBFCDEC58959BE6B505",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-harmful-simple.sbstore",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\activity-stream@mozilla.org.xpi",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\53B7A8254D12E292946E4514B3D598C1E6539AE8",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\doomed",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-NTJ3U.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Spaceboxes.CompanyLogo",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\70F12FE0F788181112B9AEE541D1E9E7E0FAEDE3",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\formautofill@mozilla.org.xpi",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-phish-proto.metadata",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-KHB0Q.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\723D2D7D52AD8AD9A4B8D12D69CBCD97CB4FFC65",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Floater.CompanyLogo",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\448A2AB129B26377E2408BBC44A6B4E984B0F25D",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\except-flash-digest256.pset",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\1657114595AmcateirvtiSty.sqlite-wal",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Seal.CompanyLogo",
"C:\\Users\\Public\\Documents",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-malware-simple.pset",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-0RQQ1.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\24C085D72E4DC34C183B0875733BBC71612D9696",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\block-flashsubdoc-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\3561288849sdhlie.files\\journals",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\symbols.dat",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\ABA24AAB8A9EA0E34C3E86EFD7EE2992CE614003"
],
"directory_enumerated": [
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\*",
"C:\\Users\\cuck\\AppData\\LocalLow\\Mozilla",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\*",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Stilvoll.CompanyLogo",
"C:\\Users\\cuck\\AppData\\LocalLow",
"C:\\Users\\cuck\\AppData",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Slim.CompanyLogo",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Extensions\\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\\*",
"C:\\Windows\\System32\\*",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Swish.CompanyLogo",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\WithLove.CompanyLogo",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Lua\\obj_lissajous.lua",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Lua\\cldbasics.lua",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\extensions\\*",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\archived\\*",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Lua\\obj_3d.lua",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\extensions\\*",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Lua\\obj_siegel.lua",
"C:\\Users\\cuck\\AppData\\Roaming\\Itsth\\Company Logo Designer\\cld.cfg",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Rotated Comic.CompanyLogo",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Lua\\obj_fract.lua",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\LightDome.CompanyLogo",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\is-1QMIS.tmp\\*",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Lua\\obj_base.lua",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Bookstore.CompanyLogo",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Sail.CompanyLogo",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\events\\*",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\saved-telemetry-pings\\*",
"C:\\Program Files (x86)\\Mozilla Firefox\\fonts\\*",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Deception.CompanyLogo",
"C:\\Users\\cuck\\AppData\\Roaming",
"C:\\Users",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\archived\\2018-06\\*",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\*",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Lua\\obj_real.lua",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\CutInRect.CompanyLogo",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Spaceboxes.CompanyLogo",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Lua\\obj_gen2lissa.lua",
"C:\\Program Files (x86)\\Mozilla Firefox\\defaults\\pref\\*",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\*",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\*",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\*",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\*.CompanyLogo",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\doomed\\*",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Pyramide.CompanyLogo",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Feathers.CompanyLogo",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Accent.CompanyLogo",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Puzzle.CompanyLogo",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Lua\\obj_2d.lua",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\GeneticSuccess.CompanyLogo",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Pending Pings\\*",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\unins???.*",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Floater.CompanyLogo",
"C:\\Windows\\*",
"C:\\*",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\*",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Vertical.CompanyLogo",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Seal.CompanyLogo",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Raster.CompanyLogo",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\*",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\ComplexSystem.CompanyLogo",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\crashes\\events\\*",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\symbols.box",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Lua\\obj_verlauf.lua",
"C:\\Users\\cuck",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Rays.CompanyLogo",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\*",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Globe.CompanyLogo",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\bookmarkbackups\\*",
"C:\\Program Files (x86)\\Mozilla Firefox\\firefox.exe",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\*",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Lua\\cldlib.lua",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\OddManTheory.CompanyLogo",
"C:\\Users\\cuck\\AppData\\Roaming\\Itsth\\Company Logo Designer\\_autosave.CompanyLogo",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Sektor.CompanyLogo",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\*",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\is-MNA02.tmp\\891abfbc1df80ee834d4790b35a3ad27723867dcfaa28deee423bf1ac3eab95b.tmp",
"C:\\Program Files (x86)\\Mozilla Firefox\\dictionaries\\*",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\is-1QMIS.tmp\\_isetup\\*",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Lua\\obj_genlissa.lua"
]
}Dropped
[
{
"yara": [],
"sha1": "8e63efe828376aa27e3cab4213d3c4c72ed4201b",
"name": "8b16252004bce9c7_1657114595AmcateirvtiSty.sqlite-shm",
"filepath": "C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\1657114595AmcateirvtiSty.sqlite-shm",
"type": "data",
"sha256": "8b16252004bce9c777e29976f6e39322ded4c526cb7d6a493d44b8a6ffd90afc",
"urls": [],
"crc32": "7CDE88FF",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10949\/files\/8b16252004bce9c7_1657114595AmcateirvtiSty.sqlite-shm",
"ssdeep": null,
"size": 32768,
"sha512": "2039aa8d1c1edfa7afa7a1a2af40b0362b68e02e37a7e52e75a71cb251987299753d3b0b4765365cd8261cd1416dbb5e27f26e7043d6577c042a129c47ec5d9b",
"pids": [],
"md5": "4d3df4fd87a570ba8054453620ffe8e4"
},
{
"yara": [],
"sha1": "6c6210bc9fc17d562dc534cc86a887b23e562736",
"name": "dcc418a7770384bd_goog-phish-proto.metadata",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-phish-proto.metadata",
"type": "data",
"sha256": "dcc418a7770384bd334020641728a0b3de630b541063318221c9777c408069d2",
"urls": [],
"crc32": "89C3F02D",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10949\/files\/dcc418a7770384bd_goog-phish-proto.metadata",
"ssdeep": null,
"size": 67,
"sha512": "917e795a38debf84a25306122b779ea42429b8db2d8e53cfa0428f368a1ed53b8b0341dd73f2ecb4364efc52418146d53c6be1d9f6d3e7f19fd7eb7b986fa651",
"pids": [],
"md5": "c4665c7a6d597a501392274a599af139"
},
{
"yara": [],
"sha1": "5c54ad3ff47c6b925e7ac17d361fe0fa60b9181e",
"name": "5525cbf8f8dc41d1_mozplugin-block-digest256.sbstore",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\mozplugin-block-digest256.sbstore",
"type": "data",
"sha256": "5525cbf8f8dc41d19ac632ed324e55293a510ae0eeba16d0e3f33c707aa58a0c",
"urls": [],
"crc32": "96B20E1D",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10949\/files\/5525cbf8f8dc41d1_mozplugin-block-digest256.sbstore",
"ssdeep": null,
"size": 3580,
"sha512": "1f72c01aa332a6e3fc5f966ed2b12534653bcacf2dc242850877961cc4c16ac3bd1846939d56ea6e230a71f336f4b37f67e0070dddb66d57bb51526de52819ca",
"pids": [],
"md5": "d6acf2573e12afdd7939568804d3fcc1"
},
{
"yara": [],
"sha1": "626187289cb56baedc46ae6400c6464f14c5d053",
"name": "7a2dfba37bef2aca_border.gif",
"filepath": "c:\\program files (x86)\\companylogodesigner\\border.gif",
"type": "GIF image data, version 89a, 580 x 40",
"sha256": "7a2dfba37bef2acab429dca7efc9453cb959bd5225da4322ea914746876bec8c",
"urls": [],
"crc32": "5874ABB2",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10949\/files\/7a2dfba37bef2aca_border.gif",
"ssdeep": null,
"size": 7661,
"sha512": "8d25df26e5bed7a31b6e68b7ce40ef2d6837a1d615c772f7cca24d02aff870837d9761f81a415d70565c44ebde0ed789533ed0adc5110fa365eaceffd79a30e8",
"pids": [
1676
],
"md5": "aeaf2db8277aeafe166f4d3620a3d700"
},
{
"yara": [],
"sha1": "8b3600e108eff51aed85ae9eddea7783e63e037b",
"name": "ab9583a92cd420a2_pyramide.companylogo",
"filepath": "c:\\program files (x86)\\companylogodesigner\\vorlagen\\pyramide.companylogo",
"type": "data",
"sha256": "ab9583a92cd420a211f191a0975b5696570a79dc1e0dd0c9cde433ffe40c06df",
"urls": [],
"crc32": "A13B25E1",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10949\/files\/ab9583a92cd420a2_pyramide.companylogo",
"ssdeep": null,
"size": 2377,
"sha512": "89c3c630e2b38b1daf824c7c896ba08c7c356867473370852e20cd8809030a0ec15467d84e4e624922afd1e67f6a5ae66767f4db3a5994f1b91016fb8c989016",
"pids": [
1676
],
"md5": "a694149e0813996a13b2868652740542"
},
{
"yara": [],
"sha1": "6fcab0c408a8b88b4cbf9cb1818831d498a45967",
"name": "edcfcac906d7124a_xulstore.json",
"filepath": "C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\xulstore.json",
"type": "ASCII text, with no line terminators",
"sha256": "edcfcac906d7124a328886aa1aa94be512206cfe899d8c79d5a096a3992cebb3",
"urls": [],
"crc32": "B8524E16",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10949\/files\/edcfcac906d7124a_xulstore.json",
"ssdeep": null,
"size": 214,
"sha512": "b90b6d11c28a18f7dd4f1a77208b5e9271d5cb9616515a4b2719a0904d5e45c60621310398139c9059f87409761f6a6bec2f67300be888220a3de3a5b2ada22b",
"pids": [],
"md5": "d75474380a8808b0b81e58cf63708eb2"
},
{
"yara": [],
"sha1": "9b01b55e0bdaf7c74e5224136de0fc3f3adec403",
"name": "462a6212a9e62dfa_rollercoaster.companylogo",
"filepath": "c:\\program files (x86)\\companylogodesigner\\vorlagen\\rollercoaster.companylogo",
"type": "GLS_BINARY_LSB_FIRST",
"sha256": "462a6212a9e62dfae8751bd37409883ef25a40c8b6b86e47100735238133af3d",
"urls": [],
"crc32": "DB426C86",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10949\/files\/462a6212a9e62dfa_rollercoaster.companylogo",
"ssdeep": null,
"size": 2512,
"sha512": "1781b8666304d6cc675c88ad520829fb1f04417b04fcb2ddabe4a9e32f3b515725d2b8eea5c6a4abb8546df66dfc76ea862cf75036fd4cd1521eea3bfc43d94c",
"pids": [
1676
],
"md5": "d7a7ee0348ac5b678924b7e8b4095032"
},
{
"yara": [],
"sha1": "8711844a41a4ace77ba0a01a4d3af2b2e59e6a75",
"name": "23d108134bed6099_test-malware-simple.sbstore",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-malware-simple.sbstore",
"type": "data",
"sha256": "23d108134bed6099793f7dd6b8b6e62081ec3b945efdbc7c5e0e779fd9b82f98",
"urls": [],
"crc32": "CAE3DB42",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10949\/files\/23d108134bed6099_test-malware-simple.sbstore",
"ssdeep": null,
"size": 232,
"sha512": "9344ca1456e1e74a4dac833e0af55db9730f8ab2954a855b4a775a938b2055c86eff367f25bae80f2ffea45acebade10a8347add18222e715620dd864f2d8e4f",
"pids": [
2868
],
"md5": "3675254e341df799d4307c1f59109185"
},
{
"yara": [],
"sha1": "d5f53db9eadd7dd65cff224f91b427fe0c46c17b",
"name": "a5fe98b92bcbef9d_sektor.companylogo",
"filepath": "c:\\program files (x86)\\companylogodesigner\\vorlagen\\sektor.companylogo",
"type": "data",
"sha256": "a5fe98b92bcbef9d6b09af7794f594549c601d4d6267b58ed66dba6ca75b2603",
"urls": [],
"crc32": "3B0E042B",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10949\/files\/a5fe98b92bcbef9d_sektor.companylogo",
"ssdeep": null,
"size": 2541,
"sha512": "7ffffa232fd1caf188295a3025959393d4205293924870f30111de75e6415d2c791224b391e83ac986d0d685b4a5440bbbbfe25c386b150be9131a75d33ae377",
"pids": [
1676
],
"md5": "721af62abf075967b079ca3704472cd4"
},
{
"yara": [],
"sha1": "f05dc6cddfd1173aa37a31957acf8c201ac12fd7",
"name": "bcd6a4747f4521ac_globe.companylogo",
"filepath": "c:\\program files (x86)\\companylogodesigner\\vorlagen\\globe.companylogo",
"type": "data",
"sha256": "bcd6a4747f4521ac14ab9ff1e282294a325c3901b2ee49ff7e27e50d50eb3a3d",
"urls": [],
"crc32": "D7AFE5F0",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10949\/files\/bcd6a4747f4521ac_globe.companylogo",
"ssdeep": null,
"size": 2241,
"sha512": "b24e7ddf678177ff0e5fcda600b8353919aa73ef1194c2f8c3322c73cc9cc14bbc2a2000a0a323062b8505bf0ebd1efc70b95163b807b90baad00b586205fb9d",
"pids": [
1676
],
"md5": "1a53d6591a15d2026eb33e0e247a8494"
},
{
"yara": [],
"sha1": "cecdd4c4dcae10c2ffc8eb938121b6231de48cd3",
"name": "078648c042b9b084_store.json.mozlz4",
"filepath": "c:\\users\\cuck\\appdata\\roaming\\mozilla\\firefox\\profiles\\74r5sasm.default\\crashes\\store.json.mozlz4",
"type": "data",
"sha256": "078648c042b9b08483ce246b7f01371072541a2e90d1beb0c8009a6118cbd965",
"urls": [],
"crc32": "A332ED7E",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10949\/files\/078648c042b9b084_store.json.mozlz4",
"ssdeep": null,
"size": 66,
"sha512": "d950227ac83f4e8246d73f9f35c19e88ce65d0ca5f1ef8ccbb02ed6efc66b1b7e683e2ba0200279d7ca4b49831fd8c3ceb0584265b10accff2611ec1ca8c0c6c",
"pids": [
2868
],
"md5": "a6338865eb252d0ef8fcf11fa9af3f0d"
},
{
"yara": [],
"sha1": "4a048281a4b3cc01417d3094daea116246c27673",
"name": "fd2b008f4d1966f4_symbols.dat",
"filepath": "c:\\program files (x86)\\companylogodesigner\\symbols.dat",
"type": "data",
"sha256": "fd2b008f4d1966f4899bac8dcc4388699384adcecc23c5d02ae3e0d057f2fa24",
"urls": [],
"crc32": "80863FA8",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10949\/files\/fd2b008f4d1966f4_symbols.dat",
"ssdeep": null,
"size": 1024,
"sha512": "524ad207050c1d54dea0785bfbccacb0b2705fd117abe64a4a580cf0adea7764aaa6c90c543c16326288d9a8fb1981f6d89053d3d124f51b9f65c9d2b2d7e292",
"pids": [
1676
],
"md5": "d46f3f6dc2643df8a75cdc86eaa47397"
},
{
"yara": [],
"sha1": "8f2a7ec4e3095964e0ca3bc895b07840af3cbff0",
"name": "474f5243638f8e64_circle.companylogo",
"filepath": "c:\\program files (x86)\\companylogodesigner\\vorlagen\\circle.companylogo",
"type": "data",
"sha256": "474f5243638f8e645738f79e4cc2a4262b6926f8647745eb11956dcf725a6a3d",
"urls": [],
"crc32": "343C1333",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10949\/files\/474f5243638f8e64_circle.companylogo",
"ssdeep": null,
"size": 6328,
"sha512": "2d83069654c63000e43518bff1545aef22eae7b269f86a0b7953720425b694e8f291ba3790a2686e7e6a1ca6dffd7f0c18d49023e77f96ae9c3a00aaf28add13",
"pids": [
1676
],
"md5": "067ac5308a6a25afbf4af1148541b284"
},
{
"yara": [],
"sha1": "8b8a132ffac6847ee62c1f5cdb4ac1b01086a7d3",
"name": "e10a6794978e417d_session-state.json",
"filepath": "C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\session-state.json",
"type": "ASCII text, with no line terminators",
"sha256": "e10a6794978e417d8450cf2fe7f95a9c644f4c7ff75c8f31f6a704e6622029df",
"urls": [],
"crc32": "D50BA0C3",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10949\/files\/e10a6794978e417d_session-state.json",
"ssdeep": null,
"size": 161,
"sha512": "7524bf8eaa58bbcb74e2df47a91064ec44a5f0d421476fb8d251bd30fad79bff77b32be56fa940f84522a6cb3201ab3df031beffafd3ad59048e620dce525880",
"pids": [],
"md5": "1f6cbe9d2ac01eaf6bd263b1e8a16d15"
},
{
"yara": [],
"sha1": "e1d0a2cde1abead41c9f7f663e5f514737c62c15",
"name": "016afbe1017689eb_unins000.dat",
"filepath": "C:\\Program Files (x86)\\CompanyLogoDesigner\\unins000.dat",
"type": "data",
"sha256": "016afbe1017689eb2801a363869d484ba1382739d258c0a1ecf93da83611370e",
"urls": [],
"crc32": "1B064E1D",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10949\/files\/016afbe1017689eb_unins000.dat",
"ssdeep": null,
"size": 10140,
"sha512": "25b58ab84440a8fe46156d5f0062452cb8a1c643f6cd3d2cd48e2c78891b72cd068f8f7fbc8a229b2a627bb335a2d2c229054f828f842db2ab80a953a3b1510b",
"pids": [
1676
],
"md5": "54ea9a4650511113efaff95da9512ad1"
},
{
"yara": [],
"sha1": "12c98cdb581926efdec097e0d2a732fac947214c",
"name": "890f668df05b63d6_geneticsuccess.companylogo",
"filepath": "c:\\program files (x86)\\companylogodesigner\\vorlagen\\geneticsuccess.companylogo",
"type": "data",
"sha256": "890f668df05b63d67dcf26ca05701fde23e70d15b08a507f17a8e84152df8a21",
"urls": [
"http:\/\/www.itsth.de"
],
"crc32": "13302D57",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10949\/files\/890f668df05b63d6_geneticsuccess.companylogo",
"ssdeep": null,
"size": 2511,
"sha512": "5b6a93490a83df0c67061aafb97b59036d79b679cbb1e2c091c6686448e765bbfa2aeb2b1ec97c91860c712407fed18af375d2951c36283fd9bdc0e1e3933678",
"pids": [
1676
],
"md5": "8b53a48e2f84ed5378424afbba70f28a"
},
{
"yara": [],
"sha1": "fc2acf66748d1e7138ce85d01b30f5e6020560c9",
"name": "a13174f20dde2249_addons.json",
"filepath": "C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\addons.json",
"type": "ASCII text, with no line terminators",
"sha256": "a13174f20dde2249a49853d6eae20f07ffc4ddf1e3007ab3e4911e511ecffc1c",
"urls": [],
"crc32": "92029A63",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10949\/files\/a13174f20dde2249_addons.json",
"ssdeep": null,
"size": 45,
"sha512": "8ad0afcaf6604f5524a63af94472137549df1ad01a448b46459c754e9059ba5d253218b4a3f17ebe290934662559bc261133824a17830e38daae3a52aa720e02",
"pids": [],
"md5": "55b5026150dc3a60d07b8bea2ae0f983"
},
{
"yara": [],
"sha1": "10c66032c5acac22d70670b9302437141e6371ef",
"name": "1e13d05d482c3d53_test-phish-simple.sbstore",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-phish-simple.sbstore",
"type": "data",
"sha256": "1e13d05d482c3d533dc6035af2b2d6e84749412a5748d1435b70cec8b312340b",
"urls": [],
"crc32": "D5EBE34A",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10949\/files\/1e13d05d482c3d53_test-phish-simple.sbstore",
"ssdeep": null,
"size": 232,
"sha512": "ae2f35c0549c26251053689c90ce831f0c5742d6f7c1dc13482560b02fb4a6029f107e472fcb26bf41b4e89e47559490f5da049d5b51864a3c4c2c2ae3f588c2",
"pids": [
2868
],
"md5": "3d1ce5e50208f0cb3b979186043a548f"
},
{
"yara": [
{
"meta": {
"description": "Possibly employs anti-virtualization techniques",
"author": "nex"
},
"name": "vmdetect",
"offsets": {
"virtualbox8": [
[
7271,
0
]
]
},
"strings": [
"VkJPWCBIQVJERElTSw=="
]
}
],
"sha1": "40a3711f4efe6c8508a5c6639becc164dafcde5d",
"name": "c051dc0c554da7fc_1529094127660.769b1bb0-a4dd-45df-94dc-162afa98b7dc.first-shutdown.jsonlz4",
"filepath": "C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\archived\\2018-06\\1529094127660.769b1bb0-a4dd-45df-94dc-162afa98b7dc.first-shutdown.jsonlz4",
"type": "data",
"sha256": "c051dc0c554da7fc37a6cae1c8237edede90b9b9347364abc8f3ae938224a56f",
"urls": [
"https:\/\/hg."
],
"crc32": "46832564",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10949\/files\/c051dc0c554da7fc_1529094127660.769b1bb0-a4dd-45df-94dc-162afa98b7dc.first-shutdown.jsonlz4",
"ssdeep": null,
"size": 9016,
"sha512": "5a775191306d23f388d29074eaa7ac41bea79fbc638b5a8f600e913d498fcde30cb5611096b8d048a0d7bec04c735bc2d2714342e32f3e9afab213d82c8dc80d",
"pids": [],
"md5": "eab01f3f3320def39de31945729d6e73"
},
{
"yara": [],
"sha1": "92610368801cb5728f6338e27cfcd401e6d77395",
"name": "3660981f8e47c8bf_bookstore.companylogo",
"filepath": "c:\\program files (x86)\\companylogodesigner\\vorlagen\\bookstore.companylogo",
"type": "GLS_BINARY_LSB_FIRST",
"sha256": "3660981f8e47c8bfa189dc843b7eafd6c924bab1c1d0731b84aabbbb0207c237",
"urls": [],
"crc32": "259204E4",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10949\/files\/3660981f8e47c8bf_bookstore.companylogo",
"ssdeep": null,
"size": 2504,
"sha512": "5670f3fbad3ea129152564c9d33b1a70f7f7620a62af5faad5b3415e1e625545bdc49fd3db9cb4ff624055221fc8515e0a08ce8653976aba1d2467aebb69b45b",
"pids": [
1676
],
"md5": "5f092d5f884683287e5f9877382b75f7"
},
{
"yara": [],
"sha1": "a33d2d80d8c79cc49e6467d53bad367880ea2f63",
"name": "6e58444dd05142b7_raster.companylogo",
"filepath": "c:\\program files (x86)\\companylogodesigner\\vorlagen\\raster.companylogo",
"type": "GLS_BINARY_LSB_FIRST",
"sha256": "6e58444dd05142b7733ab07a44d6473dbe8fa94f0d227a112a5f54540f43039c",
"urls": [],
"crc32": "2C9412CD",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10949\/files\/6e58444dd05142b7_raster.companylogo",
"ssdeep": null,
"size": 2236,
"sha512": "e8cf5f60931781932a0e3d534b4810d56b3d1c7531fd07b9ce3cf34fdedd5422db67e482cb6b454b0490a835165213e329cd8c22a50135a7c1bdb0838f0563ee",
"pids": [
1676
],
"md5": "d8b305f0b78c2f48af70f8e6d20ec0d4"
},
{
"yara": [],
"sha1": "b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a",
"name": "792955295ae9c382_sessionCheckpoints.json",
"filepath": "C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\sessionCheckpoints.json",
"type": "ASCII text, with no line terminators",
"sha256": "792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da",
"urls": [],
"crc32": "697BBACB",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10949\/files\/792955295ae9c382_sessionCheckpoints.json",
"ssdeep": null,
"size": 53,
"sha512": "076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19",
"pids": [
2868
],
"md5": "ea8b62857dfdbd3d0be7d7e4a954ec9a"
},
{
"yara": [],
"sha1": "6956aab8933001c89d836eb00b75c1e4533fcfd1",
"name": "2dd9e987b3514715_exotic.companylogo",
"filepath": "c:\\program files (x86)\\companylogodesigner\\vorlagen\\exotic.companylogo",
"type": "data",
"sha256": "2dd9e987b3514715148596b720a8dac4dda3619bfc58959ea31349ec6869a5ef",
"urls": [],
"crc32": "B506ED26",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10949\/files\/2dd9e987b3514715_exotic.companylogo",
"ssdeep": null,
"size": 10552,
"sha512": "86442abdb26a2ccc29e2c7bee34860f81206d8328da32a0a794c7b5facb8169e897b18cb585e1cda1e88120d71677f965153c0967ed3ddd476cd3f1ae5ecef90",
"pids": [
1676
],
"md5": "f25308178b616616673dea581ff91ccb"
},
{
"yara": [],
"sha1": "644a6953aef39f454344cd14c8a0634650f4cb99",
"name": "dafc5c39a807ed54_brief3.rtf",
"filepath": "c:\\program files (x86)\\companylogodesigner\\extras\\brief3.rtf",
"type": "Rich Text Format data, version 1, ANSI",
"sha256": "dafc5c39a807ed54ca8f26bca9537d1c47453769ffce4f506c48f2c5cdf9ae51",
"urls": [],
"crc32": "65101603",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10949\/files\/dafc5c39a807ed54_brief3.rtf",
"ssdeep": null,
"size": 13185,
"sha512": "7b3b39d1d591bf8478e9faee28251bf02d556c15af198a40f277fdcc726fa7b3c9284bbf49d7d83408413dd05a5c0ffcf1855e2cdd452a439a83455a0059a0e8",
"pids": [
1676
],
"md5": "7897dac8a46e00cc5315960e9631d8aa"
},
{
"yara": [],
"sha1": "583cee3ead156e20503ebbab377b4e10c44842f6",
"name": "e52a419d03f3b4cf_fireball.companylogo",
"filepath": "c:\\program files (x86)\\companylogodesigner\\vorlagen\\fireball.companylogo",
"type": "data",
"sha256": "e52a419d03f3b4cf8346c7b857147339fc6795a2e67d57ae9d5f644b31663e72",
"urls": [],
"crc32": "F4BBBB28",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10949\/files\/e52a419d03f3b4cf_fireball.companylogo",
"ssdeep": null,
"size": 2156,
"sha512": "707b8972c45f7ecb9d4ed42890ef71485af0fe473e158ed01e83f42cb9b58976404c56c47847d744fe740a8f2b045c7388955bd7c467e0655e4764a6c833349f",
"pids": [
1676
],
"md5": "68274fa10fc35e137288e31a0f9ca850"
},
{
"yara": [],
"sha1": "6a19d8387c8c1c5707c672f3f435d768ba7da4e7",
"name": "424832357f5f522e_slim.companylogo",
"filepath": "c:\\program files (x86)\\companylogodesigner\\vorlagen\\slim.companylogo",
"type": "data",
"sha256": "424832357f5f522e5f686048bd70afa83fe001043705bdfed1ec2f0066fe9e33",
"urls": [],
"crc32": "2678E908",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10949\/files\/424832357f5f522e_slim.companylogo",
"ssdeep": null,
"size": 3611,
"sha512": "1de1e9e70331ad96fab42aaf9aac3ebb61fab0145f99a9476741a9d32a07b56af85ef7bd9ac2f62c076eec40bee78f11d8160d02f613c994affce4aa9229dedd",
"pids": [
1676
],
"md5": "47431a481052626096857aaadcc24bf6"
},
{
"yara": [],
"sha1": "336622186c4517e96345b0d6069ad377a3fa4cf6",
"name": "297e7e656116de75_page2.htm",
"filepath": "c:\\program files (x86)\\companylogodesigner\\extras\\page2.htm",
"type": "HTML document, ASCII text, with CRLF line terminators",
"sha256": "297e7e656116de752df2c191723e17153ebb5241e79ece38ba75deb12f607f93",
"urls": [],
"crc32": "D5CD0729",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10949\/files\/297e7e656116de75_page2.htm",
"ssdeep": null,
"size": 599,
"sha512": "725e617c2ec2dae5b8113fa9c5c7361df90e0d634e1b97770a287b6e2494e1db0d336ef189ffcce6eeb7e2bd32ba0638b1167b6c84d376af407c60dbcfad487c",
"pids": [
1676
],
"md5": "1a3d4937490cd79870c3e2c1c90bbd06"
},
{
"yara": [],
"sha1": "2ec32e2f8254df0d48a70da86d117e9b37c9151e",
"name": "f4b128aa56ba58cb_cld.cfg",
"filepath": "C:\\Users\\cuck\\AppData\\Roaming\\Itsth\\Company Logo Designer\\cld.cfg",
"type": "data",
"sha256": "f4b128aa56ba58cbd0d7f23387a8b3c8feb0018c4c16578f9883cc79afc1cc8d",
"urls": [],
"crc32": "E649CB85",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10949\/files\/f4b128aa56ba58cb_cld.cfg",
"ssdeep": null,
"size": 877,
"sha512": "2bef32dfea89dd19e1bc28d667be2b6aed13143e5f131ef321c073cf2fc2cc29649abb3fda0afcb3f6c3838f37d5ab2f9795c6958adb4288922de5f9f32d1f4e",
"pids": [
560
],
"md5": "db3c5b818ed1f33a9995336a1c16566b"
},
{
"yara": [],
"sha1": "daabb0d0949376f5020b0ab2b9ca91c77dcbbb1d",
"name": "e760f10f5d21907d_innamegap.companylogo",
"filepath": "c:\\program files (x86)\\companylogodesigner\\vorlagen\\innamegap.companylogo",
"type": "data",
"sha256": "e760f10f5d21907d9794b220e1ac1d19060efcb0018246b4422e0bd30f668efd",
"urls": [],
"crc32": "449A9435",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10949\/files\/e760f10f5d21907d_innamegap.companylogo",
"ssdeep": null,
"size": 3008,
"sha512": "7c1c0a18c0b66e84b90fb5270ab26da03bb313cea2de6bfe67487acf034587335a398372a9a415c4d1a47de2ca98a422f2282d718b6996eda1bf54f420ac18f6",
"pids": [
1676
],
"md5": "a85c6c16bec79c97d3d8d19cc5197324"
},
{
"yara": [],
"sha1": "48c6599f6879e2145a1237eb6ec94dcf7ce4459b",
"name": "701f037862ad9d06_shockwave.companylogo",
"filepath": "c:\\program files (x86)\\companylogodesigner\\vorlagen\\shockwave.companylogo",
"type": "data",
"sha256": "701f037862ad9d063ea4df8e6315a95b8e8a08e72cf671954bd12c539c175962",
"urls": [],
"crc32": "163943C5",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10949\/files\/701f037862ad9d06_shockwave.companylogo",
"ssdeep": null,
"size": 4559,
"sha512": "4393deb2c0f63cadbd86107743921381262e336b13524e268901aa0aa5cb7b2493462f0cc25cb2460901fe2e94912d41617f9a47b57d03b33d43cf396fa6e0dd",
"pids": [
1676
],
"md5": "8d989e3eb3bd146b3fddf2be0dab3ce0"
},
{
"yara": [],
"sha1": "a30d26cee0f69fa67bf9e60ba692f4831373cc07",
"name": "0806d98fb3de55f7_test-harmful-simple.sbstore",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-harmful-simple.sbstore",
"type": "data",
"sha256": "0806d98fb3de55f75d7c0b17e26146567e08c483031526659a4a35d09b97ef19",
"urls": [],
"crc32": "B9D2E9EA",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10949\/files\/0806d98fb3de55f7_test-harmful-simple.sbstore",
"ssdeep": null,
"size": 232,
"sha512": "add2d3c503616070f056ea4e3a64fb54a2d8e75af8fd5d9f1f8ee6b72a1d548fd4ab7d4a3256e4a6f4e1422631439db62b251ee3f9d07b38a612aff5e58936d5",
"pids": [
2868
],
"md5": "051fb32dece757ba112ac36dc72e3a91"
},
{
"yara": [],
"sha1": "59b4479e46eebc984f6398facb41eb897625bd7b",
"name": "c81313eb3febff81_goog-unwanted-proto.metadata",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-unwanted-proto.metadata",
"type": "data",
"sha256": "c81313eb3febff8104f05785a1f00b0f3863d7145c7938abd7c1f77b46ff0d7c",
"urls": [],
"crc32": "5D853F5E",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10949\/files\/c81313eb3febff81_goog-unwanted-proto.metadata",
"ssdeep": null,
"size": 67,
"sha512": "de7f5780309d61d156c849b9821324880925d0bc02f94eabe037e53f457c0c2b60af31e4cbd0df6762fb5d6cfa977de4fb602a74f2bd4a5a744f7c531709e283",
"pids": [],
"md5": "b7d48a5d1458c835a2c6fb8961d165d1"
},
{
"yara": [],
"sha1": "78d637d20e374db282a4f1b55c8ee4d60176f0c4",
"name": "5af474211dea323c_unins000.exe",
"filepath": "c:\\program files (x86)\\companylogodesigner\\unins000.exe",
"type": "PE32 executable (GUI) Intel 80386, for MS Windows",
"sha256": "5af474211dea323c8c83f29f119728ffd1dc62ab0e4b7b2834948dea0f15d728",
"urls": [
"http:\/\/www.remobjects.com\/ps",
"http:\/\/www.innosetup.com\/"
],
"crc32": "8ECF4201",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10949\/files\/5af474211dea323c_unins000.exe",
"ssdeep": null,
"size": 774942,
"sha512": "cf2af240ec11f4b0c954447a72ab529ebc98772783a7dbbb3322b93a6211c07ce999a751515b8656427d8dc440e10a508aedc6d84a27549cc7edf096555c726b",
"pids": [
1676
],
"md5": "9ebcd07ae8e8ecfbe3e3bc55d9ccec1d"
},
{
"yara": [],
"sha1": "d2ebaa9791e8ae18f65d292c160891477edb810a",
"name": "e02829316e2570bd_cutinrect.companylogo",
"filepath": "c:\\program files (x86)\\companylogodesigner\\vorlagen\\cutinrect.companylogo",
"type": "data",
"sha256": "e02829316e2570bde1d28356bde6864a59167171c52b2c184e51cb219f233f19",
"urls": [],
"crc32": "68E09685",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10949\/files\/e02829316e2570bd_cutinrect.companylogo",
"ssdeep": null,
"size": 3008,
"sha512": "6dab32755b82e8e451f2e3c28ef983c4fa6ca2ac1af8ed0dcf9828fdde87f0ea798758283f34155c84ab21ac3839e313aa360ac60c1d1213ae18c1d61108e737",
"pids": [
1676
],
"md5": "f0ee5c808485118af1acdbe4d8dd16ba"
},
{
"yara": [],
"sha1": "3e89ff837147c16b4e41c30d6c796374e0b8e62c",
"name": "9884e9d1b4f8a873__shfoldr.dll",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\is-1QMIS.tmp\\_isetup\\_shfoldr.dll",
"type": "PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows",
"sha256": "9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87",
"urls": [],
"crc32": "AE2C3EC2",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10949\/files\/9884e9d1b4f8a873__shfoldr.dll",
"ssdeep": null,
"size": 23312,
"sha512": "9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3",
"pids": [
1676
],
"md5": "92dc6ef532fbb4a5c3201469a5b5eb63"
},
{
"yara": [],
"sha1": "fff3e7cd99def051aaddea4280f7d169b08b765c",
"name": "0185b2241fee7b2c_overlap.companylogo",
"filepath": "c:\\program files (x86)\\companylogodesigner\\vorlagen\\overlap.companylogo",
"type": "GLS_BINARY_LSB_FIRST",
"sha256": "0185b2241fee7b2c74cd346ddcbce6e428499edd0e100261c8e85adc945c381c",
"urls": [],
"crc32": "557E9A7D",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10949\/files\/0185b2241fee7b2c_overlap.companylogo",
"ssdeep": null,
"size": 4508,
"sha512": "4c518ff4c84cd2173c45f4492eafb0f7a5703e39387ec576a7fdc2899d70ad4327aa55bb6e5dc5fc2077e1f5091ea9eac77b6be762c2a08fdeaebf0f95430ddc",
"pids": [
1676
],
"md5": "90e619df5d0d75aecb78a1f2615a7a1f"
},
{
"yara": [],
"sha1": "cc203ae19c417af4829473617db85b20eb0fa144",
"name": "87464d369bff02b4_simpel.companylogo",
"filepath": "c:\\program files (x86)\\companylogodesigner\\vorlagen\\simpel.companylogo",
"type": "data",
"sha256": "87464d369bff02b4af07d028fe1c878c57fa163c5a300feee60b2e5cc7d24539",
"urls": [],
"crc32": "77ACF824",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10949\/files\/87464d369bff02b4_simpel.companylogo",
"ssdeep": null,
"size": 2882,
"sha512": "c4c51dfd178ae9c6a33813bc53300da959a8fe092322267eb6c3dfd597bfe9b447cb3af1aaaacd635238d38e26bab803dd4cd17c24c7d392b5f6e5b2de0339c1",
"pids": [
1676
],
"md5": "e912aa3d07712cae28d27f315102fbbb"
},
{
"yara": [
{
"meta": {
"description": "Possibly employs anti-virtualization techniques",
"author": "nex"
},
"name": "vmdetect",
"offsets": {
"virtualbox8": [
[
929,
0
]
]
},
"strings": [
"VkJPWCBIQVJERElTSw=="
]
}
],
"sha1": "ce3fe1e80840165befc660fb4bba1c198946799f",
"name": "022799133a65ecd8_1529094127628.b6c0f8ae-6867-461f-8b4e-0e5ad121f572.new-profile.jsonlz4",
"filepath": "C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\archived\\2018-06\\1529094127628.b6c0f8ae-6867-461f-8b4e-0e5ad121f572.new-profile.jsonlz4",
"type": "data",
"sha256": "022799133a65ecd86de230909d6341781fad6a843e19c236be5a27773945dc00",
"urls": [
"https:\/\/www."
],
"crc32": "C1DAD3BA",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10949\/files\/022799133a65ecd8_1529094127628.b6c0f8ae-6867-461f-8b4e-0e5ad121f572.new-profile.jsonlz4",
"ssdeep": null,
"size": 2932,
"sha512": "03655abe57aa03d61be0236af8fd0b87525aeff54e8f09afcecd0038ab66159dbe346316fb86576bc46983f8bb48b7c4913ed29e01c2d5f86e8c70d95d90d3d1",
"pids": [],
"md5": "7b9675d3ffb3336853453e069b8cbf54"
},
{
"yara": [],
"sha1": "5942cd6505fc8a9daba403b082067e1cdefdfbc4",
"name": "00ad9799527c3fd2_sessioncheckpoints.json",
"filepath": "c:\\users\\cuck\\appdata\\roaming\\mozilla\\firefox\\profiles\\74r5sasm.default\\sessioncheckpoints.json",
"type": "ASCII text, with no line terminators",
"sha256": "00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2",
"urls": [],
"crc32": "B270EB94",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10949\/files\/00ad9799527c3fd2_sessioncheckpoints.json",
"ssdeep": null,
"size": 90,
"sha512": "71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2",
"pids": [
2868
],
"md5": "c4ab2ee59ca41b6d6a6ea911f35bdc00"
},
{
"yara": [],
"sha1": "da39a3ee5e6b4b0d3255bfef95601890afd80709",
"name": "e3b0c44298fc1c14_cookies.sqlite-wal",
"type": "empty",
"sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855",
"urls": [],
"crc32": "00000000",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10949\/files\/e3b0c44298fc1c14_cookies.sqlite-wal",
"ssdeep": null,
"size": 0,
"sha512": "cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e",
"md5": "d41d8cd98f00b204e9800998ecf8427e"
},
{
"yara": [],
"sha1": "43358d010e72f44cc14d917011848befe5643df8",
"name": "39a526c3c122d999_scriptcache.bin",
"filepath": "c:\\users\\cuck\\appdata\\local\\mozilla\\firefox\\profiles\\74r5sasm.default\\startupcache\\scriptcache.bin",
"type": "data",
"sha256": "39a526c3c122d999cb708fd86d271dd51bdee7c33620d961fac6e7059576c95a",
"urls": [
"https:\/\/bugzilla.mozilla.org\/show_bug.cgi?id=1100294",
"http:\/\/www.mozilla.org\/keymaster\/gatekeeper\/there.is.only.xul",
"https:\/\/bugzilla.mozilla.org\/show_bug.cgi?id=1238180",
"http:\/\/www.mozilla.org\/2006\/browser\/search\/",
"https:\/\/discovery.addons.mozilla.org",
"https:\/\/hg.mozilla.org\/releases\/mozilla-release\/rev\/a0b222c551f586904f51228c49149d9b6b7e2a81",
"https:\/\/bugzilla.mozilla.org\/show_bug.cgi?id=1243643",
"http:\/\/www.mozilla.org\/keymaster\/gatekeeper\/there.is.only.xulY",
"http:\/\/a9.com\/-\/spec\/opensearchdescription\/1.1\/_",
"https:\/\/discovery.addons-dev.allizom.org",
"https:\/\/support.mozilla.org\/kb\/warning-unresponsive-script",
"http:\/\/a9.com\/-\/spec\/opensearch\/1.1\/_",
"http:\/\/www.mozilla.org\/2005\/app-update",
"http:\/\/www.mozilla.org\/newlayout\/xml\/parsererror.xmlc",
"http:\/\/a9.com\/-\/spec\/opensearchdescription\/1.0\/",
"http:\/\/www.mozilla.org\/2006\/addons-blocklist",
"http:\/\/a9.com\/-\/spec\/opensearch\/1.0\/I",
"https:\/\/screenshots.firefox.com\/",
"https:\/\/developer.mozilla.org\/docs\/JavaScript_OS.File",
"https:\/\/discovery.addons.allizom.orgQ",
"http:\/\/www.mozilla.org\/2005\/app-updateW",
"http:\/\/www.openh264.org\/",
"http:\/\/example.com",
"https:\/\/support.mozilla.org\/kb\/reset-firefox-easily-fix-most-problems",
"http:\/\/www.mozilla.org\/keymaster\/gatekeeper\/there.is.only.xul\/",
"https:\/\/support.mozilla.org\/kb\/flash-protected-mode-autodisabled",
"http:\/\/www.mozilla.org\/2006\/addons-blocklisti",
"https:\/\/developer.mozilla.org\/en-US\/docs\/JavaScript_OS.File\/OS.File.Info",
"https:\/\/www.google.com\/policies\/privacy\/3",
"https:\/\/developer.mozilla.org\/en-US\/docs\/XPCOM_Interface_Reference\/nsIBrowserSearchService",
"https:\/\/www.widevine.com\/"
],
"crc32": "1F875134",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10949\/files\/39a526c3c122d999_scriptcache.bin",
"ssdeep": null,
"size": 5157781,
"sha512": "6efe8a33d0ff97feb7bd53471d7237c0a55ead925fefb59e1e4038d03662d6c7503133bfff262ed63d275d36410aedac2598abfbf9f17a165640bbcb9b44f108",
"pids": [
2868
],
"md5": "63ef9f64492859f47e9d381acb0fa208"
},
{
"yara": [],
"sha1": "7eb1bd8b4fc65b7fa43cafeaef5f7180dcf40300",
"name": "0dae525eb83da957_xulstore.json",
"filepath": "c:\\users\\cuck\\appdata\\roaming\\mozilla\\firefox\\profiles\\74r5sasm.default\\xulstore.json",
"type": "ASCII text, with no line terminators",
"sha256": "0dae525eb83da9573c5e45e6fc33935b558660e0209251c3e08508976cb1d245",
"urls": [],
"crc32": "75342AC6",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10949\/files\/0dae525eb83da957_xulstore.json",
"ssdeep": null,
"size": 185,
"sha512": "e4a9d2e5d51f9f5db337fddcc836dc27ce338e0a2e98c703871635b2250c3822547e0bf335de683b96af8dfbf7f2fdabe1fa7ec44076f41a956d56d7b67645f8",
"pids": [
2868
],
"md5": "b82266191585c3f6e488fa2a835b54ce"
},
{
"yara": [],
"sha1": "4188442577fa77f25820d9b2d01cc446e30684ac",
"name": "4cbbd8ca5215b8d1_allow-flashallow-digest256.pset",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\allow-flashallow-digest256.pset",
"type": "data",
"sha256": "4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0",
"urls": [],
"crc32": "42D3DAC4",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10949\/files\/4cbbd8ca5215b8d1_allow-flashallow-digest256.pset",
"ssdeep": null,
"size": 16,
"sha512": "6fcee9a7b7a7b821d241c03c82377928bc6882e7a08c78a4221199bfa220cdc55212273018ee613317c8293bb8d1ce08d1e017508e94e06ab85a734c99c7cc34",
"pids": [],
"md5": "076933ff9904d1110d896e2c525e39e5"
},
{
"yara": [],
"sha1": "12e2cb05506ee3e82046c41510f39a258a5e5549",
"name": "4dc09bac0613590f__RegDLL.tmp",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\is-1QMIS.tmp\\_isetup\\_RegDLL.tmp",
"type": "PE32 executable (GUI) Intel 80386, for MS Windows",
"sha256": "4dc09bac0613590f1fac8771d18af5be25a1e1cb8fdbf4031aa364f3057e74a2",
"urls": [],
"crc32": "2748B2DA",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10949\/files\/4dc09bac0613590f__RegDLL.tmp",
"ssdeep": null,
"size": 4096,
"sha512": "a899519e78125c69dc40f7e371310516cf8faa69e3b3ff747e0ddf461f34e50a9ff331ab53b4d07bb45465039e8eba2ee4684b3ee56987977ae8c7721751f5f9",
"pids": [
1676
],
"md5": "0ee914c6f0bb93996c75941e1ad629c6"
},
{
"yara": [],
"sha1": "030479d2a364a1cb2d4bb8c4063aca109d19eb32",
"name": "32450869b9cbaaa1_ServiceHelper.exe",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\is-1QMIS.tmp\\ServiceHelper.exe",
"type": "PE32 executable (GUI) Intel 80386, for MS Windows",
"sha256": "32450869b9cbaaa161321ca714791d0223188c1304e2e235cb072bded6813f85",
"urls": [],
"crc32": "4F8E6332",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10949\/files\/32450869b9cbaaa1_ServiceHelper.exe",
"ssdeep": null,
"size": 196608,
"sha512": "b6adb79a7ae3cad767276e8d2d35325f9613b81f5eb58b1dc5546904ada09640a9cee13bf4463618306ad620842fefa0c86f95b2d570e24b121e44ec57f71b71",
"pids": [
1676
],
"md5": "a1d2daa7bbb31a9eeb0a38a84fedcb20"
},
{
"yara": [],
"sha1": "dd1b688dc0b20bd71fff523d2d5465bc39230cc9",
"name": "0fb18ee1388d0108_biotech.companylogo",
"filepath": "c:\\program files (x86)\\companylogodesigner\\vorlagen\\biotech.companylogo",
"type": "data",
"sha256": "0fb18ee1388d0108f6c6f059b9cc7943bef5a2d9dd314109c202cdeb1ea81c09",
"urls": [],
"crc32": "849FC6C9",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10949\/files\/0fb18ee1388d0108_biotech.companylogo",
"ssdeep": null,
"size": 3084,
"sha512": "55db7d92c1f7a1ffac5cf40e4c1b0b8c7e1aa45c546d286a18e6152a9654428e6b1385bf2b47206e9de76066abd39f5add6624c6506040f763c516950d7ef18e",
"pids": [
1676
],
"md5": "251feb382d885f74eb4ba5637b9b244c"
},
{
"yara": [],
"sha1": "efe32d504ce72f32e92dcf01aa2752b04d81a342",
"name": "a4c86fc4836ac728__setup64.tmp",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\is-1QMIS.tmp\\_isetup\\_setup64.tmp",
"type": "PE32+ executable (console) x86-64, for MS Windows",
"sha256": "a4c86fc4836ac728d7bd96e7915090fd59521a9e74f1d06ef8e5a47c8695fd81",
"urls": [],
"crc32": "B1C5F7C5",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10949\/files\/a4c86fc4836ac728__setup64.tmp",
"ssdeep": null,
"size": 6144,
"sha512": "ba0469851438212d19906d6da8c4ae95ff1c0711a095d9f21f13530a6b8b21c3acbb0ff55edb8a35b41c1a9a342f5d3421c00ba395bc13bb1ef5902b979ce824",
"pids": [
1676
],
"md5": "4ff75f505fddcc6a9ae62216446205d9"
},
{
"yara": [],
"sha1": "608eeb7488042453c9ca40f7e1398fc1a270f3f4",
"name": "fd4c9fda9cd3f9ae_cookies.sqlite-shm",
"filepath": "C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cookies.sqlite-shm",
"type": "data",
"sha256": "fd4c9fda9cd3f9ae7c962b0ddf37232294d55580e1aa165aa06129b8549389eb",
"urls": [],
"crc32": "DDC506B6",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10949\/files\/fd4c9fda9cd3f9ae_cookies.sqlite-shm",
"ssdeep": null,
"size": 32768,
"sha512": "d8d75760f29b1e27ac9430bc4f4ffcec39f1590be5aef2bfb5a535850302e067c288ef59cf3b2c5751009a22a6957733f9f80fa18f2b0d33d90c068a3f08f3b0",
"pids": [],
"md5": "b7c14ec6110fa820ca6b65f5aec85911"
},
{
"yara": [
{
"meta": {
"description": "(no description)"
},
"name": "LnkHeader",
"offsets": {
"guid": [
[
4,
0
]
],
"signature": [
[
0,
1
]
]
},
"strings": [
"ARQCAAAAAADAAAAAAAAARg==",
"TAAAAA=="
]
}
],
"sha1": "78fd6fc1dbbc406e472f47503ccfca5b9ab75de7",
"name": "1e8d297639b600a3_company logo designer.lnk",
"filepath": "C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Company Logo Designer\\Company Logo Designer.lnk",
"type": "MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Thu Nov 19 17:53:19 2020, mtime=Thu Nov 19 17:53:19 2020, atime=Sun Apr 10 23:28:22 2011, length=1937408, window=hide",
"sha256": "1e8d297639b600a31636ccdb2f635338d5cc40a777d951ac8f00c1263d2e0913",
"urls": [],
"crc32": "C4FFDFBE",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10949\/files\/1e8d297639b600a3_company logo designer.lnk",
"ssdeep": null,
"size": 1157,
"sha512": "18c014c2ed0e0d8b6cb83b5339ab8e1e816f3cccb8e5066ad3125868907ca4e0cd8f061b8df29681050192ca319ebf4e15ebdb61c4b70c60818ce4588bd4c719",
"pids": [
1676
],
"md5": "4411698507c19d22e2eca1ea7400547d"
},
{
"yara": [],
"sha1": "c2636e8ffa8a5256d7d1f21e147101356e783114",
"name": "b48e58ebab82e4c3_block-flashsubdoc-digest256.sbstore",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\block-flashsubdoc-digest256.sbstore",
"type": "data",
"sha256": "b48e58ebab82e4c376f16150a3fff850c1111ff1f5985d68819cfd6f0db159d2",
"urls": [],
"crc32": "E364BCD6",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10949\/files\/b48e58ebab82e4c3_block-flashsubdoc-digest256.sbstore",
"ssdeep": null,
"size": 82744,
"sha512": "92914b56fb2bdcddcc1bee2bf4dc98420cf0b923d380bb889c8a6ebc333d74ea4ddca915218bea0e729782c4904983424f1de15be7087c5a5338aed7319a03e5",
"pids": [],
"md5": "04824a1f92353f43ebb9e7f74b7476fd"
},
{
"yara": [],
"sha1": "9d23b452ad0d06c355477cf70e3aa5d0adfe6278",
"name": "4ef1038730ec8bc7_except-flash-digest256.sbstore",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\except-flash-digest256.sbstore",
"type": "data",
"sha256": "4ef1038730ec8bc7206713c29a936768831b922c5e6c83355fd62d7401d8c1dc",
"urls": [],
"crc32": "EF8A630C",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10949\/files\/4ef1038730ec8bc7_except-flash-digest256.sbstore",
"ssdeep": null,
"size": 268,
"sha512": "d06422752562afd1f8b94ff09fc9460be58e07a84fc537fb6b56b1551c37db7e56cb7932cc2d27d2ffe2cbab6ec85bdda6778f2e812e69e5193fcd6bc77066f2",
"pids": [],
"md5": "c921d8e98fa01b4f303481e112202e92"
},
{
"yara": [],
"sha1": "9d9839c0dda841946b8c8d2e503869b6aba483ff",
"name": "03de474e4de66c5e_coolending.companylogo",
"filepath": "c:\\program files (x86)\\companylogodesigner\\vorlagen\\coolending.companylogo",
"type": "data",
"sha256": "03de474e4de66c5eaf69bec86f11cc1e7b5b425e753c70ff90d39e60404b94f6",
"urls": [
"http:\/\/www.itsth.de"
],
"crc32": "8A42482F",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10949\/files\/03de474e4de66c5e_coolending.companylogo",
"ssdeep": null,
"size": 2410,
"sha512": "37c1478968590ba984d8d225df17289d3ccf3bdfeda0ae7dc2175093b5acdadf42e02d8dff789f777b568021ccb842c705abf5b3e13f1c53c41ebda959a8c7d6",
"pids": [
1676
],
"md5": "1373f15e5dded44b3ceda4c4ffe8cab9"
},
{
"yara": [],
"sha1": "331cdf6fc2efa2feac5ece473289a0d62e632152",
"name": "e38638494fb9b5b4_vertical.companylogo",
"filepath": "c:\\program files (x86)\\companylogodesigner\\vorlagen\\vertical.companylogo",
"type": "data",
"sha256": "e38638494fb9b5b44fa3e6357a2847afdf9fde902e5fe545312340d59a4323df",
"urls": [],
"crc32": "76099CDA",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10949\/files\/e38638494fb9b5b4_vertical.companylogo",
"ssdeep": null,
"size": 2165,
"sha512": "e4a69a77cd8ac06e3c89173d9b0752eaa35434964c8b1e2dcc8522077a10756b50e2cd60a621c218a5c57479c52622ae562e63bcf1cfdaef857137954e5d0bd6",
"pids": [
1676
],
"md5": "3a13704d5d1db920a9be3b60b5782d46"
},
{
"yara": [
{
"meta": {
"description": "Possibly employs anti-virtualization techniques",
"author": "nex"
},
"name": "vmdetect",
"offsets": {
"virtualbox8": [
[
5824,
0
]
]
},
"strings": [
"VkJPWCBIQVJERElTSw=="
]
}
],
"sha1": "c8769e3a071a2622bb4f42375da7f1ce6ba9d74b",
"name": "b545fa48e9979757_1529094538341.9c7aca19-57fd-4e4f-b088-84d9d1e147b1.main.jsonlz4",
"filepath": "C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\archived\\2018-06\\1529094538341.9c7aca19-57fd-4e4f-b088-84d9d1e147b1.main.jsonlz4",
"type": "data",
"sha256": "b545fa48e997975788d5f5d86526369ae42e2d0d2e383007bb1c816fbf6503e8",
"urls": [
"https:\/\/hg.mR8S.org\/"
],
"crc32": "7346FF20",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10949\/files\/b545fa48e9979757_1529094538341.9c7aca19-57fd-4e4f-b088-84d9d1e147b1.main.jsonlz4",
"ssdeep": null,
"size": 7642,
"sha512": "99a972a41de51d0d9c4cc9fa552717c07f7ff37a94b176d08195f1ba04ed39eb952c87c82e944b29e52a71fa0f91778f4b45b381a6be0cb668069b93afcdeb54",
"pids": [],
"md5": "11deec10e4e7bb2db9697555151b1de0"
},
{
"yara": [],
"sha1": "58dedcfe464c2492418c8269321680c658a7f61f",
"name": "0b52c289b86c0229_sail.companylogo",
"filepath": "c:\\program files (x86)\\companylogodesigner\\vorlagen\\sail.companylogo",
"type": "data",
"sha256": "0b52c289b86c022949aaa51b30d7aad7033430ff457084218126bcac3469c19b",
"urls": [],
"crc32": "A6004EC8",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10949\/files\/0b52c289b86c0229_sail.companylogo",
"ssdeep": null,
"size": 2769,
"sha512": "7b7c7f36bfdfcf925cd7b1897a7312e1626576bcec5dcc15b67afe76087fb736a1311571bb1dea1ee36eaaaf73f089fd8c694937ad2f31d96eec2acab200df12",
"pids": [
1676
],
"md5": "a9db205fe94b0f28c21ecfe27c4caa84"
},
{
"yara": [],
"sha1": "1d59e6e7b516b08a3508ac2f1cddf280978d6287",
"name": "fa5b749f6f1692e2_spacy.companylogo",
"filepath": "c:\\program files (x86)\\companylogodesigner\\vorlagen\\spacy.companylogo",
"type": "data",
"sha256": "fa5b749f6f1692e234373a403e447922e52b8ec89b80ff4dd8baf0a9bb2e31c6",
"urls": [],
"crc32": "C246A72D",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10949\/files\/fa5b749f6f1692e2_spacy.companylogo",
"ssdeep": null,
"size": 2887,
"sha512": "345e3200fb2b7f60ba8ec8b80661e1675258bbd8b405382a1af521dfd7d7b8e5b5f0c37c0da19fc0ed59449b45f517bd5fa4d534e51689c14e11cab77f8aac1d",
"pids": [
1676
],
"md5": "9b6da3b27356d2bc982244c28b709bc0"
},
{
"yara": [],
"sha1": "88a555717e8a4a33eccfb7d47a2a4aa31038f9c0",
"name": "2fca1f29b73dd5b4_sessionCheckpoints.json",
"filepath": "C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\sessionCheckpoints.json",
"type": "ASCII text, with no line terminators",
"sha256": "2fca1f29b73dd5b4159fa1eb16e69276482f5224ba7d2219a547039129a51f0e",
"urls": [],
"crc32": "A3E8300B",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10949\/files\/2fca1f29b73dd5b4_sessionCheckpoints.json",
"ssdeep": null,
"size": 288,
"sha512": "17e2f65c33f47c8bb4beca31db2aff3d4bbb6c2d36924057f9f847e207bdcb85ffcbb32c80dd06862ffc9b7f0bd3f5e2e65b48bb1bc3363732751101d5596b1a",
"pids": [],
"md5": "948a7403e323297c6bb8a5c791b42866"
},
{
"yara": [],
"sha1": "536fbbbf635646e9dd5c7ea88c31278da839880c",
"name": "ca77350a52276dd9_891abfbc1df80ee834d4790b35a3ad27723867dcfaa28deee423bf1ac3eab95b.tmp",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\is-MNA02.tmp\\891abfbc1df80ee834d4790b35a3ad27723867dcfaa28deee423bf1ac3eab95b.tmp",
"type": "PE32 executable (GUI) Intel 80386, for MS Windows",
"sha256": "ca77350a52276dd9917221c1ade98df1c294e46276519a74240be878c44e5da9",
"urls": [
"http:\/\/www.remobjects.com\/ps",
"http:\/\/www.innosetup.com\/"
],
"crc32": "3D5448BF",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10949\/files\/ca77350a52276dd9_891abfbc1df80ee834d4790b35a3ad27723867dcfaa28deee423bf1ac3eab95b.tmp",
"ssdeep": null,
"size": 764416,
"sha512": "77eccd7b3e348a5f24c637ee2e56f20f8dad7c9e5a9082fc0ea211afd377b17344795d67994dbda71e667fc9d56b86edf14afeb6a5a712c012d0fd529b281ce8",
"pids": [
2124
],
"md5": "3d8ca9ab5698eac6d5a98415af0595b2"
},
{
"yara": [],
"sha1": "c354190bb2b8a00a6051ef2fb86e189ab053fe93",
"name": "f1e07b1d717433f4_test-block-simple.sbstore",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-block-simple.sbstore",
"type": "data",
"sha256": "f1e07b1d717433f47073dc54a7d98e3e87b3d0fa88e53466f93ea544af885d11",
"urls": [],
"crc32": "C3BCA3E0",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10949\/files\/f1e07b1d717433f4_test-block-simple.sbstore",
"ssdeep": null,
"size": 232,
"sha512": "7a585735abfb1292b9fc4709b797f09c6be4dc90a133fbedb14428aae79c6de5faae0b151758a75bf90566c98e5bd2a8201e738f321688180bc5b5814a97bb69",
"pids": [
2868
],
"md5": "e2cf527ca7550b7e7bdf7311e483a2c3"
},
{
"yara": [],
"sha1": "51c32e6f03c671521a79183c6f10bc4176f3cff3",
"name": "053b794d485aefd1_stylish rect.companylogo",
"filepath": "c:\\program files (x86)\\companylogodesigner\\vorlagen\\stylish rect.companylogo",
"type": "data",
"sha256": "053b794d485aefd17c22f6af6e57c7704beb15d92b2bc9d424a88509a6706e63",
"urls": [],
"crc32": "7D2CFD7D",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10949\/files\/053b794d485aefd1_stylish rect.companylogo",
"ssdeep": null,
"size": 1844,
"sha512": "ec97e3e1f1e2d781d6a3d37f5cd869ee30fbf6994c92cfb7630f7926e5ef9f8c1c25c26adaa03bd7a0a46a81c1e28e0be892aa4b789d8e11aa5fd22c1fda8478",
"pids": [
1676
],
"md5": "f7496378babeb4d324277b29b473937c"
},
{
"yara": [],
"sha1": "0d49003594108518cb460bbf61260e2c524a086e",
"name": "da9cac4b6689dc9a_scriptcache-child.bin",
"filepath": "c:\\users\\cuck\\appdata\\local\\mozilla\\firefox\\profiles\\74r5sasm.default\\startupcache\\scriptcache-child.bin",
"type": "data",
"sha256": "da9cac4b6689dc9a80787e11b5799fce2e537ba28281b37207095fa75a8b0dd6",
"urls": [],
"crc32": "1DE8066C",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10949\/files\/da9cac4b6689dc9a_scriptcache-child.bin",
"ssdeep": null,
"size": 200455,
"sha512": "24d97091c888a83fc2d86097ec3c570ae7b2bff9788767450d693d8bf6d8a88968b04813c28091e365f5ee229e603e74bdc74ab5759fc8cddd93fdc65feec13f",
"pids": [
2868
],
"md5": "a942a77b751dc571e830aa20bd5df8c1"
},
{
"yara": [],
"sha1": "28426a4a5f63d319a390539c48f095d9c523b5b4",
"name": "754cc3b7c18e13b5_simplemolecule.companylogo",
"filepath": "c:\\program files (x86)\\companylogodesigner\\vorlagen\\simplemolecule.companylogo",
"type": "data",
"sha256": "754cc3b7c18e13b525a9bd8e83fd64047ab0259f113c783becc28856adf71b11",
"urls": [],
"crc32": "56DA2367",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10949\/files\/754cc3b7c18e13b5_simplemolecule.companylogo",
"ssdeep": null,
"size": 2449,
"sha512": "e6058156192e21e2cde5bbe3310224e49a8fa2f6553e2f908092a156dd92181a58d8b630f7313eba2766a48b0193e3d027ae61c8debc48a4b02569f16f78f9f1",
"pids": [
1676
],
"md5": "4fabc26b2b23ec188218d92ab4753c4e"
},
{
"yara": [],
"sha1": "08fc50d746b427ac02636a9bd48980ede8503070",
"name": "c803e78541691d66_urlcache.bin",
"filepath": "c:\\users\\cuck\\appdata\\local\\mozilla\\firefox\\profiles\\74r5sasm.default\\startupcache\\urlcache.bin",
"type": "data",
"sha256": "c803e78541691d66e8b759d3220c3201b1b07831e9d2afc8bb50e21da98d65a1",
"urls": [],
"crc32": "9B1CC92C",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10949\/files\/c803e78541691d66_urlcache.bin",
"ssdeep": null,
"size": 3360,
"sha512": "2db3a301b7588cb80c61a4851c65bfc32c18a0948165fdbaca768e78dc077fb3bc7a59eea3212de57fa3c45e5db22d5b6a05697dc6f15f91d326f4943b9b943b",
"pids": [
2868
],
"md5": "82b2a124fb31c0fde2aeed5a2c57ad87"
},
{
"yara": [],
"sha1": "59e863e0d2b4e428d8c738d48fa0f6f7bac36849",
"name": "a03c5e2656d2f292_allow-flashallow-digest256.sbstore",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\allow-flashallow-digest256.sbstore",
"type": "data",
"sha256": "a03c5e2656d2f292bf5794c8eeb8d223cd6ba4f4bfb2ed1f325460e879d0bcf7",
"urls": [],
"crc32": "99C6119F",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10949\/files\/a03c5e2656d2f292_allow-flashallow-digest256.sbstore",
"ssdeep": null,
"size": 232,
"sha512": "8b5a117bc33463f181458f0a99c14657b365ce2a7695db346d2d086109176ad019dbd5a5f34f09dc3438e6c89ca93d83875daa6d463eb06d995a2523fe51a5ed",
"pids": [],
"md5": "d886a47c89d9c49c795da345bc236990"
},
{
"yara": [],
"sha1": "17232a4e8125f03ceb8f18f49bc16f2e32079477",
"name": "dc39dbe5d2e1c3cd_goog-badbinurl-proto.metadata",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-badbinurl-proto.metadata",
"type": "data",
"sha256": "dc39dbe5d2e1c3cd7e3f515adf9edfa64c989e34046c11767c9b202b83a7bb29",
"urls": [],
"crc32": "928B241F",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10949\/files\/dc39dbe5d2e1c3cd_goog-badbinurl-proto.metadata",
"ssdeep": null,
"size": 67,
"sha512": "f0151b0c62659aa74080556581e442c72089dd922ab33b8904796ff2a4afce47cbda45b57fcffcffc10bcba11bf25c36777385da835e4fe39df5d578163d6923",
"pids": [],
"md5": "40af141e7ec9ad9fba987072531dc8b9"
},
{
"yara": [],
"sha1": "80f7d95afc0de8c608f672a6837c664ef847bcd5",
"name": "87763df78772f7d7_test-track-simple.sbstore",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-track-simple.sbstore",
"type": "data",
"sha256": "87763df78772f7d750b0fa5a31eec23e931fd3bd1cbb33beddfc61889da36478",
"urls": [],
"crc32": "2A4B9D4F",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10949\/files\/87763df78772f7d7_test-track-simple.sbstore",
"ssdeep": null,
"size": 272,
"sha512": "c6e09c76840ddea559e243e5c13881cfbcdcc7b0c2163461fdcce1f3f5110e2b0bb553de447a4e1e0d5edf516eeee2fad5efc15c398e101ef3c81501e55320af",
"pids": [
2868
],
"md5": "95f28ede25c301301f25fbbd9a3c56ec"
},
{
"yara": [],
"sha1": "21ca6a9683fb6225ad2973490eeb802ea50391ac",
"name": "bdfdb11aeae2ee7b_nice feathers.companylogo",
"filepath": "c:\\program files (x86)\\companylogodesigner\\vorlagen\\nice feathers.companylogo",
"type": "data",
"sha256": "bdfdb11aeae2ee7b51e42d89f873dc8d0833c9d331bbddbcac29bca400d97d20",
"urls": [],
"crc32": "B92E4F42",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10949\/files\/bdfdb11aeae2ee7b_nice feathers.companylogo",
"ssdeep": null,
"size": 2228,
"sha512": "3a6e71d10f8a6ed9a715f296d20cb88568d9d006c830359741a1872db118227fd52e6c184285df57e1f159323017b9180070e9d01ef431131119deceddf65d7b",
"pids": [
1676
],
"md5": "b1339e52de5e0ccf3b3a800ed36fd383"
},
{
"yara": [],
"sha1": "0b1c9b6d403c07293a05421f0b104bf9b77cf010",
"name": "741071db003a9a90_seal.companylogo",
"filepath": "c:\\program files (x86)\\companylogodesigner\\vorlagen\\seal.companylogo",
"type": "data",
"sha256": "741071db003a9a904885afe6cbbd8928869d84b87c030980eaa81f6a41045dde",
"urls": [],
"crc32": "FAC82309",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10949\/files\/741071db003a9a90_seal.companylogo",
"ssdeep": null,
"size": 2177,
"sha512": "6db223837c12253128bd940d46da8aa4749624db70fd0d1b4dc72bb8dec8d9715100ea3b39b7a1a4e6cc90ebcce73e2ac5b754641a786bfb9602c5c8652104e3",
"pids": [
1676
],
"md5": "031860f5b07f656cb6ff25a518c341ed"
},
{
"yara": [],
"sha1": "755ff3a5a8e1955141cf8f45885f86415738c52b",
"name": "00dce01845d833ef_goog-downloadwhite-proto.pset",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-downloadwhite-proto.pset",
"type": "data",
"sha256": "00dce01845d833eff11f38b41499714ee6d3d1b343473c2686dc830cf5297fbe",
"urls": [],
"crc32": "751FD1F8",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10949\/files\/00dce01845d833ef_goog-downloadwhite-proto.pset",
"ssdeep": null,
"size": 15993,
"sha512": "97653f98f1be95fdbbd156676792daa5f2ae3eb1d9cc6248e1c8f6eb1b74a025ce44d8e58a202c549e2e7f9de0ded9881ac17e1b3352dd336db7883b8b2e373e",
"pids": [],
"md5": "16c5aee35e9d1fd0e735cfbef142be20"
},
{
"yara": [],
"sha1": "d8a3571a1b7a59e66e5591b852c9376148cf3314",
"name": "0c2fa0f9ca9fa5cc_feathers.companylogo",
"filepath": "c:\\program files (x86)\\companylogodesigner\\vorlagen\\feathers.companylogo",
"type": "GLS_BINARY_LSB_FIRST",
"sha256": "0c2fa0f9ca9fa5ccfe8c8ad0f71b259225865157c93999bf83e67068928fc9ee",
"urls": [],
"crc32": "C1AF8B21",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10949\/files\/0c2fa0f9ca9fa5cc_feathers.companylogo",
"ssdeep": null,
"size": 4508,
"sha512": "33c79f457e1810bfb608c7b6283720629a0f4d7a259354d9d0b8b78e529a14ad223f2a70b353822bb433d8be5c6fdcd1589a660d33b8bbd2fbdc3e28567ef152",
"pids": [
1676
],
"md5": "ef65db4551c7dfb336099c2578710d8e"
},
{
"yara": [],
"sha1": "60a5053a3b0a68c6a8be960eb317696230209e87",
"name": "9f81d31c1b1c791e_lightdome.companylogo",
"filepath": "c:\\program files (x86)\\companylogodesigner\\vorlagen\\lightdome.companylogo",
"type": "data",
"sha256": "9f81d31c1b1c791e7fca310434afc9b21b5b8308eb1ef89ca6acecf40c1526ef",
"urls": [],
"crc32": "CA98B786",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10949\/files\/9f81d31c1b1c791e_lightdome.companylogo",
"ssdeep": null,
"size": 2244,
"sha512": "554677d7b3c70bbc9f601629328620b5aa5b6a72feb11809c12ec56bf5f4d9418e1ef270f665d545bc3a5bda116ac49eb9e0e0606c4037ce8752ec6634778c13",
"pids": [
1676
],
"md5": "62b7d8c0394d01bc8b36133bb824b47a"
},
{
"yara": [],
"sha1": "dff190287032c3fada04f6964527cb614e1fe85e",
"name": "a17942489c062935_cutoff.companylogo",
"filepath": "c:\\program files (x86)\\companylogodesigner\\vorlagen\\cutoff.companylogo",
"type": "data",
"sha256": "a17942489c062935536d23855ea839c9e9c639c2953e2acee74754018bbda129",
"urls": [],
"crc32": "1A4C9D67",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10949\/files\/a17942489c062935_cutoff.companylogo",
"ssdeep": null,
"size": 2053,
"sha512": "db53a01d5518840f9c1d905d2f977f66060685916c01dcdff509ba876371a493bb20d3f05d05870481e692b3cd80a0777d9e011c9f11cfc94c1be6c23e72d7bc",
"pids": [
1676
],
"md5": "5027e40ad41bc09ee85f721a714a4ce6"
},
{
"yara": [],
"sha1": "a75a92422818c2aeedd6478031a91352bf9521f5",
"name": "1211db132dc51979_goog-downloadwhite-proto.metadata",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-downloadwhite-proto.metadata",
"type": "data",
"sha256": "1211db132dc519792e8fcd0d7142f04ed1e342133c5bac414efae7a6ccf3d1a3",
"urls": [],
"crc32": "45AB169C",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10949\/files\/1211db132dc51979_goog-downloadwhite-proto.metadata",
"ssdeep": null,
"size": 65,
"sha512": "7283aaa795c081d80c00dadd7331800558352dae07f9c27cc2c89e9540969da2450749726e76f7feb88afc621b240289af91b727ced0b697791fdeadf66357f9",
"pids": [],
"md5": "831cbf3edba160742da613fa2ea71a06"
},
{
"yara": [],
"sha1": "764f4c250065090cb17e1d96d21a708223173f59",
"name": "8c9126061260fcde_complexsystem.companylogo",
"filepath": "c:\\program files (x86)\\companylogodesigner\\vorlagen\\complexsystem.companylogo",
"type": "data",
"sha256": "8c9126061260fcded57b655a29242561f0d522ea32f42f90689b9afca79b5485",
"urls": [],
"crc32": "5B8FAE81",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10949\/files\/8c9126061260fcde_complexsystem.companylogo",
"ssdeep": null,
"size": 2378,
"sha512": "77e3564f01fd8ff16c3d05ee490f854e21a5007644a6f22a7ed7b64d4006594fdfadf3c25fdb0aeb39f853fda81d7d6ace764a0c5d58072cf36b5faf64393e51",
"pids": [
1676
],
"md5": "dd4ad44fd30e5aa8c4d59b614a3c58b1"
},
{
"yara": [],
"sha1": "9b44dace21b5a40e97038af13de03d238f83fd5d",
"name": "851876a81595da4c_puzzle.companylogo",
"filepath": "c:\\program files (x86)\\companylogodesigner\\vorlagen\\puzzle.companylogo",
"type": "data",
"sha256": "851876a81595da4c8f09f989a6e86a41a341f8aef50cb8337d918222c8cde2ac",
"urls": [],
"crc32": "BD52407F",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10949\/files\/851876a81595da4c_puzzle.companylogo",
"ssdeep": null,
"size": 2358,
"sha512": "9e5b92d13c99e0c8fbfe2ba35c676d94bb7716792b635a09f46b97b4340bba3d1861889eeb02efd3e7daaaec077bdc58ce231440689ae0c08a42ffec5779fd54",
"pids": [
1676
],
"md5": "a98185ead791ff79ffc6f16188873ddc"
},
{
"yara": [],
"sha1": "1bce271a4095400a4421e42d15f84eaaf7d5cd35",
"name": "6fa01bf83837822d_60er.companylogo",
"filepath": "c:\\program files (x86)\\companylogodesigner\\vorlagen\\60er.companylogo",
"type": "data",
"sha256": "6fa01bf83837822d6356ee35e58ebc64e6564752cd75b9b568814a79b56635e0",
"urls": [],
"crc32": "F1034767",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10949\/files\/6fa01bf83837822d_60er.companylogo",
"ssdeep": null,
"size": 2084,
"sha512": "f961e2ff46d2941d9d7e514a5499659629fc0a56b3dbfcf37d3a83ac3bc8066b9cd92d8650f025813b5e08bc745a22f61c8406700719caf2ec7ab19bf2b8909d",
"pids": [
1676
],
"md5": "3802be0f01c20a39833648f88ce13b26"
},
{
"yara": [],
"sha1": "82ca1043b744f94cb7e611217c1e6a20ea406842",
"name": "3b2133b444911faa_prefs.js",
"filepath": "c:\\users\\cuck\\appdata\\roaming\\mozilla\\firefox\\profiles\\74r5sasm.default\\prefs.js",
"type": "ASCII text, with very long lines, with CRLF line terminators",
"sha256": "3b2133b444911faa0f5cd4097176fda9862073c6c190345891e4950f7b079275",
"urls": [],
"crc32": "D9E0CF94",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10949\/files\/3b2133b444911faa_prefs.js",
"ssdeep": null,
"size": 7181,
"sha512": "df06e7f74fe874efffe040a703541e0af8520482ecfdbe486c9d48c8d771f64bda8fce3c196b328c1dbce22a6c571ac2802a75847dda6444badfec5e7c11f093",
"pids": [
2868
],
"md5": "8432cae225a8318fa3296943fc7197f4"
},
{
"yara": [
{
"meta": {
"description": "Possibly employs anti-virtualization techniques",
"author": "nex"
},
"name": "vmdetect",
"offsets": {
"virtualbox8": [
[
7369,
0
]
]
},
"strings": [
"VkJPWCBIQVJERElTSw=="
]
}
],
"sha1": "c58dc3bda5804d8a3131ed55cef37d6f55073262",
"name": "350c0125cc0c6c9d_1529094432250.8d1c7fee-79f4-470a-abe5-30f64452b184.main.jsonlz4",
"filepath": "C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\archived\\2018-06\\1529094432250.8d1c7fee-79f4-470a-abe5-30f64452b184.main.jsonlz4",
"type": "data",
"sha256": "350c0125cc0c6c9d32154d48bce17a4f42777d7464b249a21d463a1ba915c0d0",
"urls": [
"https:\/\/hg.m1IS.org\/"
],
"crc32": "9E791777",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10949\/files\/350c0125cc0c6c9d_1529094432250.8d1c7fee-79f4-470a-abe5-30f64452b184.main.jsonlz4",
"ssdeep": null,
"size": 9189,
"sha512": "1f655348df8ace85d011b06e14275e647bfd62b9e27bcffa38aee21c0f98cabcfa20e8af8196158417cc5b60f9e1daa3952e54dc4557bc9e7b45bcbcdbd1e7e4",
"pids": [],
"md5": "e059a50fed105f4dd5bc63c5b7d32f1c"
},
{
"yara": [],
"sha1": "f54ab20c3ab490b28d561021848eacf33dee2b7c",
"name": "6d59ec0d885a993d_cld.gif",
"filepath": "c:\\program files (x86)\\companylogodesigner\\cld.gif",
"type": "GIF image data, version 89a, 152 x 300",
"sha256": "6d59ec0d885a993d4a8bd961cc8419984016ef0863eec8ad1769d40b25182b73",
"urls": [],
"crc32": "0E8FE835",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10949\/files\/6d59ec0d885a993d_cld.gif",
"ssdeep": null,
"size": 3430,
"sha512": "00d4833f96862ee8477f6a8f9d8171029c720e17effbd9a512fa65debf71d3c66b551e2f79b862fad20ba898587516f31b9c6aab02db3d55fbc919697169b980",
"pids": [
1676
],
"md5": "f22225ab35df1e9309b060fa1a1dea3c"
},
{
"yara": [],
"sha1": "03586457bc0a6c8cdf9804c0225b9dc668ce2350",
"name": "f7cd4d18577e1119_butterfly.companylogo",
"filepath": "c:\\program files (x86)\\companylogodesigner\\vorlagen\\butterfly.companylogo",
"type": "GLS_BINARY_LSB_FIRST",
"sha256": "f7cd4d18577e11197463ffc55d72eef5f10176ec4f2d2aff7abca7be4903d022",
"urls": [],
"crc32": "FBFD4579",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10949\/files\/f7cd4d18577e1119_butterfly.companylogo",
"ssdeep": null,
"size": 2121,
"sha512": "0c121c359ec9b1e79561a8c466155ee23781a15bf239a7c5cc301f6c02466b4a09a53ad6cf75d3faabdcd3f5177353665861659efa415fb1b3490412007f7ec4",
"pids": [
1676
],
"md5": "0767f7720f812c60fc95db7075255e1e"
},
{
"yara": [],
"sha1": "6d8797e63c0956f5a5a1d429717456333376c3fb",
"name": "002fb30e508c556d_diagonal.companylogo",
"filepath": "c:\\program files (x86)\\companylogodesigner\\vorlagen\\diagonal.companylogo",
"type": "data",
"sha256": "002fb30e508c556dc2299a35c2225be427f84b1979f706652dfd1013078e1c19",
"urls": [],
"crc32": "9C3E5205",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10949\/files\/002fb30e508c556d_diagonal.companylogo",
"ssdeep": null,
"size": 8128,
"sha512": "edcc247f720099bc33f90ae9304e5572cc554ad2a6e36175b053ab56a104a547193e0ea69fb284a77efca858ba6a11d6ef70ed30a8abbe228661bd257de2c887",
"pids": [
1676
],
"md5": "d4d6b8477d514d092b6b36c78e95d156"
},
{
"yara": [],
"sha1": "f624b63d396e98396f99a741e6cd85ddd6104390",
"name": "ea5639824fdcefd7_rotated comic.companylogo",
"filepath": "c:\\program files (x86)\\companylogodesigner\\vorlagen\\rotated comic.companylogo",
"type": "data",
"sha256": "ea5639824fdcefd7582bf398aca4c54382bd36c01ebd2ea9848155de4d304886",
"urls": [],
"crc32": "08DD0AB3",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10949\/files\/ea5639824fdcefd7_rotated comic.companylogo",
"ssdeep": null,
"size": 2737,
"sha512": "6b360ab8ef1996b1c6d6815ad9c0ce726dd6acf198b8c6fd9deff99f1a1d1b419c36787f33417679c7ebe7c7bd2c6a1c8812c6be0c3306e1341819d1fa63d452",
"pids": [
1676
],
"md5": "f53455d8c6658f1c385e9dc3a1579982"
},
{
"yara": [],
"sha1": "7ca1b5994684a7fe37a61bc350a1fa8a89bf91da",
"name": "34395085da32c8b4_test-trackwhite-simple.sbstore",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-trackwhite-simple.sbstore",
"type": "data",
"sha256": "34395085da32c8b4efe9959e3b0d756b43ffed17694d66f39b966cd331bd9a94",
"urls": [],
"crc32": "321EA964",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10949\/files\/34395085da32c8b4_test-trackwhite-simple.sbstore",
"ssdeep": null,
"size": 232,
"sha512": "55b09573c235876d0cb4e6c20070cd1954cf1eb94f513a94985896237a350e48fcd47c88d5ec9632ab9d0aed4a59c250e69f59a59ed88f2a0aeb6734302744a9",
"pids": [
2868
],
"md5": "65e942614eee70680464ac4be75019fc"
},
{
"yara": [],
"sha1": "7413f26ce75b3ca1d3d40dd1cfd214a0b05ab53b",
"name": "d127c77d39da337d_rotated.companylogo",
"filepath": "c:\\program files (x86)\\companylogodesigner\\vorlagen\\rotated.companylogo",
"type": "data",
"sha256": "d127c77d39da337da58876c96b7697614f2dc936a0dfa9c0babcc5e12c5836d9",
"urls": [],
"crc32": "0AC5FA22",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10949\/files\/d127c77d39da337d_rotated.companylogo",
"ssdeep": null,
"size": 5787,
"sha512": "47ea591dcbcaae2e2910c46621d3145fe0edfb60a16c890b0fde8f5bd2cb9a3f44e9130acab4d0a7c65fb39ff0f311acd3f7b0c808fea7702326193ff2840f19",
"pids": [
1676
],
"md5": "fc09134cb726410796fae76365357840"
},
{
"yara": [],
"sha1": "e74818758571accb733d139184bab4d24ad59345",
"name": "7a6e5b6fd6fe9e7b_brief2.rtf",
"filepath": "c:\\program files (x86)\\companylogodesigner\\extras\\brief2.rtf",
"type": "Rich Text Format data, version 1, ANSI",
"sha256": "7a6e5b6fd6fe9e7bd321e83c9ae2a21259c0090080428180dff01c35b889783c",
"urls": [],
"crc32": "4EF81D7D",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10949\/files\/7a6e5b6fd6fe9e7b_brief2.rtf",
"ssdeep": null,
"size": 12603,
"sha512": "4327939aaddf7fd8d544c656c2c0f5338a51f2828f99056d58c9466e998f4a9618bbf796f5e73f4e02da48cc448ff553d3669904026dca9746bc211b896e3834",
"pids": [
1676
],
"md5": "5d162706de978d7f5b021633d29b3607"
},
{
"yara": [],
"sha1": "b0f151a5292d4b796668b242bf896fdbb5a24b67",
"name": "042a22b8681d7546_test-unwanted-simple.sbstore",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-unwanted-simple.sbstore",
"type": "data",
"sha256": "042a22b8681d754671d2018ba109b31a53ee3728d48c6379043f8e3394e7fbad",
"urls": [],
"crc32": "7D90B6A7",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10949\/files\/042a22b8681d7546_test-unwanted-simple.sbstore",
"ssdeep": null,
"size": 232,
"sha512": "c09f56e91b41d01375c458a6ccc3fc0cedc18696aec5d7a2520c51905f4d9bc660f3ad28e69d64b3814aeb3279afc686794c986f0fa6212463f3aac850d40019",
"pids": [
2868
],
"md5": "a5695cc64d77967232b0c1344c6e72b3"
},
{
"yara": [],
"sha1": "84318f8df7c3cee4e2166a08186610b365a0770c",
"name": "c0cf6a5e6391639d_mail2.htm",
"filepath": "c:\\program files (x86)\\companylogodesigner\\extras\\mail2.htm",
"type": "HTML document, ASCII text, with CRLF line terminators",
"sha256": "c0cf6a5e6391639d2cce203dc500760bdc4a4223b4aaf901ef118cea3a68b605",
"urls": [],
"crc32": "BA809CA8",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10949\/files\/c0cf6a5e6391639d_mail2.htm",
"ssdeep": null,
"size": 744,
"sha512": "481438abe041f26b8b02881719d84aa441347de460d5966940373a0bd5e88cfedf55040059c8febeae3ffacd15c1ee3de5eea0198a47bc17eb1f5539ce396558",
"pids": [
1676
],
"md5": "bfc9171a91f9fe31fb4d91e0fa9a0363"
},
{
"yara": [],
"sha1": "69caec94e6db3c861eca8131e5acd2ec7008b774",
"name": "2b09258b6a409819_logo.jpg",
"filepath": "c:\\program files (x86)\\companylogodesigner\\extras\\logo.jpg",
"type": "PC bitmap, Windows 3.x format, 32 x 32 x 24",
"sha256": "2b09258b6a409819c43181864b0bfb213a25b75b1e21c68da21d943a68a73646",
"urls": [],
"crc32": "F1EA87CC",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10949\/files\/2b09258b6a409819_logo.jpg",
"ssdeep": null,
"size": 3126,
"sha512": "3e52ef36c809f4bd719df637a885d566625f97f910fea43ff48f9b12fffa9f411798029f9d8c6b94058d90dcc44e0763e7c40bd15ea931e68419bd80a8fea152",
"pids": [
1676
],
"md5": "962e80bc92343125b61b1938ed7d9ecb"
},
{
"yara": [],
"sha1": "e76c675ac664f3dc8d80dffe6c3535cb77c568d3",
"name": "f15296a7624d3ad3_mail3.htm",
"filepath": "c:\\program files (x86)\\companylogodesigner\\extras\\mail3.htm",
"type": "HTML document, ASCII text, with CRLF line terminators",
"sha256": "f15296a7624d3ad30e686c3eb1ae03645b4655188ff61af2ecdd18f5526ce43e",
"urls": [],
"crc32": "068301A9",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10949\/files\/f15296a7624d3ad3_mail3.htm",
"ssdeep": null,
"size": 737,
"sha512": "f32bc44116e6f0934a3c646a89c955c5fc458101b2566d56bd49e1af97cf615c953c6479b73f44ddb38aea07d666580faa789c09f346cc8cd137274dbcce784e",
"pids": [
1676
],
"md5": "b3078be940cabe74cc0eea21bf03db94"
},
{
"yara": [],
"sha1": "7679de2bc45aa1e57d108a9418a048a4d983fed1",
"name": "9df244d2b70d42d6_page1.htm",
"filepath": "c:\\program files (x86)\\companylogodesigner\\extras\\page1.htm",
"type": "HTML document, ASCII text, with CRLF line terminators",
"sha256": "9df244d2b70d42d6298a4a94a178d2ded6d1e4f716041a16aaafd78afe19c729",
"urls": [],
"crc32": "A2DD2E61",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10949\/files\/9df244d2b70d42d6_page1.htm",
"ssdeep": null,
"size": 758,
"sha512": "a5ef05b60adf9520e3054c8a6805b23e761aad2b186e07d4887055f4bbb960f82ff7788d7b99bf02746a78d1bb40268846bf63fbe8373fb6116631a854f52c37",
"pids": [
1676
],
"md5": "0a72379032f4c82b41adf713f10ea0b2"
},
{
"yara": [],
"sha1": "3f93ef8675106757695b0db06c5f289d26bd3585",
"name": "65538ca23eae5276_d1b90b03f8d7a2ba6ba1e9251f8101decdb2cbec",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D1B90B03F8D7A2BA6BA1E9251F8101DECDB2CBEC",
"type": "data",
"sha256": "65538ca23eae527637711fa3f8129c1a6fc86ef54fc904bf5b0025b40426c67a",
"urls": [
"https:\/\/search.services.mozilla.com\/1\/firefox\/60.0.2\/release\/sv-SE\/SE\/default\/default"
],
"crc32": "7E4E41CB",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10949\/files\/65538ca23eae5276_d1b90b03f8d7a2ba6ba1e9251f8101decdb2cbec",
"ssdeep": null,
"size": 7316,
"sha512": "b010de4cee646f1fa3e5cca814af692da4a7e4055290e40330f4a0330c5d70048afdcc1d4f5ba8eb7968bb17e1f3f40e3bd4f800e85ae7de108856fa7e7e0f8f",
"pids": [
2868
],
"md5": "9184d69f2ce5e778826b22239fab5766"
},
{
"yara": [],
"sha1": "019dfc5e345db292b2a3182508af48cf133d0023",
"name": "b8c8480dfa686ec0_rotated2.companylogo",
"filepath": "c:\\program files (x86)\\companylogodesigner\\vorlagen\\rotated2.companylogo",
"type": "data",
"sha256": "b8c8480dfa686ec02ba30763d250d401d138d984951bf4add4cb3abdd838fc2a",
"urls": [],
"crc32": "A6DE8BBD",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10949\/files\/b8c8480dfa686ec0_rotated2.companylogo",
"ssdeep": null,
"size": 5787,
"sha512": "ce8c75c6378b4d551ab1e7162ea0a4b2eb7b45f817d87219b3d3a95de8ef6bc3ef6c5e6436e4fb990558c1a2b480621fb899437a37ee58c68e946b7d8559596b",
"pids": [
1676
],
"md5": "95ee318efe5b73e4a80b4c3d99082c1b"
},
{
"yara": [],
"sha1": "4bb25ad90ed7872908d2b3af1064791c1624929e",
"name": "bd3f35f0f21e051e_cld-readme.htm",
"filepath": "c:\\program files (x86)\\companylogodesigner\\cld-readme.htm",
"type": "HTML document, ASCII text, with CRLF line terminators",
"sha256": "bd3f35f0f21e051edbb080449d33f9aeb3f4be79433c97c89415c559b886d814",
"urls": [],
"crc32": "5AA7C35E",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10949\/files\/bd3f35f0f21e051e_cld-readme.htm",
"ssdeep": null,
"size": 1967,
"sha512": "c8855b4ed083c074a9df089472fa8e7e9b77159d31549ac79a42a0f23aa2c3aab42860a6688e3397883302ed8405f278f0fb41f9553276cb0aa454b6dfe1bd97",
"pids": [
1676
],
"md5": "88072c15e493a694cfc410f60f5422d1"
},
{
"yara": [],
"sha1": "ae5c9f9df9f0533915bbf54a132f33d170ef8218",
"name": "10585621df2a4b31_rays.companylogo",
"filepath": "c:\\program files (x86)\\companylogodesigner\\vorlagen\\rays.companylogo",
"type": "data",
"sha256": "10585621df2a4b3181f969b1e95405ea0ba3aa09df09e726f2b87d61f05da221",
"urls": [],
"crc32": "383D4627",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10949\/files\/10585621df2a4b31_rays.companylogo",
"ssdeep": null,
"size": 1966,
"sha512": "99350049a7629ea46dd92c7685b7163bc5882ca1d0cf73c544312ed6f089fe65553137e4acb473393c557094991defd80f9df40adadabeaddcee33f0ad76e787",
"pids": [
1676
],
"md5": "1a182920b3d61286a9af4e6b79e6b659"
},
{
"yara": [],
"sha1": "47df973de89d3c50e18875f5bc812335eb1532ce",
"name": "775df8dd4d966648_session-state.json",
"filepath": "c:\\users\\cuck\\appdata\\roaming\\mozilla\\firefox\\profiles\\74r5sasm.default\\datareporting\\session-state.json",
"type": "ASCII text, with no line terminators",
"sha256": "775df8dd4d966648819d27b1fe43a7dbe8b2dcb2ec4f1cf8a4d0188b4388f4e6",
"urls": [],
"crc32": "82E3E19F",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10949\/files\/775df8dd4d966648_session-state.json",
"ssdeep": null,
"size": 161,
"sha512": "06a515012137db1cf86bff46aa9720c31ad1cb1c1158e7363777dc460d9f968d6922c8ee7f85aa807e0d2a874137f91c205071eb6b1e402efb9f51b81b682ef0",
"pids": [
2868
],
"md5": "7b5516b0229fb914a4a275007fb7d52e"
},
{
"yara": [
{
"meta": {
"description": "Possibly employs anti-virtualization techniques",
"author": "nex"
},
"name": "vmdetect",
"offsets": {
"virtualbox8": [
[
7273,
0
]
]
},
"strings": [
"VkJPWCBIQVJERElTSw=="
]
}
],
"sha1": "b4b9b8ca434f7d51ae9e8aec470a902e417ed78d",
"name": "e69d33b80ec86971_1529094127657.3ee56f54-bdce-46eb-a6d1-98f68cca4570.main.jsonlz4",
"filepath": "C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\archived\\2018-06\\1529094127657.3ee56f54-bdce-46eb-a6d1-98f68cca4570.main.jsonlz4",
"type": "data",
"sha256": "e69d33b80ec86971f1edb06235092908f8dad36054892215b699b63d49d2464a",
"urls": [
"https:\/\/hg."
],
"crc32": "DF4B4513",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10949\/files\/e69d33b80ec86971_1529094127657.3ee56f54-bdce-46eb-a6d1-98f68cca4570.main.jsonlz4",
"ssdeep": null,
"size": 9018,
"sha512": "6f4ee7f535ee5502a7398f3afd855707396c89ed2fc8a72fd00170d4636d728ad02eaace5a911d68bd0d59f9ef538eceeaf8bc3d59ad0adb243fff35dd81a27b",
"pids": [],
"md5": "fb19106d26ec51508211677b194283ab"
},
{
"yara": [],
"sha1": "89c061f4ecc162cd166e4846f50689930360d21d",
"name": "10854832391cd7fc_brief1.rtf",
"filepath": "c:\\program files (x86)\\companylogodesigner\\extras\\brief1.rtf",
"type": "Rich Text Format data, version 1, ANSI",
"sha256": "10854832391cd7fceede8e6376a807475bb7884c998596f549ee9e30e57569d6",
"urls": [],
"crc32": "E3D4AF46",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10949\/files\/10854832391cd7fc_brief1.rtf",
"ssdeep": null,
"size": 8977,
"sha512": "bf5e1e8a5da60da7a1f46c64383ec3502e46f50d1c9952fdf6a01a6d3c2deb2c9f44769837b0ad7209cf0154fa12e0b7018903a896412f5a5ff3fea4ab92d95b",
"pids": [
1676
],
"md5": "03229f4298aad79244bafe636a3614cc"
},
{
"yara": [],
"sha1": "b99da353c9bfeb9bbfe340c983796d8c448da330",
"name": "d004aaa0fcb89d7e_symbols.box",
"filepath": "c:\\program files (x86)\\companylogodesigner\\symbols.box",
"type": "data",
"sha256": "d004aaa0fcb89d7eb7b4fab01308c78e60bad8c801e62baca8e9f200c5ff552c",
"urls": [],
"crc32": "ABC64699",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10949\/files\/d004aaa0fcb89d7e_symbols.box",
"ssdeep": null,
"size": 34312,
"sha512": "6c6167d706c96be76c3f9f942be104cd95254ba25c5c71f5c7dc407eb42101632e8852187d1b35e1ff15c4cb8c1d6cdae93d732f0ca0bd80a9582d55433607b9",
"pids": [
1676
],
"md5": "3d5d0d03ee7337dc827cc502914686f4"
},
{
"yara": [],
"sha1": "7706e2df5527c6deb13f81ae48f1a3a74822d9b3",
"name": "742f2bc01085607e_radioactive.companylogo",
"filepath": "c:\\program files (x86)\\companylogodesigner\\vorlagen\\radioactive.companylogo",
"type": "data",
"sha256": "742f2bc01085607ef4468f71bf1ee5face4b356581ad54176d0c16059148cde4",
"urls": [],
"crc32": "D835458D",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10949\/files\/742f2bc01085607e_radioactive.companylogo",
"ssdeep": null,
"size": 2345,
"sha512": "fa1ac5232502a9bdfd1901f5019d373318e958449d5b70bab8ac45396333f3ee66d5f675e7443229bafcbd09f1d504a0598b49cc6b33f4bf60ebcbbeb13fafb0",
"pids": [
1676
],
"md5": "364ede0dc120f3116905c70d9214f51e"
},
{
"yara": [],
"sha1": "f81f7ede77baeb51d397df96e337677e4957db7b",
"name": "576a0d2c3ad8d66b_base-track-digest256.sbstore",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\base-track-digest256.sbstore",
"type": "data",
"sha256": "576a0d2c3ad8d66bb202439b18f9fd563f92d9ddd9582a3c4cce0ecafd4f0908",
"urls": [],
"crc32": "B6F39532",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10949\/files\/576a0d2c3ad8d66b_base-track-digest256.sbstore",
"ssdeep": null,
"size": 64888,
"sha512": "2ae3b849c601b9614fa26c77fd63b9c022a5871e0a4322929dd3589f14f5aa4e4a368c41fc2bf732cd861b1db9542d889172812c2cd2242006562fc24e78f7e7",
"pids": [],
"md5": "cd82f4495eafe523b9b6b938c828611b"
},
{
"yara": [],
"sha1": "6bc966fcd804b7bfa66e5981a7b5cae051619489",
"name": "e082e9f4c1033a3a_goog-malware-proto.pset",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-malware-proto.pset",
"type": "data",
"sha256": "e082e9f4c1033a3af4564416904e244d4892f53d05ade940f091ed50a3dcb236",
"urls": [],
"crc32": "B62CA6D9",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10949\/files\/e082e9f4c1033a3a_goog-malware-proto.pset",
"ssdeep": null,
"size": 647406,
"sha512": "5cfaa13c4c3295c99f5d940b87432182559bc0dcf8cfd9fee960904e9beec75338215929c17ccac0f7efb90a8de265046018f7a51b90cec680989e9e08a0d2d6",
"pids": [],
"md5": "90e45e83128819fa0f3306e6d691702b"
},
{
"yara": [],
"sha1": "8f8074aba3ae9c0073ca79837bdf7bab50d54e63",
"name": "37f88fae02da6be4_mail1.htm",
"filepath": "c:\\program files (x86)\\companylogodesigner\\extras\\mail1.htm",
"type": "HTML document, ASCII text, with CRLF line terminators",
"sha256": "37f88fae02da6be40ac255dd6e3f6a824b228d93ca10384969fbc83ba53346e3",
"urls": [],
"crc32": "013B0F8D",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10949\/files\/37f88fae02da6be4_mail1.htm",
"ssdeep": null,
"size": 755,
"sha512": "4ab614167d511f3e621089e15259964ff78ed1f7896c2f4561fd0c2dc4ee6e99bb829805ef90b4fe3273a5b353bbfd572c5967ef7156704eca9431303cb2f264",
"pids": [
1676
],
"md5": "b927035c04c1fad8e6b20372aa63d577"
},
{
"yara": [],
"sha1": "ceb2bccb93ea9ecb36c1ccb893f70fcdb6c33665",
"name": "6b6ae3b18dc44fab_stilvoll.companylogo",
"filepath": "c:\\program files (x86)\\companylogodesigner\\vorlagen\\stilvoll.companylogo",
"type": "data",
"sha256": "6b6ae3b18dc44fabc5b46725819781d7966caba03fd66e8a8825475f4d365a30",
"urls": [],
"crc32": "9CEA3E5B",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10949\/files\/6b6ae3b18dc44fab_stilvoll.companylogo",
"ssdeep": null,
"size": 2030,
"sha512": "aceef1fbea1e890c8ac2f6e17cf7b1acb14c315a83fef5b6a7b270a8e7c3dc196c833e7b785b094c8fc47644806ce5500942d5d8455a5517facca668e9018bfd",
"pids": [
1676
],
"md5": "730e78e7a63659fc47cf7bd6380d6f7a"
},
{
"yara": [],
"sha1": "c8f6956fa86f4e9cf71599b735e28860245ae4b5",
"name": "66d1c00c04d86e31_except-flashsubdoc-digest256.sbstore",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\except-flashsubdoc-digest256.sbstore",
"type": "data",
"sha256": "66d1c00c04d86e313e9a02775cdf906b1be8d4cd6bef423a1b9e21cc4e9f50c1",
"urls": [],
"crc32": "4BD3414C",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10949\/files\/66d1c00c04d86e31_except-flashsubdoc-digest256.sbstore",
"ssdeep": null,
"size": 304,
"sha512": "582d7f28f41e6a7a5f882d15ec1f48d0be57dc63e1a0d6e6a8bbd442a3ac27e38e0c3fdb3e1c30f416c41649391afde61f8079844b61a4995e0ab34d6cc8e745",
"pids": [],
"md5": "ba0009932844173bc8f9af264229df24"
},
{
"yara": [],
"sha1": "1ecc7ffa0441ab498e05e3660da1e3fbb2e4398f",
"name": "fabc80218ca6d1a4_accent.companylogo",
"filepath": "c:\\program files (x86)\\companylogodesigner\\vorlagen\\accent.companylogo",
"type": "data",
"sha256": "fabc80218ca6d1a4140dbd2b87d649be7d0d0ac2afd48b0f8da437c07df8cc89",
"urls": [
"http:\/\/www.itsth.de"
],
"crc32": "C84A7B4B",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10949\/files\/fabc80218ca6d1a4_accent.companylogo",
"ssdeep": null,
"size": 8677,
"sha512": "77919c9281e9dcd983e3e284a5057fafd0f0e8ba23c1254d3d88b8a4f7640517f8ced44039ca66e74551dd19afb85d5eaa97148aa7b50e3f176d3072c38cd58e",
"pids": [
1676
],
"md5": "e8d979a25407fbbb993b3da436820b07"
},
{
"yara": [],
"sha1": "88e35874b6847a16557861df1b6f3c1b53d9baa7",
"name": "eeb77ec77920ccc1_swish.companylogo",
"filepath": "c:\\program files (x86)\\companylogodesigner\\vorlagen\\swish.companylogo",
"type": "data",
"sha256": "eeb77ec77920ccc187996bdf64bcc520e0e1c996ef0e50db001894fab7762e2f",
"urls": [],
"crc32": "484F49DD",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10949\/files\/eeb77ec77920ccc1_swish.companylogo",
"ssdeep": null,
"size": 2547,
"sha512": "7dbee08cce4ed05536f2fce298126d07e9bcb87aa0e98994d6707f6a7c5e72d18c2c51b080ffebf06666994b3fd7775a3938efb7bb987fdcf3dd80f309603b79",
"pids": [
1676
],
"md5": "02e715b9a9e71a712b09995d79a2bdc8"
},
{
"yara": [],
"sha1": "d03606e9a0e6e04f05774f56a3b3f18d7d9921f2",
"name": "13c71f38967b1d89_extrem.companylogo",
"filepath": "c:\\program files (x86)\\companylogodesigner\\vorlagen\\extrem.companylogo",
"type": "data",
"sha256": "13c71f38967b1d892f9a095836069c6a12b53dc3d63ff6ced2c7e8d08a5cd10b",
"urls": [],
"crc32": "3134EEF1",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10949\/files\/13c71f38967b1d89_extrem.companylogo",
"ssdeep": null,
"size": 2995,
"sha512": "a7b2f4388e13df2208a8703c5c0fb59210d2ea6796802b69abc83ce1e85097ebaa0beb3114f140956d64720a54b0252b5b8c92ba733665f9b1b4b24428c29463",
"pids": [
1676
],
"md5": "3e57d6e4d18421ab6052eec7b73823be"
},
{
"yara": [],
"sha1": "190f3bc536c9489c707ae31da32bf86947ea5d78",
"name": "2b124d4026850a3c_block-flash-digest256.sbstore",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\block-flash-digest256.sbstore",
"type": "data",
"sha256": "2b124d4026850a3cffd28dbacb58aec28f7dcd4d40bc14e52bbe96d60ce4e749",
"urls": [],
"crc32": "B946F265",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10949\/files\/2b124d4026850a3c_block-flash-digest256.sbstore",
"ssdeep": null,
"size": 7648,
"sha512": "0af17bd91464f26072f42bacfbb6ba72e68fa07b9d5801a92b14624cc51ebd00ab127272cecd8df6fe650fe07bf170fd6422d70c2e8cd8f9ad94bc11548446bd",
"pids": [],
"md5": "0e8fe60ccd7e9b4c32589a5743a95302"
},
{
"yara": [],
"sha1": "61707ab6dfc3916fc1897d0a3d30a97699d47800",
"name": "fed299382f527aa5_oddmantheory.companylogo",
"filepath": "c:\\program files (x86)\\companylogodesigner\\vorlagen\\oddmantheory.companylogo",
"type": "data",
"sha256": "fed299382f527aa5133afe562358d1058c0178f0d5eab2a18d4e8e0cea7c0591",
"urls": [],
"crc32": "DDD9B2DD",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10949\/files\/fed299382f527aa5_oddmantheory.companylogo",
"ssdeep": null,
"size": 2133,
"sha512": "b750daf128dad5582a69b8f055ad6bd6ce8311d78fc2e130af515939cc3ed9113dd72f8289b6802317eb03217018ceeffb69e6d0c1e8f23513319e94ece83149",
"pids": [
1676
],
"md5": "1e23a0d1fa0e281849ac9070bdc44697"
},
{
"yara": [],
"sha1": "4df430b4d63605e41855dbcb3837a189d4cc7604",
"name": "c0b3bc9b3dc507ab_except-flashallow-digest256.sbstore",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\except-flashallow-digest256.sbstore",
"type": "data",
"sha256": "c0b3bc9b3dc507ab654caf72d13c3aefa58c9b13b1e4d14dd8816712d80a7e54",
"urls": [],
"crc32": "04D7CD3E",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10949\/files\/c0b3bc9b3dc507ab_except-flashallow-digest256.sbstore",
"ssdeep": null,
"size": 232,
"sha512": "ae7688d501a1f59d4c247ed57ba0547f6376748af57f554ba1b6de0ef358ed5868721886baf94813979b3a9968ec330ce11c41767e4af42db413efc9556c2e22",
"pids": [],
"md5": "6f85bc4b2ecb49e26b0bd83a821065d0"
},
{
"yara": [],
"sha1": "bdecb51fed41f111cfb19c30e377aa165c0dd7e3",
"name": "8408968dae85e51e_mozstd-trackwhite-digest256.sbstore",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\mozstd-trackwhite-digest256.sbstore",
"type": "data",
"sha256": "8408968dae85e51ea6b0ca7123b0ddfd7425d3013ba311bb1cbe135fff0e5bda",
"urls": [],
"crc32": "D26AA5B7",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10949\/files\/8408968dae85e51e_mozstd-trackwhite-digest256.sbstore",
"ssdeep": null,
"size": 326032,
"sha512": "acda5c6344cc51e0921c116cb03395f8027f0e1077d5027ca4b6b33e2c1ab663c319eeab22d7ecf968702324bedc882f518bde7711cb140a059d7997580054cf",
"pids": [],
"md5": "bdaa2a3b4259ebf8dd87e5769b1bf3f4"
},
{
"yara": [],
"sha1": "3f5f335604376cd64e28b8d2cfd9afe0d616d0fa",
"name": "dc40dc18a64d9656_smalldots.companylogo",
"filepath": "c:\\program files (x86)\\companylogodesigner\\vorlagen\\smalldots.companylogo",
"type": "data",
"sha256": "dc40dc18a64d96568d83cd818a870430b0b4163c90047c20da4f131a9b2633bb",
"urls": [],
"crc32": "9F424CE0",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10949\/files\/dc40dc18a64d9656_smalldots.companylogo",
"ssdeep": null,
"size": 2231,
"sha512": "8cd34a5cae570598e463159cf0db62aaa9c50a27a50068e25528f86020d3c5c768ac2ceab0d270060725e5586271124037f391709c3f91254251e62ba005695b",
"pids": [
1676
],
"md5": "e16d700a7b06bf6f2de0859a3ffc962d"
},
{
"yara": [
{
"meta": {
"description": "Possibly employs anti-virtualization techniques",
"author": "nex"
},
"name": "vmdetect",
"offsets": {
"virtualbox8": [
[
15429,
0
],
[
15481,
0
],
[
15533,
0
]
]
},
"strings": [
"VkJPWCBIQVJERElTSw=="
]
}
],
"sha1": "ee4e92d4076bf4340cd53c35601167a0faf540e2",
"name": "189e380493f782dd_aborted-session-ping",
"filepath": "c:\\users\\cuck\\appdata\\roaming\\mozilla\\firefox\\profiles\\74r5sasm.default\\datareporting\\aborted-session-ping",
"type": "ASCII text, with very long lines, with no line terminators",
"sha256": "189e380493f782dd97986209c7732fe894c27e19846412b7f8bc05735ac62529",
"urls": [
"https:\/\/www.google.com\/search?q=",
"https:\/\/hg.mozilla.org\/releases\/mozilla-release\/rev\/a0b222c551f586904f51228c49149d9b6b7e2a81"
],
"crc32": "F78D39BB",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10949\/files\/189e380493f782dd_aborted-session-ping",
"ssdeep": null,
"size": 20539,
"sha512": "d21c470b04fc89a4706dabc8508218b9f8088e0a1746342cf07705fc9ded01d586630bbfbc25803cb992ed95a39684529653c77e618a4996acc368681e3e2b62",
"pids": [
2868
],
"md5": "4dd03ecc83b4d1132b591bd8b4a0683c"
},
{
"yara": [],
"sha1": "68bb387fcea4ef3d3cd675998ba1f911bba59456",
"name": "f6184c504b8869d3_goog-phish-proto.pset",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-phish-proto.pset",
"type": "data",
"sha256": "f6184c504b8869d300d965005f0304d7773781087d8b5512b4602a5c56c8a424",
"urls": [],
"crc32": "A08274E8",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10949\/files\/f6184c504b8869d3_goog-phish-proto.pset",
"ssdeep": null,
"size": 3233838,
"sha512": "770a4d8df2b026c53bcbfa803a42c9878c7dafd5636d48c23c78e18e4aa2ce94cd1a9c9941eb87ccc2b55c437f1e85e13f70cc7d9afcb69e5cec37cf381d8669",
"pids": [],
"md5": "cc9b11e15e09c3ba23eb1a054cb61210"
},
{
"yara": [],
"sha1": "3ceb9c1e49186b7035e0728e65ad2b75d442055e",
"name": "3242b0f0a8610e13_companylogodesigner.exe",
"filepath": "c:\\program files (x86)\\companylogodesigner\\companylogodesigner.exe",
"type": "PE32 executable (GUI) Intel 80386, for MS Windows",
"sha256": "3242b0f0a8610e13004c405534d7109a1d4e0c46320aa046cea848f0e32b8cc9",
"urls": [],
"crc32": "69D8D2AD",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10949\/files\/3242b0f0a8610e13_companylogodesigner.exe",
"ssdeep": null,
"size": 1937408,
"sha512": "c311234f49e6ed91321bc943716757787b07a108f2b8beafb020dee11f6eb82b3e05b3f681cf690bdc9ccf0d4e068942abe5c3457a897697385a9dcbbac98e57",
"pids": [
1676
],
"md5": "02f8e5106ba12644fc2378aa777da682"
},
{
"yara": [],
"sha1": "dbf2af6c2a94eb52a262a8c8782b1fa7cce50641",
"name": "b67bd8f6a9677e75_startupcache.4.little",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\startupCache.4.little",
"type": "Zip archive data, at least v2.0 to extract",
"sha256": "b67bd8f6a9677e75cf5da9e453291629a12ab493c589d59291137a447ec7e9fb",
"urls": [],
"crc32": "63E1FA07",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10949\/files\/b67bd8f6a9677e75_startupcache.4.little",
"ssdeep": null,
"size": 4046962,
"sha512": "98e435a14aef25c19a947a6b99e7d50bb78c11f5babd1e546c401a7351b239505b9e1e635b698a6470e7ae00f23bda08f380900ea3d72579ecedc73e18b6ce1d",
"pids": [
2868
],
"md5": "1c9381db810f900b3850980b6fbabb9c"
},
{
"yara": [],
"sha1": "16af7ecb7aacb6efe068057b9eb47c42a298d343",
"name": "c7ca3fda74fc7467_goog-malware-proto.metadata",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-malware-proto.metadata",
"type": "data",
"sha256": "c7ca3fda74fc746751635905d18c7ddc55d1e79c011dd0312fa5b05ae964af1a",
"urls": [],
"crc32": "E2AA4C43",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10949\/files\/c7ca3fda74fc7467_goog-malware-proto.metadata",
"ssdeep": null,
"size": 67,
"sha512": "cfe487dcd2c9fd897c95d5131f7ace2eabfeaa73dcbaa9329a20641ffa27489e64b66602103e7fed36100d6cb20789507e2879b54df445c8f1055046535d371b",
"pids": [],
"md5": "e92e6238bb1f94e1b6ef729356867a68"
},
{
"yara": [],
"sha1": "6950f04f5bf1e7e770c1fcfecad145bd93fd3490",
"name": "bfc78f65ae2ab173_floater.companylogo",
"filepath": "c:\\program files (x86)\\companylogodesigner\\vorlagen\\floater.companylogo",
"type": "data",
"sha256": "bfc78f65ae2ab173c8b09ed26b8d0c3280f838113ca41a9860708937343e107d",
"urls": [],
"crc32": "565FF92C",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10949\/files\/bfc78f65ae2ab173_floater.companylogo",
"ssdeep": null,
"size": 2237,
"sha512": "37734914325549be1519bcadb82ea7fd0a4e3239c4b9f17a3fce68e508d53e789d96bab82aa8ec300202eb79114282862aa451d50da549509bb70e29de92dd9b",
"pids": [
1676
],
"md5": "37d4ec94a9550eae46a6f4118518949f"
},
{
"yara": [],
"sha1": "1c92440d6ffa18b16c75a51392749991a6281ecf",
"name": "fa9b3d503991fd41_greentriangle.companylogo",
"filepath": "c:\\program files (x86)\\companylogodesigner\\vorlagen\\greentriangle.companylogo",
"type": "GLS_BINARY_LSB_FIRST",
"sha256": "fa9b3d503991fd412cfc5e447b92419f187e79b00aa31883f0fe96597c17eecc",
"urls": [],
"crc32": "9AE48A88",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10949\/files\/fa9b3d503991fd41_greentriangle.companylogo",
"ssdeep": null,
"size": 2593,
"sha512": "5148bfbc887049a5117a09a6875aac949e509dc1ed19e2d9056779bc62f3a86d5aecaaf110a7692fb8caecb835ab6e55fa9fa24365fbdbb6d4779c0133d2b37c",
"pids": [
1676
],
"md5": "c459d4b9581f04055c16899573327cee"
},
{
"yara": [],
"sha1": "38a7ce4494db35d6cd1911a09cab5cddba55346f",
"name": "e728bcd574a33fc4_withlove.companylogo",
"filepath": "c:\\program files (x86)\\companylogodesigner\\vorlagen\\withlove.companylogo",
"type": "data",
"sha256": "e728bcd574a33fc4a88ae125f44808d04c5c5cdf9a01bdc5ee1f4a8ea8328521",
"urls": [],
"crc32": "483046DF",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10949\/files\/e728bcd574a33fc4_withlove.companylogo",
"ssdeep": null,
"size": 8541,
"sha512": "8fad40545922f3c8e64a792cd34495a695c3399adf8954759d0f01e53c284e6a1ac0479e98a490a041111d9b88ca8ed1b3d18474d8bbc9b24ed51f5b12fe6db1",
"pids": [
1676
],
"md5": "724c3316463d3fec7e30e87dd4651ce3"
},
{
"yara": [],
"sha1": "90348457e50ce9221114fb9891fffc0eafcc7c8a",
"name": "945e1733e9668a78_goog-badbinurl-proto.pset",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-badbinurl-proto.pset",
"type": "data",
"sha256": "945e1733e9668a7882424218b924d71cc636472e7091039a924f37d20e72a3e6",
"urls": [],
"crc32": "13E58FF0",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10949\/files\/945e1733e9668a78_goog-badbinurl-proto.pset",
"ssdeep": null,
"size": 186536,
"sha512": "92053e43baf90dabd609ea6e8649c3d10bba35af2a11a0ab80b6e3137968f4a1a56fd8ec0e330990057becbec2a90e2f295da80afc51ecfba1ca3bc52e804620",
"pids": [],
"md5": "12971aeeaa03f0c87662d0a34e2e54e8"
},
{
"yara": [
{
"meta": {
"description": "Matched shellcode byte patterns",
"author": "nex"
},
"name": "shellcode",
"offsets": {
"shell2": [
[
209466,
0
]
]
},
"strings": [
"ZKEw"
]
}
],
"sha1": "b7dea002605e9c421b3472e504d4badc62df6a12",
"name": "c2790188e00356b9_goog-unwanted-proto.pset",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-unwanted-proto.pset",
"type": "data",
"sha256": "c2790188e00356b98e715badb4324008dda5aac6d369bb930beb5096bb6190fe",
"urls": [],
"crc32": "A3E41C74",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10949\/files\/c2790188e00356b9_goog-unwanted-proto.pset",
"ssdeep": null,
"size": 331028,
"sha512": "46b7be548221188a9c1980cc1a868b0d8786e91652c729d9e10a4fe56e6618ed8af5a22f798fcdeab4752832ce7149a0005e1de66bc3dbecfc327a5736960e2e",
"pids": [],
"md5": "20fc99dc00383cc09c45d8798a2bf21a"
},
{
"yara": [],
"sha1": "c4b004c69bf944c6db2520120bf8c317b082a33f",
"name": "fca2f35d85c90f16_deception.companylogo",
"filepath": "c:\\program files (x86)\\companylogodesigner\\vorlagen\\deception.companylogo",
"type": "data",
"sha256": "fca2f35d85c90f1628131980721e51328b7a0a30bd46774599c82238f3da570b",
"urls": [],
"crc32": "C73395DE",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10949\/files\/fca2f35d85c90f16_deception.companylogo",
"ssdeep": null,
"size": 2922,
"sha512": "5e3e774942d90f632eaa8857dc4877a52d25c3032eb0a170c7618c4b950d6f9db4dd90958ade22e17c8720bca07e05509cc63b0416e10faf28df5785e68f78e6",
"pids": [
1676
],
"md5": "1c6ab26e34ae81ae143d2bd60c38f14b"
},
{
"yara": [],
"sha1": "a6c438a578ca2e8ca58c359c73e2f6c7f2a80a56",
"name": "10785534acf8d24f_spaceboxes.companylogo",
"filepath": "c:\\program files (x86)\\companylogodesigner\\vorlagen\\spaceboxes.companylogo",
"type": "data",
"sha256": "10785534acf8d24fc54221e61700dc85207a94b1ec008b7b062bcb76e222fb24",
"urls": [],
"crc32": "78D0BD0C",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10949\/files\/10785534acf8d24f_spaceboxes.companylogo",
"ssdeep": null,
"size": 2237,
"sha512": "2660d1e74dbb349098c15a3437e9fa6f512c6a6052c7943c1f61764edfe9061fd4d138840ea3881ca928e848968e4d3612ae21f0a523e87e7045a96f0a2aa298",
"pids": [
1676
],
"md5": "233e44c9a211c385785edd66eb0a17f2"
},
{
"yara": [],
"sha1": "e7aaddbe3a552961156009dc5174c3e1fd736eaf",
"name": "948820b1fb981d49_stripemayhem.companylogo",
"filepath": "c:\\program files (x86)\\companylogodesigner\\vorlagen\\stripemayhem.companylogo",
"type": "GLS_BINARY_LSB_FIRST",
"sha256": "948820b1fb981d497a3b047c34d97ffc35eb1b15b5f2cba6f5a7c915d2ae80cd",
"urls": [],
"crc32": "AAEA5F93",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10949\/files\/948820b1fb981d49_stripemayhem.companylogo",
"ssdeep": null,
"size": 2593,
"sha512": "ab84fb3874a36e07a155b1448d2ea903269732a32b641a0926f7bf1f78f50e4f2b0077be6aba3269adc75d17580d08f9dac5b59fd43010eb2488e01e61603479",
"pids": [
1676
],
"md5": "23d74dd603f9f1a5b23f051462b0d33d"
}
]Generic
[
{
"process_path": "C:\\Users\\cuck\\AppData\\Local\\Temp\\is-1QMIS.tmp\\ServiceHelper.exe",
"process_name": "ServiceHelper.exe",
"pid": 2952,
"summary": {
"regkey_read": [
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\GRE_Initialize\\DisableMetaFiles"
],
"dll_loaded": [
"kernel32.dll"
]
},
"first_seen": 1605815589.40625,
"ppid": 1676
},
{
"process_path": "C:\\Users\\cuck\\AppData\\Local\\Temp\\is-MNA02.tmp\\891abfbc1df80ee834d4790b35a3ad27723867dcfaa28deee423bf1ac3eab95b.tmp",
"process_name": "891abfbc1df80ee834d4790b35a3ad27723867dcfaa28deee423bf1ac3eab95b.tmp",
"pid": 1676,
"summary": {
"file_created": [
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Extras\\is-GDUIF.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-KAMBP.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\is-GTBAF.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-VQSLA.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-JT1DF.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-MT7ED.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Extras\\is-2SO9J.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\unins000.dat",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-2A0AD.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-CA9EM.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-HSVE1.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-VJOP5.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-9KSEH.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Extras\\is-7NRNE.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\is-1QMIS.tmp\\_isetup\\_RegDLL.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-0RQQ1.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-JO89P.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-GV6JJ.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-UIQ6T.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-O233C.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-AHG54.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-A2QPS.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-3N144.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-NENM4.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-8V3S9.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\is-EF23G.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-D352V.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\is-1QMIS.tmp\\ServiceHelper.exe",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-LD5H3.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-9GL0H.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\is-1QMIS.tmp\\_isetup\\_shfoldr.dll",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-NTJ3U.tmp",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Company Logo Designer\\Company Logo Designer.lnk",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\is-O4ICM.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\is-NG65S.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Extras\\is-49LIO.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-QGVV7.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\is-R4L7R.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-3OL6P.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\is-HEP33.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-KHB0Q.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Extras\\is-7NA2T.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-3SDIU.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-U84VV.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-5675S.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\is-1QMIS.tmp\\_isetup\\_setup64.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-DSNRI.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-CPUC7.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-23GBJ.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-1RKMN.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-JFQKN.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-A8MRF.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Extras\\is-P7TJO.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-NN1B9.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-EGFKL.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-16P9J.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-SA73C.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-0P8NQ.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-RJS1H.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-UC7KO.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Extras\\is-SD3UV.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-746GF.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-NUBVH.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-094S8.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\is-GE0IB.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-TEL73.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Extras\\is-CAFMC.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-VQT8K.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Extras\\is-LQBRF.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-QDTC3.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-NQGA9.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-9A7JP.tmp"
],
"file_recreated": [
"C:\\Program Files (x86)\\CompanyLogoDesigner\\unins000.dat"
],
"directory_created": [
"C:\\Users\\cuck\\AppData\\Local\\Temp\\is-1QMIS.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Extras",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Company Logo Designer",
"C:\\Program Files (x86)\\CompanyLogoDesigner",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\is-1QMIS.tmp\\_isetup",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Caches",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Projekte",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen"
],
"dll_loaded": [
"C:\\Windows\\system32\\sfc.dll",
"netutils.dll",
"srvcli.dll",
"LINKINFO.dll",
"kernel32.dll",
"UxTheme.dll",
"C:\\Windows\\system32\\ole32.dll",
"dwmapi.dll",
"slc.dll",
"ntmarta.dll",
"PROPSYS.dll",
"C:\\Windows\\syswow64\\MSCTF.dll",
"API-MS-Win-Core-LocalRegistry-L1-1-0.dll",
"OLEAUT32.DLL",
"comctl32",
"ole32.dll",
"SHLWAPI.dll",
"USER32.dll",
"IMM32.dll",
"API-MS-Win-Security-SDDL-L1-1-0.dll",
"C:\\Windows\\system32\\shlwapi.dll",
"shell32.dll",
"uxtheme.dll",
"OLEAUT32.dll",
"profapi.dll",
"SHELL32.dll",
"comctl32.dll",
"C:\\Windows\\system32\\shell32.dll",
"shfolder.dll",
"DEVRTL.dll",
"ADVAPI32.dll",
"SETUPAPI.dll",
"ntshrui.dll"
],
"file_opened": [
"C:\\Windows\\System32\\imageres.dll",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\is-GTBAF.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-KAMBP.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-VQSLA.tmp",
"C:\\",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-MT7ED.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Extras\\is-2SO9J.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Caches\\cversions.1.db",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-2A0AD.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-CA9EM.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-EGFKL.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-HSVE1.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-VJOP5.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-9KSEH.tmp",
"C:\\Program Files (x86)",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Extras\\is-7NRNE.tmp",
"C:\\Windows\\SysWOW64\\en-US\\KERNELBASE.dll.mui",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-JO89P.tmp",
"C:\\Windows\\System32",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-1RKMN.tmp",
"C:\\Windows\\System32\\netmsg.dll",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-O233C.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-U84VV.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-GV6JJ.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-A2QPS.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-3N144.tmp",
"C:\\Users\\cuck\\Desktop\\desktop.ini",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-NENM4.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-8V3S9.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\is-EF23G.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-AHG54.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-D352V.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-LD5H3.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-9GL0H.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\is-HEP33.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\is-GE0IB.tmp",
"C:\\Program Files (x86)\\Mozilla Firefox\\firefox.exe",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\is-O4ICM.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\is-NG65S.tmp",
"C:\\Windows\\System32\\shell32.dll",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-QGVV7.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\is-R4L7R.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-0RQQ1.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-3OL6P.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-KHB0Q.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Extras\\is-7NA2T.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-3SDIU.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-UIQ6T.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-5675S.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Extras\\is-GDUIF.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-DSNRI.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-CPUC7.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\CompanyLogoDesigner.exe",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Extras\\is-49LIO.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-23GBJ.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\891abfbc1df80ee834d4790b35a3ad27723867dcfaa28deee423bf1ac3eab95b.bin",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-JFQKN.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-A8MRF.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Extras\\is-P7TJO.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-JT1DF.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-NN1B9.tmp",
"C:\\Windows\\Globalization\\Sorting\\sortdefault.nls",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-16P9J.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Extras\\is-LQBRF.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-SA73C.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000004.db",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-0P8NQ.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-RJS1H.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-UC7KO.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Extras\\is-SD3UV.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-746GF.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-NUBVH.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-094S8.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-NTJ3U.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-TEL73.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Extras\\is-CAFMC.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-VQT8K.tmp",
"C:\\Program Files (x86)\\desktop.ini",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\is-MNA02.tmp\\891abfbc1df80ee834d4790b35a3ad27723867dcfaa28deee423bf1ac3eab95b.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-QDTC3.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-NQGA9.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-9A7JP.tmp"
],
"regkey_opened": [
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\PropertyBag",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\PropertyBag",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\PropertyBag",
"HKEY_CLASSES_ROOT\\.cmd",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}",
"HKEY_CLASSES_ROOT\\Directory",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions",
"HKEY_CLASSES_ROOT\\.mda",
"HKEY_CLASSES_ROOT\\.gadget",
"HKEY_CLASSES_ROOT\\FirefoxHTML-E7CF176E110C211B",
"HKEY_CLASSES_ROOT\\.bas",
"HKEY_CLASSES_ROOT\\.mdb",
"HKEY_CLASSES_ROOT\\C:\\Program Files (x86)\\CompanyLogoDesigner\\CompanyLogoDesigner.exe\\DefaultIcon",
"HKEY_CLASSES_ROOT\\.maw",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\PropertyBag",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{0000897b-83df-4b96-be07-0fb58b01c4a4}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\CTF\\TIP\\{0000897b-83df-4b96-be07-0fb58b01c4a4}\\LanguageProfile\\0x00000000\\{0001bea3-ed56-483d-a2e2-aeae25577436}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\PropertyBag",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\KnownClasses",
"HKEY_CURRENT_USER\\FirefoxHTML-E7CF176E110C211B\\shell",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\App Paths\\firefox.exe",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Session Manager",
"HKEY_CURRENT_USER\\FirefoxHTML-E7CF176E110C211B\\shell\\open\\DropTarget",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\PropertyBag",
"HKEY_LOCAL_MACHINE\\Software",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{C1EE01F2-B3B6-4A6A-9DDD-E988C088EC82}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_CURRENT_USER\\FirefoxHTML-E7CF176E110C211B\\shell\\open\\ddeexec",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\PropertyBag",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{8613E14C-D0C0-4161-AC0F-1DD2563286BC}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\App Paths\\firefox.exe",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{905E63B6-C1BF-494E-B29C-65B732D3D21A}\\PropertyBag",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\PropertyBag",
"HKEY_CLASSES_ROOT\\Drive\\shellex\\FolderExtensions",
"HKEY_CLASSES_ROOT\\.mag",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\LSA\\AccessProviders",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-699399860-4089948139-3198924279-1001",
"HKEY_CLASSES_ROOT\\.shs",
"HKEY_CURRENT_USER\\FirefoxHTML-E7CF176E110C211B\\shell\\open\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.htm\\UserChoice",
"HKEY_CLASSES_ROOT\\.js",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}",
"HKEY_CLASSES_ROOT\\.wsh",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\App Paths\\891abfbc1df80ee834d4790b35a3ad27723867dcfaa28deee423bf1ac3eab95b.tmp",
"HKEY_CLASSES_ROOT\\.mad",
"HKEY_CURRENT_USER\\FirefoxHTML-E7CF176E110C211B\\DocObject",
"HKEY_CLASSES_ROOT\\.pl",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\ShellEx\\IconHandler",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{3f5cc1b5-70f9-11e8-b07b-806e6f6e6963}\\",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\PropertyBag",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Shell Icons",
"HKEY_CLASSES_ROOT\\.ins",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts",
"HKEY_CLASSES_ROOT\\.maf",
"HKEY_CURRENT_USER\\Software\\Microsoft\\CTF\\DirectSwitchHotkeys",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion",
"HKEY_CLASSES_ROOT\\.mam",
"HKEY_CLASSES_ROOT\\.sct",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{03B5835F-F03C-411B-9CE2-AA23E1171E36}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}",
"HKEY_CLASSES_ROOT\\.inf",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\(Default)",
"HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\Explorer",
"HKEY_CLASSES_ROOT\\.mat",
"HKEY_CLASSES_ROOT\\.mas",
"HKEY_CLASSES_ROOT\\.mar",
"HKEY_CLASSES_ROOT\\.maq",
"HKEY_CLASSES_ROOT\\.pif",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3D644C9B-1FB8-4F30-9B45-F670235F79C0}",
"HKEY_CLASSES_ROOT\\.prg",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\PropertyBag",
"HKEY_CLASSES_ROOT\\.com",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\Clsid",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Associations",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer",
"HKEY_CLASSES_ROOT\\.vbe",
"HKEY_CURRENT_USER\\FirefoxHTML-E7CF176E110C211B\\shell\\open",
"HKEY_CLASSES_ROOT\\.vb",
"HKEY_CLASSES_ROOT\\.cpl",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer",
"HKEY_CURRENT_USER\\FirefoxHTML-E7CF176E110C211B\\ShellEx\\IconHandler",
"HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\Explorer",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{F25E9F57-2FC8-4EB3-A41A-CCE5F08541E6}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion",
"HKEY_CLASSES_ROOT\\.mav",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{32EF7022-B623-4B6A-B41D-400558207243}_is1",
"HKEY_CLASSES_ROOT\\.its",
"HKEY_CLASSES_ROOT\\.pst",
"HKEY_CLASSES_ROOT\\.mau",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.htm\\ShellEx\\IconHandler",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer",
"HKEY_CLASSES_ROOT\\.mdz",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}",
"HKEY_CLASSES_ROOT\\.mdt",
"HKEY_CURRENT_USER\\FirefoxHTML-E7CF176E110C211B\\BrowseInPlace",
"HKEY_CLASSES_ROOT\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}",
"HKEY_CLASSES_ROOT\\CLSID\\{00BB2763-6A77-11D0-A535-00C04FD7D062}\\InProcServer32",
"HKEY_LOCAL_MACHINE\\System\\Setup",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\BrowseInPlace",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\KindMap",
"HKEY_CLASSES_ROOT\\CompanyLogoDesigner\\shell\\open\\command",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Shell\\Associations\\UrlAssociations\\Directory",
"HKEY_CURRENT_USER\\Software\\Policies",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}",
"HKEY_CLASSES_ROOT\\.ws",
"HKEY_CLASSES_ROOT\\CLSID\\{03C036F1-A186-11D0-824A-00AA005B4383}\\InProcServer32",
"HKEY_CURRENT_USER\\FirefoxHTML-E7CF176E110C211B\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{DCBD6FA8-032F-11D3-B5B1-00C04FC324A1}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\DocObject",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\PropertyBag",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder",
"HKEY_CLASSES_ROOT\\SystemFileAssociations\\document",
"HKEY_CLASSES_ROOT\\.scf",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{3f5cc1b6-70f9-11e8-b07b-806e6f6e6963}\\",
"HKEY_CLASSES_ROOT\\.msi",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\PropertyBag",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\PropertyBag",
"HKEY_CURRENT_USER\\Software\\Microsoft\\CTF\\LayoutIcon\\0409\\0000041d",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{78CB5B0E-26ED-4FCC-854C-77E8F3D1AA80}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\CurVer",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\LanmanWorkstation\\Parameters",
"HKEY_CLASSES_ROOT\\.vbs",
"HKEY_CLASSES_ROOT\\.ops",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.htm\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.htm\\DocObject",
"HKEY_CLASSES_ROOT\\.htm",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\BrowseInPlace",
"HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AutoComplete",
"HKEY_CLASSES_ROOT\\.mde",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{32EF7022-B623-4B6A-B41D-400558207243}_is1",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\1",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\PropertyBag",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum",
"HKEY_CLASSES_ROOT\\.crt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\PropertyBag",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\DocObject",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\1\\KnownFolders",
"HKEY_CLASSES_ROOT\\.wsf",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\ShellEx\\IconHandler",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Setup",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\Shell\\RegisteredApplications\\UrlAssociations\\Directory\\OpenWithProgids",
"HKEY_CLASSES_ROOT\\.mdw",
"HKEY_CLASSES_ROOT\\.jse",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\PropertyBag",
"HKEY_CLASSES_ROOT\\Drive\\shellex\\FolderExtensions\\{fbeb8a05-beee-4442-804e-409d6c4515e9}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\PropertyBag",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AutoComplete",
"HKEY_CLASSES_ROOT\\.msh",
"HKEY_CLASSES_ROOT\\Folder",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\ShellCompatibility\\ProgIDs\\FirefoxHTML-E7CF176E110C211B",
"HKEY_CLASSES_ROOT\\.shb",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{AE6BE008-07FB-400D-8BEB-337A64F7051F}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_CLASSES_ROOT\\.msc",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\PropertyBag",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{E429B25A-E5D3-4D1F-9BE3-0C608477E3A1}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.htm\\OpenWithProgids",
"HKEY_CLASSES_ROOT\\.mst",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Associations",
"HKEY_CLASSES_ROOT\\.wsc",
"HKEY_CLASSES_ROOT\\.scr",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\App Paths\\891abfbc1df80ee834d4790b35a3ad27723867dcfaa28deee423bf1ac3eab95b.tmp",
"HKEY_CLASSES_ROOT\\.tmp",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}",
"HKEY_CURRENT_USER\\FirefoxHTML-E7CF176E110C211B\\shell\\open\\command",
"HKEY_CLASSES_ROOT\\.vsmacros",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\\PropertyBag",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{F89E9E58-BD2F-4008-9AC2-0F816C09F4EE}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\Clsid",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\PropertyBag",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}\\PropertyBag",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\Clsid",
"HKEY_CURRENT_USER\\Keyboard Layout\\Toggle",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\PropertyBag",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{531FDEBF-9B4C-4A43-A2AA-960E8FCDC732}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.htm",
"HKEY_CLASSES_ROOT\\.prf",
"HKEY_CLASSES_ROOT\\.reg",
"HKEY_CLASSES_ROOT\\.cer",
"HKEY_CLASSES_ROOT\\.ade",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\LDAP",
"HKEY_CLASSES_ROOT\\.msp",
"HKEY_CLASSES_ROOT\\.adp",
"HKEY_CLASSES_ROOT\\.CompanyLogo",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\FontSubstitutes",
"HKEY_CLASSES_ROOT\\htmlfile",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AutoComplete",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AutoComplete",
"HKEY_CLASSES_ROOT\\.htm\\OpenWithProgids",
"HKEY_CURRENT_USER\\Software",
"HKEY_CURRENT_USER\\FirefoxHTML-E7CF176E110C211B\\Progid",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder",
"HKEY_CLASSES_ROOT\\.pcd",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\PropertyBag",
"HKEY_LOCAL_MACHINE\\Software\\Policies",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}",
"HKEY_CLASSES_ROOT\\.app",
"HKEY_CLASSES_ROOT\\.lnk",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\ShellEx\\IconHandler",
"HKEY_CURRENT_USER\\Control Panel\\Desktop",
"HKEY_CLASSES_ROOT\\.mshxml",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\PropertyBag",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{07EB03D6-B001-41DF-9192-BF9B841EE71F}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_CLASSES_ROOT\\.fxp",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}",
"HKEY_CLASSES_ROOT\\.hlp",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum",
"HKEY_CLASSES_ROOT\\.bat",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\PropertyBag",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ShellCompatibility\\Applications\\891abfbc1df80ee834d4790b35a3ad27723867dcfaa28deee423bf1ac3eab95b.tmp",
"HKEY_CLASSES_ROOT\\.url",
"HKEY_CLASSES_ROOT\\.exe",
"HKEY_CLASSES_ROOT\\AllFilesystemObjects",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3D644C9B-1FB8-4F30-9B45-F670235F79C0}\\PropertyBag",
"HKEY_CLASSES_ROOT\\SystemFileAssociations\\.htm",
"HKEY_CLASSES_ROOT\\.asp",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\DocObject",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\(Default)",
"HKEY_LOCAL_MACHINE\\software\\microsoft\\windows\\currentversion\\setup\\PnpLockdownFiles",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\PropertyBag",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{3697C5FA-60DD-4B56-92D4-74A569205C16}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\PropertyBag",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\PropertyBag",
"HKEY_CLASSES_ROOT\\.csh",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AutoComplete\\Client\\",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{905E63B6-C1BF-494E-B29C-65B732D3D21A}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{A028AE76-01B1-46C2-99C4-ACD9858AE02F}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.htm\\BrowseInPlace",
"HKEY_CURRENT_USER\\FirefoxHTML-E7CF176E110C211B\\Clsid",
"HKEY_CLASSES_ROOT\\C:\\Program Files (x86)\\CompanyLogoDesigner\\CompanyLogoDesigner.exe",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\Compatibility\\891abfbc1df80ee834d4790b35a3ad27723867dcfaa28deee423bf1ac3eab95b.tmp",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AutoComplete",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{81D4E9C9-1D3B-41BC-9E6C-4B40BF79E35E}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_CLASSES_ROOT\\.grp",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\BrowseInPlace",
"HKEY_CLASSES_ROOT\\.ksh",
"HKEY_CLASSES_ROOT\\.isp",
"HKEY_CLASSES_ROOT\\.chm",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\PropertyBag",
"HKEY_CURRENT_USER\\FirefoxHTML-E7CF176E110C211B\\CurVer",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\PropertyBag",
"HKEY_CLASSES_ROOT\\.hta",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.htm\\Clsid",
"HKEY_CLASSES_ROOT\\.mcf",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}"
],
"file_written": [
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Extras\\is-GDUIF.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-KAMBP.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\is-GTBAF.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-VQSLA.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-JT1DF.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-MT7ED.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Extras\\is-2SO9J.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\unins000.dat",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-2A0AD.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-CA9EM.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-HSVE1.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-VJOP5.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-9KSEH.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Extras\\is-7NRNE.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\is-1QMIS.tmp\\_isetup\\_RegDLL.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-0RQQ1.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-JO89P.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-GV6JJ.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-UIQ6T.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-O233C.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-AHG54.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-A2QPS.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-3N144.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-NENM4.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-8V3S9.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\is-EF23G.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-D352V.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\is-1QMIS.tmp\\ServiceHelper.exe",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-LD5H3.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-9GL0H.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\is-1QMIS.tmp\\_isetup\\_shfoldr.dll",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-NTJ3U.tmp",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Company Logo Designer\\Company Logo Designer.lnk",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\is-O4ICM.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\is-NG65S.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Extras\\is-49LIO.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-QGVV7.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\is-R4L7R.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-3OL6P.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\is-HEP33.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-KHB0Q.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Extras\\is-7NA2T.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-3SDIU.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-U84VV.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-5675S.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\is-1QMIS.tmp\\_isetup\\_setup64.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-DSNRI.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-CPUC7.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-23GBJ.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-1RKMN.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-JFQKN.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-A8MRF.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Extras\\is-P7TJO.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-NN1B9.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-EGFKL.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-16P9J.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-SA73C.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-0P8NQ.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-RJS1H.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-UC7KO.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Extras\\is-SD3UV.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-746GF.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-NUBVH.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-094S8.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\is-GE0IB.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-TEL73.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Extras\\is-CAFMC.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-VQT8K.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Extras\\is-LQBRF.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-QDTC3.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-NQGA9.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-9A7JP.tmp"
],
"regkey_deleted": [
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{32EF7022-B623-4B6A-B41D-400558207243}_is1",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{32EF7022-B623-4B6A-B41D-400558207243}_is1"
],
"file_deleted": [
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Company Logo Designer\\Company Logo Designer.pif",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Company Logo Designer\\Company Logo Designer.url",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\is-1QMIS.tmp\\_isetup\\_shfoldr.dll",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\is-1QMIS.tmp\\_isetup\\_setup64.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\is-1QMIS.tmp\\ServiceHelper.exe",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\is-1QMIS.tmp\\_isetup\\_RegDLL.tmp",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Company Logo Designer\\Company Logo Designer.lnk"
],
"directory_removed": [
"C:\\Users\\cuck\\AppData\\Local\\Temp\\is-1QMIS.tmp\\_isetup",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\is-1QMIS.tmp"
],
"file_exists": [
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-KAMBP.tmp",
"C:\\",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Rotated2.CompanyLogo",
"C:\\Users\\cuck\\AppData\\Local\\Temp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-23GBJ.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\LightDome.CompanyLogo",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Extras\\Mail3.htm",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-9KSEH.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Slim.CompanyLogo",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-9GL0H.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-3N144.tmp",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Company Logo Designer\\Company Logo Designer.lnk",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\is-O4ICM.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-5675S.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\CutOff.CompanyLogo",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-0P8NQ.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\GeneticSuccess.CompanyLogo",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Feathers.CompanyLogo",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Extras\\Brief3.rtf",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Extras\\is-49LIO.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-VQT8K.tmp",
"C:\\Windows\\SysWOW64\\propsys.dll",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-JO89P.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-1RKMN.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Deception.CompanyLogo",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Exotic.CompanyLogo",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-NN1B9.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Sektor.CompanyLogo",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\60er.CompanyLogo",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-16P9J.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\CoolEnding.CompanyLogo",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\OddManTheory.CompanyLogo",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Extrem.CompanyLogo",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\is-GTBAF.tmp",
"C:\\Windows\\System32\\propsys.dll",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Fireball.CompanyLogo",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-CA9EM.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Rollercoaster.CompanyLogo",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Radioactive.CompanyLogo",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-O233C.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Extras\\page2.htm",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-A2QPS.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\border.gif",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\is-EF23G.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Spacy.CompanyLogo",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\InNameGap.CompanyLogo",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-3OL6P.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\is-GE0IB.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\CutInRect.CompanyLogo",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\is-NG65S.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Raster.CompanyLogo",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Company Logo Designer\\Company Logo Designer",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\is-1QMIS.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\is-R4L7R.tmp",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Company Logo Designer\\Company Logo Designer.url",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Pyramide.CompanyLogo",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Extras\\page1.htm",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Extras\\is-GDUIF.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Extras\\is-7NA2T.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-3SDIU.tmp",
"C:\\Program Files (x86)",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-DSNRI.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-JFQKN.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Extras",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Sail.CompanyLogo",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-UC7KO.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Extras\\is-SD3UV.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Projekte",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-U84VV.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\cld-readme.htm",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-TEL73.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Simpel.CompanyLogo",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-NQGA9.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Swish.CompanyLogo",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Extras\\is-CAFMC.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-VQSLA.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-JT1DF.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Stylish Rect.CompanyLogo",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Bookstore.CompanyLogo",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\GreenTriangle.CompanyLogo",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-VJOP5.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\is-1QMIS.tmp\\_isetup",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Biotech.CompanyLogo",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-AHG54.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Extras\\Mail1.htm",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Extras\\Brief1.rtf",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Company Logo Designer",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-NENM4.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-8V3S9.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Extras\\Brief2.rtf",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-D352V.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-QGVV7.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\SmallDots.CompanyLogo",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Nice Feathers.CompanyLogo",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Puzzle.CompanyLogo",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\is-HEP33.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-KHB0Q.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Vertical.CompanyLogo",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Shockwave.CompanyLogo",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Rays.CompanyLogo",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\ComplexSystem.CompanyLogo",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\symbols.box",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-RJS1H.tmp",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Extras\\is-P7TJO.tmp",
"C:\\Program Files (x86)\\Mozilla Firefox\\firefox.exe",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Extras\\is-LQBRF.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-EGFKL.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-9A7JP.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\WithLove.CompanyLogo",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-GV6JJ.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-MT7ED.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Extras\\is-2SO9J.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-2A0AD.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\SimpleMolecule.CompanyLogo",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Extras\\Logo.jpg",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-HSVE1.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\CompanyLogoDesigner.exe",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Circle.CompanyLogo",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Extras\\is-7NRNE.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\cld.gif",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-UIQ6T.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Diagonal.CompanyLogo",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-CPUC7.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Globe.CompanyLogo",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-NUBVH.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-LD5H3.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\StripeMayhem.CompanyLogo",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-NTJ3U.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Spaceboxes.CompanyLogo",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-746GF.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Butterfly.CompanyLogo",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Accent.CompanyLogo",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\unins000.exe",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Floater.CompanyLogo",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-A8MRF.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Overlap.CompanyLogo",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Seal.CompanyLogo",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Rotated Comic.CompanyLogo",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-SA73C.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-0RQQ1.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-094S8.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\symbols.dat",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Extras\\Mail2.htm",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Stilvoll.CompanyLogo",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\is-QDTC3.tmp",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Rotated.CompanyLogo"
],
"file_failed": [
"C:\\Program Files (x86)\\CompanyLogoDesigner",
"C:\\Windows\\winsxs\\FileMaps\\program_files_x86_companylogodesigner_5b9056e8d31ed5eb.cdf-ms",
"C:\\Windows\\winsxs\\FileMaps\\program_files_x86_companylogodesigner_extras_cdf3750032a33a06.cdf-ms",
"C:\\Windows\\winsxs\\FileMaps\\program_files_x86_companylogodesigner_vorlagen_ccaf965889f49025.cdf-ms"
],
"guid": [
"{ea1afb91-9e28-4b86-90e9-9e9f8a5eefaf}",
"{eac04bc0-3791-11d2-bb95-0060977b464c}",
"{5e078e03-8265-4bbe-9487-d242edbef910}",
"{00bb2763-6a77-11d0-a535-00c04fd7d062}",
"{00000000-0000-0000-c000-000000000046}",
"{56fdf344-fd6d-11d0-958a-006097c9a090}",
"{807c1e6c-1d00-453f-b920-b61bb7cdd997}",
"{00021401-0000-0000-c000-000000000046}",
"{000214ee-0000-0000-c000-000000000046}",
"{5762f2a7-4658-4c7a-a4ac-bdabfe154e0d}",
"{03c036f1-a186-11d0-824a-00aa005b4383}",
"{00bb2765-6a77-11d0-a535-00c04fd7d062}",
"{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}"
],
"command_line": [
"\"C:\\Users\\cuck\\AppData\\Local\\Temp\\is-1QMIS.tmp\\ServiceHelper.exe\" \/setup C:\\Users\\cuck\\AppData\\Local\\Temp\\891abfbc1df80ee834d4790b35a3ad27723867dcfaa28deee423bf1ac3eab95b.bin",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\cld-readme.htm",
"\"C:\\Program Files (x86)\\CompanyLogoDesigner\\CompanyLogoDesigner.exe\"",
"\"C:\\Program Files (x86)\\Mozilla Firefox\\firefox.exe\" -osint -url \"C:\\Program Files (x86)\\CompanyLogoDesigner\\cld-readme.htm\""
],
"file_read": [
"C:\\Users\\cuck\\Desktop\\desktop.ini",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\891abfbc1df80ee834d4790b35a3ad27723867dcfaa28deee423bf1ac3eab95b.bin",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\is-MNA02.tmp\\891abfbc1df80ee834d4790b35a3ad27723867dcfaa28deee423bf1ac3eab95b.tmp",
"C:\\Program Files (x86)\\desktop.ini"
],
"regkey_read": [
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.WSH\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\PnpLockdownFiles\\%SystemDrive%\\Program Files (x86)\\CompanyLogoDesigner\\Extras\\page2.htm",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.vbs\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{905E63B6-C1BF-494E-B29C-65B732D3D21A}\\InfoTip",
"HKEY_CURRENT_USER\\FirefoxHTML-E7CF176E110C211B\\IsShortcut",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-699399860-4089948139-3198924279-1001\\ProfileImagePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoSetFolders",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.hlp\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\Roamable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\LocalizedName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{905E63B6-C1BF-494E-B29C-65B732D3D21A}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3D644C9B-1FB8-4F30-9B45-F670235F79C0}\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\PreCreate",
"HKEY_CURRENT_USER\\.htm\\Content Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\PnpLockdownFiles\\%SystemDrive%\\Program Files (x86)\\CompanyLogoDesigner\\cld.gif",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\Description",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.inf\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\LocalizedName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\PnpLockdownFiles\\%SystemDrive%\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Sail.CompanyLogo",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\PublishExpandedPath",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\AccListViewV6",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\PnpLockdownFiles\\%SystemDrive%\\Program Files (x86)\\CompanyLogoDesigner\\cld-readme.htm",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.bat\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\PnpLockdownFiles\\%SystemDrive%\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Radioactive.CompanyLogo",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\PublishExpandedPath",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\AutoCheckSelect",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\Stream",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Stream",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3D644C9B-1FB8-4F30-9B45-F670235F79C0}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\PnpLockdownFiles\\%SystemDrive%\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Accent.CompanyLogo",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Security",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\PreCreate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.reg\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\App Paths\\firefox.exe\\UseShortName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\PnpLockdownFiles\\%SystemDrive%\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Butterfly.CompanyLogo",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\LocalRedirectOnly",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.htm\\IsShortcut",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\IsShortcut",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\WantsAliasedNotifications",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\EnableBalloonTips",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.scr\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\LocalizedName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\Security",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\CommonFilesDir",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\DocObject",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\PnpLockdownFiles\\%SystemDrive%\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Diagonal.CompanyLogo",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}\\Security",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\Security",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.prf\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\PreCreate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\PnpLockdownFiles\\%SystemDrive%\\Program Files (x86)\\CompanyLogoDesigner\\symbols.box",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\PnpLockdownFiles\\%SystemDrive%\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\OddManTheory.CompanyLogo",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Roamable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\Icon",
"HKEY_CURRENT_USER\\.htm\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\Stream",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\PnpLockdownFiles\\%SystemDrive%\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Shockwave.CompanyLogo",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\Description",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\App Paths\\firefox.exe\\PATH",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\DontPrettyPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\AllowFileCLSIDJunctions",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\PreCreate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\PublishExpandedPath",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\WebView",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\PnpLockdownFiles\\%SystemDrive%\\Program Files (x86)\\CompanyLogoDesigner\\Extras\\Logo.jpg",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\CommonFilesDir",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.hta\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoControlPanel",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\RegisteredOrganization",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\PnpLockdownFiles\\%SystemDrive%\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Fireball.CompanyLogo",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3D644C9B-1FB8-4F30-9B45-F670235F79C0}\\Roamable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\Security",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}\\Attributes",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\LocalizedName",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\LanmanWorkstation\\Parameters\\RpcCacheTimeout",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\PnpLockdownFiles\\%SystemDrive%\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Overlap.CompanyLogo",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\ParentFolder",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\MapNetDrvBtn",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\PnpLockdownFiles\\%SystemDrive%\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Seal.CompanyLogo",
"HKEY_CURRENT_USER\\FirefoxHTML-E7CF176E110C211B\\shell\\open\\ddeexec\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\LocalRedirectOnly",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\PnpLockdownFiles\\%SystemDrive%\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Rotated Comic.CompanyLogo",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\LocalRedirectOnly",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\en-US",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Personal",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\StreamResourceType",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{3f5cc1b5-70f9-11e8-b07b-806e6f6e6963}\\Data",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3D644C9B-1FB8-4F30-9B45-F670235F79C0}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\LocalRedirectOnly",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\\LocalRedirectOnly",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\PnpLockdownFiles\\%SystemDrive%\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Slim.CompanyLogo",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{905E63B6-C1BF-494E-B29C-65B732D3D21A}\\LocalRedirectOnly",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.cer\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3D644C9B-1FB8-4F30-9B45-F670235F79C0}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\Stream",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\Attributes",
"HKEY_CURRENT_USER\\FirefoxHTML-E7CF176E110C211B\\shell\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\DevicePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\Roamable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\PreCreate",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\ShowTypeOverlay",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{905E63B6-C1BF-494E-B29C-65B732D3D21A}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\RelativePath",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\HideFileExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\Icon",
"HKEY_CURRENT_USER\\FirefoxHTML-E7CF176E110C211B\\shell\\open\\command\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{905E63B6-C1BF-494E-B29C-65B732D3D21A}\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{00BB2763-6A77-11D0-A535-00C04FD7D062}\\InProcServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.msi\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\PnpLockdownFiles\\%SystemDrive%\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Exotic.CompanyLogo",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Favorites",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\PreCreate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{905E63B6-C1BF-494E-B29C-65B732D3D21A}\\Security",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{905E63B6-C1BF-494E-B29C-65B732D3D21A}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\Description",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\SeparateProcess",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\Description",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\ProfilesDirectory",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\Description",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\PnpLockdownFiles\\%SystemDrive%\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Nice Feathers.CompanyLogo",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\Security",
"HKEY_CURRENT_USER\\Control Panel\\Desktop\\SmoothScroll",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\Roamable",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\ListviewShadow",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoWebView",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\StreamResource",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\My Pictures",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\PnpLockdownFiles\\%SystemDrive%\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Rollercoaster.CompanyLogo",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.JSE\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\Roamable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\PnpLockdownFiles\\%SystemDrive%\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Puzzle.CompanyLogo",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.lnk\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\Roamable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.htm\\DocObject",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\PreCreate",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\ListviewAlphaSelect",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{0000897b-83df-4b96-be07-0fb58b01c4a4}\\LanguageProfile\\0x00000000\\{0001bea3-ed56-483d-a2e2-aeae25577436}\\Enable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\PnpLockdownFiles\\%SystemDrive%\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\60er.CompanyLogo",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\PnpLockdownFiles\\%SystemDrive%\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Rotated.CompanyLogo",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\Security",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3D644C9B-1FB8-4F30-9B45-F670235F79C0}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\PreCreate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\Roamable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.WSF\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\PnpLockdownFiles\\%SystemDrive%\\Program Files (x86)\\CompanyLogoDesigner\\unins000.exe",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\Setup\\SystemSetupInProgress",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{905E63B6-C1BF-494E-B29C-65B732D3D21A}\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\PnpLockdownFiles\\%SystemDrive%\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Spacy.CompanyLogo",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\Description",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\PnpLockdownFiles\\%SystemDrive%\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Deception.CompanyLogo",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoInternetIcon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\PnpLockdownFiles\\%SystemDrive%\\Program Files (x86)\\CompanyLogoDesigner\\Extras\\Mail3.htm",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\SourcePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\RestrictedAttributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\LocalRedirectOnly",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{374DE290-123F-4565-9164-39C4925E467B}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\Description",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\LDAP\\UseOldHostResolutionOrder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\NeverShowExt",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\ShowInfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3D644C9B-1FB8-4F30-9B45-F670235F79C0}\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\PnpLockdownFiles\\%SystemDrive%\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Feathers.CompanyLogo",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\PnpLockdownFiles\\%SystemDrive%\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Globe.CompanyLogo",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\LocalizedName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\Security",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\PnpLockdownFiles\\%SystemDrive%\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Simpel.CompanyLogo",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3D644C9B-1FB8-4F30-9B45-F670235F79C0}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\LocalRedirectOnly",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\LocalRedirectOnly",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\LocalRedirectOnly",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\safer\\codeidentifiers\\ExecutableTypes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\Roamable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\NoFileFolderJunction",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\AlwaysShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.grp\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\PnpLockdownFiles\\%SystemDrive%\\Program Files (x86)\\CompanyLogoDesigner\\CompanyLogoDesigner.exe",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\User Shell Folders\\CommonVideo",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\Description",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\Security",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\\Roamable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\LocalizedName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{905E63B6-C1BF-494E-B29C-65B732D3D21A}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\PnpLockdownFiles\\%SystemDrive%\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Floater.CompanyLogo",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoCommonGroups",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\LocalizedName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\PnpLockdownFiles\\%SystemDrive%\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\ComplexSystem.CompanyLogo",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\PinToNameSpaceTree",
"HKEY_CURRENT_USER\\FirefoxHTML-E7CF176E110C211B\\AlwaysShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}\\PreCreate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\Attributes",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\My Music",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\LocalRedirectOnly",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\PnpLockdownFiles\\%SystemDrive%\\Program Files (x86)\\CompanyLogoDesigner\\border.gif",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\\RelativePath",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\My Video",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3D644C9B-1FB8-4F30-9B45-F670235F79C0}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\Stream",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\Security",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\WantsFORPARSING",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\User Shell Folders\\CommonMusic",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\Security",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\BrowseInPlace",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\PnpLockdownFiles\\%SystemDrive%\\Program Files (x86)\\CompanyLogoDesigner\\Extras\\Mail1.htm",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\PnpLockdownFiles\\%SystemDrive%\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Circle.CompanyLogo",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.com\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\LocalRedirectOnly",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\GlobalAssocChangedCounter",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.htm\\UserChoice\\Progid",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\Roamable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\Description",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\PnpLockdownFiles\\%SystemDrive%\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\GreenTriangle.CompanyLogo",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\Stream",
"HKEY_CURRENT_USER\\FirefoxHTML-E7CF176E110C211B\\BrowseInPlace",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\LocalRedirectOnly",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Desktop",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\Description",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\Roamable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\Name",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\HideIcons",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\ShowCompColor",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\PreCreate",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Startup",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\Security",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.URL\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\LocalizedName",
"HKEY_CURRENT_USER\\FirefoxHTML-E7CF176E110C211B\\EditFlags",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\LocalRedirectOnly",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\LocalRedirectOnly",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\IsShortcut",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\PnpLockdownFiles\\%SystemDrive%\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\CutInRect.CompanyLogo",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoPropertiesRecycleBin",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\AccessProviders\\MartaExtension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoPropertiesMyComputer",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.chm\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\User Shell Folders\\Common Desktop",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\AutoComplete\\Client\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\PreCreate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\Security",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShellState",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\LocalizedName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.cmd\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3D644C9B-1FB8-4F30-9B45-F670235F79C0}\\LocalRedirectOnly",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\App Paths\\firefox.exe\\AppendPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\Stream",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\Description",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\LocalizedName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\LocalizedName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\Stream",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\NeverShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\LocalizedName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\PreCreate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\PreCreate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\Roamable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Drive\\shellex\\FolderExtensions\\{fbeb8a05-beee-4442-804e-409d6c4515e9}\\DriveMask",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\Security",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\LocalizedName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3D644C9B-1FB8-4F30-9B45-F670235F79C0}\\PreCreate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\Security",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{3f5cc1b6-70f9-11e8-b07b-806e6f6e6963}\\Generation",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\Security",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\Description",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\LocalRedirectOnly",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\PnpLockdownFiles\\%SystemDrive%\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Sektor.CompanyLogo",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\PnpLockdownFiles\\%SystemDrive%\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Vertical.CompanyLogo",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.msp\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\PreCreate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\PreCreate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\Roamable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\ParentFolder",
"HKEY_CURRENT_USER\\FirefoxHTML-E7CF176E110C211B\\NoStaticDefaultVerb",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\LocalRedirectOnly",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\Stream",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\Stream",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\PnpLockdownFiles\\%SystemDrive%\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Biotech.CompanyLogo",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\ProgramFilesDir",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\LocalRedirectOnly",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\InfoTip",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{56784854-C6CB-462B-8169-88E350ACB882}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\Stream",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Security",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\PreCreate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\LocalRedirectOnly",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Filter",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\WantsFORDISPLAY",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\CTF\\EnableAnchorContext",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\PnpLockdownFiles\\%SystemDrive%\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\StripeMayhem.CompanyLogo",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{3f5cc1b5-70f9-11e8-b07b-806e6f6e6963}\\Generation",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\Stream",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{905E63B6-C1BF-494E-B29C-65B732D3D21A}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\PnpLockdownFiles\\%SystemDrive%\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Rays.CompanyLogo",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\LocalizedName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.sct\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\PreCreate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\LocalizedName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\Description",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\Roamable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\LocalizedName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\ParentFolder",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{3f5cc1b6-70f9-11e8-b07b-806e6f6e6963}\\Data",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\PnpLockdownFiles\\%SystemDrive%\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\GeneticSuccess.CompanyLogo",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\LocalizedName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3D644C9B-1FB8-4F30-9B45-F670235F79C0}\\Description",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\Stream",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.crt\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\Security",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\Stream",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\User Shell Folders\\{3D644C9B-1FB8-4F30-9B45-F670235F79C0}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\MapNetDriveVerbs",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\QueryForInfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\Roamable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3D644C9B-1FB8-4F30-9B45-F670235F79C0}\\Security",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\Description",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\PreCreate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\LocalRedirectOnly",
"HKEY_CURRENT_USER\\Keyboard Layout\\Toggle\\Layout Hotkey",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.htm\\NeverShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.pif\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Roamable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.VBE\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DontShowSuperHidden",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.htm\\AlwaysShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\Stream",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\UseDropHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\PnpLockdownFiles\\%SystemDrive%\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Rotated2.CompanyLogo",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\Security",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\PreCreate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{905E63B6-C1BF-494E-B29C-65B732D3D21A}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\PnpLockdownFiles\\%SystemDrive%\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Spaceboxes.CompanyLogo",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\Category",
"HKEY_CURRENT_USER\\FirefoxHTML-E7CF176E110C211B\\shell\\open\\NeverDefault",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.bas\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\PreCreate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\PnpLockdownFiles\\%SystemDrive%\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\SimpleMolecule.CompanyLogo",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\HideFolderVerbs",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\PnpLockdownFiles\\%SystemDrive%\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\LightDome.CompanyLogo",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoNetCrawling",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Programs",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\Stream",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\Description",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\Description",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\RegisteredOwner",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\PreCreate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Description",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\PreCreate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.pl\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\HideInWebView",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{905E63B6-C1BF-494E-B29C-65B732D3D21A}\\Stream",
"HKEY_CURRENT_USER\\FirefoxHTML-E7CF176E110C211B\\shell\\open\\command\\command",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\Attributes",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\Security",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\CallForAttributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\PnpLockdownFiles\\%SystemDrive%\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Extrem.CompanyLogo",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\LocalRedirectOnly",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3D644C9B-1FB8-4F30-9B45-F670235F79C0}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\TurnOffSPIAnimations",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3D644C9B-1FB8-4F30-9B45-F670235F79C0}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\Stream",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\PnpLockdownFiles\\%SystemDrive%\\Program Files (x86)\\CompanyLogoDesigner\\Extras\\page1.htm",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\UseDoubleClickTimer",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\LocalizedName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.cpl\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\LocalRedirectOnly",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\Security",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\PnpLockdownFiles\\%SystemDrive%\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\CutOff.CompanyLogo",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\PreCreate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.gadget\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.asp\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3D644C9B-1FB8-4F30-9B45-F670235F79C0}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\Icon",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\en-US",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\KindMap\\.htm",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\\Description",
"HKEY_CURRENT_USER\\FirefoxHTML-E7CF176E110C211B\\shell\\open\\NoWorkingDirectory",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\Roamable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\PreCreate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\HasNavigationEnum",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\Stream",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\User Shell Folders\\CommonPictures",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\LocalizedName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\LocalizedName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\Roamable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\DocObject",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3D644C9B-1FB8-4F30-9B45-F670235F79C0}\\Stream",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\LocalizedName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.js\\(Default)",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\ShowSuperHidden",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\AppData",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\Roamable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\LocalizedName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.htm\\BrowseInPlace",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.wsc\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\PnpLockdownFiles\\%SystemDrive%\\Program Files (x86)\\CompanyLogoDesigner\\Extras\\Brief1.rtf",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\PnpLockdownFiles\\%SystemDrive%\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Swish.CompanyLogo",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\Roamable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.msc\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{905E63B6-C1BF-494E-B29C-65B732D3D21A}\\LocalizedName",
"HKEY_CURRENT_USER\\Keyboard Layout\\Toggle\\Language Hotkey",
"HKEY_CURRENT_USER\\FirefoxHTML-E7CF176E110C211B\\NeverShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\PreCreate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\AutoComplete\\Always Use Tab",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\LocalizedName",
"HKEY_CURRENT_USER\\Keyboard Layout\\Toggle\\Hotkey",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\LocalizedName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\LocalRedirectOnly",
"HKEY_CURRENT_USER\\FirefoxHTML-E7CF176E110C211B\\shell\\open\\command\\DelegateExecute",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Stream",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\Stream",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\LDAP\\UseHostnameAsAlias",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\StreamResourceType",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\NoNetCrawling",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\Stream",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\\LocalizedName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\PnpLockdownFiles\\%SystemDrive%\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Bookstore.CompanyLogo",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}\\Roamable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\Description",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\Description",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}\\LocalizedName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\safer\\codeidentifiers\\TransparentEnabled",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\LocalizedName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3D644C9B-1FB8-4F30-9B45-F670235F79C0}\\LocalizedName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{03C036F1-A186-11D0-824A-00AA005B4383}\\InProcServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\Security",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\StreamResourceType",
"HKEY_CURRENT_USER\\FirefoxHTML-E7CF176E110C211B\\DocObject",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{905E63B6-C1BF-494E-B29C-65B732D3D21A}\\PreCreate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\LocalRedirectOnly",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\Description",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\Roamable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\WantsUniversalDelegate",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\SESSION MANAGER\\PendingFileRenameOperations",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\QueryForOverlay",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}\\Stream",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\ClassicShell",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\InheritConsoleHandles",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\\PreCreate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\Description",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\\Stream",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{905E63B6-C1BF-494E-B29C-65B732D3D21A}\\Roamable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{905E63B6-C1BF-494E-B29C-65B732D3D21A}\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\WantsParseDisplayName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontSubstitutes\\Segoe UI",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\Stream",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\PnpLockdownFiles\\%SystemDrive%\\Program Files (x86)\\CompanyLogoDesigner\\Extras\\Mail2.htm",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\BrowseInPlace",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\Roamable",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\IconsOnly",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\Security",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\Security",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{905E63B6-C1BF-494E-B29C-65B732D3D21A}\\Description",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\Roamable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\LocalRedirectOnly",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\AutoComplete\\AutoSuggest",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\SESSION MANAGER\\PendingFileRenameOperations2",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\PnpLockdownFiles\\%SystemDrive%\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Raster.CompanyLogo",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\\Security",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\Public",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\LDAP\\LdapClientIntegrity",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\Description",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ProgramFilesDir",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\LocalRedirectOnly",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.exe\\(Default)",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\SeparateProcess",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\Stream",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\LocalizedName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\PreCreate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}\\LocalRedirectOnly",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DisallowRun",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\DocObject",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\LocalRedirectOnly",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\Description",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\PnpLockdownFiles\\%SystemDrive%\\Program Files (x86)\\CompanyLogoDesigner\\Extras\\Brief3.rtf",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\Stream",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\LocalizedName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\Stream",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\PnpLockdownFiles\\%SystemDrive%\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\SmallDots.CompanyLogo",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\User Shell Folders\\Common Startup",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\Security",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\Description",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{905E63B6-C1BF-494E-B29C-65B732D3D21A}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\LocalRedirectOnly",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\Description",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\PreCreate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\Stream",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\Roamable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\Stream",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3D644C9B-1FB8-4F30-9B45-F670235F79C0}\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\LocalizedName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\PreCreate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\Roamable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\Security",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\User Shell Folders\\Common Documents",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\Roamable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\Security",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3D644C9B-1FB8-4F30-9B45-F670235F79C0}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}\\Description",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\Attributes",
"HKEY_CURRENT_USER\\FirefoxHTML-E7CF176E110C211B\\shell\\open\\SetWorkingDirectoryFromTarget",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\Description",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\PnpLockdownFiles\\%SystemDrive%\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Stylish Rect.CompanyLogo",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\Description",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\LocalRedirectOnly",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\LocalRedirectOnly",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\Stream",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}\\Roamable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\PreCreate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{905E63B6-C1BF-494E-B29C-65B732D3D21A}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\GRE_Initialize\\DisableMetaFiles",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\Roamable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\Security",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\PnpLockdownFiles\\%SystemDrive%\\Program Files (x86)\\CompanyLogoDesigner\\symbols.dat",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\Security",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Hidden",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.scf\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{905E63B6-C1BF-494E-B29C-65B732D3D21A}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\HideOnDesktopPerUser",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\NeverShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\IsShortcut",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\PnpLockdownFiles\\%SystemDrive%\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Pyramide.CompanyLogo",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoSimpleStartMenu",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\PnpLockdownFiles\\%SystemDrive%\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\CoolEnding.CompanyLogo",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Description",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\RestrictRun",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\PnpLockdownFiles\\%SystemDrive%\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Stilvoll.CompanyLogo",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\PnpLockdownFiles\\%SystemDrive%\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\WithLove.CompanyLogo",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\PnpLockdownFiles\\%SystemDrive%\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\InNameGap.CompanyLogo",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\PnpLockdownFiles\\%SystemDrive%\\Program Files (x86)\\CompanyLogoDesigner\\Extras\\Brief2.rtf",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\BrowseInPlace",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\Roamable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\ParentFolder"
],
"directory_enumerated": [
"C:\\Users\\cuck\\AppData\\Local\\Temp\\is-1QMIS.tmp\\*",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\is-MNA02.tmp\\891abfbc1df80ee834d4790b35a3ad27723867dcfaa28deee423bf1ac3eab95b.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\is-1QMIS.tmp\\_isetup\\*",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\unins???.*"
],
"regkey_written": [
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{32EF7022-B623-4B6A-B41D-400558207243}_is1\\Publisher",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{32EF7022-B623-4B6A-B41D-400558207243}_is1\\Inno Setup: User",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{32EF7022-B623-4B6A-B41D-400558207243}_is1\\Inno Setup: Selected Tasks",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{32EF7022-B623-4B6A-B41D-400558207243}_is1\\Inno Setup: App Path",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{32EF7022-B623-4B6A-B41D-400558207243}_is1\\UninstallString",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CompanyLogoDesigner\\shell\\open\\command\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{32EF7022-B623-4B6A-B41D-400558207243}_is1\\DisplayName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\C:\\Program Files (x86)\\CompanyLogoDesigner\\CompanyLogoDesigner.exe\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{32EF7022-B623-4B6A-B41D-400558207243}_is1\\HelpLink",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{32EF7022-B623-4B6A-B41D-400558207243}_is1\\Inno Setup: Language",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{32EF7022-B623-4B6A-B41D-400558207243}_is1\\NoModify",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{32EF7022-B623-4B6A-B41D-400558207243}_is1\\EstimatedSize",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{32EF7022-B623-4B6A-B41D-400558207243}_is1\\Inno Setup: Setup Version",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\GlobalAssocChangedCounter",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{32EF7022-B623-4B6A-B41D-400558207243}_is1\\InstallDate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{32EF7022-B623-4B6A-B41D-400558207243}_is1\\NoRepair",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{32EF7022-B623-4B6A-B41D-400558207243}_is1\\QuietUninstallString",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{32EF7022-B623-4B6A-B41D-400558207243}_is1\\InstallLocation",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{32EF7022-B623-4B6A-B41D-400558207243}_is1\\Inno Setup: Deselected Tasks",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.CompanyLogo\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{32EF7022-B623-4B6A-B41D-400558207243}_is1\\URLInfoAbout",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\C:\\Program Files (x86)\\CompanyLogoDesigner\\CompanyLogoDesigner.exe\\DefaultIcon\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{32EF7022-B623-4B6A-B41D-400558207243}_is1\\Inno Setup: Icon Group",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{32EF7022-B623-4B6A-B41D-400558207243}_is1\\URLUpdateInfo"
]
},
"first_seen": 1605815589.0625,
"ppid": 2124
},
{
"process_path": "C:\\Program Files (x86)\\CompanyLogoDesigner\\CompanyLogoDesigner.exe",
"process_name": "CompanyLogoDesigner.exe",
"pid": 2700,
"summary": {
"file_failed": [
"\\??\\BCMDMCCP"
],
"mutex": [
"DILLOOEP",
"230::DAFCEABB6B",
"DILLOCREATE"
],
"command_line": [
"\"C:\\Program Files (x86)\\CompanyLogoDesigner\\CompanyLogoDesigner.exe\""
],
"regkey_read": [
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\en-US",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\en-US"
],
"dll_loaded": [
"Kernel32",
"kernel32.dll",
"KERNEL32.DLL",
"dwmapi.dll",
"user32.dll",
"C:\\Windows\\system32\\uxtheme.dll"
]
},
"first_seen": 1605815608.327875,
"ppid": 1676
},
{
"process_path": "C:\\Windows\\System32\\lsass.exe",
"process_name": "lsass.exe",
"pid": 476,
"summary": {},
"first_seen": 1605815588.515625,
"ppid": 376
},
{
"process_path": "C:\\Program Files (x86)\\CompanyLogoDesigner\\CompanyLogoDesigner.exe",
"process_name": "CompanyLogoDesigner.exe",
"pid": 560,
"summary": {
"file_created": [
"C:\\Users\\cuck\\AppData\\Roaming\\Itsth\\Company Logo Designer\\cld.cfg"
],
"file_recreated": [
"\\??\\SCSI0:",
"\\??\\Nsi",
"\\??\\PHYSICALDRIVE0"
],
"regkey_written": [
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{1FB7C45A-32CD-2E2B-4525-067F3CE3C107}\\InprocServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Licenses\\{R7C0DB872A3F777C0}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Licenses\\{I6AE2E3CF39AF8F6C}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{1FB7C45A-32CD-2E2B-4525-067F3CE3C107}\\InprocServer32\\ThreadingModel",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Licenses\\{06AE2E3CF39AF8F6C}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Licenses\\{K7C0DB872A3F777C0}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\RFC1156Agent\\CurrentVersion\\Parameters\\TrapPollTimeMilliSecs"
],
"dll_loaded": [
"snmpapi.dll",
"kernel32.dll",
"UxTheme.dll",
"C:\\Windows\\system32\\ole32.dll",
"dwmapi.dll",
"C:\\Windows\\syswow64\\MSCTF.dll",
"WININET.dll",
"KERNEL32.DLL",
"OLEAUT32.DLL",
"comctl32",
"ole32.dll",
"comctl32.dll",
"ws2_32.dll",
"USER32.dll",
"IMM32.dll",
"comdlg32.dll",
"inetmib1.dll",
"ADVAPI32.dll",
"uxtheme.dll",
"OLEAUT32.dll",
"SHELL32.dll",
"COMCTL32.dll",
"WINMM.dll",
"KERNEL32.dll",
"GDI32.dll",
"SHFOLDER.DLL",
"WINSPOOL.DRV",
"shell32.dll",
"rpcrt4.dll",
"COMCTL32.DLL",
"user32.dll",
"Msimg32.dll"
],
"file_failed": [
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Lua\\obj_base.lua",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\6AE2E3CF.RREF",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Lua\\obj_siegel.lua",
"\\??\\BCMDMCCP",
"C:\\ProgramData\\TEMP:6319FF34",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Lua\\obj_3d.lua",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\6AE2E3CF39AF8F6C.TMP",
"C:\\ProgramData\\TEMP\\6319FF34.TMP",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\CompanyLogoDesigner.INI",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Lua\\obj_gen2lissa.lua",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Lua\\obj_lissajous.lua",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\6319FF34.TMP",
"\\??\\SIWDEBUG",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Lua\\obj_2d.lua",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Lua\\cldbasics.lua",
"\\??\\SIWVID",
"\\??\\NTICE",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Lua\\obj_verlauf.lua",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Lua\\cldlib.lua",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Lua\\obj_real.lua",
"\\??\\SuperBPMDev0",
"\\??\\SICE",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Lua\\obj_fract.lua",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Lua\\obj_genlissa.lua"
],
"regkey_opened": [
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontLink\\SystemLink",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{8613E14C-D0C0-4161-AC0F-1DD2563286BC}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\NameSpace_Catalog5",
"HKEY_CURRENT_USER\\Interface\\{9556DC99-828C-11CF-A37E-00AA003240C7}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{0000897b-83df-4b96-be07-0fb58b01c4a4}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\CTF\\TIP\\{0000897b-83df-4b96-be07-0fb58b01c4a4}\\LanguageProfile\\0x00000000\\{0001bea3-ed56-483d-a2e2-aeae25577436}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries\\000000000005",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\KnownClasses",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\000000000008",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\000000000009",
"HKEY_LOCAL_MACHINE\\Software\\The Silicon Realms Toolworks\\Armadillo",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\000000000001",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\000000000002",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\000000000003",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\000000000004",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\000000000005",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\000000000006",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\000000000007",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{04DA8451-7F63-4870-A4D7-F55BE66BFDFB}\\InprocServer32",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\DataStore_V1.0",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\Progid",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{03B5835F-F03C-411B-9CE2-AA23E1171E36}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\000000000010",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries\\000000000004",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{F25E9F57-2FC8-4EB3-A41A-CCE5F08541E6}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{C1EE01F2-B3B6-4A6A-9DDD-E988C088EC82}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\Interface\\{423EC01E-2E35-11D2-B604-00104B703EFD}\\ProxyStubClsid32",
"HKEY_CURRENT_USER\\Software\\Microsoft\\CTF\\DirectSwitchHotkeys",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{04DA8451-7F63-4870-A4D7-F55BE66BFDFB}",
"HKEY_LOCAL_MACHINE\\Hardware\\Description\\System",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\NameSpace_Catalog5\\00000028",
"HKEY_LOCAL_MACHINE\\Software\\Licenses",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\Compatibility\\CompanyLogoDesigner.exe",
"HKEY_CURRENT_USER\\Software\\Microsoft\\CTF\\LayoutIcon\\0409\\0000041d",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\RFC1156Agent\\CurrentVersion\\Parameters",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\WinSock2\\Parameters",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\Interface\\{D4781CD6-E5D3-44DF-AD94-930EFE48A887}\\ProxyStubClsid32",
"HKEY_CURRENT_USER\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\IceExt",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\Winsock2\\Parameters",
"HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings",
"HKEY_CURRENT_USER\\Interface\\{423EC01E-2E35-11D2-B604-00104B703EFD}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\\InprocHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\Interface\\{9556DC99-828C-11CF-A37E-00AA003240C7}\\ProxyStubClsid32",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\Interface\\{027947E1-D731-11CE-A357-000000000001}\\ProxyStubClsid32",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{AE6BE008-07FB-400D-8BEB-337A64F7051F}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32",
"HKEY_CURRENT_USER\\Interface\\{D4781CD6-E5D3-44DF-AD94-930EFE48A887}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{E429B25A-E5D3-4D1F-9BE3-0C608477E3A1}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\Interface\\{1C1C45EE-4395-11D2-B60B-00104B703EFD}\\ProxyStubClsid32",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{F89E9E58-BD2F-4008-9AC2-0F816C09F4EE}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_CURRENT_USER\\Interface\\{1C1C45EE-4395-11D2-B60B-00104B703EFD}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{1FB7C45A-32CD-2E2B-4525-067F3CE3C107}\\yqxcegf",
"HKEY_CURRENT_USER\\Keyboard Layout\\Toggle",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries\\000000000006",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\00000005",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{531FDEBF-9B4C-4A43-A2AA-960E8FCDC732}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_CLASSES_ROOT\\CLSID",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries\\000000000002",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries\\000000000003",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries\\000000000001",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\AppId_Catalog\\3255956E",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\FontSubstitutes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{78CB5B0E-26ED-4FCC-854C-77E8F3D1AA80}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_CURRENT_USER\\Interface\\{027947E1-D731-11CE-A357-000000000001}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocHandler32",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\Progid",
"HKEY_CURRENT_USER\\CLSID\\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\MS Sans Serif",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{81D4E9C9-1D3B-41BC-9E6C-4B40BF79E35E}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\crypt32",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\\Progid",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{DCBD6FA8-032F-11D3-B5B1-00C04FC324A1}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\\TreatAs",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{1FB7C45A-32CD-2E2B-4525-067F3CE3C107}\\InprocServer32",
"HKEY_CLASSES_ROOT\\CLSID\\{1FB7C45A-32CD-2E2B-4525-067F3CE3C107}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\AppId_Catalog",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{3697C5FA-60DD-4B56-92D4-74A569205C16}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{A028AE76-01B1-46C2-99C4-ACD9858AE02F}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\\InprocServer32",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{07EB03D6-B001-41DF-9192-BF9B841EE71F}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\\Progid",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\TreatAs",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\\InprocHandler32"
],
"file_written": [
"C:\\Users\\cuck\\AppData\\Roaming\\Itsth\\Company Logo Designer\\cld.cfg"
],
"regkey_deleted": [
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{1FB7C45A-32CD-2E2B-4525-067F3CE3C107}\\0",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{1FB7C45A-32CD-2E2B-4525-067F3CE3C107}\\Version"
],
"file_exists": [
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Swish.CompanyLogo",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\WithLove.CompanyLogo",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Slim.CompanyLogo",
"C:\\Users\\cuck\\AppData\\Roaming\\Itsth\\Company Logo Designer\\cld.cfg",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Bookstore.CompanyLogo",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\LightDome.CompanyLogo",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Globe.CompanyLogo",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\CutInRect.CompanyLogo",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Spaceboxes.CompanyLogo",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Raster.CompanyLogo",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Puzzle.CompanyLogo",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\GeneticSuccess.CompanyLogo",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Pyramide.CompanyLogo",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Accent.CompanyLogo",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Feathers.CompanyLogo",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Floater.CompanyLogo",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Deception.CompanyLogo",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Rays.CompanyLogo",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Vertical.CompanyLogo",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Seal.CompanyLogo",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Rotated Comic.CompanyLogo",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\ComplexSystem.CompanyLogo",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Sail.CompanyLogo",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\symbols.box",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\OddManTheory.CompanyLogo",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Stilvoll.CompanyLogo",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Sektor.CompanyLogo"
],
"mutex": [
"RAL8C92EF75",
"8C92EF75::WK"
],
"file_opened": [
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Swish.CompanyLogo",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\WithLove.CompanyLogo",
"C:\\",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Slim.CompanyLogo",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Bookstore.CompanyLogo",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\CompanyLogoDesigner.exe",
"C:\\Windows\\SysWOW64\\en-US\\KERNELBASE.dll.mui",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\LightDome.CompanyLogo",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\CutInRect.CompanyLogo",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Spaceboxes.CompanyLogo",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Raster.CompanyLogo",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Puzzle.CompanyLogo",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\GeneticSuccess.CompanyLogo",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Pyramide.CompanyLogo",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Accent.CompanyLogo",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Feathers.CompanyLogo",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Floater.CompanyLogo",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Deception.CompanyLogo",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Rays.CompanyLogo",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Vertical.CompanyLogo",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Seal.CompanyLogo",
"C:\\Windows\\Fonts\\staticcache.dat",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\ComplexSystem.CompanyLogo",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Sail.CompanyLogo",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\symbols.box",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Rotated Comic.CompanyLogo",
"\\??\\C:",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Globe.CompanyLogo",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\OddManTheory.CompanyLogo",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Stilvoll.CompanyLogo",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Sektor.CompanyLogo",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\symbols.dat"
],
"guid": [
"{4590f811-1d3a-11d0-891f-00aa004b2e24}",
"{44aca674-e8fc-11d0-a07c-00c04fb68820}",
"{674b6698-ee92-11d0-ad71-00c04fd8fdff}",
"{8bc3f05e-d86b-11d0-a075-00c04fb68820}",
"{7c857801-7381-11cf-884d-00aa004b2e24}",
"{d5f569d0-593b-101a-b569-08002b2dbf7a}",
"{f309ad18-d86a-11d0-a075-00c04fb68820}",
"{dc12a687-737f-11cf-884d-00aa004b2e24}"
],
"file_read": [
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Swish.CompanyLogo",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\WithLove.CompanyLogo",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Slim.CompanyLogo",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Bookstore.CompanyLogo",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\CompanyLogoDesigner.exe",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\LightDome.CompanyLogo",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Globe.CompanyLogo",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\CutInRect.CompanyLogo",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Spaceboxes.CompanyLogo",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Raster.CompanyLogo",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Puzzle.CompanyLogo",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\GeneticSuccess.CompanyLogo",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Pyramide.CompanyLogo",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Accent.CompanyLogo",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Feathers.CompanyLogo",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Floater.CompanyLogo",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Deception.CompanyLogo",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Rays.CompanyLogo",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Vertical.CompanyLogo",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Seal.CompanyLogo",
"C:\\Windows\\Fonts\\staticcache.dat",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\ComplexSystem.CompanyLogo",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Sail.CompanyLogo",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\symbols.box",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Rotated Comic.CompanyLogo",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\OddManTheory.CompanyLogo",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Stilvoll.CompanyLogo",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Sektor.CompanyLogo",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\symbols.dat"
],
"regkey_read": [
"HKEY_CURRENT_USER\\Keyboard Layout\\Toggle\\Language Hotkey",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries\\000000000006\\StoresServiceClassInfo",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries\\000000000002\\SupportedNameSpace",
"HKEY_CURRENT_USER\\Keyboard Layout\\Toggle\\Hotkey",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{0000897b-83df-4b96-be07-0fb58b01c4a4}\\LanguageProfile\\0x00000000\\{0001bea3-ed56-483d-a2e2-aeae25577436}\\Enable",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Serial_Access_Num",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries\\000000000003\\ProviderId",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\DataStore_V1.0\\DataFilePath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries\\000000000002\\ProviderInfo",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries\\000000000006\\LibraryPath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries\\000000000001\\SupportedNameSpace",
"HKEY_LOCAL_MACHINE\\HARDWARE\\DESCRIPTION\\System\\SystemBiosVersion",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries\\000000000001\\Version",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries\\000000000004\\Version",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries\\000000000004\\SupportedNameSpace",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\000000000010\\PackedCatalogItem",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Num_Catalog_Entries",
"HKEY_LOCAL_MACHINE\\HARDWARE\\DESCRIPTION\\System\\SystemBiosDate",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Tcpip\\Parameters\\Domain",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries\\000000000005\\LibraryPath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Language Groups\\1",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\DisableImprovedZoneCheck",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane10",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane11",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries\\000000000003\\DisplayString",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane13",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane14",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane15",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane16",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Num_Catalog_Entries",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries\\000000000002\\Enabled",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane2",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Licenses\\{I6AE2E3CF39AF8F6C}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries\\000000000001\\StoresServiceClassInfo",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries\\000000000003\\AddressFamily",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries\\000000000004\\ProviderId",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\000000000003\\PackedCatalogItem",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Next_Catalog_Entry_ID",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries\\000000000002\\Version",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries\\000000000003\\Version",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\000000000008\\PackedCatalogItem",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries\\000000000002\\DisplayString",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries\\000000000003\\ProviderInfo",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries\\000000000005\\StoresServiceClassInfo",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\crypt32\\DebugHeapFlags",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\000000000001\\PackedCatalogItem",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries\\000000000004\\ProviderInfo",
"HKEY_CURRENT_USER\\Keyboard Layout\\Toggle\\Layout Hotkey",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries\\000000000005\\Version",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\000000000002\\PackedCatalogItem",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontSubstitutes\\MS Shell Dlg",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\en",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries\\000000000001\\AddressFamily",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries\\000000000003\\StoresServiceClassInfo",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\\InprocServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\en",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries\\000000000006\\SupportedNameSpace",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries\\000000000006\\ProviderInfo",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries\\000000000005\\DisplayString",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\Interface\\{423EC01E-2E35-11D2-B604-00104B703EFD}\\ProxyStubClsid32\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries\\000000000005\\ProviderInfo",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\Interface\\{1C1C45EE-4395-11D2-B60B-00104B703EFD}\\ProxyStubClsid32\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\RFC1156Agent\\CurrentVersion\\Parameters\\TrapPollTimeMilliSecs",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\000000000009\\PackedCatalogItem",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries\\000000000004\\AddressFamily",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries\\000000000002\\ProviderId",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Tcpip\\Parameters\\Hostname",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Serial_Access_Num",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries\\000000000006\\Enabled",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\Interface\\{D4781CD6-E5D3-44DF-AD94-930EFE48A887}\\ProxyStubClsid32\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries\\000000000004\\LibraryPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\\InprocServer32\\ThreadingModel",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries\\000000000005\\SupportedNameSpace",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\en-US",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\TurnOffSPIAnimations",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries\\000000000005\\AddressFamily",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\\InprocServer32\\InprocServer32",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\000000000004\\PackedCatalogItem",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Licenses\\{K7C0DB872A3F777C0}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries\\000000000006\\DisplayString",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Licenses\\{06AE2E3CF39AF8F6C}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries\\000000000003\\SupportedNameSpace",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries\\000000000005\\Enabled",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries\\000000000003\\Enabled",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries\\000000000006\\AddressFamily",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Security_HKLM_only",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries\\000000000006\\ProviderId",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries\\000000000001\\LibraryPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\CTF\\EnableAnchorContext",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\Interface\\{9556DC99-828C-11CF-A37E-00AA003240C7}\\ProxyStubClsid32\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries\\000000000002\\AddressFamily",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries\\000000000002\\LibraryPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32\\ThreadingModel",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries\\000000000004\\DisplayString",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries\\000000000004\\Enabled",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\000000000007\\PackedCatalogItem",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Ws2_32NumHandleBuckets",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries\\000000000001\\ProviderInfo",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\en-US",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\\InprocServer32\\InprocServer32",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries\\000000000002\\StoresServiceClassInfo",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\DataStore_V1.0\\Disable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane8",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane9",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane6",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane7",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane4",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane5",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries\\000000000004\\StoresServiceClassInfo",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane3",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane1",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane12",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\NameSpace_Callout",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SQMClient\\Windows\\CEIPEnable",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries\\000000000005\\ProviderId",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries\\000000000001\\DisplayString",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\Interface\\{027947E1-D731-11CE-A357-000000000001}\\ProxyStubClsid32\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\000000000006\\PackedCatalogItem",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\000000000005\\PackedCatalogItem",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Locale\\00000409",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries\\000000000001\\Enabled",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontSubstitutes\\Segoe UI",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries\\000000000003\\LibraryPath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries\\000000000006\\Version",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\WinSock_Registry_Version",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries\\000000000001\\ProviderId",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Licenses\\{R7C0DB872A3F777C0}"
],
"directory_enumerated": [
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Swish.CompanyLogo",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\WithLove.CompanyLogo",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Slim.CompanyLogo",
"C:\\Users\\cuck\\AppData\\Roaming\\Itsth\\Company Logo Designer\\cld.cfg",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Bookstore.CompanyLogo",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Raster.CompanyLogo",
"C:\\Users\\cuck\\AppData\\Roaming\\Itsth\\Company Logo Designer\\_autosave.CompanyLogo",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Lua\\obj_siegel.lua",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\LightDome.CompanyLogo",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Sail.CompanyLogo",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Puzzle.CompanyLogo",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Deception.CompanyLogo",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Lua\\obj_3d.lua",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Lua\\obj_base.lua",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\CutInRect.CompanyLogo",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Spaceboxes.CompanyLogo",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Lua\\obj_gen2lissa.lua",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Lua\\obj_lissajous.lua",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Rays.CompanyLogo",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\*",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\GeneticSuccess.CompanyLogo",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Pyramide.CompanyLogo",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Accent.CompanyLogo",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Lua\\obj_2d.lua",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Lua\\cldbasics.lua",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Feathers.CompanyLogo",
"C:\\Windows\\System32\\*",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Floater.CompanyLogo",
"C:\\Windows\\*",
"C:\\*",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Vertical.CompanyLogo",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Seal.CompanyLogo",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Lua\\obj_verlauf.lua",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\ComplexSystem.CompanyLogo",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Lua\\cldlib.lua",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\symbols.box",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Rotated Comic.CompanyLogo",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Globe.CompanyLogo",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Lua\\obj_real.lua",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\*.CompanyLogo",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\OddManTheory.CompanyLogo",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Stilvoll.CompanyLogo",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\*",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Vorlagen\\Sektor.CompanyLogo",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Lua\\obj_fract.lua",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\Lua\\obj_genlissa.lua"
],
"directory_created": [
"C:\\ProgramData\\TEMP",
"C:\\Users\\cuck\\AppData\\Roaming\\Itsth\\Company Logo Designer\\",
"C:\\Users\\cuck\\AppData\\Roaming\\Itsth\\"
]
},
"first_seen": 1605815610.548578,
"ppid": 2700
},
{
"process_path": "C:\\Users\\cuck\\AppData\\Local\\Temp\\891abfbc1df80ee834d4790b35a3ad27723867dcfaa28deee423bf1ac3eab95b.bin",
"process_name": "891abfbc1df80ee834d4790b35a3ad27723867dcfaa28deee423bf1ac3eab95b.bin",
"pid": 2124,
"summary": {
"file_created": [
"C:\\Users\\cuck\\AppData\\Local\\Temp\\is-MNA02.tmp\\891abfbc1df80ee834d4790b35a3ad27723867dcfaa28deee423bf1ac3eab95b.tmp"
],
"directory_created": [
"C:\\Users\\cuck\\AppData\\Local\\Temp\\is-MNA02.tmp"
],
"dll_loaded": [
"dwmapi.dll",
"kernel32.dll",
"UxTheme.dll",
"shell32.dll",
"comctl32.dll",
"C:\\Windows\\system32\\uxtheme.dll"
],
"file_opened": [
"C:\\Windows\\SysWOW64\\en-US\\KERNELBASE.dll.mui",
"C:\\Windows\\System32\\netmsg.dll",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\891abfbc1df80ee834d4790b35a3ad27723867dcfaa28deee423bf1ac3eab95b.bin",
"C:\\Windows\\Globalization\\Sorting\\sortdefault.nls"
],
"command_line": [
"\"C:\\Users\\cuck\\AppData\\Local\\Temp\\is-MNA02.tmp\\891abfbc1df80ee834d4790b35a3ad27723867dcfaa28deee423bf1ac3eab95b.tmp\" \/SL5=\"$1902E6,1858858,114688,C:\\Users\\cuck\\AppData\\Local\\Temp\\891abfbc1df80ee834d4790b35a3ad27723867dcfaa28deee423bf1ac3eab95b.bin\" "
],
"file_written": [
"C:\\Users\\cuck\\AppData\\Local\\Temp\\is-MNA02.tmp\\891abfbc1df80ee834d4790b35a3ad27723867dcfaa28deee423bf1ac3eab95b.tmp"
],
"file_deleted": [
"C:\\Users\\cuck\\AppData\\Local\\Temp\\is-MNA02.tmp\\891abfbc1df80ee834d4790b35a3ad27723867dcfaa28deee423bf1ac3eab95b.tmp"
],
"directory_removed": [
"C:\\Users\\cuck\\AppData\\Local\\Temp\\is-MNA02.tmp"
],
"file_exists": [
"C:\\Users\\cuck\\AppData\\Local\\Temp\\is-MNA02.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Temp"
],
"file_read": [
"C:\\Users\\cuck\\AppData\\Local\\Temp\\891abfbc1df80ee834d4790b35a3ad27723867dcfaa28deee423bf1ac3eab95b.bin"
],
"regkey_read": [
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\GRE_Initialize\\DisableMetaFiles",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\en-US",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\en-US"
]
},
"first_seen": 1605815588.828125,
"ppid": 2504
},
{
"process_path": "C:\\Program Files (x86)\\Mozilla Firefox\\firefox.exe",
"process_name": "firefox.exe",
"pid": 2868,
"summary": {
"file_opened": [
"",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\1E6CC88205509B4729347C79C048D6FEE47BA702",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4A7B3B12544D1B7ECC140DBCC7F13159E5C2811A",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\116C29D749EF02BBC3455756D834442785F9A388",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\406A03EE0E91037465ACB2B4F4105250A54F282B",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\C7BCCD2D2CA294B38AE834D818CF5D5C0C7A65BE",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\1657114595AmcateirvtiSty.sqlite",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\F17F04878A68505AE5481A71D8B733C5FFC6F285",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\InstallTime20180605171542",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\80C4BD9CF4D3178043F25467076DC8E0EDCA7FA2",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\25BA5C2B3FD98507850409FC3A4FD981B4B57A95",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\0C2824F70ADF87E5071FE4771AF36357A5500643",
"C:\\Program Files (x86)\\Mozilla Firefox\\defaults\\pref\\channel-prefs.js",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\mozplugin-block-digest256.pset",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\sessionCheckpoints.json",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\53DAE4B1D7BFF6744CCAF7207DE631267F9883DC",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\12C5797F729FEAC529B8B47C188D14EB02D8CB76",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-phish-proto.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\B7DB036074231ACC212F58CA5B8AF0545A418060",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-downloadwhite-proto.metadata",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\A698B6CF98F43F9B0EE1C1DAF3F2CB9BFF09A47C",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\464DAA9FB3675E2054BC44273AFC184FA46471CB",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\7B303216787123E2E98A2B9594CDF8211C77C0EA",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-harmful-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\14C9FC10F03F11BB6CBD75EA217AB33E64DCC1D8",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\7129FF815464CD6B0D2D26BA6F4172DEB37EEEAD",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\addons.json",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\SiteSecurityServiceState.txt",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\03C2D63D520038594126B6B542E92CB503EF60B6",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\9548F9611999ED8CA357720E12017816424CFB6F",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\B871BCA40A90227E35C39797525C79C94A1D99BE",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-downloadwhite-proto.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\except-flashsubdoc-digest256.pset",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-utility-l1-1-0.dll",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\5910B209536948818F465D83D2569E7CE0895207",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\content-prefs.sqlite",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\89ACBB962943FAF1EF2F1C7CA72502C77A714625",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-phish-proto.metadata",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\BD75785200C0E1E894D78880C72AC03D1B02A575",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\89DBE1DF558BB8439E2062ECC3272086F2E3FF1F",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-malware-proto.metadata",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\6052DF2D478CD99FDE4D4B2D810BB2BA580793EC",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D6BFEAEE7117A9C7FDE6A10EAB400F894E4195A8",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\2FD2E2A71F89E3A92F68CB796207228217259289",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-math-l1-1-0.dll",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\BF13DDDC114B55CF8532A4CD90403A99233AEC0E",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4E7F371E5CFBFD3AFD85C29D7EEFFFE842B3C777",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\A41FBA22DC5012AD425DF960BDD5033BAB7C7CB6",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\allow-flashallow-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\scriptCache-current.bin",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\permissions.sqlite",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\handlers.json",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\B028362E3889BEAC998CED49FD74BA83B106FF93",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\698AC159A6BCBA0D13FE6F10F1A38E498F826F33",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\46E3AF25E304979396708B69DA68563169275511",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\allow-flashallow-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\onboarding@mozilla.org.xpi",
"C:\\Program Files (x86)\\Mozilla Firefox\\gmp-clearkey\\0.1\\manifest.json",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\17AFA6B228D2D87514B84B53E61306EC9F76A8AE",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\179F6D8969C48967D77229126C8892C5E40DBC29",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D5E6BECED2D69F7DA21EFD7B80D6C386F459CAF3",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default",
"C:\\Program Files (x86)\\Mozilla Firefox\\firefox.exe",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\53A3BB8B513161BF46CD7ED76BE06E8E633BE492",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cookies.sqlite",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\92B5C9352DD00CE3BC97E4D5F624D41C2B3E8A45",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-phish-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-harmful-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\2B0BB856207559EBA5FC5511DF6FF5F51DFB5146",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\E771454BB360CA5F7AA169E5416B493549BC2F59",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4FA5EE242D6F5B358CE45D291E80054726F198AC",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\addonStartup.json.lz4",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\EE34617993BEF52E93EC1819B22D42B99366214A",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\F18D85F52EBBBA2AB081EF739ED0D6E8A76D497C",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\blocklist.xml",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\96ABC2EA8266E6EA2ABE62F8766B67BC8CA527BD",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\AlternateServices.txt",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-multibyte-l1-1-0.dll",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-badbinurl-proto.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D1B90B03F8D7A2BA6BA1E9251F8101DECDB2CBEC",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\base-track-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\08F6935A08DB711CA491DE732807CFAEAB3E4D3B",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\64E75C732D9C3F23724ACEF48E9B6C566BC6D9BE",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\followonsearch@mozilla.com.xpi",
"C:\\Windows\\System32\\wshqos.dll",
"C:\\",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-track-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\22C4B7AADA22F61015D43F2AC3959E959BFA7C92",
"C:\\Program Files (x86)\\Mozilla Firefox\\fonts\\EmojiOneMozilla.ttf",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\B25B8C1B43CF7FBFAE6666322FAC0E83376388E2",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\24AB539CB6640E15DB1604220F3951544785212C",
"C:\\Program Files (x86)\\Mozilla Firefox\\lgpllibs.dll",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\505DF13F4DA2C53FEB1945E0598B23F47FDBDCC7",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\BA91797ACB41F0E0E1E95742571EEE322A6A70F0",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\webext.sc.lz4",
"C:\\Program Files (x86)\\Mozilla Firefox\\mozglue.dll",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\CCB2BB2D87699CA64DCF0C60BDECD1E30D1D6A11",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\773ADD9F62EEAF7F2246C8AD56A9F1B7BAA7B703",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\2E3648501A7ACB740BAFCE7FC3EAF3D4DC4E995D",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\9BA38CD17924C08AD334BFB3903E3E7CD5627B1B",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\2DDBF58F5F7BF1E52CD38B42B90ABC8A4B082461",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-block-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\mozplugin-block-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\E7EAFD1748127CEAA48DCDD05E7998E3CAA95B8C",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\C4FA0268E64A0AD9E2040B07A1F10F120BD4EB0C",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\EAF97F7535E2FBDA3D23E536591F7BBFE203FAC1",
"\\Device\\NamedPipe\\",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D5D7B247774E63182A9E2C82B62424AAB64C79A8",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\745D8B14DE6A12F1FAB4E03C1DDDB18AADB91107",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\6E1FED29EBE0BFDE3E498E4192938BE957FF9246",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\xulstore.json",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\A9004750076EB06EEC33AA7B9CC6D2557CD44CF4",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-malware-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\0CB83587A5F8FCB502CB86AC361A93E2B36E861C",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\A3031C2052A395A7FE246EFE1783C6205B841295",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\2F8B15C93D75669CC70EBF85BF71871359837EAF",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-unwanted-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\1679441B8AA7B4D31717C773CC4E86A25B37532B",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\C9BC79B1EF4DD1EF133FEDF6433E235214534AB1",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\search.json.mozlz4",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\10506E8A46D6B713DA6BAF52F85CF29652AB094C",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\19AE0F43DA3528C6C3423A49A8C88E2268C93A9F",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\A9970A5D52CA09C13D9BD1531BCA7CF8B73E283E",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\A2FD2AEC52AD764EF05C6E7CE3A4CE4B752EA5F0",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\719CE0C009C49A27AA9874570F196BC7E8FB4270",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\except-flashsubdoc-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\block-flash-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\6301F538B782708AB243E2D7E05058C93BB83863",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\DF08D94982E136FE7C4F2C94421F9E48C2C74A77",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\C664ABAE6A070392F60C7BFF721450AA0CF7DBA0",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\B10EA6E071F884F477118DC8A00E82FC8DE58639",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\key4.db",
"C:\\Program Files (x86)\\Mozilla Firefox\\omni.ja",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cert9.db",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-badbinurl-proto.metadata",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\E8F333B9BE75EC8017017DAE4ACE9DCC6677A983",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-block-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\1E1444ABF82EF1DC8EE0944028E4CDA455D636F3",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\05582FF5C196A4485F189490FEC9ECEA0890DA32",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\589D8E1EA927649272150213A47BD1143DECB82A",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\ED89A8241905354BB4530DC06257CEF53C1580A2",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-phish-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\BFF1B70350A6A2E0FDC6CD336ADB9119D951BACD",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-string-l1-1-0.dll",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-trackwhite-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\66F684AF9CC570C6247262B47C769C601C2A338B",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\639DC9A240AA5E77CE1A930EDDD634BE796CBFA8",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\containers.json",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\prefs.js",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D1A8E6A06938A84BEC26B6A4F8D583FB4A3E4875",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\1D7A050D55E3C4EE69402F8D55391DE5B50ADDB9",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\pkcs11.txt",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\6C9B846926C287B15F67D64CE91F1CFA7D812660",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\except-flashallow-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\C57B57965CBA09581E320B5AA0337D210F8F93D2",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-phish-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-harmful-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\0CDAD0FEE8D457A239E21FCEAC3C12851FD524BB",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\32D3D40B1A49D72C523AF9C518AFE673224DF48F",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\times.json",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\E2E836DA4479746F0312710A7F9EE78D7DFD4750",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-trackwhite-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\2E51A9404F7D0D33DB132CAF4A9C7B8FA64549AA",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-unwanted-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\120B4106EC203FC932984367D86BBE11C2B9B93C",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\2361C75DF0C4148925BB777DAFEA1BF4F9552B47",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\favicons.sqlite-wal",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\3A472858AE5D0DD4813DF4EFC9F1037A487B1A64",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-block-simple.sbstore",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-locale-l1-1-0.dll",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\65C9C9A27B78717F1015DE362F028E04C3945DEC",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4E83181E964BD40E1FE4C41BAFED645D4BA363B1",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\25D9FE4CEA5B58770648CDAF3242ACDE286A6CBF",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\extensions\\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4AFCE23AA61A96885DF21D2DE2FFB502C41EBD3C",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\3561288849sdhlie.sqlite",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\1FD79E550E990A5DE8BC811C9BBECF380A66A9DF",
"C:\\Program Files (x86)\\Mozilla Firefox\\nss3.dll",
"C:\\Windows\\Fonts\\times.ttf",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-malware-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\361B548BA913570AB336F9E5FA9152F01E567AB9",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\mozstd-trackwhite-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\9843E084E02CC996A82AAAF091B968B2F443AA96",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\base-track-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\webappsstore.sqlite-wal",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\63F48F4F7F1BC3195F5AB831F9794F3DBA2D30E1",
"C:\\Windows\\Fonts\\segoeuii.ttf",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\favicons.sqlite",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4945586D32183A203E85FAFFD463A7684FD62668",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\7F2254AA2A8BC4A627A43E0A537084540A1E884B",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\aushelper@mozilla.org.xpi",
"C:\\Program Files (x86)\\Mozilla Firefox\\chrome.manifest",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\950506BC89C1114E4E75E993855000430CECD9D9",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-track-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\1F3A3A34BAF218785600EB46E9182918B9928898",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4824C8FFDEE786A5D8721AF47836EA89F72B9E63",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-phish-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\startupCache.4.little",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\compatibility.ini",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\235A8ED310BFD65966E1EE36D0FD4BE498C8B73C",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\thumbnails\\f8f5d529d35334f2fb264d19f656224e.png",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\.metadata-v2",
"\\\\?\\PIPE\\samr",
"C:\\Windows\\System32\\spool\\drivers\\color\\sRGB Color Space Profile.icm",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\7ADD52E257AB16553D632B8F4B6830030878A19E",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-time-l1-1-0.dll",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\5E4954707B44E5A4B4ACF5F22B52219A1DCA477F",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\AA109EF5680522CB655C98111C00F5A6B7B092B2",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\1AB027184D2B00AF60C1FC40EDE4333DEACDB184",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\B597DA2E9B2D181DF7F2FB8D2BAEC133C8DBA0A3",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\C03DE41C9476F437402F1B6C64B0E4AB01A863E0",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\crashes\\store.json.mozlz4",
"C:\\Program Files (x86)\\Mozilla Firefox\\dependentlibs.list",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\webappsstore.sqlite",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\TRRBlacklist.txt",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\FF55B8192FB0DF5264A1A67E55A281598969EDD1",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-trackwhite-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-malware-proto.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\block-flashsubdoc-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\BA3014356B4F6ECADF1B5288B6841EB407783B99",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\75E50D054B90189E74DAB0C86F5E8680BE580C29",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\session-state.json",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\34D9B2F464DD8C129F58DFEE470B079556A7A3F9",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\167493A5CFB1A41265EC1B95DA06580C32BCF814",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\activity-stream.tippytop.json",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\68B1EB9E09D4BD74CA7A9C1BB118BE821BD39E93",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\DC933A410E769DFD115C892EAF014A6E15ED59CE",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D172C03F361E7325D8F391F992106A828306767D",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\911B0C61350C012E383F7D0845A33B4D64F1AD2A",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D381FB47D731C2651FB103E2F7BC18AF380F7B1F",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\0FEBD8BDBFAC8B82791945DC7E04F675419B2F42",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\block-flash-digest256.pset",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-runtime-l1-1-0.dll",
"C:\\Users\\cuck\\AppData\\LocalLow\\Mozilla\\Temp-{30125161-3c7f-4c5a-bdb3-beadc01f5994}",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\7A140995F2B1632A4366B29F84525E129CE8019A",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-block-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\13AD07F4960A54F2D183ACF9E94C5128138B1927",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\scriptCache-child-current.bin",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\8C98F893C7DC5F2C401AD1482A81572B54197408",
"C:\\Program Files (x86)\\Mozilla Firefox\\VCRUNTIME140.dll",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\10822A86FA4EA4E601152426CBC79395A1336DF4",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\481A82674A6B66F0DE510C9A714F8CD8C49CECDC",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\5DE23E815D1A97B1F4BEA115D8FEE9A592A6F071",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\B3F357E619352C003E94A8CF5A48F89305F38330",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\6D0B804EDDF9F0A04ED44C3E1673404FC2EF042D",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4EC268BEC38CFB516EF780E0EBE4E401AF241132",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\796EA7DED8F33BFD4F2F0CD98C76865D063E1FE1",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D8779A474EF9F188508C00F92B9CE49A7892A0AD",
"C:\\Program Files (x86)\\Mozilla Firefox\\xul.dll",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\87526A8EBFB030E474085D20EF15DC8C63814072",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\screenshots@mozilla.org.xpi",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\AC09BBF6FF451E6C03BF3FB18C85B1A52662C4FC",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\0EDDF8C091E2FED62E44BEDDDC1723F5BF38FE4F",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D7152E928865BCA4A03E2E2EA4F70459D0A65CA9",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\except-flash-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-track-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\profiles.ini",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\3105ECE5A1F29E3F4D2F5EDF3C6DC5FE4443FD4A",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-harmful-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\93B95B92B63A5C2327A8048A4BF57824C56B8CF1",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-track-simple.pset",
"C:\\Windows\\Fonts\\segoeui.ttf",
"C:\\PROGRAM FILES (X86)\\MOZILLA FIREFOX\\fonts\\EMOJIONEMOZILLA.TTF",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\9B1007AC2F741C4FD7099C41A741D0FD35957BB8",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\places.sqlite-wal",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4966EE335F8967FC706E89E6D02E8524E946F1B9",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\except-flashallow-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\196BCA845E91608F7B4CA6127A60D20AF55413AC",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\F8AC72083E334F70A553AE68455FBDF0E65C5221",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\E59C4C731883450D84A0BAE7FDD94546BBC8DE04",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\SecurityPreloadState.txt",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D3AEF13BE0B76F1272C2F5536D4AF952DE6D2579",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-unwanted-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\8366CD083751DA973B30F80B11D910A45A6D920D",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\webcompat@mozilla.org.xpi",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\6509930F4539DB79DA356F2C5D01976D46756302",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\8322BC5E83D3D80175E749D29197F9800286F253",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\2732BCC97E7EB9EC9DE3E8EA8F56D7971CBDCD22",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\except-flash-digest256.pset",
"C:\\Windows\\System32\\wship6.dll",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\E910D1FCE8BF27F5536B88567A4DC32624377CC3",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\B2D65EE14ED1EB19E1A3B4C871D8C24A13F52918",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\firefox@getpocket.com.xpi",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\7A8D3A9360CC37F0AD80962D4AEA72B6D0F0B2B3",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-trackwhite-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\AC5E012C1887C7B691A8EA00C4E754025E25C235",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-malware-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\F2BD0701B9399ABF52C338C39C42391FD12832D2",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\01B2BB0FC84221A3593CA7991D57E56AC2CAE656",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\F10983A15DD515D828BE4E816299B9E87852132A",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\EFE71EF03AD3DD79AAEBAA0A3F9596521CBA2FFE",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-filesystem-l1-1-0.dll",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\B43D30F6F6BD7155ECCE1FFC98748C5FE69D8051",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-heap-l1-1-0.dll",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-unwanted-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\71E6B979E60B9BE891481CC4F4A274E2DECFFCD7",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\EA9C51236A8D1BE9B123FE65F49772A97F2EAAEC",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\EFC872FB5405AFC377348FFCDD26E62BBB612D81",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\499B8F86D3D7ACD12153BFF4E7D9C21E20E57862",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4DE8480C465A21C0F01AA2B6F4E13E551F78BBB1",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\AFE5FBBD40656A0DF79CF1E5D0A1DF072C6B9AE9",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\chrome.manifest",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\8763F97414AC5D93807FCCBC67DBAAAEE2972A52",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\F6C3C960F259CC3B54FF1DAD70E2F2E9E5020CA6",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D88DC229735F2EE8DFE494C6D1F37FA7BB2227CE",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\F85DD1E57E8C61DF501ABFFCE74943A8035E83A6",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\state.json",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\shield-preference-experiments.json",
"C:\\Program Files (x86)\\Mozilla Firefox\\msvcp140.dll",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\archived",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\sessionstore.jsonlz4",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\omni.ja",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\006309EAFFD4653F45B69F09BF6F930B6C5B394C",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\63FFF734326AB3EF836515DFE9353A5E12B66B71",
"C:\\Windows\\System32\\ExplorerFrame.dll",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\54EF37D18C4E81EE554527CBAE4A41871ECA817A",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\extensions.json",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\CA53C817FAB68ABF181745737562B15E8CCB7039",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-environment-l1-1-0.dll",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\2918063365piupsah.sqlite",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-unwanted-proto.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\E600EF8778C4BFEC40D87FF56E5C46E3377094F0",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\16114BA75206B6FA4C51ADC8A73DB4C6635F6AF9",
"C:\\Program Files (x86)\\Mozilla Firefox",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\2F0CC71C57B06F9DEA5A4A190CC4CF489D97C1F4",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\mozstd-trackwhite-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\9B10ECC55593004CB6F9763CF9201C09433055FD",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\79AEB0050B19F23A061AD4C2045261954485EF33",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-malware-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\88A3A91F296EB21A832CB76FA4FDB06CCDE147B9",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\5014D54D3346C39B07AF70090657B2AD092771C7",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D56D07CBF04B0388B53B943F61C75FC6620FA0A9",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\crashes\\events",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\25FCAA86CF448D2943B56A5788C3C21E5EA8DBC4",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\urlCache-current.bin",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\events",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\places.sqlite",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-unwanted-proto.metadata",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage.sqlite",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\BB03D28C0A5842A9006EBFBFCDEC58959BE6B505",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\activity-stream@mozilla.org.xpi",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\53B7A8254D12E292946E4514B3D598C1E6539AE8",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-stdio-l1-1-0.dll",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-convert-l1-1-0.dll",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\24C085D72E4DC34C183B0875733BBC71612D9696",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\formautofill@mozilla.org.xpi",
"C:\\Windows\\System32\\KBDUS.DLL",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\723D2D7D52AD8AD9A4B8D12D69CBCD97CB4FFC65",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\448A2AB129B26377E2408BBC44A6B4E984B0F25D",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\FDC043D6190638980733E805CC7517F27A931511",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\70F12FE0F788181112B9AEE541D1E9E7E0FAEDE3",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\block-flashsubdoc-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\F456E8433011E699C016D5F1A2CD66D7F02F61A1",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\thumbnails\\ad5a4453bea49203135688a7b8db842d.png",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\ABA24AAB8A9EA0E34C3E86EFD7EE2992CE614003"
],
"regkey_opened": [
"HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows NT\\DnsClient",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Mozilla\\Firefox\\32to64DidMigrate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\MMDevices\\Audio\\Render\\{c8ce7349-e519-42ea-bfb7-698f1844ee25}",
"HKEY_CURRENT_USER\\Software\\Synaptics\\SynTPEnh\\UltraNavPS2",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{8613E14C-D0C0-4161-AC0F-1DD2563286BC}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions",
"HKEY_CURRENT_USER\\Software\\Lenovo\\TrackPoint",
"HKEY_CLASSES_ROOT\\FirefoxHTML-E7CF176E110C211B",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{0000897b-83df-4b96-be07-0fb58b01c4a4}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Class\\{4d36e968-e325-11ce-bfc1-08002be10318}\\0000",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows Media Foundation\\Platform",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\KnownClasses",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.html",
"HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows NT\\Rpc",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\000000000008",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\KnownFolderSettings",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{C1EE01F2-B3B6-4A6A-9DDD-E988C088EC82}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\000000000001",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\000000000002",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\000000000003",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\000000000004",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\000000000005",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\000000000006",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\000000000007",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\LSA\\AccessProviders",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-699399860-4089948139-3198924279-1001",
"HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.html\\UserChoice",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Shell\\Associations\\UrlAssociations\\http",
"HKEY_CURRENT_USER\\Software\\Elantech\\MainOption",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Tracing\\firefox_RASMANCS",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\msasn1",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion",
"HKEY_LOCAL_MACHINE\\Software\\Mozilla\\Firefox\\TaskBarIDs",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{03B5835F-F03C-411B-9CE2-AA23E1171E36}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\System\\Setup",
"HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ICM\\RegisteredProfiles",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\000000000010",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Avalon.Graphics\\DISPLAY1",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\DnsCache\\Parameters",
"HKEY_CURRENT_USER\\Software\\Policies\\Mozilla\\Firefox",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{F25E9F57-2FC8-4EB3-A41A-CCE5F08541E6}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Websense\\Agent",
"HKEY_CURRENT_USER\\Software\\Synaptics\\SynTPEnh\\UltraNavUSB",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\Interface\\{423EC01E-2E35-11D2-B604-00104B703EFD}\\ProxyStubClsid32",
"HKEY_CURRENT_USER\\Software\\Microsoft\\CTF\\DirectSwitchHotkeys",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Windows",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{618736E0-3C3D-11CF-810C-00AA00389B71}\\ProxyStubClsid32",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Mozilla\\Firefox\\TaskBarIDs",
"HKEY_CURRENT_USER\\SOFTWARE\\Mozilla\\Firefox\\32to64DidMigrate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{DCBD6FA8-032F-11D3-B5B1-00C04FC324A1}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}",
"HKEY_CURRENT_USER\\Software\\Lenovo\\UltraNav",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows Media Foundation\\RT",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\PropertyBag",
"HKEY_CURRENT_USER\\SOFTWARE\\Policies",
"HKEY_CURRENT_USER\\SOFTWARE\\Mozilla\\Firefox\\Extensions",
"HKEY_CURRENT_USER\\Software\\Mozilla\\Firefox",
"HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\System\\DNSClient",
"HKEY_LOCAL_MACHINE\\HARDWARE\\DESCRIPTION\\System\\CentralProcessor\\0",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{3697C5FA-60DD-4B56-92D4-74A569205C16}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\1",
"HKEY_LOCAL_MACHINE\\Software\\MozillaPlugins",
"HKEY_CURRENT_USER\\Software\\Classes\\.pdf",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\PropertyBag",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Video\\{6FABAC3A-B3E4-4C2F-82E9-AA53D01C5093}\\0000",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\1\\KnownFolders",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Mozilla\\MaintenanceService",
"HKEY_CURRENT_USER\\Interface\\{423EC01E-2E35-11D2-B604-00104B703EFD}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Setup",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\MMDevices\\Audio\\Render\\",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Avalon.Graphics",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies",
"HKEY_CLASSES_ROOT\\FirefoxHTML-E7CF176E110C211B\\shell\\open\\command",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\000000000009",
"HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\DWM",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{AE6BE008-07FB-400D-8BEB-337A64F7051F}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\PropertyBag",
"HKEY_CURRENT_USER\\Software\\Alps\\Apoint\\TrackPoint",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{E429B25A-E5D3-4D1F-9BE3-0C608477E3A1}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\MMDevices\\Audio\\Render\\{c8ce7349-e519-42ea-bfb7-698f1844ee25}\\Properties",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\Interface\\{1C1C45EE-4395-11D2-B60B-00104B703EFD}\\ProxyStubClsid32",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.pdf",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\application\/pdf",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\RNG",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Class\\{4D36E96E-E325-11CE-BFC1-08002BE10318}\\0000",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{F89E9E58-BD2F-4008-9AC2-0F816C09F4EE}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_CURRENT_USER\\Interface\\{1C1C45EE-4395-11D2-B60B-00104B703EFD}",
"HKEY_CURRENT_USER\\Keyboard Layout\\Toggle",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\00000005",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{531FDEBF-9B4C-4A43-A2AA-960E8FCDC732}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\",
"HKEY_LOCAL_MACHINE\\Software\\Synaptics\\SynTP\\Install",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\LDAP",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\MMDevices\\Audio\\Render\\{6fcf1fb3-47c2-4dea-98cf-b6fd0420a46f}",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Shell\\Associations\\UrlAssociations\\http\\UserChoice",
"HKEY_CURRENT_USER\\Software\\MozillaPlugins",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{78CB5B0E-26ED-4FCC-854C-77E8F3D1AA80}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Mozilla\\Firefox\\Extensions",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ICM\\RegisteredProfiles",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\WinSock2\\Parameters",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Websense\\Agent",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\PropertyBag",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Mozilla\\Firefox",
"HKEY_LOCAL_MACHINE\\SOFTWARE",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{03022430-ABC4-11D0-BDE2-00AA001A1953}\\InProcServer32",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.html\\(Default)",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{07EB03D6-B001-41DF-9192-BF9B841EE71F}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\crypt32",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\ClusSvc",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\OLEAUT",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontSubstitutes",
"HKEY_LOCAL_MACHINE\\Software\\Alps\\Apoint",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\Tcpip\\Parameters",
"HKEY_LOCAL_MACHINE\\Software\\Cisco Systems\\VPN Client",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{A028AE76-01B1-46C2-99C4-ACD9858AE02F}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ICM",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{81D4E9C9-1D3B-41BC-9E6C-4B40BF79E35E}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_CURRENT_USER\\Software\\Elantech",
"HKEY_CLASSES_ROOT\\FirefoxURL-E7CF176E110C211B\\shell\\open\\command"
],
"guid": [
"{a95664d2-9614-4f35-a746-de8db63617e6}",
"{c43dc798-95d1-4bea-9030-bb99e2983a1a}",
"{17072f7b-9abe-4a74-a261-1eb76b55107a}",
"{0000015b-0000-0000-c000-000000000046}",
"{44aca674-e8fc-11d0-a07c-00c04fb68820}",
"{8bc3f05e-d86b-11d0-a075-00c04fb68820}",
"{529a9e6b-6587-4f23-ab9e-9c7d683e3c50}",
"{591209c7-767b-42b2-9fba-44ee4615f2c7}",
"{32d186a7-218f-4c75-8876-dd77273a8999}",
"{4e530b0a-e611-4c77-a3ac-9031d022281b}",
"{bf94c121-5b05-4e6f-8000-ba598961414d}",
"{62ce7e72-4c71-4d20-b15d-452831a87d9d}",
"{4590f811-1d3a-11d0-891f-00aa004b2e24}",
"{6332debf-87b5-4670-90c0-5e57b408a49e}",
"{674b6698-ee92-11d0-ad71-00c04fd8fdff}",
"{d5f569d0-593b-101a-b569-08002b2dbf7a}",
"{dc12a687-737f-11cf-884d-00aa004b2e24}",
"{bcde0395-e52f-467c-8e3d-c4579291692e}",
"{77f10cf0-3db5-4966-b520-b7c54fd35ed6}",
"{56fdf344-fd6d-11d0-958a-006097c9a090}",
"{28b4d88b-e072-49e6-804d-26edbe21a7b9}",
"{e77cc89b-7401-4c04-8ced-149db35add04}",
"{0000034b-0000-0000-c000-000000000046}",
"{f309ad18-d86a-11d0-a075-00c04fb68820}",
"{aa80e801-2021-11d2-93e0-0060b067b86e}",
"{722a338c-6e8e-4e72-ac27-1417fb0c81c2}",
"{7c857801-7381-11cf-884d-00aa004b2e24}"
],
"connects_ip": [
"127.0.0.1"
],
"file_copied": [
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\block-flashsubdoc-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\block-flashsubdoc-digest256.pset"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-track-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-track-simple.pset"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-malware-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-malware-simple.pset"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\except-flashallow-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\except-flashallow-digest256.sbstore"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-phish-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-phish-simple.sbstore"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-harmful-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-harmful-simple.pset"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-trackwhite-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-trackwhite-simple.pset"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\allow-flashallow-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\allow-flashallow-digest256.pset"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-block-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-block-simple.pset"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-badbinurl-proto.metadata",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-badbinurl-proto.metadata"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-harmful-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-harmful-simple.sbstore"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\block-flash-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\block-flash-digest256.pset"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\except-flashallow-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\except-flashallow-digest256.pset"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\except-flash-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\except-flash-digest256.pset"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-downloadwhite-proto.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-downloadwhite-proto.pset"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-malware-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-malware-simple.sbstore"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-phish-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-phish-simple.pset"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-malware-proto.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-malware-proto.pset"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-unwanted-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-unwanted-simple.sbstore"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\mozstd-trackwhite-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\mozstd-trackwhite-digest256.pset"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\mozplugin-block-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\mozplugin-block-digest256.pset"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-malware-proto.metadata",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-malware-proto.metadata"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-trackwhite-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-trackwhite-simple.sbstore"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\allow-flashallow-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\allow-flashallow-digest256.sbstore"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\mozplugin-block-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\mozplugin-block-digest256.sbstore"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-badbinurl-proto.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-badbinurl-proto.pset"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-block-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-block-simple.sbstore"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-unwanted-proto.metadata",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-unwanted-proto.metadata"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\mozstd-trackwhite-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\mozstd-trackwhite-digest256.sbstore"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-track-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-track-simple.sbstore"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\block-flashsubdoc-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\block-flashsubdoc-digest256.sbstore"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-downloadwhite-proto.metadata",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-downloadwhite-proto.metadata"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-unwanted-proto.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-unwanted-proto.pset"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\except-flashsubdoc-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\except-flashsubdoc-digest256.pset"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\base-track-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\base-track-digest256.pset"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\base-track-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\base-track-digest256.sbstore"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\except-flashsubdoc-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\except-flashsubdoc-digest256.sbstore"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-unwanted-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-unwanted-simple.pset"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-phish-proto.metadata",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-phish-proto.metadata"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\except-flash-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\except-flash-digest256.sbstore"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\block-flash-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\block-flash-digest256.sbstore"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-phish-proto.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-phish-proto.pset"
]
],
"command_line": [
"\"C:\\Program Files (x86)\\Mozilla Firefox\\firefox.exe\" -contentproc --channel=\"2868.6.1925183474\\992608054\" -childID 2 -isForBrowser -boolPrefs 299:0| -stringPrefs 285:38;{30125161-3c7f-4c5a-bdb3-beadc01f5994}| -schedulerPrefs 0001,2 -greomni \"C:\\Program Files (x86)\\Mozilla Firefox\\omni.ja\" -appomni \"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\omni.ja\" -appdir \"C:\\Program Files (x86)\\Mozilla Firefox\\browser\" 2868 \"\\\\.\\pipe\\gecko-crash-server-pipe.2868\" 2544 tab",
"\"C:\\Program Files (x86)\\Mozilla Firefox\\firefox.exe\" -contentproc --channel=\"2868.0.616846624\\751223851\" -childID 1 -isForBrowser -boolPrefs 299:0| -stringPrefs 285:38;{30125161-3c7f-4c5a-bdb3-beadc01f5994}| -schedulerPrefs 0001,2 -greomni \"C:\\Program Files (x86)\\Mozilla Firefox\\omni.ja\" -appomni \"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\omni.ja\" -appdir \"C:\\Program Files (x86)\\Mozilla Firefox\\browser\" 2868 \"\\\\.\\pipe\\gecko-crash-server-pipe.2868\" 1432 tab"
],
"mutex": [
"Global\\MozillaUpdateMutex-AWkbzLFmEHPmIFtactC8kpT7UdM=",
"Local\\FirefoxStartupMutex"
],
"wmi_query": [
"SELECT * FROM Win32_BIOS"
],
"file_read": [
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\9843E084E02CC996A82AAAF091B968B2F443AA96",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\1E6CC88205509B4729347C79C048D6FEE47BA702",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4A7B3B12544D1B7ECC140DBCC7F13159E5C2811A",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\116C29D749EF02BBC3455756D834442785F9A388",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\C03DE41C9476F437402F1B6C64B0E4AB01A863E0",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\base-track-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\8366CD083751DA973B30F80B11D910A45A6D920D",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\BB03D28C0A5842A9006EBFBFCDEC58959BE6B505",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\1657114595AmcateirvtiSty.sqlite",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\F17F04878A68505AE5481A71D8B733C5FFC6F285",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\B3F357E619352C003E94A8CF5A48F89305F38330",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\BF13DDDC114B55CF8532A4CD90403A99233AEC0E",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D7152E928865BCA4A03E2E2EA4F70459D0A65CA9",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\5DE23E815D1A97B1F4BEA115D8FEE9A592A6F071",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\80C4BD9CF4D3178043F25467076DC8E0EDCA7FA2",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\63F48F4F7F1BC3195F5AB831F9794F3DBA2D30E1",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\22C4B7AADA22F61015D43F2AC3959E959BFA7C92",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\25BA5C2B3FD98507850409FC3A4FD981B4B57A95",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-unwanted-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\FF55B8192FB0DF5264A1A67E55A281598969EDD1",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\favicons.sqlite",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-convert-l1-1-0.dll",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-trackwhite-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4945586D32183A203E85FAFFD463A7684FD62668",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4E7F371E5CFBFD3AFD85C29D7EEFFFE842B3C777",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\24AB539CB6640E15DB1604220F3951544785212C",
"C:\\Program Files (x86)\\Mozilla Firefox\\lgpllibs.dll",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\0C2824F70ADF87E5071FE4771AF36357A5500643",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\7F2254AA2A8BC4A627A43E0A537084540A1E884B",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D88DC229735F2EE8DFE494C6D1F37FA7BB2227CE",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\EE34617993BEF52E93EC1819B22D42B99366214A",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\BA91797ACB41F0E0E1E95742571EEE322A6A70F0",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\webext.sc.lz4",
"C:\\Program Files (x86)\\Mozilla Firefox\\defaults\\pref\\channel-prefs.js",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\BD75785200C0E1E894D78880C72AC03D1B02A575",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\9B1007AC2F741C4FD7099C41A741D0FD35957BB8",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\F85DD1E57E8C61DF501ABFFCE74943A8035E83A6",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\mozplugin-block-digest256.pset",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\sessionCheckpoints.json",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\CCB2BB2D87699CA64DCF0C60BDECD1E30D1D6A11",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\406A03EE0E91037465ACB2B4F4105250A54F282B",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\EFC872FB5405AFC377348FFCDD26E62BBB612D81",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\12C5797F729FEAC529B8B47C188D14EB02D8CB76",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\F8AC72083E334F70A553AE68455FBDF0E65C5221",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\6509930F4539DB79DA356F2C5D01976D46756302",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-trackwhite-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-phish-proto.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-track-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\C7BCCD2D2CA294B38AE834D818CF5D5C0C7A65BE",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\except-flash-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\B7DB036074231ACC212F58CA5B8AF0545A418060",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\773ADD9F62EEAF7F2246C8AD56A9F1B7BAA7B703",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\2E3648501A7ACB740BAFCE7FC3EAF3D4DC4E995D",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-downloadwhite-proto.metadata",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\A698B6CF98F43F9B0EE1C1DAF3F2CB9BFF09A47C",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\9BA38CD17924C08AD334BFB3903E3E7CD5627B1B",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\2DDBF58F5F7BF1E52CD38B42B90ABC8A4B082461",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-block-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\mozplugin-block-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\E7EAFD1748127CEAA48DCDD05E7998E3CAA95B8C",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D1A8E6A06938A84BEC26B6A4F8D583FB4A3E4875",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\464DAA9FB3675E2054BC44273AFC184FA46471CB",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\1F3A3A34BAF218785600EB46E9182918B9928898",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\10822A86FA4EA4E601152426CBC79395A1336DF4",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\B2D65EE14ED1EB19E1A3B4C871D8C24A13F52918",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4824C8FFDEE786A5D8721AF47836EA89F72B9E63",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\A41FBA22DC5012AD425DF960BDD5033BAB7C7CB6",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\7B303216787123E2E98A2B9594CDF8211C77C0EA",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\9B10ECC55593004CB6F9763CF9201C09433055FD",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D5D7B247774E63182A9E2C82B62424AAB64C79A8",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-phish-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-harmful-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\745D8B14DE6A12F1FAB4E03C1DDDB18AADB91107",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\14C9FC10F03F11BB6CBD75EA217AB33E64DCC1D8",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\87526A8EBFB030E474085D20EF15DC8C63814072",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\7129FF815464CD6B0D2D26BA6F4172DEB37EEEAD",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\startupCache.4.little",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\7A8D3A9360CC37F0AD80962D4AEA72B6D0F0B2B3",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\compatibility.ini",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\BFF1B70350A6A2E0FDC6CD336ADB9119D951BACD",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\235A8ED310BFD65966E1EE36D0FD4BE498C8B73C",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\addons.json",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\SiteSecurityServiceState.txt",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\B597DA2E9B2D181DF7F2FB8D2BAEC133C8DBA0A3",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\thumbnails\\f8f5d529d35334f2fb264d19f656224e.png",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\xulstore.json",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\A9004750076EB06EEC33AA7B9CC6D2557CD44CF4",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\.metadata-v2",
"\\\\?\\PIPE\\samr",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\CA53C817FAB68ABF181745737562B15E8CCB7039",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\0CB83587A5F8FCB502CB86AC361A93E2B36E861C",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4966EE335F8967FC706E89E6D02E8524E946F1B9",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-time-l1-1-0.dll",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\5E4954707B44E5A4B4ACF5F22B52219A1DCA477F",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\2F8B15C93D75669CC70EBF85BF71871359837EAF",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-unwanted-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\AA109EF5680522CB655C98111C00F5A6B7B092B2",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\1679441B8AA7B4D31717C773CC4E86A25B37532B",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-harmful-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\9548F9611999ED8CA357720E12017816424CFB6F",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\B871BCA40A90227E35C39797525C79C94A1D99BE",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\1AB027184D2B00AF60C1FC40EDE4333DEACDB184",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-downloadwhite-proto.pset",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\search.json.mozlz4",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\65C9C9A27B78717F1015DE362F028E04C3945DEC",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\except-flashsubdoc-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\54EF37D18C4E81EE554527CBAE4A41871ECA817A",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\C57B57965CBA09581E320B5AA0337D210F8F93D2",
"C:\\Program Files (x86)\\Mozilla Firefox\\dependentlibs.list",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\webappsstore.sqlite",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\AC5E012C1887C7B691A8EA00C4E754025E25C235",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\96ABC2EA8266E6EA2ABE62F8766B67BC8CA527BD",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\19AE0F43DA3528C6C3423A49A8C88E2268C93A9F",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\7A140995F2B1632A4366B29F84525E129CE8019A",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-utility-l1-1-0.dll",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-trackwhite-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\5910B209536948818F465D83D2569E7CE0895207",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\content-prefs.sqlite",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-malware-proto.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\block-flashsubdoc-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\89ACBB962943FAF1EF2F1C7CA72502C77A714625",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\2732BCC97E7EB9EC9DE3E8EA8F56D7971CBDCD22",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-phish-proto.metadata",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-malware-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\950506BC89C1114E4E75E993855000430CECD9D9",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\719CE0C009C49A27AA9874570F196BC7E8FB4270",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\F2BD0701B9399ABF52C338C39C42391FD12832D2",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\796EA7DED8F33BFD4F2F0CD98C76865D063E1FE1",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\B25B8C1B43CF7FBFAE6666322FAC0E83376388E2",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\34D9B2F464DD8C129F58DFEE470B079556A7A3F9",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\except-flashsubdoc-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\A9970A5D52CA09C13D9BD1531BCA7CF8B73E283E",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\167493A5CFB1A41265EC1B95DA06580C32BCF814",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\block-flash-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\E59C4C731883450D84A0BAE7FDD94546BBC8DE04",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\01B2BB0FC84221A3593CA7991D57E56AC2CAE656",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\F10983A15DD515D828BE4E816299B9E87852132A",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-malware-proto.metadata",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\EFE71EF03AD3DD79AAEBAA0A3F9596521CBA2FFE",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\6052DF2D478CD99FDE4D4B2D810BB2BA580793EC",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\DF08D94982E136FE7C4F2C94421F9E48C2C74A77",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-filesystem-l1-1-0.dll",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D6BFEAEE7117A9C7FDE6A10EAB400F894E4195A8",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\2FD2E2A71F89E3A92F68CB796207228217259289",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-heap-l1-1-0.dll",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\C4FA0268E64A0AD9E2040B07A1F10F120BD4EB0C",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\911B0C61350C012E383F7D0845A33B4D64F1AD2A",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-unwanted-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\activity-stream.tippytop.json",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\71E6B979E60B9BE891481CC4F4A274E2DECFFCD7",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\7ADD52E257AB16553D632B8F4B6830030878A19E",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\10506E8A46D6B713DA6BAF52F85CF29652AB094C",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\B10EA6E071F884F477118DC8A00E82FC8DE58639",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\32D3D40B1A49D72C523AF9C518AFE673224DF48F",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\key4.db",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\499B8F86D3D7ACD12153BFF4E7D9C21E20E57862",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\F6C3C960F259CC3B54FF1DAD70E2F2E9E5020CA6",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D381FB47D731C2651FB103E2F7BC18AF380F7B1F",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4DE8480C465A21C0F01AA2B6F4E13E551F78BBB1",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\AFE5FBBD40656A0DF79CF1E5D0A1DF072C6B9AE9",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\8763F97414AC5D93807FCCBC67DBAAAEE2972A52",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cert9.db",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\0FEBD8BDBFAC8B82791945DC7E04F675419B2F42",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\block-flash-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-badbinurl-proto.metadata",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\03C2D63D520038594126B6B542E92CB503EF60B6",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\505DF13F4DA2C53FEB1945E0598B23F47FDBDCC7",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\E8F333B9BE75EC8017017DAE4ACE9DCC6677A983",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\EA9C51236A8D1BE9B123FE65F49772A97F2EAAEC",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\state.json",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-runtime-l1-1-0.dll",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-block-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\shield-preference-experiments.json",
"C:\\Program Files (x86)\\Mozilla Firefox\\msvcp140.dll",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\1E1444ABF82EF1DC8EE0944028E4CDA455D636F3",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\05582FF5C196A4485F189490FEC9ECEA0890DA32",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\6301F538B782708AB243E2D7E05058C93BB83863",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-block-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\63FFF734326AB3EF836515DFE9353A5E12B66B71",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\sessionstore.jsonlz4",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\448A2AB129B26377E2408BBC44A6B4E984B0F25D",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\13AD07F4960A54F2D183ACF9E94C5128138B1927",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\589D8E1EA927649272150213A47BD1143DECB82A",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-malware-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\allow-flashallow-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\006309EAFFD4653F45B69F09BF6F930B6C5B394C",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\permissions.sqlite",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\E771454BB360CA5F7AA169E5416B493549BC2F59",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\ED89A8241905354BB4530DC06257CEF53C1580A2",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\handlers.json",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\B028362E3889BEAC998CED49FD74BA83B106FF93",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-phish-simple.pset",
"C:\\Program Files (x86)\\Mozilla Firefox\\VCRUNTIME140.dll",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D3AEF13BE0B76F1272C2F5536D4AF952DE6D2579",
"C:\\Windows\\System32\\ExplorerFrame.dll",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\68B1EB9E09D4BD74CA7A9C1BB118BE821BD39E93",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\698AC159A6BCBA0D13FE6F10F1A38E498F826F33",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\0CDAD0FEE8D457A239E21FCEAC3C12851FD524BB",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\extensions.json",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-unwanted-proto.metadata",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-trackwhite-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D8779A474EF9F188508C00F92B9CE49A7892A0AD",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\481A82674A6B66F0DE510C9A714F8CD8C49CECDC",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\66F684AF9CC570C6247262B47C769C601C2A338B",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\46E3AF25E304979396708B69DA68563169275511",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\allow-flashallow-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\53DAE4B1D7BFF6744CCAF7207DE631267F9883DC",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\2918063365piupsah.sqlite",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\containers.json",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-unwanted-proto.pset",
"C:\\Program Files (x86)\\Mozilla Firefox\\gmp-clearkey\\0.1\\manifest.json",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\InstallTime20180605171542",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\prefs.js",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\17AFA6B228D2D87514B84B53E61306EC9F76A8AE",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\A3031C2052A395A7FE246EFE1783C6205B841295",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\179F6D8969C48967D77229126C8892C5E40DBC29",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\E600EF8778C4BFEC40D87FF56E5C46E3377094F0",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D56D07CBF04B0388B53B943F61C75FC6620FA0A9",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\C664ABAE6A070392F60C7BFF721450AA0CF7DBA0",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\A2FD2AEC52AD764EF05C6E7CE3A4CE4B752EA5F0",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\16114BA75206B6FA4C51ADC8A73DB4C6635F6AF9",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4EC268BEC38CFB516EF780E0EBE4E401AF241132",
"C:\\Windows\\System32\\spool\\drivers\\color\\sRGB Color Space Profile.icm",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\2F0CC71C57B06F9DEA5A4A190CC4CF489D97C1F4",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\08F6935A08DB711CA491DE732807CFAEAB3E4D3B",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D5E6BECED2D69F7DA21EFD7B80D6C386F459CAF3",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\mozstd-trackwhite-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\53A3BB8B513161BF46CD7ED76BE06E8E633BE492",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\B43D30F6F6BD7155ECCE1FFC98748C5FE69D8051",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cookies.sqlite",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\1D7A050D55E3C4EE69402F8D55391DE5B50ADDB9",
"C:\\Program Files (x86)\\Mozilla Firefox\\mozglue.dll",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\pkcs11.txt",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\92B5C9352DD00CE3BC97E4D5F624D41C2B3E8A45",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\6C9B846926C287B15F67D64CE91F1CFA7D812660",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\79AEB0050B19F23A061AD4C2045261954485EF33",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\E910D1FCE8BF27F5536B88567A4DC32624377CC3",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\except-flashallow-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-phish-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\88A3A91F296EB21A832CB76FA4FDB06CCDE147B9",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\BA3014356B4F6ECADF1B5288B6841EB407783B99",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\5014D54D3346C39B07AF70090657B2AD092771C7",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-phish-simple.pset",
"C:\\Program Files (x86)\\Mozilla Firefox\\xul.dll",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\2B0BB856207559EBA5FC5511DF6FF5F51DFB5146",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\639DC9A240AA5E77CE1A930EDDD634BE796CBFA8",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\6D0B804EDDF9F0A04ED44C3E1673404FC2EF042D",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-harmful-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4FA5EE242D6F5B358CE45D291E80054726F198AC",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\C9BC79B1EF4DD1EF133FEDF6433E235214534AB1",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\25FCAA86CF448D2943B56A5788C3C21E5EA8DBC4",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\times.json",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\E2E836DA4479746F0312710A7F9EE78D7DFD4750",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\8C98F893C7DC5F2C401AD1482A81572B54197408",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\AC09BBF6FF451E6C03BF3FB18C85B1A52662C4FC",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\profiles.ini",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\0EDDF8C091E2FED62E44BEDDDC1723F5BF38FE4F",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\places.sqlite",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\EAF97F7535E2FBDA3D23E536591F7BBFE203FAC1",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-string-l1-1-0.dll",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage.sqlite",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\addonStartup.json.lz4",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\2E51A9404F7D0D33DB132CAF4A9C7B8FA64549AA",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\75E50D054B90189E74DAB0C86F5E8680BE580C29",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-unwanted-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-track-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\except-flash-digest256.sbstore",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-math-l1-1-0.dll",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\DC933A410E769DFD115C892EAF014A6E15ED59CE",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\session-state.json",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-track-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\2361C75DF0C4148925BB777DAFEA1BF4F9552B47",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\53B7A8254D12E292946E4514B3D598C1E6539AE8",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\3A472858AE5D0DD4813DF4EFC9F1037A487B1A64",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\F18D85F52EBBBA2AB081EF739ED0D6E8A76D497C",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-stdio-l1-1-0.dll",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-block-simple.sbstore",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-locale-l1-1-0.dll",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\blocklist.xml",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\8322BC5E83D3D80175E749D29197F9800286F253",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\70F12FE0F788181112B9AEE541D1E9E7E0FAEDE3",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\3105ECE5A1F29E3F4D2F5EDF3C6DC5FE4443FD4A",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4E83181E964BD40E1FE4C41BAFED645D4BA363B1",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\FDC043D6190638980733E805CC7517F27A931511",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-harmful-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\93B95B92B63A5C2327A8048A4BF57824C56B8CF1",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\25D9FE4CEA5B58770648CDAF3242ACDE286A6CBF",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-track-simple.pset",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-multibyte-l1-1-0.dll",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\6E1FED29EBE0BFDE3E498E4192938BE957FF9246",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-badbinurl-proto.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\723D2D7D52AD8AD9A4B8D12D69CBCD97CB4FFC65",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\crashes\\store.json.mozlz4",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4AFCE23AA61A96885DF21D2DE2FFB502C41EBD3C",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-environment-l1-1-0.dll",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D1B90B03F8D7A2BA6BA1E9251F8101DECDB2CBEC",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\3561288849sdhlie.sqlite",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\89DBE1DF558BB8439E2062ECC3272086F2E3FF1F",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D172C03F361E7325D8F391F992106A828306767D",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\base-track-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\1FD79E550E990A5DE8BC811C9BBECF380A66A9DF",
"C:\\Program Files (x86)\\Mozilla Firefox\\nss3.dll",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-malware-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\64E75C732D9C3F23724ACEF48E9B6C566BC6D9BE",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-malware-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\120B4106EC203FC932984367D86BBE11C2B9B93C",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\thumbnails\\ad5a4453bea49203135688a7b8db842d.png",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\24C085D72E4DC34C183B0875733BBC71612D9696",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\block-flashsubdoc-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\except-flashallow-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\F456E8433011E699C016D5F1A2CD66D7F02F61A1",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\196BCA845E91608F7B4CA6127A60D20AF55413AC",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\361B548BA913570AB336F9E5FA9152F01E567AB9",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\mozstd-trackwhite-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\ABA24AAB8A9EA0E34C3E86EFD7EE2992CE614003"
],
"regkey_read": [
"HKEY_CURRENT_USER\\Keyboard Layout\\Toggle\\Language Hotkey",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\PublishExpandedPath",
"HKEY_CURRENT_USER\\Keyboard Layout\\Toggle\\Hotkey",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Mozilla\\Firefox\\TaskBarIDs\\C:\\Program Files (x86)\\Mozilla Firefox",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Serial_Access_Num",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Stream",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Tracing\\firefox_RASMANCS\\ConsoleTracingMask",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\LDAP\\UseHostnameAsAlias",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-699399860-4089948139-3198924279-1001\\ProfileImagePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\Stream",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.html\\UserChoice\\Progid",
"HKEY_LOCAL_MACHINE\\SYSTEM\\Setup\\SystemSetupInProgress",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\GRE_Initialize\\DisableMetaFiles",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Keyboard Layout\\d0010409",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\Interface\\{618736E0-3C3D-11CF-810C-00AA00389B71}\\ProxyStubClsid32\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Description",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\000000000002\\PackedCatalogItem",
"HKEY_CURRENT_USER\\FirefoxURL-E7CF176E110C211B\\shell\\open\\command\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Tracing\\firefox_RASMANCS\\EnableFileTracing",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Mozilla\\Firefox\\32to64DidMigrate\\Never",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\SourcePath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\000000000010\\PackedCatalogItem",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Num_Catalog_Entries",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\LocalRedirectOnly",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\PreCreate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Attributes",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Video\\{6FABAC3A-B3E4-4C2F-82E9-AA53D01C5093}\\0000\\HardwareInformation.MemorySize",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Tcpip\\Parameters\\Domain",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\DisableImprovedZoneCheck",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows NT\\CurrentVersion\\Windows\\LoadAppInit_DLLs",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\PreCreate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Tracing\\firefox_RASAPI32\\EnableConsoleTracing",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\DWM\\AccentColor",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\Stream",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\Security",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Tracing\\firefox_RASMANCS\\FileDirectory",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\Roamable",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Current_Protocol_Catalog",
"HKEY_LOCAL_MACHINE\\HARDWARE\\DESCRIPTION\\System\\CentralProcessor\\0\\Identifier",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\000000000003\\PackedCatalogItem",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Name",
"HKEY_LOCAL_MACHINE\\HARDWARE\\DESCRIPTION\\System\\CentralProcessor\\0\\VendorIdentifier",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Tracing\\firefox_RASMANCS\\FileTracingMask",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Next_Catalog_Entry_ID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ICM\\RegisteredProfiles\\camp",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\InstallDate",
"HKEY_CURRENT_USER\\.pdf\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\000000000008\\PackedCatalogItem",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Tracing\\firefox_RASMANCS\\MaxFileSize",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Video\\{6FABAC3A-B3E4-4C2F-82E9-AA53D01C5093}\\0000\\HardwareInformation.qwMemorySize",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\LocalRedirectOnly",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Language\\InstallLanguageFallback",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Tracing\\firefox_RASAPI32\\ConsoleTracingMask",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\crypt32\\DebugHeapFlags",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\000000000001\\PackedCatalogItem",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\ParentFolder",
"HKEY_CURRENT_USER\\Keyboard Layout\\Toggle\\Layout Hotkey",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\FolderTypeID",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Local AppData",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\PreCreate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\HARDWARE\\DESCRIPTION\\System\\CentralProcessor\\0\\~Mhz",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\EMPTY",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\en",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\Stream",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\Security",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\FolderTypeID",
"HKEY_CURRENT_USER\\Control Panel\\Desktop\\MuiCached\\MachinePreferredUILanguages",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\LDAP\\LdapClientIntegrity",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\LocalizedName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Security_HKLM_only",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\MMDevices\\Audio\\Render\\{c8ce7349-e519-42ea-bfb7-698f1844ee25}\\Properties\\{f3e80bef-1723-4ff2-bcc4-7f83dc5e46d4},3",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\MUI\\UILanguages\\en-US\\Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\Roamable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Video\\{6FABAC3A-B3E4-4C2F-82E9-AA53D01C5093}\\0000\\InstalledDisplayDrivers",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{03022430-ABC4-11D0-BDE2-00AA001A1953}\\InProcServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\DevicePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\Interface\\{423EC01E-2E35-11D2-B604-00104B703EFD}\\ProxyStubClsid32\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\PreCreate",
"HKEY_CURRENT_USER\\Control Panel\\Desktop\\PreferredUILanguages",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\MUI\\UILanguages\\en-US\\AlternateCodePage",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\Interface\\{1C1C45EE-4395-11D2-B60B-00104B703EFD}\\ProxyStubClsid32\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\000000000009\\PackedCatalogItem",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Tracing\\firefox_RASAPI32\\MaxFileSize",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\Description",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\MMDevices\\Audio\\Render\\{c8ce7349-e519-42ea-bfb7-698f1844ee25}\\Properties\\{5a9125b7-f367-4924-ace2-0803a4a3a471},0",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\Icon",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Tcpip\\Parameters\\Hostname",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\LocalizedName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows Media Foundation\\Platform\\FreeWppTrace",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\LocalRedirectOnly",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Tracing\\firefox_RASMANCS\\EnableConsoleTracing",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ICM\\RegisteredProfiles\\rip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Tracing\\firefox_RASAPI32\\FileDirectory",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\MMDevices\\Audio\\Render\\{6fcf1fb3-47c2-4dea-98cf-b6fd0420a46f}\\DeviceState",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\en-US",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\AccessProviders\\MartaExtension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\HARDWARE\\DESCRIPTION\\System\\CentralProcessor\\0\\Update Signature",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\000000000004\\PackedCatalogItem",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\Security",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\LocalizedName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\MMDevices\\Audio\\Render\\{6fcf1fb3-47c2-4dea-98cf-b6fd0420a46f}\\Protocol",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Security",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Shell\\Associations\\UrlAssociations\\http\\UserChoice\\Progid",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\LocalRedirectOnly",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Roamable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\InitFolderHandler",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows NT\\CurrentVersion\\Windows\\AppInit_DLLs",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Tracing\\firefox_RASAPI32\\FileTracingMask",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\CTF\\EnableAnchorContext",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E96E-E325-11CE-BFC1-08002BE10318}\\0000\\ProfileEnumMode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\Description",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Mozilla\\Firefox\\32to64DidMigrate\\C:\\Program Files (x86)\\Mozilla Firefox",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\MMDevices\\Audio\\Render\\{c8ce7349-e519-42ea-bfb7-698f1844ee25}\\Role:1",
"HKEY_CURRENT_USER\\Keyboard Layout\\Preload\\1",
"HKEY_CURRENT_USER\\FirefoxHTML-E7CF176E110C211B\\shell\\open\\command\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\000000000007\\PackedCatalogItem",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Mozilla\\MaintenanceService\\Attempted",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\en-US",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ICM\\RegisteredProfiles\\sRGB",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\Description",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\LocalizedName",
"HKEY_CURRENT_USER\\FirefoxHTML-E7CF176E110C211B\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E968-E325-11CE-BFC1-08002BE10318}\\0000\\DriverVersion",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\en",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E968-E325-11CE-BFC1-08002BE10318}\\0000\\DriverDate",
"HKEY_LOCAL_MACHINE\\HARDWARE\\DESCRIPTION\\System\\CentralProcessor\\0\\Update Revision",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\LDAP\\UseOldHostResolutionOrder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Tracing\\firefox_RASAPI32\\EnableFileTracing",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Mozilla\\MaintenanceService\\Installed",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SQMClient\\Windows\\CEIPEnable",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E96E-E325-11CE-BFC1-08002BE10318}\\0000\\ICMProfile",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\AppData",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\StreamResource",
"HKEY_CURRENT_USER\\Control Panel\\International\\Geo\\Nation",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Cryptography\\RNG\\Seed",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\000000000006\\PackedCatalogItem",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\Name",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\000000000005\\PackedCatalogItem",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ICM\\RegisteredProfiles\\ri",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\MMDevices\\Audio\\Render\\{c8ce7349-e519-42ea-bfb7-698f1844ee25}\\Protocol",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\Roamable",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\WinSock_Registry_Version",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\MMDevices\\Audio\\Render\\{c8ce7349-e519-42ea-bfb7-698f1844ee25}\\DeviceState",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\ParentFolder"
],
"file_created": [
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cookies.sqlite-wal",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\3561288849sdhlie.sqlite-wal",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\addons.json.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-phish-simple-1.sbstore",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\webappsstore.sqlite-wal",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\session-state.json.tmp",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cookies.sqlite-shm",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\aborted-session-ping.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-block-simple-1.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\.startup-incomplete",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\prefs-1.js",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\urlCache-new.bin",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-unwanted-simple-1.sbstore",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\3561288849sdhlie.sqlite-shm",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\favicons.sqlite-wal",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-harmful-simple-1.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-trackwhite-simple-1.sbstore",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\2918063365piupsah.sqlite-wal",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\places.sqlite-shm",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\1657114595AmcateirvtiSty.sqlite-shm",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\favicons.sqlite-shm",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\1657114595AmcateirvtiSty.sqlite-wal",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-track-simple-1.sbstore",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\sessionCheckpoints.json.tmp",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\crashes\\store.json.mozlz4.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-malware-simple-1.sbstore",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\places.sqlite-wal",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\webappsstore.sqlite-shm",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\scriptCache-child-new.bin",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\xulstore.json.tmp",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\2918063365piupsah.sqlite-shm",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\scriptCache-new.bin"
],
"dll_loaded": [
"dbghelp.dll",
"C:\\Windows\\System32\\mswsock.dll",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-locale-l1-1-0.dll",
"kernel32",
"C:\\Windows\\syswow64\\MSCTF.dll",
"WINTRUST.dll",
"WINSTA.dll",
"C:\\Program Files (x86)\\Mozilla Firefox\\xul.dll",
"gdi32.dll",
"DNSAPI.dll",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-time-l1-1-0.dll",
"kernel32.dll",
"API-MS-Win-Security-SDDL-L1-1-0.dll",
"netutils.dll",
"SAMLIB.dll",
"C:\\Windows\\system32\\ole32.dll",
"AUDIOSES.DLL",
"dwmapi.dll",
"ntdll.dll",
"C:\\Windows\\system32\\napinsp.dll",
"C:\\Program Files (x86)\\Mozilla Firefox\\mozavutil.dll",
"dwrite.dll",
"ntmarta.dll",
"setupapi.dll",
"API-MS-WIN-Service-Management-L1-1-0.dll",
"C:\\Program Files (x86)\\Mozilla Firefox\\lgpllibs.dll",
"API-MS-Win-Core-LocalRegistry-L1-1-0.dll",
"xul.dll",
"C:\\Windows\\system32\\dxva2.dll",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-utility-l1-1-0.dll",
"C:\\Program Files (x86)\\Mozilla Firefox\\MSVCP140.dll",
"cryptbase.dll",
"C:\\PROGRA~2\\MOZILL~1\\nssckbi.dll",
"RASMAN.DLL",
"mscms.dll",
"C:\\Program Files (x86)\\Mozilla Firefox\\freebl3.dll",
"ole32.dll",
"C:\\Program Files (x86)\\Mozilla Firefox\\VCRUNTIME140.dll",
"ws2_32.dll",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-stdio-l1-1-0.dll",
"USER32.dll",
"C:\\Program Files (x86)\\Mozilla Firefox\\mozglue.dll",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-convert-l1-1-0.dll",
"C:\\Windows\\system32\\IMM32.DLL",
"API-MS-WIN-Service-winsvc-L1-1-0.dll",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-string-l1-1-0.dll",
"C:\\Windows\\system32\\mf.dll",
"rtutils.dll",
"Iphlpapi.dll",
"kbdus.dll",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-environment-l1-1-0.dll",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-multibyte-l1-1-0.dll",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-runtime-l1-1-0.dll",
"C:\\Windows\\system32\\pnrpnsp.dll",
"samcli.dll",
"C:\\Windows\\system32\\evr.dll",
"RPCRT4.dll",
"C:\\Program Files (x86)\\Mozilla Firefox\\mozavcodec.dll",
"C:\\Windows\\System32\\winrnr.dll",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-filesystem-l1-1-0.dll",
"WININET.dll",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-heap-l1-1-0.dll",
"C:\\Windows\\system32\\NLAapi.dll",
"C:\\Windows\\system32\\mfplat.dll",
"C:\\Program Files (x86)\\Mozilla Firefox\\nss3.dll",
"CRYPTSP.dll",
"CFGMGR32.dll",
"Gdi32.dll",
"Dnsapi.dll",
"Kernel32",
"Kernel32.dll",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-math-l1-1-0.dll",
"C:\\Program Files (x86)\\Mozilla Firefox\\firefox.exe",
"OLEAUT32.DLL",
"ADVAPI32.dll",
"rpcrt4.dll",
"C:\\Program Files (x86)\\Mozilla Firefox\\softokn3.dll",
"WS2_32.dll",
"C:\\Windows\\system32\\dxgi.dll",
"user32.dll"
],
"file_moved": [
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\urlCache.bin",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\urlCache-current.bin"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-trackwhite-simple-1.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-trackwhite-simple.sbstore"
],
[
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\session-state.json.tmp",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\session-state.json"
],
[
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\addons.json.tmp",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\addons.json"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\urlCache-new.bin",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\urlCache.bin"
],
[
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\sessionCheckpoints.json.tmp",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\sessionCheckpoints.json"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\scriptCache-child.bin",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\scriptCache-child-current.bin"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-harmful-simple-1.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-harmful-simple.sbstore"
],
[
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\aborted-session-ping.tmp",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\aborted-session-ping"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-block-simple-1.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-block-simple.sbstore"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-backup",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing"
],
[
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\prefs-1.js",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\prefs.js"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-phish-simple-1.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-phish-simple.sbstore"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-backup"
],
[
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\crashes\\store.json.mozlz4.tmp",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\crashes\\store.json.mozlz4"
],
[
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\xulstore.json.tmp",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\xulstore.json"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\scriptCache-child-new.bin",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\scriptCache-child.bin"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-unwanted-simple-1.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-unwanted-simple.sbstore"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-malware-simple-1.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-malware-simple.sbstore"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\scriptCache-new.bin",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\scriptCache.bin"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-track-simple-1.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-track-simple.sbstore"
]
],
"file_written": [
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-malware-simple.pset",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\addons.json.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-phish-simple-1.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-phish-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-harmful-simple.pset",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\session-state.json.tmp",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\aborted-session-ping.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-block-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-block-simple-1.sbstore",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\prefs-1.js",
"\\\\?\\PIPE\\samr",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-unwanted-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\urlCache-new.bin",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-unwanted-simple-1.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-harmful-simple-1.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-trackwhite-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-trackwhite-simple-1.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-track-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D1B90B03F8D7A2BA6BA1E9251F8101DECDB2CBEC",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-track-simple-1.sbstore",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\sessionCheckpoints.json.tmp",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\crashes\\store.json.mozlz4.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-malware-simple-1.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\scriptCache-child-new.bin",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\startupCache.4.little",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\scriptCache-new.bin",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\xulstore.json.tmp"
],
"file_recreated": [
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-block-simple-1.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-harmful-simple-1.sbstore",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\prefs-1.js",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-malware-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-trackwhite-simple-1.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-phish-simple-1.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-track-simple-1.sbstore",
"\\??\\MountPointManager",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-phish-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-unwanted-simple.pset",
"\\Device\\KsecDD",
"\\??\\C:",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-malware-simple-1.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-harmful-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-trackwhite-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-unwanted-simple-1.sbstore",
"\\??\\Nsi",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\parent.lock",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-track-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-block-simple.pset"
],
"directory_created": [
"C:\\Users\\cuck\\AppData\\LocalLow\\Mozilla",
"C:\\Users\\cuck\\AppData\\LocalLow",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting",
"C:\\Users\\cuck\\AppData",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default",
"C:\\Users\\cuck\\AppData\\LocalLow\\Mozilla\\Temp-{30125161-3c7f-4c5a-bdb3-beadc01f5994}",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\crashes\\events",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\crashes",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\events",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\bookmarkbackups",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\gmp",
"C:\\Users",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\gmp\\WINNT_x86-msvc",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox",
"C:\\Users\\cuck\\AppData\\Roaming",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Pending Pings",
"C:\\Users\\cuck\\AppData\\Local",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla",
"C:\\Users\\cuck",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating"
],
"file_failed": [
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\user.js",
"C:\\Windows\\System32\\twinapi.appcore.dll",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\uz.res",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\nn.res",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\bs.res",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\kk.res",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\id.res",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\be.res",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\fa.res",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\pt.res",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\ln.res",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-unwanted-proto.sbstore",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\en_US_POSIX.res",
"C:\\Windows\\System32\\DataExchange.dll",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\hy.res",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\sk.res",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\mn.res",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\ig.res",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l.dat",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\ga.res",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\sv_SE.res",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\postSigningData",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\aborted-session-ping",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\or.res",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\el.res",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\wae.res",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-phish-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-unwanted-simple.sbstore",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\uk.res",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\gl.res",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-phish-proto.sbstore",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\dz.res",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\pa.res",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\hu.res",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\sw.res",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\uts46.nrm",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\lt.res",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\my.res",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\cy.res",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\ha.res",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\yo.res",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\ps.res",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\th.res",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\chr.res",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\pl.res",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\az.res",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\ShutdownDuration.json",
"C:\\Program Files (x86)\\Mozilla Firefox\\distribution\\policies.json",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\fr_CA.res",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\fo.res",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-trackwhite-simple.sbstore",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\km.res",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\mt.res",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\res_index.res",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-harmful-simple.sbstore",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\ta.res",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-malware-simple.sbstore",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\om.res",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-downloadwhite-proto.sbstore",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\likelySubtags.res",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\mr.res",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\eo.res",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\he.res",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\hsb.res",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\zh.res",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\pending-deletion-ping",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\lb.res",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\ml.res",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\fa_AF.res",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\am.res",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\da.res",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\ee.res",
"C:\\Windows\\System32\\twinapi.dll",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\se.res",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\res_index.res",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\et.res",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\si.res",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\te.res",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\cs.res",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\hi.res",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\tr.res",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\to.res",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\kl.res",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-block-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\lo.res",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\fil.res",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\is.res",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\ne.res",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\logins.json",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\zu.res",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\ca.res",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\de.res",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\hr.res",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\kok.res",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\sq.res",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cert_override.txt",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\dsb.res",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\ms.res",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\as.res",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\vi.res",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-badbinurl-proto.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\ko.res",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\fi.res",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\gu.res",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\prefs.js",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\yi.res",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\ug.res",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\sl.res",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\nl.res",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\ro.res",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\kn.res",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\mk.res",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\sr.res",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\af.res",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\it.res",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\ar.res",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\ur.res",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\de_AT.res",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\es.res",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\sv.res",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\smn.res",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\wo.res",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-track-simple.sbstore",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\lv.res",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\zh_Hant.res",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\ka.res",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\cnvalias.icu",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\en_US.res",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\en.res",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\ucadata.icu",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\sr_Latn.res",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\bo.res",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\root.res",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-malware-proto.sbstore",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\haw.res",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\ja.res",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\bn.res",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\ru.res",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\downloads.json",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\experiments.json",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\lkt.res",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\bs_Cyrl.res",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\nb.res",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\ky.res",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\updates\\0\\update.version",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\fr.res",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\icudt60l\\coll\\bg.res"
],
"resolves_host": [
"aus5.mozilla.org",
"tiles.services.mozilla.com",
"search.services.mozilla.com",
"ciscobinary.openh264.org",
"shavar.services.mozilla.com",
"detectportal.firefox.com",
"safebrowsing.googleapis.com",
"redirector.gvt1.com",
"services.addons.mozilla.org",
"versioncheck-bg.addons.mozilla.org"
],
"file_deleted": [
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-downloadwhite-proto.metadata",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cookies.sqlite-wal",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\3561288849sdhlie.sqlite-wal",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\mozstd-trackwhite-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-downloadwhite-proto.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-unwanted-proto.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\except-flash-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-phish-simple.pset",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\xulstore.json",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-block-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-badbinurl-proto.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-unwanted-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\except-flashsubdoc-digest256.pset",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cookies.sqlite-shm",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\healthreport.sqlite-wal",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-unwanted-proto.metadata",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-block-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-harmful-simple.pset",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\session-state.json",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\2918063365piupsah.sqlite-wal",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\mozstd-trackwhite-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-unwanted-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\allow-flashallow-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\.startup-incomplete",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-trackwhite-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-malware-proto.metadata",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\3561288849sdhlie.sqlite-shm",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\block-flash-digest256.pset",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\archived\\2018-06\\1529094432250.8d1c7fee-79f4-470a-abe5-30f64452b184.main.jsonlz4",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-malware-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\sessionCheckpoints.json",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\archived\\2018-06\\1529094127628.b6c0f8ae-6867-461f-8b4e-0e5ad121f572.new-profile.jsonlz4",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\except-flashsubdoc-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-track-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-trackwhite-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-phish-proto.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-harmful-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\except-flashallow-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-track-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\except-flashallow-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\block-flash-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-phish-proto.metadata",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\mozplugin-block-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-malware-proto.pset",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\archived\\2018-06\\1529094127657.3ee56f54-bdce-46eb-a6d1-98f68cca4570.main.jsonlz4",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-badbinurl-proto.metadata",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\1657114595AmcateirvtiSty.sqlite-shm",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\base-track-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\except-flash-digest256.pset",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\1657114595AmcateirvtiSty.sqlite-wal",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\allow-flashallow-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\archived\\2018-06\\1529094538341.9c7aca19-57fd-4e4f-b088-84d9d1e147b1.main.jsonlz4",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\mozplugin-block-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-malware-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-phish-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\block-flashsubdoc-digest256.pset",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\healthreport.sqlite",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\archived\\2018-06\\1529094127660.769b1bb0-a4dd-45df-94dc-162afa98b7dc.first-shutdown.jsonlz4",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\block-flashsubdoc-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\base-track-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\2918063365piupsah.sqlite-shm",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\addons.json",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\healthreport.sqlite-shm"
],
"directory_removed": [
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\archived\\2018-06",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4"
],
"file_exists": [
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\1E6CC88205509B4729347C79C048D6FEE47BA702",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cookies.sqlite-wal",
"C:\\Windows\\SysWOW64",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\406A03EE0E91037465ACB2B4F4105250A54F282B",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\C7BCCD2D2CA294B38AE834D818CF5D5C0C7A65BE",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\1657114595AmcateirvtiSty.sqlite",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\F17F04878A68505AE5481A71D8B733C5FFC6F285",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4A7B3B12544D1B7ECC140DBCC7F13159E5C2811A",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\onboarding@mozilla.org.xpi\\install.rdf",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\5DE23E815D1A97B1F4BEA115D8FEE9A592A6F071",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\80C4BD9CF4D3178043F25467076DC8E0EDCA7FA2",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\plugins",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\25BA5C2B3FD98507850409FC3A4FD981B4B57A95",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\116C29D749EF02BBC3455756D834442785F9A388",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\chrome\\userContent.css",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\0C2824F70ADF87E5071FE4771AF36357A5500643",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\B0DBEFA19CF4EB70FB9678C501E2A489072B125D",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\mozplugin-block-digest256.pset",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\sessionCheckpoints.json",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\53DAE4B1D7BFF6744CCAF7207DE631267F9883DC",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\12C5797F729FEAC529B8B47C188D14EB02D8CB76",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-phish-proto.pset",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\webcompat@mozilla.org.xpi\\manifest.json",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\B7DB036074231ACC212F58CA5B8AF0545A418060",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-downloadwhite-proto.metadata",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\A698B6CF98F43F9B0EE1C1DAF3F2CB9BFF09A47C",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\1657114595AmcateirvtiSty.sqlite-shm",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\464DAA9FB3675E2054BC44273AFC184FA46471CB",
"C:\\Program Files (x86)\\CompanyLogoDesigner",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-track-simple-1.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-harmful-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\14C9FC10F03F11BB6CBD75EA217AB33E64DCC1D8",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\7129FF815464CD6B0D2D26BA6F4172DEB37EEEAD",
"C:\\Program Files (x86)\\Mozilla Firefox\\gmp-clearkey\\0.1\\clearkey.info",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\addons.json",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\03C2D63D520038594126B6B542E92CB503EF60B6",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4EC268BEC38CFB516EF780E0EBE4E401AF241132",
"C:\\Program Files (x86)\\Mozilla Firefox\\*",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\9548F9611999ED8CA357720E12017816424CFB6F",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\B871BCA40A90227E35C39797525C79C94A1D99BE",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-downloadwhite-proto.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\except-flashsubdoc-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\mozstd-trackwhite-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\allow-flashallow-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\5910B209536948818F465D83D2569E7CE0895207",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\content-prefs.sqlite",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4",
"C:\\Program Files (x86)\\Mozilla Firefox\\dictionaries",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-phish-proto.metadata",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\key4.db-wal",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\Cache",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\BD75785200C0E1E894D78880C72AC03D1B02A575",
"C:\\Program Files (x86)\\Mozilla Firefox\\distribution\\searchplugins",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\except-flashallow-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\89DBE1DF558BB8439E2062ECC3272086F2E3FF1F",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-malware-proto.metadata",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\6052DF2D478CD99FDE4D4B2D810BB2BA580793EC",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\2918063365piupsah.files",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\2FD2E2A71F89E3A92F68CB796207228217259289",
"C:\\Windows\\System32\\spool\\drivers\\color\\Photo.gmmp",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\F456E8433011E699C016D5F1A2CD66D7F02F61A1",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\scriptCache-child-new.bin",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\cld-readme.htm",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\scriptCache-new.bin",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\BF13DDDC114B55CF8532A4CD90403A99233AEC0E",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\3561288849sdhlie.sqlite-wal",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4E7F371E5CFBFD3AFD85C29D7EEFFFE842B3C777",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-phish-simple-1.sbstore",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\A41FBA22DC5012AD425DF960BDD5033BAB7C7CB6",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage.sqlite-wal",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\plugins",
"C:\\Users\\cuck\\AppData\\LocalLow",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\prefs-1.js",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\allow-flashallow-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\scriptCache-current.bin",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\extensions\\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi\\manifest.json",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\mozplugin-block-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\B028362E3889BEAC998CED49FD74BA83B106FF93",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\aushelper@mozilla.org.xpi\\install.rdf",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\698AC159A6BCBA0D13FE6F10F1A38E498F826F33",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\extensions\\staged",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-trackwhite-simple-1.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\46E3AF25E304979396708B69DA68563169275511",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\chrome\\custom-strings.txt",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\serviceworker.txt",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\onboarding@mozilla.org.xpi",
"C:\\Program Files (x86)\\Mozilla Firefox\\gmp-clearkey\\0.1\\manifest.json",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\17AFA6B228D2D87514B84B53E61306EC9F76A8AE",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\179F6D8969C48967D77229126C8892C5E40DBC29",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\content-prefs.sqlite-wal",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\1657114595AmcateirvtiSty.sqlite-journal",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D5E6BECED2D69F7DA21EFD7B80D6C386F459CAF3",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default",
"C:\\Program Files (x86)\\Mozilla Firefox\\firefox.exe",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\53A3BB8B513161BF46CD7ED76BE06E8E633BE492",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cookies.sqlite",
"C:\\Program Files (x86)\\Mozilla Firefox\\dictionaries\\sv.aff",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\92B5C9352DD00CE3BC97E4D5F624D41C2B3E8A45",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-phish-simple.sbstore",
"C:\\Users\\cuck\\AppData",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\2918063365piupsah.sqlite-journal",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-harmful-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\2B0BB856207559EBA5FC5511DF6FF5F51DFB5146",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\extensions",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\E771454BB360CA5F7AA169E5416B493549BC2F59",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4FA5EE242D6F5B358CE45D291E80054726F198AC",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\OfflineCache",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\places.sqlite-journal",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\scriptCache.bin",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\B10EA6E071F884F477118DC8A00E82FC8DE58639",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\favicons.sqlite-journal",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\EE34617993BEF52E93EC1819B22D42B99366214A",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\3561288849sdhlie.sqlite-shm",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\B43D30F6F6BD7155ECCE1FFC98748C5FE69D8051",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\F18D85F52EBBBA2AB081EF739ED0D6E8A76D497C",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\defaults\\preferences",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\except-flashsubdoc-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\Cache",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\96ABC2EA8266E6EA2ABE62F8766B67BC8CA527BD",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\FDC043D6190638980733E805CC7517F27A931511",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\block-flash-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-badbinurl-proto.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D1B90B03F8D7A2BA6BA1E9251F8101DECDB2CBEC",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\base-track-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\08F6935A08DB711CA491DE732807CFAEAB3E4D3B",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\2918063365piupsah.sqlite-shm",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\.metadata",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\webappsstore.sqlite-shm",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\followonsearch@mozilla.com.xpi",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\9843E084E02CC996A82AAAF091B968B2F443AA96",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cert9.db",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D7152E928865BCA4A03E2E2EA4F70459D0A65CA9",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\22C4B7AADA22F61015D43F2AC3959E959BFA7C92",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\index.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\FF55B8192FB0DF5264A1A67E55A281598969EDD1",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\B25B8C1B43CF7FBFAE6666322FAC0E83376388E2",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\minidumps",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D88DC229735F2EE8DFE494C6D1F37FA7BB2227CE",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\BA91797ACB41F0E0E1E95742571EEE322A6A70F0",
"C:\\Windows\\System32\\spool\\drivers\\color\\D65.camp",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\formautofill@mozilla.org.xpi\\install.rdf",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\CCB2BB2D87699CA64DCF0C60BDECD1E30D1D6A11",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\773ADD9F62EEAF7F2246C8AD56A9F1B7BAA7B703",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\2E3648501A7ACB740BAFCE7FC3EAF3D4DC4E995D",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\9BA38CD17924C08AD334BFB3903E3E7CD5627B1B",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\2DDBF58F5F7BF1E52CD38B42B90ABC8A4B082461",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-block-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\mozplugin-block-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\E7EAFD1748127CEAA48DCDD05E7998E3CAA95B8C",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\C4FA0268E64A0AD9E2040B07A1F10F120BD4EB0C",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\EAF97F7535E2FBDA3D23E536591F7BBFE203FAC1",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Extensions\\*",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D5D7B247774E63182A9E2C82B62424AAB64C79A8",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\745D8B14DE6A12F1FAB4E03C1DDDB18AADB91107",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-malware-simple-1.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\aushelper@mozilla.org.xpi\\manifest.json",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\7B303216787123E2E98A2B9594CDF8211C77C0EA",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\6E1FED29EBE0BFDE3E498E4192938BE957FF9246",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\xulstore.json",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\A9004750076EB06EEC33AA7B9CC6D2557CD44CF4",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-malware-simple.pset",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\0CB83587A5F8FCB502CB86AC361A93E2B36E861C",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\A3031C2052A395A7FE246EFE1783C6205B841295",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-badbinurl-proto.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\2F8B15C93D75669CC70EBF85BF71871359837EAF",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-unwanted-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\1679441B8AA7B4D31717C773CC4E86A25B37532B",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\C9BC79B1EF4DD1EF133FEDF6433E235214534AB1",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-block-simple-1.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\54EF37D18C4E81EE554527CBAE4A41871ECA817A",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\10506E8A46D6B713DA6BAF52F85CF29652AB094C",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\19AE0F43DA3528C6C3423A49A8C88E2268C93A9F",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\A9970A5D52CA09C13D9BD1531BCA7CF8B73E283E",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\A2FD2AEC52AD764EF05C6E7CE3A4CE4B752EA5F0",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cert9.db-wal",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\719CE0C009C49A27AA9874570F196BC7E8FB4270",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\except-flashsubdoc-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\block-flash-digest256.sbstore",
"C:\\Program Files (x86)",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\mozplugin-block-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\6301F538B782708AB243E2D7E05058C93BB83863",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\parent.lock",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\DF08D94982E136FE7C4F2C94421F9E48C2C74A77",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\crashreporter-override.ini",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\C664ABAE6A070392F60C7BFF721450AA0CF7DBA0",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\allow-flashallow-digest256.sbstore",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\activity-stream@mozilla.org.xpi\\install.rdf",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\key4.db",
"C:\\Program Files (x86)\\Mozilla Firefox\\omni.ja",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\webappsstore.sqlite-journal",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-downloadwhite-proto.metadata",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-badbinurl-proto.metadata",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\E8F333B9BE75EC8017017DAE4ACE9DCC6677A983",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\plugins",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-block-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\d3d11layers.guard",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\1E1444ABF82EF1DC8EE0944028E4CDA455D636F3",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\05582FF5C196A4485F189490FEC9ECEA0890DA32",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\Cache.Trash28485",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\2918063365piupsah.sqlite-wal",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\589D8E1EA927649272150213A47BD1143DECB82A",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-to_delete",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-malware-proto.metadata",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-phish-simple.pset",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\3561288849sdhlie.files",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\BFF1B70350A6A2E0FDC6CD336ADB9119D951BACD",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\content-prefs.sqlite-journal",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-trackwhite-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-phish-proto.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\66F684AF9CC570C6247262B47C769C601C2A338B",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\63FFF734326AB3EF836515DFE9353A5E12B66B71",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\1FD79E550E990A5DE8BC811C9BBECF380A66A9DF",
"C:\\Users\\cuck",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\prefs.js",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\followonsearch@mozilla.com.xpi\\manifest.json",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\5E4954707B44E5A4B4ACF5F22B52219A1DCA477F",
"C:\\Program Files (x86)\\Mozilla Firefox\\fonts",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\extensions",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\dictionaries",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-backup",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\1657114595AmcateirvtiSty.files",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\1D7A050D55E3C4EE69402F8D55391DE5B50ADDB9",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\.purgecaches",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\except-flashallow-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\except-flash-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\C57B57965CBA09581E320B5AA0337D210F8F93D2",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-phish-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\64E75C732D9C3F23724ACEF48E9B6C566BC6D9BE",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-harmful-simple.pset",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\chrome",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\32D3D40B1A49D72C523AF9C518AFE673224DF48F",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\E2E836DA4479746F0312710A7F9EE78D7DFD4750",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\onboarding@mozilla.org.xpi\\manifest.json",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\2E51A9404F7D0D33DB132CAF4A9C7B8FA64549AA",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-unwanted-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\urlCache-new.bin",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\120B4106EC203FC932984367D86BBE11C2B9B93C",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\2361C75DF0C4148925BB777DAFEA1BF4F9552B47",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\favicons.sqlite-wal",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\3A472858AE5D0DD4813DF4EFC9F1037A487B1A64",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-block-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\CA53C817FAB68ABF181745737562B15E8CCB7039",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\C03DE41C9476F437402F1B6C64B0E4AB01A863E0",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4E83181E964BD40E1FE4C41BAFED645D4BA363B1",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\25D9FE4CEA5B58770648CDAF3242ACDE286A6CBF",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\places.sqlite-shm",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\extensions\\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\urlCache.bin",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4AFCE23AA61A96885DF21D2DE2FFB502C41EBD3C",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\3561288849sdhlie.sqlite",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\SystemExtensionsDev",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-malware-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cert9.db-journal",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\361B548BA913570AB336F9E5FA9152F01E567AB9",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\mozstd-trackwhite-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\base-track-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\webappsstore.sqlite-wal",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\63F48F4F7F1BC3195F5AB831F9794F3DBA2D30E1",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\chrome\\userChrome.css",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\extensions\\*",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\favicons.sqlite",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4945586D32183A203E85FAFFD463A7684FD62668",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\7F2254AA2A8BC4A627A43E0A537084540A1E884B",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\aushelper@mozilla.org.xpi",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\950506BC89C1114E4E75E993855000430CECD9D9",
"C:\\Users\\cuck\\AppData\\Roaming",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-track-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D1A8E6A06938A84BEC26B6A4F8D583FB4A3E4875",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\1F3A3A34BAF218785600EB46E9182918B9928898",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4824C8FFDEE786A5D8721AF47836EA89F72B9E63",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-phish-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\89ACBB962943FAF1EF2F1C7CA72502C77A714625",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\3561288849sdhlie.sqlite-journal",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\startupCache.4.little",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\235A8ED310BFD65966E1EE36D0FD4BE498C8B73C",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\.metadata-v2",
"C:\\Program Files (x86)\\Mozilla Firefox",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\firefox@getpocket.com.xpi\\install.rdf",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\7ADD52E257AB16553D632B8F4B6830030878A19E",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\CB29EDE1FD7262A61FFAB793A382D515CAC77D01",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\AA109EF5680522CB655C98111C00F5A6B7B092B2",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\1AB027184D2B00AF60C1FC40EDE4333DEACDB184",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\B597DA2E9B2D181DF7F2FB8D2BAEC133C8DBA0A3",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\65C9C9A27B78717F1015DE362F028E04C3945DEC",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\webappsstore.sqlite",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D3AEF13BE0B76F1272C2F5536D4AF952DE6D2579",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\43CB3924B4D48AD39D6282AE7C1F2C500B3D6732",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-unwanted-simple-1.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-trackwhite-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-malware-proto.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\block-flashsubdoc-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\BA3014356B4F6ECADF1B5288B6841EB407783B99",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\75E50D054B90189E74DAB0C86F5E8680BE580C29",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-downloadwhite-proto.pset",
"C:\\Users\\cuck\\AppData\\LocalLow\\Mozilla\\Temp-{30125161-3c7f-4c5a-bdb3-beadc01f5994}\\*",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\34D9B2F464DD8C129F58DFEE470B079556A7A3F9",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\167493A5CFB1A41265EC1B95DA06580C32BCF814",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\webcompat@mozilla.org.xpi\\install.rdf",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\68B1EB9E09D4BD74CA7A9C1BB118BE821BD39E93",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\DC933A410E769DFD115C892EAF014A6E15ED59CE",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D172C03F361E7325D8F391F992106A828306767D",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cookies.sqlite-journal",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\block-flashsubdoc-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D381FB47D731C2651FB103E2F7BC18AF380F7B1F",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\6C9B846926C287B15F67D64CE91F1CFA7D812660",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\0FEBD8BDBFAC8B82791945DC7E04F675419B2F42",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\block-flash-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-unwanted-proto.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\24AB539CB6640E15DB1604220F3951544785212C",
"C:\\Users\\cuck\\AppData\\LocalLow\\Mozilla\\Temp-{30125161-3c7f-4c5a-bdb3-beadc01f5994}",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\7A140995F2B1632A4366B29F84525E129CE8019A",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-block-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\13AD07F4960A54F2D183ACF9E94C5128138B1927",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\8C98F893C7DC5F2C401AD1482A81572B54197408",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\updates\\0\\update.status",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\permissions.sqlite-wal",
"C:\\Users",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\10822A86FA4EA4E601152426CBC79395A1336DF4",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D6BFEAEE7117A9C7FDE6A10EAB400F894E4195A8",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\481A82674A6B66F0DE510C9A714F8CD8C49CECDC",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Extensions\\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\InstallTime20180605171542",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\B3F357E619352C003E94A8CF5A48F89305F38330",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\favicons.sqlite-shm",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D56D07CBF04B0388B53B943F61C75FC6620FA0A9",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\scriptCache-child.bin",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\1657114595AmcateirvtiSty.files\\journals",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\796EA7DED8F33BFD4F2F0CD98C76865D063E1FE1",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\mozstd-trackwhite-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D8779A474EF9F188508C00F92B9CE49A7892A0AD",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\allow-flashallow-digest256.sbstore",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\87526A8EBFB030E474085D20EF15DC8C63814072",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage.sqlite-journal",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\except-flashsubdoc-digest256.pset",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\screenshots@mozilla.org.xpi",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\AC09BBF6FF451E6C03BF3FB18C85B1A52662C4FC",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\0EDDF8C091E2FED62E44BEDDDC1723F5BF38FE4F",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-track-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\except-flash-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\session-state.json",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-track-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\except-flashallow-digest256.pset",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\formautofill@mozilla.org.xpi\\manifest.json",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\3105ECE5A1F29E3F4D2F5EDF3C6DC5FE4443FD4A",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-harmful-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\93B95B92B63A5C2327A8048A4BF57824C56B8CF1",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\index.log",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-track-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\9B1007AC2F741C4FD7099C41A741D0FD35957BB8",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\block-flashsubdoc-digest256.pset",
"C:\\Program Files (x86)\\Mozilla Firefox\\distribution\\extensions",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\places.sqlite-wal",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4966EE335F8967FC706E89E6D02E8524E946F1B9",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\except-flashallow-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\196BCA845E91608F7B4CA6127A60D20AF55413AC",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\chrome\\icons\\default\\main-window.ico",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\F8AC72083E334F70A553AE68455FBDF0E65C5221",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\E59C4C731883450D84A0BAE7FDD94546BBC8DE04",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cookies.sqlite-shm",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\chrome\\*",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\activity-stream@mozilla.org.xpi\\manifest.json",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-unwanted-simple.pset",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Extensions",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\.startup-incomplete",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-trackwhite-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\pluginreg.dat",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\screenshots@mozilla.org.xpi\\install.rdf",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\8366CD083751DA973B30F80B11D910A45A6D920D",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\webcompat@mozilla.org.xpi",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\6509930F4539DB79DA356F2C5D01976D46756302",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\8322BC5E83D3D80175E749D29197F9800286F253",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\2732BCC97E7EB9EC9DE3E8EA8F56D7971CBDCD22",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\except-flash-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-badbinurl-proto.metadata",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\base-track-digest256.pset",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\aborted-session-ping",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\E910D1FCE8BF27F5536B88567A4DC32624377CC3",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\B2D65EE14ED1EB19E1A3B4C871D8C24A13F52918",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\SystemExtensionsDev\\*",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\followonsearch@mozilla.com.xpi\\install.rdf",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\chrome\\icons\\default\\default.ico",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\firefox@getpocket.com.xpi",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\7A8D3A9360CC37F0AD80962D4AEA72B6D0F0B2B3",
"C:\\Users\\cuck\\AppData\\LocalLow\\Mozilla",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\280DEB31796CE454CD8D9594397E4D89E8E5D64F",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\screenshots@mozilla.org.xpi\\manifest.json",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\chrome",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-trackwhite-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\block-flash-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\AC5E012C1887C7B691A8EA00C4E754025E25C235",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\extensions\\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi\\install.rdf",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-malware-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\index",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\F2BD0701B9399ABF52C338C39C42391FD12832D2",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\01B2BB0FC84221A3593CA7991D57E56AC2CAE656",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\F10983A15DD515D828BE4E816299B9E87852132A",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\EFE71EF03AD3DD79AAEBAA0A3F9596521CBA2FFE",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\persdict.dat",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-unwanted-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\71E6B979E60B9BE891481CC4F4A274E2DECFFCD7",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\profiles.ini",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\EA9C51236A8D1BE9B123FE65F49772A97F2EAAEC",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\EFC872FB5405AFC377348FFCDD26E62BBB612D81",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\499B8F86D3D7ACD12153BFF4E7D9C21E20E57862",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\permissions.sqlite-journal",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4DE8480C465A21C0F01AA2B6F4E13E551F78BBB1",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\AFE5FBBD40656A0DF79CF1E5D0A1DF072C6B9AE9",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\8763F97414AC5D93807FCCBC67DBAAAEE2972A52",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\F6C3C960F259CC3B54FF1DAD70E2F2E9E5020CA6",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\505DF13F4DA2C53FEB1945E0598B23F47FDBDCC7",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\F85DD1E57E8C61DF501ABFFCE74943A8035E83A6",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\E9B5F1423155DB2E35FD739FC2008DB01C93DE1E",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\permissions.sqlite",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\firefox@getpocket.com.xpi\\manifest.json",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\omni.ja",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\2918063365piupsah.files\\journals",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\006309EAFFD4653F45B69F09BF6F930B6C5B394C",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\ED89A8241905354BB4530DC06257CEF53C1580A2",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\639DC9A240AA5E77CE1A930EDDD634BE796CBFA8",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\0CDAD0FEE8D457A239E21FCEAC3C12851FD524BB",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\extensions.json",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-harmful-simple-1.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\911B0C61350C012E383F7D0845A33B4D64F1AD2A",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\2918063365piupsah.sqlite",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-unwanted-proto.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-unwanted-proto.metadata",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\E600EF8778C4BFEC40D87FF56E5C46E3377094F0",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\16114BA75206B6FA4C51ADC8A73DB4C6635F6AF9",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\LastCrash",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\2F0CC71C57B06F9DEA5A4A190CC4CF489D97C1F4",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\mozstd-trackwhite-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\9B10ECC55593004CB6F9763CF9201C09433055FD",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\79AEB0050B19F23A061AD4C2045261954485EF33",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\88A3A91F296EB21A832CB76FA4FDB06CCDE147B9",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\key4.db-journal",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\5014D54D3346C39B07AF70090657B2AD092771C7",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\6D0B804EDDF9F0A04ED44C3E1673404FC2EF042D",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\25FCAA86CF448D2943B56A5788C3C21E5EA8DBC4",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\places.sqlite",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-unwanted-proto.metadata",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage.sqlite",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\BB03D28C0A5842A9006EBFBFCDEC58959BE6B505",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\activity-stream@mozilla.org.xpi",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\53B7A8254D12E292946E4514B3D598C1E6539AE8",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\doomed",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\archived\\2018-06",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\70F12FE0F788181112B9AEE541D1E9E7E0FAEDE3",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\formautofill@mozilla.org.xpi",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\block-flashsubdoc-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-phish-proto.metadata",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-malware-proto.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\723D2D7D52AD8AD9A4B8D12D69CBCD97CB4FFC65",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\448A2AB129B26377E2408BBC44A6B4E984B0F25D",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\except-flash-digest256.pset",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\1657114595AmcateirvtiSty.sqlite-wal",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-malware-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\24C085D72E4DC34C183B0875733BBC71612D9696",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\base-track-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\3561288849sdhlie.files\\journals",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\ABA24AAB8A9EA0E34C3E86EFD7EE2992CE614003"
],
"directory_enumerated": [
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\*",
"C:\\Users\\cuck\\AppData\\LocalLow\\Mozilla",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\*",
"C:\\Users\\cuck\\AppData\\LocalLow",
"C:\\Users\\cuck\\AppData",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Extensions\\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\\*",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\extensions\\*",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\archived\\*",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\extensions\\*",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\events\\*",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\saved-telemetry-pings\\*",
"C:\\Program Files (x86)\\Mozilla Firefox\\fonts\\*",
"C:\\Users\\cuck\\AppData\\Roaming",
"C:\\Users",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\archived\\2018-06\\*",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\*",
"C:\\Program Files (x86)\\Mozilla Firefox\\defaults\\pref\\*",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\*",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\*",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\doomed\\*",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Pending Pings\\*",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\*",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\crashes\\events\\*",
"C:\\Users\\cuck",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\*",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\bookmarkbackups\\*",
"C:\\Program Files (x86)\\Mozilla Firefox\\firefox.exe",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\*",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\*",
"C:\\Program Files (x86)\\Mozilla Firefox\\dictionaries\\*"
]
},
"first_seen": 1605815609.421625,
"ppid": 1676
},
{
"process_path": "C:\\Windows\\explorer.exe",
"process_name": "explorer.exe",
"pid": 1788,
"summary": {
"directory_created": [
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Explorer"
],
"dll_loaded": [
"C:\\Windows\\system32\\xmllite.dll",
"C:\\Windows\\WinSxS\\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_2b24536c71ed437a\\gdiplus.dll",
"MsftEdit.dll",
"POWRPROF.DLL"
],
"file_opened": [
"C:\\Windows\\System32\\calc.exe",
"C:\\ProgramData",
"C:\\",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\desktop.ini",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Explorer.lnk",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools",
"C:\\Users\\Public\\Pictures\\desktop.ini",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\desktop.ini",
"C:\\Windows\\System32\\displayswitch.exe",
"C:\\Program Files (x86)\\Mozilla Firefox\\",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Documents.library-ms",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\desktop.ini",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Company Logo Designer\\Company Logo Designer.lnk",
"C:\\Users\\cuck\\Desktop\\desktop.ini",
"C:\\Users\\Public\\Pictures",
"C:\\Program Files (x86)\\windows media player\\wmplayer.exe",
"C:\\Windows\\explorer.exe",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Firefox.lnk",
"C:\\Windows\\System32\\en-US\\wfsr.dll.mui",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu",
"C:\\Windows\\System32\\snippingtool.exe",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\Desktop.ini",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Media Player.lnk",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\XPS Viewer.lnk",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\desktop.ini",
"C:\\Users\\Public\\desktop.ini",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Windows PowerShell",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\desktop.ini",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools",
"C:\\Users\\Public\\Documents\\desktop.ini",
"C:\\Windows\\System32\\imageres.dll",
"C:\\Windows\\AppPatch\\sysmain.sdb",
"\\\\?\\PIPE\\samr",
"C:\\Windows\\System32\\WFS.exe",
"C:\\Users\\cuck\\Pictures",
"C:\\Windows\\System32\\StikyNot.exe",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\desktop.ini",
"C:\\Users\\cuck\\AppData\\Roaming",
"C:\\Program Files (x86)\\windows media player\\en-US\\wmplayer.exe.mui",
"C:\\Users\\Public\\Pictures\\Sample Pictures\\desktop.ini",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Snipping Tool.lnk",
"C:\\Program Files (x86)\\Internet Explorer\\iexplore.exe",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Pictures.library-ms",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_1024.db",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\Desktop.ini",
"C:\\ProgramData\\Microsoft\\Windows",
"C:\\Windows\\System32\\DeviceCenter.dll",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_idx.db",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Python 2.7",
"C:\\Users\\Public\\Desktop",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_sr.db",
"C:\\Program Files (x86)\\desktop.ini",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Sticky Notes.lnk",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Welcome Center.lnk",
"C:\\Users\\Public\\Desktop\\desktop.ini",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Paint.lnk",
"C:\\Program Files (x86)\\Windows Media Player\\wmplayer.exe",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Company Logo Designer",
"C:\\Windows\\resources\\Themes\\Aero\\Shell\\NormalColor\\ShellStyle.dll",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Calculator.lnk",
"C:\\Users",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\displayswitch.lnk",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_96.db",
"C:\\Windows\\System32\\xpsrchvw.exe",
"C:\\Users\\desktop.ini",
"C:\\Windows\\System32\\mspaint.exe",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Internet Explorer",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Remote Desktop Connection.lnk",
"C:\\Users\\cuck",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories",
"C:\\ProgramData\\Microsoft\\User Account Pictures\\user.bmp",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_256.db",
"C:\\Windows\\System32\\SnippingTool.exe",
"C:\\Windows\\System32\\WFSR.dll",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\desktop.ini",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Games\\desktop.ini",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Music.library-ms",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs",
"C:\\Program Files (x86)\\Mozilla Firefox\\firefox.exe",
"C:\\Windows\\System32\\rundll32.exe",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Desktop.ini",
"C:\\Users\\cuck\\AppData",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Tablet PC\\Desktop.ini",
"C:\\Users\\cuck\\Desktop",
"C:\\Windows\\System32\\en-US\\calc.exe.mui",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Tablet PC",
"C:\\Windows\\System32\\en-US\\DeviceCenter.dll.mui",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Games",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows\\Libraries",
"C:\\Windows\\System32\\cmd.exe",
"c:\\Users\\cuck\\AppData\\Local\\Temp\\is-MNA02.tmp\\891abfbc1df80ee834d4790b35a3ad27723867dcfaa28deee423bf1ac3eab95b.tmp",
"C:\\Users\\Public",
"C:\\ProgramData\\Microsoft",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Windows Fax and Scan.lnk",
"c:\\program files (x86)\\internet explorer\\iexplore.exe",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Windows PowerShell\\desktop.ini",
"C:\\Windows\\Branding\\ShellBrd\\shellbrd.dll",
"C:\\Users\\cuck\\Pictures\\desktop.ini",
"c:\\program files (x86)\\internet explorer\\en-US\\iexplore.exe.mui",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Command Prompt.lnk",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft",
"c:\\program files (x86)\\mozilla firefox\\firefox.exe",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Desktop.ini",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_32.db",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Internet Explorer.lnk",
"C:\\Windows\\System32\\mstsc.exe"
],
"regkey_opened": [
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\F05C8358C56DAD54BB81D0A11DD52F41",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\8D0CBB37A94C46943A90AC5008CF1CC9",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\0F4DC93AAA8AD1D448BC4E6A207F4FE0",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\895805CC90C04694887EF6BD140A622D",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\BE0BD5097A638224EB0DAAE870267F03",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\B06071FE021ECB04E8B3BF1E39AD5BB3",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\CDBF699A8F2EAC2438564C3D50E9E638",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\5B5C8B2FB95B57147954C18085D53ACE",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\040E2A370D6DB2F45AE45A0032BC2179",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\30FAECE2400494D4FB69207288EB5B73",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\0EF52818FCE3E7B488427C1F8266654E",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\669C9DC1419C0F240B35B36B99AAB50C",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\1E82F31DC0D05AA4CB291B7BAA23FC8E",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\FBEAAA6C37E8AF24B87AAEA0047433BD",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\103857F24A2EDA54A800A41FA570861F",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\D3541DFF9B79C584284E8981624C04CB",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\Managed\\S-1-5-21-699399860-4089948139-3198924279-1001\\Installer\\Features\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\A7E9995902A24964C9C5D461E1C86F19",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\87C48B95924E3294FBC1766C9225DD0C",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\E85E64F0A7FC58E47A87E5AB98A6F2DD",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Applications\\cmd.exe\\TaskbarExceptionsIcons",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\958C4A0DE6C8D5C428C6E9D875BC33B6",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\4486F7CE8F022FB4EB0154C5226C27A0",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\B1D5EA6004F809D48B117CE563261011",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\33AB3CD4D27277545B5A93CD4ECB96B4",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\5E429E5BC27530F4786481EC687D9EC9",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\7FE547D6F0D72534A80F89C4AB727618",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\AE5A0040C41ACA642AF6DB16F4D2F638",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\0411990C889EE9B47BB0B5D356564877",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\2FA90A429E82313489DAA2E2C2F0872C",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\75B368B60C908BA4E87C31F66B02F3F0",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\5B04950B5EC5C924B8F428B5484A2720",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\89DF671CDA74E9D4EB10275B10D5CF3F",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\CB2182A03B6B11341A1F09A021991CE1",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\62293D511DB84E5489074C5AFA18E882",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\9D22CD4619F5DBC499A083AAD70FE7B3",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\FF9FDEA72CD9DDC47A6DAB85F9F76B81",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\PropertySystem\\PropertyHandlers\\.ini",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\7BF7ABF4D25C03F4582D4BC3082FB208",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\E40FDF839772BEB41AC977860DBB4853",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\CE5B971A0DBB8FD4F83AE0DADC348104",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\CF65AB832507EDB4BB357F9D8E0431BD",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\63B1AF366905AF641BA514CCBAE803C4",
"HKEY_LOCAL_MACHINE\\Software\\Classes\\Installer\\Products\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\8691BCC36FF121849A90B085BFAF5E5E",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\F591EF48DE97A00428A5BC1AFFFAA868",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\Managed\\S-1-5-21-699399860-4089948139-3198924279-1001\\Installer\\Products\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\285499F23409ED14FB4A01230F5DFA91",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\9BA984AD4F03E284382FFBB7A68BEE27",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\4FE19F224928A59468049F045950CB08",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\84C584688CFC74A4E9D36E5EE2E02FA7",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\9F5ED6B416EF0A1448D94799D0FF20BA",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\7FEB01D34D0F67E4F9CD810B432C1B91",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\4514EC211C8947C4B9BA24F353AFFD50",
"HKEY_LOCAL_MACHINE\\Software\\Classes\\Installer\\Features\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\4FE462B32EFD81040A184ED17E00452B",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\7814D91294731FF4DBBB840810BEB3BB",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\67C12EF40671B7342A2F990919031A57",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\B4BBDDC88CEE4DD439E8BB261CE222A8",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\296744B7EBFEB2741A47781AE6E32269",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\92F9143E715DEF045A539256438E41FB",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\8020CF43278B2644190F51544810251E",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Installer\\Features\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\B690B72A999998C47B5F93C94A8D43B2",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\3D197E722531D614AB40C182904D9A31",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\16AC40BE991DF1643B2800729063B2F9",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Installer\\Products\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\7C0477DE66D1A6749864FCE02A6DCB6C",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Applications\\explorer.exe\\TaskbarExceptionsIcons",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\D5FD8239A83FE564F97379EA15CE8CB6",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\04C56B5D827A9194FA2CBFD014EAD0DA",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\4626147D107665540A84D43A5908E74D",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\A558E619ABC4CE5479C1DA5070EFBF81",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\18D84E9490A485948A17A1F02CDAA62A",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\315C767EFC72D8445B1D2D16F72653F0",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\11E2BA15171FE704B98E7505E58D7749",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\8D38A6F5FC8262149A9FAAE8C621EE3F",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\8ECC347096FA78C4E8291F449F71E16E",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\FE056816E41FD2F4CACD03E7A2CA2E6E",
"HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ThumbnailCache",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\89BBBC8A0D32B014696C4BA3C20CDD34",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\9DD74C0626DC33C479C1929714AB5295",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\95E2C34402A93A14FA8CB3420B85375C",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\53F08364FFD17F14B8FD7CA7F52FAE76",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\C1EF68F348457B246A0AD0C18B3079AF",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\E116C831A95AB5B4787CE3086FE83631",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\KindMap",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\863CA21BBA4DFCE489FDF96EAB898616",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\PropertySystem\\PropertyHandlers\\.library-ms",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\A0256FF64030E0746A4AA95D3FFD0BE4",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\8D04063BE69797D4D8505462827A0D19",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\FFFA6DF7EA9EDFC45A1F02FE6DF8F067",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\73964AA699D5B5140ADC41ED3F7DB38A",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\9753E3A35E3BDFB468DF95B5D19C8A04",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\PropertySystem\\PropertyHandlers\\.png",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\F356843B045CC0A4BA0D83C1D85AAAFD",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\D725CB8E57307E64EB574E04214D8B5F",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\1C1ED53B8F25FD248955C15232E46886",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\1A0857155A8EF604FA5D1648CF382DC7",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\18F5DB38C45303843B06B1B5025E4820",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\AD21E12039BB3BC47B1938BC4ABDFEE2",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\034A8F8E06031EF46BCB4C10469098E5",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\C4040CC509FB0DC4886F590DDF6B6132",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\84BBAC70FB00B6046881B55CB3122F0F",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\F21868A51A175874BB819DCA5FAA40A3",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\0A191B45599EEB74CA305184EA3C2A94",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\3C68656E520593A45925ADFB41F821B5",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\90860AAA7BD3DE34EB32330DD29CAD62",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\002F6EFFA8A0A40498F3035BD153685A",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StartPage\\NewShortcuts",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\F41A458014D57E54E8DBD0B0CBC361A2",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\9E40FDB6330EBA242A4BD5F4FDD0B803",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\5E3DAE67887931944BCD7171908FA775",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\965742E8F65116F4BB2CB01341464FA7",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\717591555BCB1604BA9777E8A55D0E41",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\335F6F64CD461D9469519574D34757EB",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\17E23EF6C775D324DB90E0E2B7D1CA72",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\0FD387D006FD9734FA65B249F36DE42A",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\PropertySystem\\PropertyHandlers\\.bmp",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\95EE473833000D6409127D1B85882AC9",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\EEF8AA9EB45B5DB4BBE46B8634C910CD",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Products\\586A8930D8DF3B6489614C37910BFCF5\\Features",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\7636A94AA21EDBB48B6AFFB17E5907B8"
],
"file_written": [
"\\\\?\\PIPE\\samr"
],
"file_exists": [
"C:\\Users\\cuck\\Desktop",
"C:\\Python27\\pythonw.exe",
"C:\\Program Files (x86)\\CompanyLogoDesigner\\CompanyLogoDesigner.exe",
"C:\\Python27\\python.exe",
"C:\\cuckoo_1788.ini",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Documents.library-ms",
"C:\\Users\\Public",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Company Logo Designer\\Company Logo Designer.lnk",
"C:\\Users\\cuck\\Documents",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Pictures.library-ms",
"C:\\Windows\\explorer.exe",
"C:\\Users\\Public\\Documents",
"C:\\Users\\cuck",
"C:\\Program Files (x86)",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Explorer\\ThumbCacheToDelete",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu",
"C:\\Program Files (x86)\\CompanyLogoDesigner",
"C:\\Users\\Public\\Desktop",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\Music.library-ms",
"C:\\Program Files (x86)\\Mozilla Firefox\\firefox.exe",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_32.db",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\is-MNA02.tmp\\891abfbc1df80ee834d4790b35a3ad27723867dcfaa28deee423bf1ac3eab95b.tmp"
],
"mutex": [
"Global\\C::Users:cuck:AppData:Local:Microsoft:Windows:Explorer:thumbcache_idx.db!rwReaderRefs",
"Global\\C::Users:cuck:AppData:Local:Microsoft:Windows:Explorer:thumbcache_32.db!dfMaintainer",
"Global\\C::Users:cuck:AppData:Local:Microsoft:Windows:Explorer:thumbcache_256.db!dfMaintainer",
"Global\\C::Users:cuck:AppData:Local:Microsoft:Windows:Explorer:thumbcache_sr.db!dfMaintainer",
"Global\\C::Users:cuck:AppData:Local:Microsoft:Windows:Explorer:thumbcache_1024.db!dfMaintainer",
"Global\\C::Users:cuck:AppData:Local:Microsoft:Windows:Explorer:thumbcache_idx.db!ThumbnailCacheInit",
"Global\\C::Users:cuck:AppData:Local:Microsoft:Windows:Explorer:thumbcache_idx.db!11396c",
"Global\\C::Users:cuck:AppData:Local:Microsoft:Windows:Explorer:thumbcache_96.db!dfMaintainer",
"Global\\C::Users:cuck:AppData:Local:Microsoft:Windows:Explorer:thumbcache_idx.db!rwWriterMutex"
],
"file_failed": [
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Explorer\\thumbcache_32.db",
"C:\\ProgramData\\Microsoft\\desktop.ini",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\desktop.ini",
"C:\\cuckoo_1788.ini"
],
"guid": [
"{6ccb7be0-6807-11d0-b810-00c04fd706ec}",
"{4f6bcd94-c2a5-42ce-8dbc-31e794be4630}",
"{7cc7aed8-290e-49bc-8945-c1401cc9306c}",
"{fdada2fa-894d-47d8-ae78-adf1fd7f28df}",
"{54410b83-6787-4418-9735-5aaaabe83a9a}",
"{1c1800c1-3258-44c2-be80-3deadb6c5e39}",
"{8be2d872-86aa-4d47-b776-32cca40c7018}",
"{3ce74de4-53d3-4d74-8b83-431b3828ba53}",
"{ea69859a-db5b-4c4a-8a8f-ae9759027534}",
"{05a232fd-2bfb-4349-9d48-4787f317f50a}",
"{000214fa-0000-0000-c000-000000000046}",
"{f678fcde-eb44-4b6e-9b75-cc4a661f5263}",
"{529a9e6b-6587-4f23-ab9e-9c7d683e3c50}",
"{b2952b16-0e07-4e5a-b993-58c52cb94cae}",
"{660b90c8-73a9-4b58-8cae-355b7f55341b}",
"{4657278a-411b-11d2-839a-00c04fd918d0}",
"{ae054212-3535-4430-83ed-d501aa6680e6}",
"{ec5ec8a9-c395-4314-9c77-54d7a935ff70}",
"{7d39402f-5b52-4b34-b528-b95f66927e1d}",
"{c3acefb5-f69d-4905-938f-fcadcf4be830}",
"{b8967f85-58ae-4f46-9fb2-5d7904798f4b}",
"{00000000-0000-0000-c000-000000000046}",
"{14ce31dc-abc2-484c-b061-cf3416aed8ff}",
"{00000146-0000-0000-c000-000000000046}",
"{cef04fdf-fe72-11d2-87a5-00c04f6837cf}",
"{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}",
"{427fd3d4-f30a-4033-84ef-cbb1a955d9f7}",
"{76765b11-3f95-4af2-ac9d-ea55d8994f1a}",
"{6746c347-576b-4f73-9012-cdfeea251bc4}",
"{c0a6c367-c264-4385-a704-9088bdc3640e}",
"{de5bf786-477a-11d2-839d-00c04fd918d0}",
"{0c733a8a-2a1c-11ce-ade5-00aa0044773d}",
"{33c53a50-f456-4884-b049-85fd643ecfed}",
"{14074e0b-7216-4862-96e6-53cada442a56}",
"{111f7c32-0546-4227-8b7f-c53a0b114a0f}",
"{00000323-0000-0000-c000-000000000046}",
"{6e682784-1eca-4cf2-988d-96b6e89e9a4d}",
"{5e078e03-8265-4bbe-9487-d242edbef910}",
"{a4b544a1-438d-4b41-9325-869523e2d6c7}",
"{75121952-e0d0-43e5-9380-1d80483acf72}",
"{603d3800-bd81-11d0-a3a5-00c04fd706ec}",
"{cacaf262-9370-4615-a13b-9f5539da4c0a}",
"{ab8902b4-09ca-4bb6-b78d-a8f59079a8d5}",
"{8ded7393-5db1-475c-9e71-a39111b0ff67}",
"{1f02b6c5-7842-4ee6-8a0b-9a24183a95ca}",
"{71d222e1-432f-429e-8c13-b6dafde5077a}",
"{bbd20037-bc0e-42f1-913f-e2936bb0ea0c}",
"{934d4698-6a59-48f8-9f29-9fb30670320e}",
"{64bc32b5-4eec-4de7-972d-bd8bd0324537}",
"{4df0c730-df9d-4ae3-9153-aa6b82e9795a}",
"{3c708557-c99d-4fa3-9231-56518418b4e4}",
"{1f3427c8-5c10-4210-aa03-2ee45287d668}",
"{dc8f8556-efbd-4efa-8b64-bba84b4ecd7f}",
"{9cfc2df3-6ba3-46ef-a836-e519e81f0ec4}",
"{aa80e801-2021-11d2-93e0-0060b067b86e}",
"{f676c15d-596a-4ce2-8234-33996f445db1}",
"{4657278b-411b-11d2-839a-00c04fd918d0}",
"{46a6eeff-908e-4dc6-92a6-64be9177b41c}",
"{ed6ae9cf-ad35-46b7-ac30-3f8b9eb5349f}",
"{000214e6-0000-0000-c000-000000000046}",
"{50ef4544-ac9f-4a8e-b21b-8a26180db13f}",
"{807c1e6c-1d00-453f-b920-b61bb7cdd997}",
"{db6efb73-5153-43b7-8078-c6ffc4c0238c}",
"{1685d4ab-a51b-4af1-a4e5-cee87002431d}"
],
"file_read": [
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Welcome Center.lnk",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Desktop.ini",
"\\\\?\\PIPE\\samr",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\desktop.ini",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Paint.lnk",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Explorer.lnk",
"C:\\Users\\Public\\Desktop\\desktop.ini",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Tablet PC\\Desktop.ini",
"C:\\Users\\Public\\Pictures\\desktop.ini",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\desktop.ini",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\desktop.ini",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\desktop.ini",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\displayswitch.lnk",
"C:\\Users\\Public\\Pictures\\Sample Pictures\\desktop.ini",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Company Logo Designer\\Company Logo Designer.lnk",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Snipping Tool.lnk",
"C:\\Users\\cuck\\Desktop\\desktop.ini",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Calculator.lnk",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Windows PowerShell\\desktop.ini",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Windows Fax and Scan.lnk",
"C:\\Users\\desktop.ini",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Firefox.lnk",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\Desktop.ini",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Remote Desktop Connection.lnk",
"C:\\Users\\cuck\\Pictures\\desktop.ini",
"C:\\ProgramData\\Microsoft\\User Account Pictures\\user.bmp",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\Desktop.ini",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Media Player.lnk",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\XPS Viewer.lnk",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Command Prompt.lnk",
"C:\\Program Files (x86)\\desktop.ini",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\desktop.ini",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\desktop.ini",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Games\\desktop.ini",
"C:\\Users\\Public\\desktop.ini",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\desktop.ini",
"C:\\Program Files (x86)\\Mozilla Firefox\\firefox.exe",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Desktop.ini",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Internet Explorer.lnk",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Sticky Notes.lnk",
"C:\\Users\\Public\\Documents\\desktop.ini"
],
"regkey_read": [
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoRecentDocsMenu",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\0A191B45599EEB74CA305184EA3C2A94\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\67C12EF40671B7342A2F990919031A57\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\90860AAA7BD3DE34EB32330DD29CAD62\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_PowerButtonAction",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A4A1A128-768F-41E0-BF75-E4FDDD701CBA}\\InProcServer32\\ThreadingModel",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\\rhqprqvg.rkr",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2559A1F1-21D7-11D4-BDAF-00C04F60B9F0}\\ShellFolder\\QueryForOverlay",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Npprffbevrf\\Erzbgr Qrfxgbc Pbaarpgvba.yax",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowPrinters_ShouldShow",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{C90250F3-4D7D-4991-9B69-A5C5BC1C2AE6}\\InProcServer32\\ThreadingModel",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\Zvpebfbsg.VagreargRkcybere.Qrsnhyg",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2559A1F1-21D7-11D4-BDAF-00C04F60B9F0}\\ShellFolder\\UseDropHandler",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowRecordedTV",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\HideDesktopIcons\\NewStartPanel\\{031E4825-7B94-4DC3-B131-E946B44C8DD5}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}\\{28636AA6-953D-11D2-B5D6-00C04FD918D0} 34",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.png\\NeverShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\CF65AB832507EDB4BB357F9D8E0431BD\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\E85E64F0A7FC58E47A87E5AB98A6F2DD\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\StartMenuFavorites",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.png\\IsShortcut",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\8D04063BE69797D4D8505462827A0D19\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.bmp\\BrowseInPlace",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2559A1F1-21D7-11D4-BDAF-00C04F60B9F0}\\ShellFolder\\HideFolderVerbs",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{E44E5D18-0652-4508-A4E2-8A090067BCB0}\\SortOrderIndex",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.lnk\\BrowseInPlace",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{E44E5D18-0652-4508-A4E2-8A090067BCB0}\\LocalizedString",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\PropertySystem\\PropertyHandlers\\.library-ms\\(Default)",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StartPage2\\ProgramsCacheSMP",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2559A1F1-21D7-11D4-BDAF-00C04F60B9F0}\\ShellFolder\\NoFileFolderJunction",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\inifile\\AlwaysShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.bmp\\Content Type",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Znvagranapr\\Erzbgr Nffvfgnapr.yax",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\\zvtjvm\\cbfgzvt.rkr",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Cached\\{14074E0B-7216-4862-96E6-53CADA442A56} {000214FA-0000-0000-C000-000000000046} 0xFFFF",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\LibraryFolder\\NeverShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.png\\BrowseInPlace",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\NeverShowExt",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\AccListViewV6",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\\SortOrderIndex",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\\zntavsl.rkr",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{9R3995NO-1S9P-4S13-O827-48O24O6P7174}\\GnfxOne\\Jvaqbjf Rkcybere.yax",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Nqzvavfgengvir Gbbyf\\vFPFV Vavgvngbe.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\text\\IsShortcut",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\\JvaqbjfNalgvzrHctenqrHV.rkr",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}\\System.HideOnDesktop",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{00021401-0000-0000-C000-000000000046}\\DisableProcessIsolation",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{645FF040-5081-101B-9F08-00AA002F954E}\\LocalizedString",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\Zvpebfbsg.NhgbTrarengrq.{15067OP1-P5N8-425R-37P6-SN0O891674S9}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\863CA21BBA4DFCE489FDF96EAB898616\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\1E82F31DC0D05AA4CB291B7BAA23FC8E\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\B4BBDDC88CEE4DD439E8BB261CE222A8\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Jvaqbjf Zrqvn Cynlre.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoSMHelp",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowMyMusic_ShouldShow",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\Zvpebfbsg.Jvaqbjf.FgvpxlAbgrf",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_AdminToolsRoot",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Paint.Picture\\ThumbnailCutoff",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StartPage\\StartPanel_FadeOut",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2559A1F1-21D7-11D4-BDAF-00C04F60B9F0}\\ShellFolder\\WantsParseDisplayName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.exe\\Content Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\image\\DocObject",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\IsShortcut",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\D3541DFF9B79C584284E8981624C04CB\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A8A91A66-3A7D-4424-8D24-04E180695C7A}\\SortOrderIndex",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StartPage\\FavoritesRemovedChanges",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Npprffbevrf\\Zngu Vachg Cnary.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{EEA0C191-DDA8-4656-8FC4-72BDEDBA8A78}\\OverrideFileSystemProperties\\System.SFGAOFlags",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Npprffbevrf\\Jvaqbjf CbjreFuryy\\Jvaqbjf CbjreFuryy VFR.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\LibraryFolder\\BrowseInPlace",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Taskband\\FavoritesChanges",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StartPage\\StartPanel_FadeDelay",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.bmp\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\DocObject",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowMyDocs_ShouldShow",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}\\System.DateModified",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\Zvpebfbsg.NhgbTrarengrq.{53123611-QN37-S8QN-SNP9-03R76QO9Q64Q}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\7BF7ABF4D25C03F4582D4BC3082FB208\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\lnkfile\\AlwaysShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\A7E9995902A24964C9C5D461E1C86F19\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{EEA0C191-DDA8-4656-8FC4-72BDEDBA8A78}\\OverrideFileSystemProperties\\System.ItemFolderPathDisplayNarrow",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\8691BCC36FF121849A90B085BFAF5E5E\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\search\\shell\\open\\NeverDefault",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\30FAECE2400494D4FB69207288EB5B73\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowNetConn_ShouldShow",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StartPage2\\FavoritesChanges",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.exe\\IsShortcut",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\{BD7A2E7B-21CB-41b2-A086-B309680C6B7E}\\SuppressionPolicy",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{14074E0B-7216-4862-96E6-53CADA442A56}\\NoOplock",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\FE056816E41FD2F4CACD03E7A2CA2E6E\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\{450D8FBA-AD25-11D0-98A8-0800361B1103}\\SuppressionPolicy",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.ini\\PerceivedType",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\Zvpebfbsg.Jvaqbjf.TrggvatFgnegrq",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\\DefaultIcon\\OpenIcon",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{6Q809377-6NS0-444O-8957-N3773S02200R}\\Jvaqbjf AG\\Npprffbevrf\\jbeqcnq.rkr",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoFavoritesMenu",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowSetProgramAccessAndDefaults",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_LargeMFUIcons",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{DAF95313-E44D-46AF-BE1B-CBACEA2C3065}\\SortOrderIndex",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Nqzvavfgengvir Gbbyf\\Gnfx Fpurqhyre.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.bmp\\AlwaysShowExt",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\\DefaultIcon\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{645FF040-5081-101B-9F08-00AA002F954E}\\{B725F130-47EF-101A-A5F1-02608C9EEBAC} 13",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WindowsUpdate\\Auto Update\\UAS\\UpdateCount",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Npprffbevrf\\Flfgrz Gbbyf\\qsethv.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{645FF040-5081-101B-9F08-00AA002F954E}\\{B725F130-47EF-101A-A5F1-02608C9EEBAC} 14",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Npprffbevrf\\ArgjbexCebwrpgvba.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\103857F24A2EDA54A800A41FA570861F\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\LibraryFolder\\IsShortcut",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2559A1F1-21D7-11D4-BDAF-00C04F60B9F0}\\ShellFolder\\MapNetDriveVerbs",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace\\DelegateFolders\\{9113A02D-00A3-46B9-BC5F-9C04DADDD5D7}\\SuppressionPolicy",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\image\\Treatment",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\AE5A0040C41ACA642AF6DB16F4D2F638\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{EEA0C191-DDA8-4656-8FC4-72BDEDBA8A78}\\OverrideFileSystemProperties\\System.FileName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowRecordedTV",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\\freivprf.zfp",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Taskband\\FavoritesRemovedChanges",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StartPage\\StartMenu_Balloon_Time",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\GlobalAssocChangedCounter",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoStartMenuMyMusic",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{00021401-0000-0000-C000-000000000046}\\UseInProcHandlerCache",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1F3427C8-5C10-4210-AA03-2EE45287D668}\\InProcServer32\\LoadWithoutCOM",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\95E2C34402A93A14FA8CB3420B85375C\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_CURRENT_USER\\Local Settings\\MuiCache\\2\\52C64B7E\\@C:\\Windows\\system32\\unregmp2.exe,-4",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\inifile\\NeverShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\7FEB01D34D0F67E4F9CD810B432C1B91\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace\\DelegateFolders\\{b155bdf8-02f0-451e-9a26-ae317cfd7779}\\SuppressionPolicy",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StartPage\\StartPanel_TopMatch",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\search\\shell\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\FF9FDEA72CD9DDC47A6DAB85F9F76B81\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoChangeStartMenu",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}\\System.HideOnDesktop",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Npprffbevrf\\Pnyphyngbe.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\LibraryFolder\\shellex\\LibraryDescriptionHandler\\(Default)",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Npprffbevrf\\Flfgrz Gbbyf\\Qvfx Pyrnahc.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\296744B7EBFEB2741A47781AE6E32269\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{N77S5Q77-2R2O-44P3-N6N2-NON601054N51}\\Vagrearg Rkcybere (64-ovg).yax",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\Zvpebfbsg.Jvaqbjf.ZrqvnCynlre32",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{N77S5Q77-2R2O-44P3-N6N2-NON601054N51}\\Npprffbevrf\\Jvaqbjf Rkcybere.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\HideDesktopIcons\\NewStartPanel\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoNetHood",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\UseDefaultTile",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowRecentDocs_ShouldShow",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Search\\Preferences\\WriteLog",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\62293D511DB84E5489074C5AFA18E882\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\{89D83576-6BD1-4c86-9454-BEB04E94C819}\\SuppressionPolicy",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\7636A94AA21EDBB48B6AFFB17E5907B8\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\{98D99750-0B8A-4c59-9151-589053683D73}\\SuppressionPolicy",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2559A1F1-21D7-11D4-BDAF-00C04F60B9F0}\\ShellFolder\\WantsAliasedNotifications",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Npprffbevrf\\Gnoyrg CP\\FuncrPbyyrpgbe.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\8ECC347096FA78C4E8291F449F71E16E\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\IsShortcut",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Nqzvavfgengvir Gbbyf\\Jvaqbjf CbjreFuryy Zbqhyrf.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{EEA0C191-DDA8-4656-8FC4-72BDEDBA8A78}\\DisableProcessIsolation",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\Zvpebfbsg.NhgbTrarengrq.{OQ3S924R-55SO-N1ON-9QR6-O50S9S2460NP}",
"HKEY_CURRENT_USER\\Local Settings\\MuiCache\\2\\52C64B7E\\@C:\\Windows\\system32\\DeviceCenter.dll,-1000",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\5E429E5BC27530F4786481EC687D9EC9\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\{e345f35f-9397-435c-8f95-4e922c26259e}\\SuppressionPolicy",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_AdminToolsRoot_ShouldShow",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\9BA984AD4F03E284382FFBB7A68BEE27\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\image\\BrowseInPlace",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\89DF671CDA74E9D4EB10275B10D5CF3F\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\\zfcnvag.rkr",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Npprffbevrf\\Gnoyrg CP\\Jvaqbjf Wbheany.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.exe\\AlwaysShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\image\\NeverShowExt",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Nqzvavfgengvir Gbbyf\\Jvaqbjf Sverjnyy jvgu Nqinaprq Frphevgl.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{645FF040-5081-101B-9F08-00AA002F954E}\\System.FileAttributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Paint.Picture\\AlwaysShowExt",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\\pnyp.rkr",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Npprffbevrf\\Jvaqbjf CbjreFuryy\\Jvaqbjf CbjreFuryy VFR (k86).yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{EEA0C191-DDA8-4656-8FC4-72BDEDBA8A78}\\OverrideFileSystemProperties\\System.ItemNameDisplay",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Znvagranapr\\Perngr Erpbirel Qvfp.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\895805CC90C04694887EF6BD140A622D\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\\zfen.rkr",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2559A1F1-21D7-11D4-BDAF-00C04F60B9F0}\\DefaultIcon\\OpenIcon",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Nqzvavfgengvir Gbbyf\\Pbzcbarag Freivprf.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.lnk\\(Default)",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{9R3995NO-1S9P-4S13-O827-48O24O6P7174}\\GnfxOne\\Jvaqbjf Zrqvn Cynlre.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\89BBBC8A0D32B014696C4BA3C20CDD34\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2559A1F1-21D7-11D4-BDAF-00C04F60B9F0}\\ShellFolder\\QueryForInfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\669C9DC1419C0F240B35B36B99AAB50C\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2559A1F2-21D7-11D4-BDAF-00C04F60B9F0}\\SortOrderIndex",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\17E23EF6C775D324DB90E0E2B7D1CA72\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\4626147D107665540A84D43A5908E74D\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Products\\586A8930D8DF3B6489614C37910BFCF5\\Features\\DefaultFeature",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Fvqrone.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_MinMFU",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{F3F5824C-AD58-4728-AF59-A1EBE3392799}\\SortOrderIndex",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\4486F7CE8F022FB4EB0154C5226C27A0\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{N77S5Q77-2R2O-44P3-N6N2-NON601054N51}\\Vagrearg Rkcybere.yax",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\\qsethv.rkr",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\F05C8358C56DAD54BB81D0A11DD52F41\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{ED228FDF-9EA8-4870-83B1-96B02CFE0D52}\\SortOrderIndex",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Paint.Picture\\TypeOverLay",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\\zboflap.rkr",
"HKEY_CURRENT_USER\\Local Settings\\MuiCache\\2\\52C64B7E\\@C:\\Windows\\system32\\SNTSearch.dll,-505",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{031E4825-7B94-4DC3-B131-E946B44C8DD5}\\{28636AA6-953D-11D2-B5D6-00C04FD918D0} 34",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\9D22CD4619F5DBC499A083AAD70FE7B3\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\9DD74C0626DC33C479C1929714AB5295\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\DocObject",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.ini\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_TrackProgs",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{C90250F3-4D7D-4991-9B69-A5C5BC1C2AE6}\\InProcServer32\\InprocServer32",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\\FbhaqErpbeqre.rkr",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{84BA9C75-6C22-4590-9BDC-5584EADE039E}\\ProxyStubClsid32\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\002F6EFFA8A0A40498F3035BD153685A\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowRecordedTV_ShouldShow",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{031E4825-7B94-4DC3-B131-E946B44C8DD5}\\SortOrderIndex",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\DefaultIcon\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\NeverShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{C90250F3-4D7D-4991-9B69-A5C5BC1C2AE6}\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\image\\ThumbnailCutoff",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\\efgehv.rkr",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{6Q809377-6NS0-444O-8957-N3773S02200R}\\Pbzzba Svyrf\\Zvpebfbsg Funerq\\Vax\\zvc.rkr",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{645FF040-5081-101B-9F08-00AA002F954E}\\DefaultIcon\\OpenIcon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\717591555BCB1604BA9777E8A55D0E41\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{C90250F3-4D7D-4991-9B69-A5C5BC1C2AE6}\\InProcServer32\\(Default)",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{645FF040-5081-101B-9F08-00AA002F954E}\\DefaultIcon\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\search\\shell\\open\\command\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\pngfile\\CLSID\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A38B883C-1682-497E-97B0-0A3A9E801682}\\UseInProcHandlerCache",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2559A1F1-21D7-11D4-BDAF-00C04F60B9F0}\\ShellFolder\\WantsUniversalDelegate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\pngfile\\BrowseInPlace",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\\bqopnq32.rkr",
"HKEY_CURRENT_USER\\Local Settings\\MuiCache\\2\\52C64B7E\\@C:\\Windows\\system32\\displayswitch.exe,-320",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_MinMFU",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoStartMenuMyGames",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.library-ms\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\search\\NoStaticDefaultVerb",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\R7PS176R110P211O",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{645FF040-5081-101B-9F08-00AA002F954E}\\System.HideOnDesktop",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A4A1A128-768F-41E0-BF75-E4FDDD701CBA}\\InProcServer32\\InprocServer32",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\Zvpebfbsg.NhgbTrarengrq.{Q4N262QQ-PR44-Q105-S36O-9Q77N8PO65N4}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Features\\586A8930D8DF3B6489614C37910BFCF5\\DefaultFeature",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.lnk\\Content Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\AlwaysShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{EEA0C191-DDA8-4656-8FC4-72BDEDBA8A78}\\OverrideFileSystemProperties\\System.ItemFolderPathDisplay",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\4FE462B32EFD81040A184ED17E00452B\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\\{28636AA6-953D-11D2-B5D6-00C04FD918D0} 34",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_AutoCascade",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}\\SortOrderIndex",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowRecentDocs",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\inifile\\IsShortcut",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{04731B67-D933-450A-90E6-4ACD2E9408FE}\\SortOrderIndex",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{98D99750-0B8A-4C59-9151-589053683D73}\\SortOrderIndex",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\3C68656E520593A45925ADFB41F821B5\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\\SuppressionPolicy",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowUser",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\KCF Ivrjre.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\D725CB8E57307E64EB574E04214D8B5F\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{9R3995NO-1S9P-4S13-O827-48O24O6P7174}\\GnfxOne\\Vagrearg Rkcybere.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\DocObject",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.png\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\lnkfile\\BrowseInPlace",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowSetProgramAccessAndDefaults_ShouldShow",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2559A1F1-21D7-11D4-BDAF-00C04F60B9F0}\\DefaultIcon\\(Default)",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Npprffbevrf\\Jbeqcnq.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\4514EC211C8947C4B9BA24F353AFFD50\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Cached\\{1F3427C8-5C10-4210-AA03-2EE45287D668} {000214E6-0000-0000-C000-000000000046} 0xFFFF",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{26EE0668-A00A-44D7-9371-BEB064C98683}\\{28636AA6-953D-11D2-B5D6-00C04FD918D0} 34",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\8020CF43278B2644190F51544810251E\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\KindMap\\.bmp",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Npprffbevrf\\Flfgrz Gbbyf\\Punenpgre Znc.yax",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Zrqvn Pragre.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\HideDesktopIcons\\NewStartPanel\\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowDownloads_ShouldShow",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{14074E0B-7216-4862-96E6-53CADA442A56}\\UseOutOfProcHandlerCache",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\A0256FF64030E0746A4AA95D3FFD0BE4\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\C4040CC509FB0DC4886F590DDF6B6132\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\{11016101-E366-4D22-BC06-4ADA335C892B}\\SuppressionPolicy",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{FE5AFCF2-E681-4ADA-9703-EF39B8ECB9BF}\\UseOutOfProcHandlerCache",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\BrowseInPlace",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{26EE0668-A00A-44D7-9371-BEB064C98683}\\System.HideOnDesktop",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\\JvaqbjfCbjreFuryy\\i1.0\\cbjrefuryy.rkr",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowHelp_ShouldShow",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\0EF52818FCE3E7B488427C1F8266654E\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\HideDesktopIcons\\NewStartPanel\\{59031A47-3F72-44A7-89C5-5595FE6B30EE}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowMyMusic",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\7C0477DE66D1A6749864FCE02A6DCB6C\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_SortByName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A38B883C-1682-497E-97B0-0A3A9E801682}\\NoOplock",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\pngfile\\DefaultIcon\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\BrowseInPlace",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace\\DelegateFolders\\{35786D3C-B075-49b9-88DD-029876E11C01}\\SuppressionPolicy",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\{645FF040-5081-101B-9F08-00AA002F954E}\\SuppressionPolicy",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\Zvpebfbsg.NhgbTrarengrq.{NN198O3P-PQ8P-7QR1-98Q1-O460S637193O}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\{28636AA6-953D-11D2-B5D6-00C04FD918D0} 34",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\0F4DC93AAA8AD1D448BC4E6A207F4FE0\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Unknown\\IsShortcut",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\\erpqvfp.rkr",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\HomeGroup\\UIStatusCache\\UIStatus",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\inifile\\DocObject",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\\ArgCebw.rkr",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{00021401-0000-0000-C000-000000000046}\\EnableShareDenyNone",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Npprffbevrf\\Jvaqbjf CbjreFuryy\\Jvaqbjf CbjreFuryy.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\text\\NeverShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}\\{B725F130-47EF-101A-A5F1-02608C9EEBAC} 14",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Paint.Picture\\IsShortcut",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\DefaultIcon\\(Default)",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StartPage\\StartPanel_FadeIn",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.lnk\\AlwaysShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{EEA0C191-DDA8-4656-8FC4-72BDEDBA8A78}\\UseOutOfProcHandlerCache",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\CE5B971A0DBB8FD4F83AE0DADC348104\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{FE5AFCF2-E681-4ADA-9703-EF39B8ECB9BF}\\DisableProcessIsolation",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}\\{28636AA6-953D-11D2-B5D6-00C04FD918D0} 34",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.library-ms\\Content Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{031E4825-7B94-4DC3-B131-E946B44C8DD5}\\System.HideOnDesktop",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\IsShortcut",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\text\\DocObject",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\Zvpebfbsg.VagreargRkcybere.64Ovg",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A4A1A128-768F-41E0-BF75-E4FDDD701CBA}\\InProcServer32\\(Default)",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Nqzvavfgengvir Gbbyf\\Rirag Ivrjre.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\{59031a47-3f72-44a7-89c5-5595fe6b30ee}\\SuppressionPolicy",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\inifile\\BrowseInPlace",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Npprffbevrf\\Gnoyrg CP\\GnoGvc.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum\\{E44E5D18-0652-4508-A4E2-8A090067BCB0}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\{031E4825-7B94-4dc3-B131-E946B44C8DD5}\\SuppressionPolicy",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A8A91A66-3A7D-4424-8D24-04E180695C7A}\\LocalizedString",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Nqzvavfgengvir Gbbyf\\freivprf.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\PropertySystem\\PropertyHandlers\\.bmp\\(Default)",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StartPage2\\FavoritesRemovedChanges",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}\\SortOrderIndex",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{9R3995NO-1S9P-4S13-O827-48O24O6P7174}\\GnfxOne\\Sversbk.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\HideDesktopIcons\\NewStartPanel\\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\315C767EFC72D8445B1D2D16F72653F0\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowNetPlaces",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\Zvpebfbsg.NhgbTrarengrq.{7SR8Q22N-SO1Q-N8OR-01R3-6P8693961R6R}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\{28636AA6-953D-11D2-B5D6-00C04FD918D0} 6",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Paint.Picture\\NeverShowExt",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{6Q809377-6NS0-444O-8957-N3773S02200R}\\Pbzzba Svyrf\\Zvpebfbsg Funerq\\Vax\\FuncrPbyyrpgbe.rkr",
"HKEY_CURRENT_USER\\Local Settings\\MuiCache\\2\\52C64B7E\\@C:\\Windows\\system32\\mstsc.exe,-4000",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\Zvpebfbsg.NhgbTrarengrq.{OO044OSQ-25O7-2SNN-22N8-6371N93R0456}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{89D83576-6BD1-4C86-9454-BEB04E94C819}\\SortOrderIndex",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\LibraryFolder\\AlwaysShowExt",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Clguba 2.7\\Clguba (pbzznaq yvar).yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.bmp\\Treatment",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\\System.HideOnDesktop",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Npprffbevrf\\Jrypbzr Pragre.yax",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\DefaultIcon\\OpenIcon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace\\DelegateFolders\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\NeverShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\lnkfile\\IsShortcut",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{14074E0B-7216-4862-96E6-53CADA442A56}\\UseInProcHandlerCache",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A38B883C-1682-497E-97B0-0A3A9E801682}\\UseOutOfProcHandlerCache",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Drive\\shellex\\FolderExtensions\\{fbeb8a05-beee-4442-804e-409d6c4515e9}\\DriveMask",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{S38OS404-1Q43-42S2-9305-67QR0O28SP23}\\rkcybere.rkr",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_EnableDragDrop",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowMyMusic",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\0411990C889EE9B47BB0B5D356564877\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\1A0857155A8EF604FA5D1648CF382DC7\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2559A1F1-21D7-11D4-BDAF-00C04F60B9F0}\\ShellFolder\\PinToNameSpaceTree",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\StartMenuFavorites",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{6Q809377-6NS0-444O-8957-N3773S02200R}\\QIQ Znxre\\QIQZnxre.rkr",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\{8FD8B88D-30E1-4F25-AC2B-553D3D65F0EA}\\SuppressionPolicy",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowNetPlaces_ShouldShow",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoNetworkConnections",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\pngfile\\NeverShowExt",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\Zvpebfbsg.NhgbTrarengrq.{P1P6S8NP-40N3-0S5P-146S-65N9QP70OOO4}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\MUI\\StringCacheSettings\\StringCacheGeneration",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\\JS.zfp",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Jvaqbjf Nalgvzr Hctenqr.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2559A1F1-21D7-11D4-BDAF-00C04F60B9F0}\\ShellFolder\\Attributes",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{6Q809377-6NS0-444O-8957-N3773S02200R}\\Pbzzba Svyrf\\Zvpebfbsg Funerq\\Vax\\GnoGvc.rkr",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\PropertySystem\\PropertyHandlers\\.png\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2559A1F1-21D7-11D4-BDAF-00C04F60B9F0}\\ShellFolder\\HasNavigationEnum",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowMyDocs",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowRun",
"HKEY_CURRENT_USER\\Local Settings\\MuiCache\\2\\52C64B7E\\@C:\\Windows\\system32\\FXSRESM.dll,-114",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\\System.HideOnDesktop",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\AlwaysShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.exe\\BrowseInPlace",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_NotifyNewApps",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\63B1AF366905AF641BA514CCBAE803C4\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows Search\\SystemIndexNormalization",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\B06071FE021ECB04E8B3BF1E39AD5BB3\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Npprffbevrf\\Flap Pragre.yax",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\P:\\Clguba27\\clguba.rkr",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowControlPanel",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{N77S5Q77-2R2O-44P3-N6N2-NON601054N51}\\Npprffbevrf\\Flfgrz Gbbyf\\Cevingr Punenpgre Rqvgbe.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\{9343812e-1c37-4a49-a12e-4b2d810d956b}\\SuppressionPolicy",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1685D4AB-A51B-4AF1-A4E5-CEE87002431D}\\InProcServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowUser",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowControlPanel",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{14074E0B-7216-4862-96E6-53CADA442A56}\\InProcServer32\\(Default)",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowRun",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\BE0BD5097A638224EB0DAAE870267F03\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Npprffbevrf\\Fgvpxl Abgrf.yax",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\\JSF.rkr",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StartPage2\\ProgramsCacheTBP",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.bmp\\NeverShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.ini\\Content Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\040E2A370D6DB2F45AE45A0032BC2179\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\5B04950B5EC5C924B8F428B5484A2720\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoSMMyDocs",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\LibraryFolder\\DocObject",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Paint.Picture\\DefaultIcon\\(Default)",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\\pzq.rkr",
"HKEY_CURRENT_USER\\Local Settings\\MuiCache\\2\\52C64B7E\\@C:\\Windows\\explorer.exe,-7021",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowControlPanel_ShouldShow",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\E40FDF839772BEB41AC977860DBB4853\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Npprffbevrf\\Cnvag.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.bmp\\TypeOverLay",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\image\\TypeOverLay",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Npprffbevrf\\Npprffvovyvgl\\Fcrrpu Erpbtavgvba.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\lnkfile\\CLSID\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowMyPics",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowNetConn",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{14074E0B-7216-4862-96E6-53CADA442A56}\\InProcServer32\\LoadWithoutCOM",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.library-ms\\PerceivedType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{EEA0C191-DDA8-4656-8FC4-72BDEDBA8A78}\\OverrideFileSystemProperties\\System.ItemPathDisplay",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\FBEAAA6C37E8AF24B87AAEA0047433BD\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\{daf95313-e44d-46af-be1b-cbacea2c3065}\\SuppressionPolicy",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{N77S5Q77-2R2O-44P3-N6N2-NON601054N51}\\Npprffbevrf\\Abgrcnq.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\84C584688CFC74A4E9D36E5EE2E02FA7\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowVideos",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Nqzvavfgengvir Gbbyf\\Cresbeznapr Zbavgbe.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}\\SuppressionPolicy",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Nqzvavfgengvir Gbbyf\\Qngn Fbheprf (BQOP).yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}\\SuppressionPolicy",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\53F08364FFD17F14B8FD7CA7F52FAE76\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\StartMenuFavorites_ShouldShow",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A38B883C-1682-497E-97B0-0A3A9E801682}\\DisableProcessIsolation",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2559A1F1-21D7-11D4-BDAF-00C04F60B9F0}\\ShellFolder\\WantsFORDISPLAY",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\\cevagznantrzrag.zfp",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Paint.Picture\\CLSID\\(Default)",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\Zvpebfbsg.Jvaqbjf.ErzbgrQrfxgbc",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Npprffbevrf\\Fbhaq Erpbeqre.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\285499F23409ED14FB4A01230F5DFA91\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{450D8FBA-AD25-11D0-98A8-0800361B1103}\\SortOrderIndex",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\\bfx.rkr",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_TrackProgs",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Unknown\\BrowseInPlace",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\3D197E722531D614AB40C182904D9A31\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Npprffbevrf\\Flfgrz Gbbyf\\Jvaqbjf Rnfl Genafsre Ercbegf.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\84BBAC70FB00B6046881B55CB3122F0F\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoStartMenuMorePrograms",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_LargeMFUIcons",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\9F5ED6B416EF0A1448D94799D0FF20BA\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Nqzvavfgengvir Gbbyf\\Flfgrz Pbasvthengvba.yax",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowNetConn",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\\puneznc.rkr",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowMyComputer",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowMyPics_ShouldShow",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{FE5AFCF2-E681-4ADA-9703-EF39B8ECB9BF}\\UseInProcHandlerCache",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{59D6F31B-FA6B-4FBA-8AF3-197FF140C714}\\ProxyStubClsid32\\(Default)",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowHelp",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{E44E5D18-0652-4508-A4E2-8A090067BCB0}\\DefaultIcon\\OpenIcon",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowMyComputer",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\\abgrcnq.rkr",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\\qvfcynlfjvgpu.rkr",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_AutoCascade",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\{F3F5824C-AD58-4728-AF59-A1EBE3392799}\\SuppressionPolicy",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\*\\ThumbnailCutoff",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{00021401-0000-0000-C000-000000000046}\\NoOplock",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Npprffbevrf\\Favccvat Gbby.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum\\{2559A1F1-21D7-11D4-BDAF-00C04F60B9F0}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowPrinters",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowSetProgramAccessAndDefaults",
"HKEY_LOCAL_MACHINE\\SYSTEM\\Setup\\Upgrade",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\Zvpebfbsg.NhgbTrarengrq.{P804OON7-SN5S-POS7-8O55-2096R5S972PO}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\text\\BrowseInPlace",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowNetPlaces",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.png\\DocObject",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Nqzvavfgengvir Gbbyf\\Cevag Znantrzrag.yax",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\UseDoubleClickTimer",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Npprffbevrf\\Flfgrz Gbbyf\\Flfgrz Erfgber.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1685D4AB-A51B-4AF1-A4E5-CEE87002431D}\\InProcServer32\\LoadWithoutCOM",
"HKEY_CURRENT_USER\\Local Settings\\MuiCache\\2\\52C64B7E\\@C:\\Windows\\System32\\ie4uinit.exe,-734",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A8A91A66-3A7D-4424-8D24-04E180695C7A}\\DefaultIcon\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\958C4A0DE6C8D5C428C6E9D875BC33B6\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\F356843B045CC0A4BA0D83C1D85AAAFD\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\System.NamespaceCLSID",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{N77S5Q77-2R2O-44P3-N6N2-NON601054N51}\\Npprffbevrf\\Npprffvovyvgl\\Zntavsl.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\C1EF68F348457B246A0AD0C18B3079AF\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{6Q809377-6NS0-444O-8957-N3773S02200R}\\Jvaqbjf Wbheany\\Wbheany.rkr",
"HKEY_CURRENT_USER\\Local Settings\\MuiCache\\2\\52C64B7E\\@C:\\Windows\\system32\\SnippingTool.exe,-15051",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Jvaqbjf Snk naq Fpna.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.png\\Content Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\F591EF48DE97A00428A5BC1AFFFAA868\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{EEA0C191-DDA8-4656-8FC4-72BDEDBA8A78}\\OverrideFileSystemProperties\\System.Kind",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowDownloads",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\4FE19F224928A59468049F045950CB08\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{EEA0C191-DDA8-4656-8FC4-72BDEDBA8A78}\\UseInProcHandlerCache",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowHomegroup_ShouldShow",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\pngfile\\DocObject",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\pngfile\\AlwaysShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\{ED228FDF-9EA8-4870-83b1-96b02CFE0D52}\\SuppressionPolicy",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{EEA0C191-DDA8-4656-8FC4-72BDEDBA8A78}\\NoOplock",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\\kcfepuij.rkr",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\2FA90A429E82313489DAA2E2C2F0872C\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{N77S5Q77-2R2O-44P3-N6N2-NON601054N51}\\Npprffbevrf\\Pbzznaq Cebzcg.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{EEA0C191-DDA8-4656-8FC4-72BDEDBA8A78}\\OverrideFileSystemProperties\\System.IconPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{EEA0C191-DDA8-4656-8FC4-72BDEDBA8A78}\\OverrideFileSystemProperties\\System.ItemFolderNameDisplay",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\\{28636AA6-953D-11D2-B5D6-00C04FD918D0} 34",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\\aneengbe.rkr",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\Zvpebfbsg.NhgbTrarengrq.{8NN47365-O2O3-1961-69RO-S866R376O12S}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\87C48B95924E3294FBC1766C9225DD0C\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\92F9143E715DEF045A539256438E41FB\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Clguba 2.7\\Zbqhyr Qbpf.yax",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\Zvpebfbsg.Jvaqbjf.ZrqvnPragre",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Npprffbevrf\\Flfgrz Gbbyf\\Gnfx Fpurqhyre.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\B1D5EA6004F809D48B117CE563261011\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowPrinters",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\lnkfile\\DocObject",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A4A1A128-768F-41E0-BF75-E4FDDD701CBA}\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\335F6F64CD461D9469519574D34757EB\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{Q65231O0-O2S1-4857-N4PR-N8R7P6RN7Q27}\\JvaqbjfCbjreFuryy\\i1.0\\cbjrefuryy.rkr",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Shell Folders\\Cache",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowMyDocs",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{EEA0C191-DDA8-4656-8FC4-72BDEDBA8A78}\\OverrideFileSystemProperties\\System.ItemPathDisplayNarrow",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\\zfvasb32.rkr",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2559A1F1-21D7-11D4-BDAF-00C04F60B9F0}\\SortOrderIndex",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\F41A458014D57E54E8DBD0B0CBC361A2\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.bmp\\ThumbnailCutoff",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{FE5AFCF2-E681-4ADA-9703-EF39B8ECB9BF}\\NoOplock",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{645FF040-5081-101B-9F08-00AA002F954E}\\(Default)",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\\FavccvatGbby.rkr",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{11016101-E366-4D22-BC06-4ADA335C892B}\\SortOrderIndex",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\\ZqFpurq.rkr",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2559A1F1-21D7-11D4-BDAF-00C04F60B9F0}\\ShellFolder\\WantsFORPARSING",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\lnkfile\\shellex\\IconHandler\\(Default)",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\Zvpebfbsg.NhgbTrarengrq.{8NOQ94SO-R7Q6-84N6-N997-P918RQQR0NR5}",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Nqzvavfgengvir Gbbyf\\Frphevgl Pbasvthengvba Znantrzrag.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\LibraryFolder\\CLSID\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StartPage\\StartPanel_TopMatch",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{645FF040-5081-101B-9F08-00AA002F954E}\\{28636AA6-953D-11D2-B5D6-00C04FD918D0} 34",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoUserFolderInStartMenu",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\ForceRunOnStartMenu",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\7814D91294731FF4DBBB840810BEB3BB\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_CURRENT_USER\\Local Settings\\MuiCache\\2\\52C64B7E\\@C:\\Windows\\system32\\OobeFldr.dll,-33056",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.exe\\DocObject",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\7FE547D6F0D72534A80F89C4AB727618\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowMyGames",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\\SuppressionPolicy",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\Zvpebfbsg.NhgbTrarengrq.{QNN168QR-4306-P8OP-8P11-O596240OQQRQ}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\04C56B5D827A9194FA2CBFD014EAD0DA\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\pngfile\\IsShortcut",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}\\DefaultIcon\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\ThumbnailCutoff",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\33AB3CD4D27277545B5A93CD4ECB96B4\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace\\DelegateFolders\\SuppressionPolicy",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowRun_ShouldShow",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\B690B72A999998C47B5F93C94A8D43B2\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\DontLoadAuthUIInExplorer",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\HideDesktopIcons\\NewStartPanel\\{645FF040-5081-101B-9F08-00AA002F954E}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2559A1F1-21D7-11D4-BDAF-00C04F60B9F0}\\ShellFolder\\HideOnDesktopPerUser",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_AdminToolsRoot",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowMyPics",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Paint.Picture\\DocObject",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_PowerButtonAction",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2559A1F1-21D7-11D4-BDAF-00C04F60B9F0}\\ShellFolder\\RestrictedAttributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\8D0CBB37A94C46943A90AC5008CF1CC9\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowHomegroup",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\5E3DAE67887931944BCD7171908FA775\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Clguba 2.7\\VQYR (Clguba THV).yax",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowVideos_ShouldShow",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\D5FD8239A83FE564F97379EA15CE8CB6\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Npprffbevrf\\Jvaqbjf CbjreFuryy\\Jvaqbjf CbjreFuryy (k86).yax",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\\JvaqbjfCbjreFuryy\\i1.0\\CbjreFuryy_VFR.rkr",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{N77S5Q77-2R2O-44P3-N6N2-NON601054N51}\\Npprffbevrf\\Npprffvovyvgl\\Aneengbe.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontSubstitutes\\Segoe UI",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\System.HideOnDesktop",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\HomeGroup\\UIStatusCache\\OnlyMember",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Paint.Picture\\BrowseInPlace",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Unknown\\DocObject",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Jvaqbjf QIQ Znxre.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\BrowseInPlace",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowMyComputer_ShouldShow",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\HideDesktopIcons\\NewStartPanel\\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoNTSecurity",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{Q65231O0-O2S1-4857-N4PR-N8R7P6RN7Q27}\\JvaqbjfCbjreFuryy\\i1.0\\CbjreFuryy_VFR.rkr",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{645FF040-5081-101B-9F08-00AA002F954E}\\System.DateModified",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{EEA0C191-DDA8-4656-8FC4-72BDEDBA8A78}\\OverrideFileSystemProperties\\System.IsPinnedToNameSpaceTree",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowDownloads",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{E345F35F-9397-435C-8F95-4E922C26259E}\\SortOrderIndex",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\0FD387D006FD9734FA65B249F36DE42A\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{7P5N40RS-N0SO-4OSP-874N-P0S2R0O9SN8R}\\PbzcnalYbtbQrfvtare\\PbzcnalYbtbQrfvtare.rkr",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoSMMyPictures",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\IsShortcut",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\E116C831A95AB5B4787CE3086FE83631\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\FFFA6DF7EA9EDFC45A1F02FE6DF8F067\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\9753E3A35E3BDFB468DF95B5D19C8A04\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\8D38A6F5FC8262149A9FAAE8C621EE3F\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\A558E619ABC4CE5479C1DA5070EFBF81\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{9343812E-1C37-4A49-A12E-4B2D810D956B}\\SortOrderIndex",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Features\\586A8930D8DF3B6489614C37910BFCF5\\TclTk",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\95EE473833000D6409127D1B85882AC9\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Products\\586A8930D8DF3B6489614C37910BFCF5\\Features\\TclTk",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\LocalizedString",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Npprffbevrf\\Zbovyvgl Pragre.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}\\DefaultIcon\\OpenIcon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Unknown\\AlwaysShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.bmp\\IsShortcut",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\965742E8F65116F4BB2CB01341464FA7\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StartPage\\StartPanel_FadeOut",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{14074E0B-7216-4862-96E6-53CADA442A56}\\DisableProcessIsolation",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\73964AA699D5B5140ADC41ED3F7DB38A\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\\pyrnazte.rkr",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{BD7A2E7B-21CB-41B2-A086-B309680C6B7E}\\SortOrderIndex",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StartPage\\StartMenu_Balloon_Time",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_NotifyNewApps",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowRecentDocs",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowVideos",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\text\\AlwaysShowExt",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{N77S5Q77-2R2O-44P3-N6N2-NON601054N51}\\Npprffbevrf\\Npprffvovyvgl\\Ba-Fperra Xrlobneq.yax",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{59031A47-3F72-44A7-89C5-5595FE6B30EE}\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.lnk\\ShellEx\\{000214F9-0000-0000-C000-000000000046}\\(Default)",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Nqzvavfgengvir Gbbyf\\Pbzchgre Znantrzrag.yax",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Npprffbevrf\\qvfcynlfjvgpu.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\EEF8AA9EB45B5DB4BBE46B8634C910CD\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.png\\AlwaysShowExt",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Npprffbevrf\\Flfgrz Gbbyf\\Jvaqbjf Rnfl Genafsre.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\AD21E12039BB3BC47B1938BC4ABDFEE2\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\SuppressionPolicy",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\18F5DB38C45303843B06B1B5025E4820\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoStartMenuNetworkPlaces",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1F3427C8-5C10-4210-AA03-2EE45287D668}\\InProcServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowHomegroup",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\034A8F8E06031EF46BCB4C10469098E5\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{4336A54D-038B-4685-AB02-99BB52D3FB8B}\\SortOrderIndex",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2559A1F1-21D7-11D4-BDAF-00C04F60B9F0}\\ShellFolder\\HideInWebView",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{8FD8B88D-30E1-4F25-AC2B-553D3D65F0EA}\\SortOrderIndex",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_SortByName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\CDBF699A8F2EAC2438564C3D50E9E638\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowUser_ShouldShow",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\LibraryFolder\\shellex\\IconHandler\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\11E2BA15171FE704B98E7505E58D7749\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_CURRENT_USER\\Local Settings\\MuiCache\\2\\52C64B7E\\@C:\\Windows\\system32\\sud.dll,-1",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_SearchFiles",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2559A1F1-21D7-11D4-BDAF-00C04F60B9F0}\\LocalizedString",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.lnk\\DocObject",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Nqzvavfgengvir Gbbyf\\Zrzbel Qvntabfgvpf Gbby.yax",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\\vfpfvpcy.rkr",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StartPage\\StartPanel_FadeIn",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\image\\AlwaysShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\9E40FDB6330EBA242A4BD5F4FDD0B803\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\lnkfile\\NeverShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\{26EE0668-A00A-44D7-9371-BEB064C98683}\\SuppressionPolicy",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{E44E5D18-0652-4508-A4E2-8A090067BCB0}\\DefaultIcon\\(Default)",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Npprffbevrf\\Flfgrz Gbbyf\\Flfgrz Vasbezngvba.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{00021401-0000-0000-C000-000000000046}\\UseOutOfProcHandlerCache",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.exe\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2559A1F1-21D7-11D4-BDAF-00C04F60B9F0}\\ShellFolder\\CallForAttributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\16AC40BE991DF1643B2800729063B2F9\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\1C1ED53B8F25FD248955C15232E46886\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\\zvtjvm\\zvtjvm.rkr",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Sversbk.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_ShowHelp",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\\zfpbasvt.rkr",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A8A91A66-3A7D-4424-8D24-04E180695C7A}\\DefaultIcon\\OpenIcon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\CB2182A03B6B11341A1F09A021991CE1\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\NeverShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\F21868A51A175874BB819DCA5FAA40A3\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Pbzcnal Ybtb Qrfvtare\\Pbzcnal Ybtb Qrfvtare.yax",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StartPage\\StartPanel_FadeDelay",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SQMClient\\Windows\\CEIPEnable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.bmp\\DocObject",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Unknown\\NeverShowExt",
"HKEY_CURRENT_USER\\Local Settings\\MuiCache\\2\\52C64B7E\\@C:\\Windows\\system32\\XpsRchVw.exe,-102",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\5B5C8B2FB95B57147954C18085D53ACE\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\18D84E9490A485948A17A1F02CDAA62A\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_CURRENT_USER\\Local Settings\\MuiCache\\2\\52C64B7E\\@\"%windir%\\System32\\ie4uinit.exe\",-732",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Npprffbevrf\\Flfgrz Gbbyf\\Erfbhepr Zbavgbe.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AutoComplete\\Client\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\BrowseInPlace",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Paint.Picture\\Treatment",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\exefile\\DocObject",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.exe\\NeverShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\image\\IsShortcut",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\75B368B60C908BA4E87C31F66B02F3F0\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\\pbzrkc.zfp"
],
"regkey_written": [
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StartPage\\NewShortcuts\\C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Company Logo Designer\\Company Logo Designer.lnk",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StartPage\\NewShortcuts\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Company Logo Designer\\Company Logo Designer.lnk",
"HKEY_CURRENT_USER\\Local Settings\\MuiCache\\2\\52C64B7E\\LanguageList",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\\pzq.rkr",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\HRZR_PGYFRFFVBA",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StartPage2\\ProgramsCache"
]
},
"first_seen": 1605815599.531,
"ppid": 1740
}
]Signatures
[
{
"markcount": 5,
"families": [],
"description": "Queries for the computername",
"severity": 1,
"marks": [
{
"call": {
"category": "misc",
"status": 1,
"stacktrace": [],
"api": "GetComputerNameA",
"return_value": 1,
"arguments": {
"computer_name": "CUCKPC"
},
"time": 1605815599.1085,
"tid": 2872,
"flags": {}
},
"pid": 1676,
"type": "call",
"cid": 2461
},
{
"call": {
"category": "misc",
"status": 1,
"stacktrace": [],
"api": "GetComputerNameW",
"return_value": 1,
"arguments": {
"computer_name": "CUCKPC"
},
"time": 1605815599.4995,
"tid": 2872,
"flags": {}
},
"pid": 1676,
"type": "call",
"cid": 4738
},
{
"call": {
"category": "misc",
"status": 1,
"stacktrace": [],
"api": "GetComputerNameW",
"return_value": 1,
"arguments": {
"computer_name": "CUCKPC"
},
"time": 1605815602.125,
"tid": 1828,
"flags": {}
},
"pid": 1788,
"type": "call",
"cid": 2656
},
{
"call": {
"category": "misc",
"status": 1,
"stacktrace": [],
"api": "GetComputerNameW",
"return_value": 1,
"arguments": {
"computer_name": "CUCKPC"
},
"time": 1605815602.453,
"tid": 1828,
"flags": {}
},
"pid": 1788,
"type": "call",
"cid": 2929
},
{
"call": {
"category": "misc",
"status": 1,
"stacktrace": [],
"api": "GetComputerNameW",
"return_value": 1,
"arguments": {
"computer_name": "CUCKPC"
},
"time": 1605815612.751578,
"tid": 3092,
"flags": {}
},
"pid": 560,
"type": "call",
"cid": 753
}
],
"references": [],
"name": "antivm_queries_computername"
},
{
"markcount": 141,
"families": [],
"description": "Checks if process is being debugged by a debugger",
"severity": 1,
"marks": [
{
"call": {
"category": "system",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741772,
"api": "IsDebuggerPresent",
"return_value": 0,
"arguments": {},
"time": 1605815588.969125,
"tid": 2800,
"flags": {}
},
"pid": 2124,
"type": "call",
"cid": 292
},
{
"call": {
"category": "system",
"status": 0,
"stacktrace": [],
"last_error": 2,
"nt_status": -1073741772,
"api": "IsDebuggerPresent",
"return_value": 0,
"arguments": {},
"time": 1605815608.499875,
"tid": 3048,
"flags": {}
},
"pid": 2700,
"type": "call",
"cid": 276
},
{
"call": {
"category": "system",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741811,
"api": "IsDebuggerPresent",
"return_value": 0,
"arguments": {},
"time": 1605815614.202875,
"tid": 1468,
"flags": {}
},
"pid": 2700,
"type": "call",
"cid": 462
},
{
"call": {
"category": "system",
"status": 0,
"stacktrace": [],
"last_error": 127,
"nt_status": -1073741511,
"api": "IsDebuggerPresent",
"return_value": 0,
"arguments": {},
"time": 1605815610.358625,
"tid": 2928,
"flags": {}
},
"pid": 2868,
"type": "call",
"cid": 1400
},
{
"call": {
"category": "system",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741811,
"api": "IsDebuggerPresent",
"return_value": 0,
"arguments": {},
"time": 1605815610.515625,
"tid": 2740,
"flags": {}
},
"pid": 2868,
"type": "call",
"cid": 1791
},
{
"call": {
"category": "system",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741811,
"api": "IsDebuggerPresent",
"return_value": 0,
"arguments": {},
"time": 1605815610.515625,
"tid": 2740,
"flags": {}
},
"pid": 2868,
"type": "call",
"cid": 1792
},
{
"call": {
"category": "system",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741811,
"api": "IsDebuggerPresent",
"return_value": 0,
"arguments": {},
"time": 1605815610.827625,
"tid": 2592,
"flags": {}
},
"pid": 2868,
"type": "call",
"cid": 2050
},
{
"call": {
"category": "system",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741811,
"api": "IsDebuggerPresent",
"return_value": 0,
"arguments": {},
"time": 1605815610.827625,
"tid": 2592,
"flags": {}
},
"pid": 2868,
"type": "call",
"cid": 2057
},
{
"call": {
"category": "system",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741811,
"api": "IsDebuggerPresent",
"return_value": 0,
"arguments": {},
"time": 1605815610.827625,
"tid": 2344,
"flags": {}
},
"pid": 2868,
"type": "call",
"cid": 2058
},
{
"call": {
"category": "system",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741811,
"api": "IsDebuggerPresent",
"return_value": 0,
"arguments": {},
"time": 1605815610.827625,
"tid": 1776,
"flags": {}
},
"pid": 2868,
"type": "call",
"cid": 2111
},
{
"call": {
"category": "system",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741811,
"api": "IsDebuggerPresent",
"return_value": 0,
"arguments": {},
"time": 1605815610.890625,
"tid": 1608,
"flags": {}
},
"pid": 2868,
"type": "call",
"cid": 2640
},
{
"call": {
"category": "system",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741811,
"api": "IsDebuggerPresent",
"return_value": 0,
"arguments": {},
"time": 1605815610.890625,
"tid": 964,
"flags": {}
},
"pid": 2868,
"type": "call",
"cid": 2641
},
{
"call": {
"category": "system",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741811,
"api": "IsDebuggerPresent",
"return_value": 0,
"arguments": {},
"time": 1605815610.999625,
"tid": 2520,
"flags": {}
},
"pid": 2868,
"type": "call",
"cid": 2885
},
{
"call": {
"category": "system",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741811,
"api": "IsDebuggerPresent",
"return_value": 0,
"arguments": {},
"time": 1605815610.999625,
"tid": 2520,
"flags": {}
},
"pid": 2868,
"type": "call",
"cid": 3113
},
{
"call": {
"category": "system",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741811,
"api": "IsDebuggerPresent",
"return_value": 0,
"arguments": {},
"time": 1605815611.030625,
"tid": 2256,
"flags": {}
},
"pid": 2868,
"type": "call",
"cid": 3201
},
{
"call": {
"category": "system",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741811,
"api": "IsDebuggerPresent",
"return_value": 0,
"arguments": {},
"time": 1605815611.030625,
"tid": 2056,
"flags": {}
},
"pid": 2868,
"type": "call",
"cid": 3263
},
{
"call": {
"category": "system",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741811,
"api": "IsDebuggerPresent",
"return_value": 0,
"arguments": {},
"time": 1605815611.062625,
"tid": 1424,
"flags": {}
},
"pid": 2868,
"type": "call",
"cid": 3419
},
{
"call": {
"category": "system",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741811,
"api": "IsDebuggerPresent",
"return_value": 0,
"arguments": {},
"time": 1605815611.296625,
"tid": 1824,
"flags": {}
},
"pid": 2868,
"type": "call",
"cid": 4984
},
{
"call": {
"category": "system",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741811,
"api": "IsDebuggerPresent",
"return_value": 0,
"arguments": {},
"time": 1605815611.390625,
"tid": 2824,
"flags": {}
},
"pid": 2868,
"type": "call",
"cid": 5343
},
{
"call": {
"category": "system",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741811,
"api": "IsDebuggerPresent",
"return_value": 0,
"arguments": {},
"time": 1605815611.390625,
"tid": 2824,
"flags": {}
},
"pid": 2868,
"type": "call",
"cid": 5344
},
{
"call": {
"category": "system",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741811,
"api": "IsDebuggerPresent",
"return_value": 0,
"arguments": {},
"time": 1605815611.390625,
"tid": 2284,
"flags": {}
},
"pid": 2868,
"type": "call",
"cid": 5350
},
{
"call": {
"category": "system",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741811,
"api": "IsDebuggerPresent",
"return_value": 0,
"arguments": {},
"time": 1605815611.390625,
"tid": 2284,
"flags": {}
},
"pid": 2868,
"type": "call",
"cid": 5351
},
{
"call": {
"category": "system",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741811,
"api": "IsDebuggerPresent",
"return_value": 0,
"arguments": {},
"time": 1605815611.390625,
"tid": 1556,
"flags": {}
},
"pid": 2868,
"type": "call",
"cid": 5357
},
{
"call": {
"category": "system",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741811,
"api": "IsDebuggerPresent",
"return_value": 0,
"arguments": {},
"time": 1605815611.390625,
"tid": 1556,
"flags": {}
},
"pid": 2868,
"type": "call",
"cid": 5358
},
{
"call": {
"category": "system",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741811,
"api": "IsDebuggerPresent",
"return_value": 0,
"arguments": {},
"time": 1605815611.421625,
"tid": 2844,
"flags": {}
},
"pid": 2868,
"type": "call",
"cid": 5536
},
{
"call": {
"category": "system",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741811,
"api": "IsDebuggerPresent",
"return_value": 0,
"arguments": {},
"time": 1605815611.421625,
"tid": 3032,
"flags": {}
},
"pid": 2868,
"type": "call",
"cid": 5541
},
{
"call": {
"category": "system",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741811,
"api": "IsDebuggerPresent",
"return_value": 0,
"arguments": {},
"time": 1605815611.499625,
"tid": 1596,
"flags": {}
},
"pid": 2868,
"type": "call",
"cid": 5876
},
{
"call": {
"category": "system",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741811,
"api": "IsDebuggerPresent",
"return_value": 0,
"arguments": {},
"time": 1605815611.562625,
"tid": 2852,
"flags": {}
},
"pid": 2868,
"type": "call",
"cid": 6446
},
{
"call": {
"category": "system",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741811,
"api": "IsDebuggerPresent",
"return_value": 0,
"arguments": {},
"time": 1605815611.577625,
"tid": 2568,
"flags": {}
},
"pid": 2868,
"type": "call",
"cid": 6564
},
{
"call": {
"category": "system",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741811,
"api": "IsDebuggerPresent",
"return_value": 0,
"arguments": {},
"time": 1605815611.577625,
"tid": 684,
"flags": {}
},
"pid": 2868,
"type": "call",
"cid": 6588
},
{
"call": {
"category": "system",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741811,
"api": "IsDebuggerPresent",
"return_value": 0,
"arguments": {},
"time": 1605815611.577625,
"tid": 1500,
"flags": {}
},
"pid": 2868,
"type": "call",
"cid": 6610
},
{
"call": {
"category": "system",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741811,
"api": "IsDebuggerPresent",
"return_value": 0,
"arguments": {},
"time": 1605815611.624625,
"tid": 1744,
"flags": {}
},
"pid": 2868,
"type": "call",
"cid": 6983
},
{
"call": {
"category": "system",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741811,
"api": "IsDebuggerPresent",
"return_value": 0,
"arguments": {},
"time": 1605815611.640625,
"tid": 2784,
"flags": {}
},
"pid": 2868,
"type": "call",
"cid": 7095
},
{
"call": {
"category": "system",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741811,
"api": "IsDebuggerPresent",
"return_value": 0,
"arguments": {},
"time": 1605815611.655625,
"tid": 2516,
"flags": {}
},
"pid": 2868,
"type": "call",
"cid": 7194
},
{
"call": {
"category": "system",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741811,
"api": "IsDebuggerPresent",
"return_value": 0,
"arguments": {},
"time": 1605815611.702625,
"tid": 2876,
"flags": {}
},
"pid": 2868,
"type": "call",
"cid": 7575
},
{
"call": {
"category": "system",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741811,
"api": "IsDebuggerPresent",
"return_value": 0,
"arguments": {},
"time": 1605815611.702625,
"tid": 800,
"flags": {}
},
"pid": 2868,
"type": "call",
"cid": 7587
},
{
"call": {
"category": "system",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741811,
"api": "IsDebuggerPresent",
"return_value": 0,
"arguments": {},
"time": 1605815611.718625,
"tid": 1484,
"flags": {}
},
"pid": 2868,
"type": "call",
"cid": 7604
},
{
"call": {
"category": "system",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741811,
"api": "IsDebuggerPresent",
"return_value": 0,
"arguments": {},
"time": 1605815611.718625,
"tid": 2912,
"flags": {}
},
"pid": 2868,
"type": "call",
"cid": 7622
},
{
"call": {
"category": "system",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741811,
"api": "IsDebuggerPresent",
"return_value": 0,
"arguments": {},
"time": 1605815611.718625,
"tid": 2296,
"flags": {}
},
"pid": 2868,
"type": "call",
"cid": 7654
},
{
"call": {
"category": "system",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741811,
"api": "IsDebuggerPresent",
"return_value": 0,
"arguments": {},
"time": 1605815611.874625,
"tid": 2292,
"flags": {}
},
"pid": 2868,
"type": "call",
"cid": 8518
},
{
"call": {
"category": "system",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741811,
"api": "IsDebuggerPresent",
"return_value": 0,
"arguments": {},
"time": 1605815611.890625,
"tid": 1608,
"flags": {}
},
"pid": 2868,
"type": "call",
"cid": 8521
},
{
"call": {
"category": "system",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741811,
"api": "IsDebuggerPresent",
"return_value": 0,
"arguments": {},
"time": 1605815611.921625,
"tid": 2872,
"flags": {}
},
"pid": 2868,
"type": "call",
"cid": 8648
},
{
"call": {
"category": "system",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741811,
"api": "IsDebuggerPresent",
"return_value": 0,
"arguments": {},
"time": 1605815611.921625,
"tid": 2872,
"flags": {}
},
"pid": 2868,
"type": "call",
"cid": 8649
},
{
"call": {
"category": "system",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741811,
"api": "IsDebuggerPresent",
"return_value": 0,
"arguments": {},
"time": 1605815611.921625,
"tid": 2820,
"flags": {}
},
"pid": 2868,
"type": "call",
"cid": 8680
},
{
"call": {
"category": "system",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741811,
"api": "IsDebuggerPresent",
"return_value": 0,
"arguments": {},
"time": 1605815611.952625,
"tid": 2800,
"flags": {}
},
"pid": 2868,
"type": "call",
"cid": 8821
},
{
"call": {
"category": "system",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741811,
"api": "IsDebuggerPresent",
"return_value": 0,
"arguments": {},
"time": 1605815619.640625,
"tid": 3180,
"flags": {}
},
"pid": 2868,
"type": "call",
"cid": 11870
},
{
"call": {
"category": "system",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741811,
"api": "IsDebuggerPresent",
"return_value": 0,
"arguments": {},
"time": 1605815619.655625,
"tid": 3188,
"flags": {}
},
"pid": 2868,
"type": "call",
"cid": 11882
},
{
"call": {
"category": "system",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741811,
"api": "IsDebuggerPresent",
"return_value": 0,
"arguments": {},
"time": 1605815619.655625,
"tid": 3196,
"flags": {}
},
"pid": 2868,
"type": "call",
"cid": 11896
},
{
"call": {
"category": "system",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741811,
"api": "IsDebuggerPresent",
"return_value": 0,
"arguments": {},
"time": 1605815619.655625,
"tid": 3204,
"flags": {}
},
"pid": 2868,
"type": "call",
"cid": 11914
},
{
"call": {
"category": "system",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741811,
"api": "IsDebuggerPresent",
"return_value": 0,
"arguments": {},
"time": 1605815619.702625,
"tid": 3212,
"flags": {}
},
"pid": 2868,
"type": "call",
"cid": 12114
}
],
"references": [],
"name": "checks_debugger"
},
{
"markcount": 2,
"families": [],
"description": "Collects information to fingerprint the system (MachineGuid, DigitalProductId, SystemBiosDate)",
"severity": 1,
"marks": [
{
"category": "registry",
"ioc": "HKEY_LOCAL_MACHINE\\HARDWARE\\DESCRIPTION\\System\\SystemBiosDate",
"type": "ioc",
"description": null
},
{
"category": "registry",
"ioc": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\InstallDate",
"type": "ioc",
"description": null
}
],
"references": [],
"name": "recon_fingerprint"
},
{
"markcount": 2,
"families": [],
"description": "Tries to locate where the browsers are installed",
"severity": 1,
"marks": [
{
"category": "file",
"ioc": "C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\aushelper@mozilla.org.xpi\\install.rdf",
"type": "ioc",
"description": null
},
{
"category": "registry",
"ioc": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\App Paths\\firefox.exe",
"type": "ioc",
"description": null
}
],
"references": [],
"name": "locates_browser"
},
{
"markcount": 3,
"families": [],
"description": "The executable contains unknown PE section names indicative of a packer (could be a false positive)",
"severity": 1,
"marks": [
{
"category": "section",
"ioc": "CODE",
"type": "ioc",
"description": null
},
{
"category": "section",
"ioc": "DATA",
"type": "ioc",
"description": null
},
{
"category": "section",
"ioc": "BSS",
"type": "ioc",
"description": null
}
],
"references": [],
"name": "pe_features"
},
{
"markcount": 451,
"families": [],
"description": "One or more processes crashed",
"severity": 1,
"marks": [
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "0\nx\n2\nc\n1\n1\n9\n0\n4\n\n\n0\nx\n3\n0\n\n\n0\nx\n3\n0\n\n\n0\nx\n3\n0\n\n\n0\nx\n3\n0\n\n\n0\nx\n3\n0\n\n\n0\nx\n3\n0\n\n\n0\nx\n3\n0\n\n\n0\nx\n3\n0\n\n\n0\nx\n3\n0\n\n\n0\nx\n3\n0\n\n\n0\nx\n3\n0\n\n\n0\nx\n3\n0\n\n\n0\nx\n3\n0\n\n\n0\nx\n3\n0\n\n\n0\nx\n3\n0\n\n\n0\nx\n3\n0\n\n\n0\nx\n3\n0\n\n\n0\nx\n3\n0\n\n\n0\nx\n3\n0\n\n\n0\nx\n3\n0\n\n\n0\nx\n3\n0\n\n\n0\nx\n3\n0\n\n\n0\nx\n3\n0\n\n\n0\nx\n3\n0\n\n\n0\nx\n3\n0\n\n\n0\nx\n3\n0\n\n\n0\nx\n3\n0\n\n\n0\nx\n3\n0\n\n\n0\nx\n3\n0\n\n\n0\nx\n3\n0\n\n\n0\nx\n3\n0\n\n\n0\nx\n3\n0\n\n\n0\nx\n3\n0\n\n\n0\nx\n3\n0\n\n\n0\nx\n3\n0\n\n\n0\nx\n3\n0\n\n\n0\nx\n3\n0\n\n\n0\nx\n3\n0\n\n\n0\nx\n3\n0\n\n\n0\nx\n3\n0\n\n\n0\nx\n3\n0\n\n\n0\nx\n3\n0\n\n\n0\nx\n3\n0\n\n\n0\nx\n3\n0\n\n\n0\nx\n3\n0\n\n\n0\nx\n3\n0\n\n\n0\nx\n3\n0\n\n\n0\nx\n3\n0\n\n\n0\nx\n3\n0\n\n\n0\nx\n3\n0\n\n\n0\nx\n3\n0\n\n\n0\nx\n3\n0\n\n\n0\nx\n3\n0\n\n\n0\nx\n3\n0\n\n\n0\nx\n3\n0\n\n\n0\nx\n3\n0\n\n\n0\nx\n3\n0\n\n\n0\nx\n3\n0\n\n\n0\nx\n3\n0\n\n\n0\nx\n3\n0\n\n\n0\nx\n3\n0\n\n\n0\nx\n3\n0\n\n\n0\nx\n3\n0",
"registers": {
"r14": 237106680,
"r9": 0,
"rcx": 48,
"rsi": 237106680,
"r10": 0,
"rbx": 98185776,
"rdi": 98255408,
"r11": 192936176,
"r8": 2007859596,
"rdx": 8796092404304,
"rbp": 192933520,
"r15": 262145,
"r12": 262144,
"rsp": 192933400,
"rax": 46209280,
"r13": 192934913
},
"exception": {
"instruction_r": "83 3d 8d d1 02 00 00 68 53 12 69 fb c7 44 24 04",
"instruction": "cmp dword ptr [rip + 0x2d18d], 0",
"exception_code": "0xc0000005",
"symbol": "",
"address": "0x2c11904"
}
},
"time": 1605815609.172,
"tid": 1296,
"flags": {}
},
"pid": 1788,
"type": "call",
"cid": 11620
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "",
"registers": {
"esp": 1638240,
"edi": 0,
"eax": 0,
"ebp": 5685248,
"edx": 5685248,
"ebx": 175,
"esi": 0,
"ecx": 0
},
"exception": {
"instruction_r": "8f 00 64 67 8f 06 00 00 83 c4 04 58 33 ff 47 60",
"symbol": "companylogodesigner+0x16c1b3",
"instruction": "pop dword ptr [eax]",
"module": "CompanyLogoDesigner.exe",
"exception_code": "0xc0000005",
"offset": 1491379,
"address": "0x56c1b3"
}
},
"time": 1605815608.483875,
"tid": 3048,
"flags": {}
},
"pid": 2700,
"type": "call",
"cid": 0
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "",
"registers": {
"esp": 1638240,
"edi": 8,
"eax": 0,
"ebp": 5685248,
"edx": 5686735,
"ebx": 0,
"esi": 5724647,
"ecx": 112
},
"exception": {
"instruction_r": "8f 00 64 67 8f 06 00 00 83 c4 04 58 8b f0 81 e6",
"symbol": "companylogodesigner+0x16c888",
"instruction": "pop dword ptr [eax]",
"module": "CompanyLogoDesigner.exe",
"exception_code": "0xc0000005",
"offset": 1493128,
"address": "0x56c888"
}
},
"time": 1605815608.483875,
"tid": 3048,
"flags": {}
},
"pid": 2700,
"type": "call",
"cid": 1
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "",
"registers": {
"esp": 1638240,
"edi": 4,
"eax": 0,
"ebp": 5685248,
"edx": 5691900,
"ebx": 5723472,
"esi": 1975985312,
"ecx": 0
},
"exception": {
"instruction_r": "f0 f0 c7 c8 64 67 8f 06 00 00 83 c4 04 c3 03 c5",
"symbol": "companylogodesigner+0x1755c3",
"address": "0x5755c3",
"module": "CompanyLogoDesigner.exe",
"exception_code": "0xc000001d",
"offset": 1529283
}
},
"time": 1605815608.483875,
"tid": 3048,
"flags": {}
},
"pid": 2700,
"type": "call",
"cid": 5
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "",
"registers": {
"esp": 1638240,
"edi": 4,
"eax": 0,
"ebp": 5685248,
"edx": 5691900,
"ebx": 5723472,
"esi": 1975985312,
"ecx": 0
},
"exception": {
"instruction_r": "c7 c8 64 67 8f 06 00 00 83 c4 04 c3 03 c5 c3 b9",
"symbol": "companylogodesigner+0x1755c5",
"address": "0x5755c5",
"module": "CompanyLogoDesigner.exe",
"exception_code": "0xc000001d",
"offset": 1529285
}
},
"time": 1605815608.483875,
"tid": 3048,
"flags": {}
},
"pid": 2700,
"type": "call",
"cid": 6
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "",
"registers": {
"esp": 1638240,
"edi": 4,
"eax": 0,
"ebp": 5685248,
"edx": 5692132,
"ebx": 5723310,
"esi": 1975985312,
"ecx": 0
},
"exception": {
"instruction_r": "f0 f0 c7 c8 64 67 8f 06 00 00 83 c4 04 c3 03 c5",
"symbol": "companylogodesigner+0x17551f",
"address": "0x57551f",
"module": "CompanyLogoDesigner.exe",
"exception_code": "0xc000001d",
"offset": 1529119
}
},
"time": 1605815608.483875,
"tid": 3048,
"flags": {}
},
"pid": 2700,
"type": "call",
"cid": 7
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "",
"registers": {
"esp": 1638240,
"edi": 4,
"eax": 0,
"ebp": 5685248,
"edx": 5692132,
"ebx": 5723310,
"esi": 1975985312,
"ecx": 0
},
"exception": {
"instruction_r": "c7 c8 64 67 8f 06 00 00 83 c4 04 c3 03 c5 c3 b9",
"symbol": "companylogodesigner+0x175521",
"address": "0x575521",
"module": "CompanyLogoDesigner.exe",
"exception_code": "0xc000001d",
"offset": 1529121
}
},
"time": 1605815608.483875,
"tid": 3048,
"flags": {}
},
"pid": 2700,
"type": "call",
"cid": 8
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "",
"registers": {
"esp": 1638240,
"edi": 4,
"eax": 0,
"ebp": 5685248,
"edx": 5692407,
"ebx": 5723148,
"esi": 1975985312,
"ecx": 0
},
"exception": {
"instruction_r": "f0 f0 c7 c8 64 67 8f 06 00 00 83 c4 04 c3 03 c5",
"symbol": "companylogodesigner+0x17547d",
"address": "0x57547d",
"module": "CompanyLogoDesigner.exe",
"exception_code": "0xc000001d",
"offset": 1528957
}
},
"time": 1605815608.483875,
"tid": 3048,
"flags": {}
},
"pid": 2700,
"type": "call",
"cid": 9
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "",
"registers": {
"esp": 1638240,
"edi": 4,
"eax": 0,
"ebp": 5685248,
"edx": 5692407,
"ebx": 5723148,
"esi": 1975985312,
"ecx": 0
},
"exception": {
"instruction_r": "c7 c8 64 67 8f 06 00 00 83 c4 04 c3 03 c5 c3 b9",
"symbol": "companylogodesigner+0x17547f",
"address": "0x57547f",
"module": "CompanyLogoDesigner.exe",
"exception_code": "0xc000001d",
"offset": 1528959
}
},
"time": 1605815608.483875,
"tid": 3048,
"flags": {}
},
"pid": 2700,
"type": "call",
"cid": 10
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "",
"registers": {
"esp": 1638240,
"edi": 4,
"eax": 0,
"ebp": 5685248,
"edx": 5692614,
"ebx": 5722984,
"esi": 1975985312,
"ecx": 0
},
"exception": {
"instruction_r": "f0 f0 c7 c8 64 67 8f 06 00 00 83 c4 04 c3 03 c5",
"symbol": "companylogodesigner+0x1753db",
"address": "0x5753db",
"module": "CompanyLogoDesigner.exe",
"exception_code": "0xc000001d",
"offset": 1528795
}
},
"time": 1605815608.483875,
"tid": 3048,
"flags": {}
},
"pid": 2700,
"type": "call",
"cid": 11
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "",
"registers": {
"esp": 1638240,
"edi": 4,
"eax": 0,
"ebp": 5685248,
"edx": 5692614,
"ebx": 5722984,
"esi": 1975985312,
"ecx": 0
},
"exception": {
"instruction_r": "c7 c8 64 67 8f 06 00 00 83 c4 04 c3 03 c5 c3 b9",
"symbol": "companylogodesigner+0x1753dd",
"address": "0x5753dd",
"module": "CompanyLogoDesigner.exe",
"exception_code": "0xc000001d",
"offset": 1528797
}
},
"time": 1605815608.483875,
"tid": 3048,
"flags": {}
},
"pid": 2700,
"type": "call",
"cid": 12
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "",
"registers": {
"esp": 1638240,
"edi": 4,
"eax": 0,
"ebp": 5685248,
"edx": 5692879,
"ebx": 5722822,
"esi": 1975985312,
"ecx": 0
},
"exception": {
"instruction_r": "f0 f0 c7 c8 64 67 8f 06 00 00 83 c4 04 c3 03 c5",
"symbol": "companylogodesigner+0x175337",
"address": "0x575337",
"module": "CompanyLogoDesigner.exe",
"exception_code": "0xc000001d",
"offset": 1528631
}
},
"time": 1605815608.483875,
"tid": 3048,
"flags": {}
},
"pid": 2700,
"type": "call",
"cid": 13
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "",
"registers": {
"esp": 1638240,
"edi": 4,
"eax": 0,
"ebp": 5685248,
"edx": 5692879,
"ebx": 5722822,
"esi": 1975985312,
"ecx": 0
},
"exception": {
"instruction_r": "c7 c8 64 67 8f 06 00 00 83 c4 04 c3 03 c5 c3 b9",
"symbol": "companylogodesigner+0x175339",
"address": "0x575339",
"module": "CompanyLogoDesigner.exe",
"exception_code": "0xc000001d",
"offset": 1528633
}
},
"time": 1605815608.483875,
"tid": 3048,
"flags": {}
},
"pid": 2700,
"type": "call",
"cid": 14
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "",
"registers": {
"esp": 1638240,
"edi": 4,
"eax": 0,
"ebp": 5685248,
"edx": 5693101,
"ebx": 5722658,
"esi": 1975985312,
"ecx": 0
},
"exception": {
"instruction_r": "f0 f0 c7 c8 64 67 8f 06 00 00 83 c4 04 c3 03 c5",
"symbol": "companylogodesigner+0x175295",
"address": "0x575295",
"module": "CompanyLogoDesigner.exe",
"exception_code": "0xc000001d",
"offset": 1528469
}
},
"time": 1605815608.483875,
"tid": 3048,
"flags": {}
},
"pid": 2700,
"type": "call",
"cid": 15
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "",
"registers": {
"esp": 1638240,
"edi": 4,
"eax": 0,
"ebp": 5685248,
"edx": 5693101,
"ebx": 5722658,
"esi": 1975985312,
"ecx": 0
},
"exception": {
"instruction_r": "c7 c8 64 67 8f 06 00 00 83 c4 04 c3 03 c5 c3 b9",
"symbol": "companylogodesigner+0x175297",
"address": "0x575297",
"module": "CompanyLogoDesigner.exe",
"exception_code": "0xc000001d",
"offset": 1528471
}
},
"time": 1605815608.483875,
"tid": 3048,
"flags": {}
},
"pid": 2700,
"type": "call",
"cid": 16
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "",
"registers": {
"esp": 1638240,
"edi": 4,
"eax": 0,
"ebp": 5685248,
"edx": 5693362,
"ebx": 5722494,
"esi": 1975985312,
"ecx": 0
},
"exception": {
"instruction_r": "f0 f0 c7 c8 64 67 8f 06 00 00 83 c4 04 c3 03 c5",
"symbol": "companylogodesigner+0x1751f1",
"address": "0x5751f1",
"module": "CompanyLogoDesigner.exe",
"exception_code": "0xc000001d",
"offset": 1528305
}
},
"time": 1605815608.483875,
"tid": 3048,
"flags": {}
},
"pid": 2700,
"type": "call",
"cid": 17
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "",
"registers": {
"esp": 1638240,
"edi": 4,
"eax": 0,
"ebp": 5685248,
"edx": 5693362,
"ebx": 5722494,
"esi": 1975985312,
"ecx": 0
},
"exception": {
"instruction_r": "c7 c8 64 67 8f 06 00 00 83 c4 04 c3 03 c5 c3 b9",
"symbol": "companylogodesigner+0x1751f3",
"address": "0x5751f3",
"module": "CompanyLogoDesigner.exe",
"exception_code": "0xc000001d",
"offset": 1528307
}
},
"time": 1605815608.483875,
"tid": 3048,
"flags": {}
},
"pid": 2700,
"type": "call",
"cid": 18
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "",
"registers": {
"esp": 1638240,
"edi": 4,
"eax": 0,
"ebp": 5685248,
"edx": 5693532,
"ebx": 5722332,
"esi": 1975985312,
"ecx": 0
},
"exception": {
"instruction_r": "f0 f0 c7 c8 64 67 8f 06 00 00 83 c4 04 c3 03 c5",
"symbol": "companylogodesigner+0x17514d",
"address": "0x57514d",
"module": "CompanyLogoDesigner.exe",
"exception_code": "0xc000001d",
"offset": 1528141
}
},
"time": 1605815608.483875,
"tid": 3048,
"flags": {}
},
"pid": 2700,
"type": "call",
"cid": 19
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "",
"registers": {
"esp": 1638240,
"edi": 4,
"eax": 0,
"ebp": 5685248,
"edx": 5693532,
"ebx": 5722332,
"esi": 1975985312,
"ecx": 0
},
"exception": {
"instruction_r": "c7 c8 64 67 8f 06 00 00 83 c4 04 c3 03 c5 c3 b9",
"symbol": "companylogodesigner+0x17514f",
"address": "0x57514f",
"module": "CompanyLogoDesigner.exe",
"exception_code": "0xc000001d",
"offset": 1528143
}
},
"time": 1605815608.483875,
"tid": 3048,
"flags": {}
},
"pid": 2700,
"type": "call",
"cid": 20
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "",
"registers": {
"esp": 1638240,
"edi": 4,
"eax": 0,
"ebp": 5685248,
"edx": 5693745,
"ebx": 5722169,
"esi": 1975985312,
"ecx": 0
},
"exception": {
"instruction_r": "f0 f0 c7 c8 64 67 8f 06 00 00 83 c4 04 c3 03 c5",
"symbol": "companylogodesigner+0x1750ab",
"address": "0x5750ab",
"module": "CompanyLogoDesigner.exe",
"exception_code": "0xc000001d",
"offset": 1527979
}
},
"time": 1605815608.483875,
"tid": 3048,
"flags": {}
},
"pid": 2700,
"type": "call",
"cid": 21
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "",
"registers": {
"esp": 1638240,
"edi": 4,
"eax": 0,
"ebp": 5685248,
"edx": 5693745,
"ebx": 5722169,
"esi": 1975985312,
"ecx": 0
},
"exception": {
"instruction_r": "c7 c8 64 67 8f 06 00 00 83 c4 04 c3 03 c5 c3 b9",
"symbol": "companylogodesigner+0x1750ad",
"address": "0x5750ad",
"module": "CompanyLogoDesigner.exe",
"exception_code": "0xc000001d",
"offset": 1527981
}
},
"time": 1605815608.483875,
"tid": 3048,
"flags": {}
},
"pid": 2700,
"type": "call",
"cid": 22
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "",
"registers": {
"esp": 1638240,
"edi": 4,
"eax": 0,
"ebp": 5685248,
"edx": 5694010,
"ebx": 5722006,
"esi": 1975985312,
"ecx": 0
},
"exception": {
"instruction_r": "f0 f0 c7 c8 64 67 8f 06 00 00 83 c4 04 c3 03 c5",
"symbol": "companylogodesigner+0x175008",
"address": "0x575008",
"module": "CompanyLogoDesigner.exe",
"exception_code": "0xc000001d",
"offset": 1527816
}
},
"time": 1605815608.483875,
"tid": 3048,
"flags": {}
},
"pid": 2700,
"type": "call",
"cid": 23
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "",
"registers": {
"esp": 1638240,
"edi": 4,
"eax": 0,
"ebp": 5685248,
"edx": 5694010,
"ebx": 5722006,
"esi": 1975985312,
"ecx": 0
},
"exception": {
"instruction_r": "c7 c8 64 67 8f 06 00 00 83 c4 04 c3 03 c5 c3 b9",
"symbol": "companylogodesigner+0x17500a",
"address": "0x57500a",
"module": "CompanyLogoDesigner.exe",
"exception_code": "0xc000001d",
"offset": 1527818
}
},
"time": 1605815608.483875,
"tid": 3048,
"flags": {}
},
"pid": 2700,
"type": "call",
"cid": 24
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "",
"registers": {
"esp": 1638240,
"edi": 4,
"eax": 0,
"ebp": 5685248,
"edx": 5694232,
"ebx": 5721843,
"esi": 1975985312,
"ecx": 0
},
"exception": {
"instruction_r": "f0 f0 c7 c8 64 67 8f 06 00 00 83 c4 04 c3 03 c5",
"symbol": "companylogodesigner+0x174f65",
"address": "0x574f65",
"module": "CompanyLogoDesigner.exe",
"exception_code": "0xc000001d",
"offset": 1527653
}
},
"time": 1605815608.483875,
"tid": 3048,
"flags": {}
},
"pid": 2700,
"type": "call",
"cid": 25
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "",
"registers": {
"esp": 1638240,
"edi": 4,
"eax": 0,
"ebp": 5685248,
"edx": 5694232,
"ebx": 5721843,
"esi": 1975985312,
"ecx": 0
},
"exception": {
"instruction_r": "c7 c8 64 67 8f 06 00 00 83 c4 04 c3 03 c5 c3 b9",
"symbol": "companylogodesigner+0x174f67",
"address": "0x574f67",
"module": "CompanyLogoDesigner.exe",
"exception_code": "0xc000001d",
"offset": 1527655
}
},
"time": 1605815608.483875,
"tid": 3048,
"flags": {}
},
"pid": 2700,
"type": "call",
"cid": 26
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "",
"registers": {
"esp": 1638240,
"edi": 4,
"eax": 0,
"ebp": 5685248,
"edx": 5694454,
"ebx": 5721681,
"esi": 1975985312,
"ecx": 0
},
"exception": {
"instruction_r": "f0 f0 c7 c8 64 67 8f 06 00 00 83 c4 04 c3 03 c5",
"symbol": "companylogodesigner+0x174ec2",
"address": "0x574ec2",
"module": "CompanyLogoDesigner.exe",
"exception_code": "0xc000001d",
"offset": 1527490
}
},
"time": 1605815608.499875,
"tid": 3048,
"flags": {}
},
"pid": 2700,
"type": "call",
"cid": 27
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "",
"registers": {
"esp": 1638240,
"edi": 4,
"eax": 0,
"ebp": 5685248,
"edx": 5694454,
"ebx": 5721681,
"esi": 1975985312,
"ecx": 0
},
"exception": {
"instruction_r": "c7 c8 64 67 8f 06 00 00 83 c4 04 c3 03 c5 c3 b9",
"symbol": "companylogodesigner+0x174ec4",
"address": "0x574ec4",
"module": "CompanyLogoDesigner.exe",
"exception_code": "0xc000001d",
"offset": 1527492
}
},
"time": 1605815608.499875,
"tid": 3048,
"flags": {}
},
"pid": 2700,
"type": "call",
"cid": 28
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "",
"registers": {
"esp": 1638240,
"edi": 4,
"eax": 0,
"ebp": 5685248,
"edx": 5694715,
"ebx": 5721519,
"esi": 1975985312,
"ecx": 0
},
"exception": {
"instruction_r": "f0 f0 c7 c8 64 67 8f 06 00 00 83 c4 04 c3 03 c5",
"symbol": "companylogodesigner+0x174e20",
"address": "0x574e20",
"module": "CompanyLogoDesigner.exe",
"exception_code": "0xc000001d",
"offset": 1527328
}
},
"time": 1605815608.499875,
"tid": 3048,
"flags": {}
},
"pid": 2700,
"type": "call",
"cid": 29
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "",
"registers": {
"esp": 1638240,
"edi": 4,
"eax": 0,
"ebp": 5685248,
"edx": 5694715,
"ebx": 5721519,
"esi": 1975985312,
"ecx": 0
},
"exception": {
"instruction_r": "c7 c8 64 67 8f 06 00 00 83 c4 04 c3 03 c5 c3 b9",
"symbol": "companylogodesigner+0x174e22",
"address": "0x574e22",
"module": "CompanyLogoDesigner.exe",
"exception_code": "0xc000001d",
"offset": 1527330
}
},
"time": 1605815608.499875,
"tid": 3048,
"flags": {}
},
"pid": 2700,
"type": "call",
"cid": 30
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "",
"registers": {
"esp": 1638240,
"edi": 4,
"eax": 0,
"ebp": 5685248,
"edx": 5694885,
"ebx": 5721357,
"esi": 1975985312,
"ecx": 0
},
"exception": {
"instruction_r": "f0 f0 c7 c8 64 67 8f 06 00 00 83 c4 04 c3 03 c5",
"symbol": "companylogodesigner+0x174d7e",
"address": "0x574d7e",
"module": "CompanyLogoDesigner.exe",
"exception_code": "0xc000001d",
"offset": 1527166
}
},
"time": 1605815608.499875,
"tid": 3048,
"flags": {}
},
"pid": 2700,
"type": "call",
"cid": 31
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "",
"registers": {
"esp": 1638240,
"edi": 4,
"eax": 0,
"ebp": 5685248,
"edx": 5694885,
"ebx": 5721357,
"esi": 1975985312,
"ecx": 0
},
"exception": {
"instruction_r": "c7 c8 64 67 8f 06 00 00 83 c4 04 c3 03 c5 c3 b9",
"symbol": "companylogodesigner+0x174d80",
"address": "0x574d80",
"module": "CompanyLogoDesigner.exe",
"exception_code": "0xc000001d",
"offset": 1527168
}
},
"time": 1605815608.499875,
"tid": 3048,
"flags": {}
},
"pid": 2700,
"type": "call",
"cid": 32
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "",
"registers": {
"esp": 1638240,
"edi": 4,
"eax": 0,
"ebp": 5685248,
"edx": 5695098,
"ebx": 5721195,
"esi": 1975985312,
"ecx": 0
},
"exception": {
"instruction_r": "f0 f0 c7 c8 64 67 8f 06 00 00 83 c4 04 c3 03 c5",
"symbol": "companylogodesigner+0x174cdc",
"address": "0x574cdc",
"module": "CompanyLogoDesigner.exe",
"exception_code": "0xc000001d",
"offset": 1527004
}
},
"time": 1605815608.499875,
"tid": 3048,
"flags": {}
},
"pid": 2700,
"type": "call",
"cid": 33
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "",
"registers": {
"esp": 1638240,
"edi": 4,
"eax": 0,
"ebp": 5685248,
"edx": 5695098,
"ebx": 5721195,
"esi": 1975985312,
"ecx": 0
},
"exception": {
"instruction_r": "c7 c8 64 67 8f 06 00 00 83 c4 04 c3 03 c5 c3 b9",
"symbol": "companylogodesigner+0x174cde",
"address": "0x574cde",
"module": "CompanyLogoDesigner.exe",
"exception_code": "0xc000001d",
"offset": 1527006
}
},
"time": 1605815608.499875,
"tid": 3048,
"flags": {}
},
"pid": 2700,
"type": "call",
"cid": 34
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "",
"registers": {
"esp": 1638240,
"edi": 4,
"eax": 0,
"ebp": 5685248,
"edx": 5695363,
"ebx": 5721033,
"esi": 1975985312,
"ecx": 0
},
"exception": {
"instruction_r": "f0 f0 c7 c8 64 67 8f 06 00 00 83 c4 04 c3 03 c5",
"symbol": "companylogodesigner+0x174c3a",
"address": "0x574c3a",
"module": "CompanyLogoDesigner.exe",
"exception_code": "0xc000001d",
"offset": 1526842
}
},
"time": 1605815608.499875,
"tid": 3048,
"flags": {}
},
"pid": 2700,
"type": "call",
"cid": 35
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "",
"registers": {
"esp": 1638240,
"edi": 4,
"eax": 0,
"ebp": 5685248,
"edx": 5695363,
"ebx": 5721033,
"esi": 1975985312,
"ecx": 0
},
"exception": {
"instruction_r": "c7 c8 64 67 8f 06 00 00 83 c4 04 c3 03 c5 c3 b9",
"symbol": "companylogodesigner+0x174c3c",
"address": "0x574c3c",
"module": "CompanyLogoDesigner.exe",
"exception_code": "0xc000001d",
"offset": 1526844
}
},
"time": 1605815608.499875,
"tid": 3048,
"flags": {}
},
"pid": 2700,
"type": "call",
"cid": 36
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "",
"registers": {
"esp": 1638240,
"edi": 4,
"eax": 0,
"ebp": 5685248,
"edx": 5695591,
"ebx": 5720871,
"esi": 1975985312,
"ecx": 0
},
"exception": {
"instruction_r": "f0 f0 c7 c8 64 67 8f 06 00 00 83 c4 04 c3 03 c5",
"symbol": "companylogodesigner+0x174b98",
"address": "0x574b98",
"module": "CompanyLogoDesigner.exe",
"exception_code": "0xc000001d",
"offset": 1526680
}
},
"time": 1605815608.499875,
"tid": 3048,
"flags": {}
},
"pid": 2700,
"type": "call",
"cid": 37
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "",
"registers": {
"esp": 1638240,
"edi": 4,
"eax": 0,
"ebp": 5685248,
"edx": 5695591,
"ebx": 5720871,
"esi": 1975985312,
"ecx": 0
},
"exception": {
"instruction_r": "c7 c8 64 67 8f 06 00 00 83 c4 04 c3 03 c5 c3 b9",
"symbol": "companylogodesigner+0x174b9a",
"address": "0x574b9a",
"module": "CompanyLogoDesigner.exe",
"exception_code": "0xc000001d",
"offset": 1526682
}
},
"time": 1605815608.499875,
"tid": 3048,
"flags": {}
},
"pid": 2700,
"type": "call",
"cid": 38
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "",
"registers": {
"esp": 1638240,
"edi": 4,
"eax": 0,
"ebp": 5685248,
"edx": 5695823,
"ebx": 5720707,
"esi": 1975985312,
"ecx": 0
},
"exception": {
"instruction_r": "f0 f0 c7 c8 64 67 8f 06 00 00 83 c4 04 c3 03 c5",
"symbol": "companylogodesigner+0x174af6",
"address": "0x574af6",
"module": "CompanyLogoDesigner.exe",
"exception_code": "0xc000001d",
"offset": 1526518
}
},
"time": 1605815608.499875,
"tid": 3048,
"flags": {}
},
"pid": 2700,
"type": "call",
"cid": 39
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "",
"registers": {
"esp": 1638240,
"edi": 4,
"eax": 0,
"ebp": 5685248,
"edx": 5695823,
"ebx": 5720707,
"esi": 1975985312,
"ecx": 0
},
"exception": {
"instruction_r": "c7 c8 64 67 8f 06 00 00 83 c4 04 c3 03 c5 c3 b9",
"symbol": "companylogodesigner+0x174af8",
"address": "0x574af8",
"module": "CompanyLogoDesigner.exe",
"exception_code": "0xc000001d",
"offset": 1526520
}
},
"time": 1605815608.499875,
"tid": 3048,
"flags": {}
},
"pid": 2700,
"type": "call",
"cid": 40
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "",
"registers": {
"esp": 1638240,
"edi": 4,
"eax": 0,
"ebp": 5685248,
"edx": 5696098,
"ebx": 5720543,
"esi": 1975985312,
"ecx": 0
},
"exception": {
"instruction_r": "f0 f0 c7 c8 64 67 8f 06 00 00 83 c4 04 c3 03 c5",
"symbol": "companylogodesigner+0x174a52",
"address": "0x574a52",
"module": "CompanyLogoDesigner.exe",
"exception_code": "0xc000001d",
"offset": 1526354
}
},
"time": 1605815608.499875,
"tid": 3048,
"flags": {}
},
"pid": 2700,
"type": "call",
"cid": 41
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "",
"registers": {
"esp": 1638240,
"edi": 4,
"eax": 0,
"ebp": 5685248,
"edx": 5696098,
"ebx": 5720543,
"esi": 1975985312,
"ecx": 0
},
"exception": {
"instruction_r": "c7 c8 64 67 8f 06 00 00 83 c4 04 c3 03 c5 c3 b9",
"symbol": "companylogodesigner+0x174a54",
"address": "0x574a54",
"module": "CompanyLogoDesigner.exe",
"exception_code": "0xc000001d",
"offset": 1526356
}
},
"time": 1605815608.499875,
"tid": 3048,
"flags": {}
},
"pid": 2700,
"type": "call",
"cid": 42
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "",
"registers": {
"esp": 1638240,
"edi": 4,
"eax": 0,
"ebp": 5685248,
"edx": 5696305,
"ebx": 5720379,
"esi": 1975985312,
"ecx": 0
},
"exception": {
"instruction_r": "f0 f0 c7 c8 64 67 8f 06 00 00 83 c4 04 c3 03 c5",
"symbol": "companylogodesigner+0x1749ae",
"address": "0x5749ae",
"module": "CompanyLogoDesigner.exe",
"exception_code": "0xc000001d",
"offset": 1526190
}
},
"time": 1605815608.499875,
"tid": 3048,
"flags": {}
},
"pid": 2700,
"type": "call",
"cid": 43
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "",
"registers": {
"esp": 1638240,
"edi": 4,
"eax": 0,
"ebp": 5685248,
"edx": 5696305,
"ebx": 5720379,
"esi": 1975985312,
"ecx": 0
},
"exception": {
"instruction_r": "c7 c8 64 67 8f 06 00 00 83 c4 04 c3 03 c5 c3 b9",
"symbol": "companylogodesigner+0x1749b0",
"address": "0x5749b0",
"module": "CompanyLogoDesigner.exe",
"exception_code": "0xc000001d",
"offset": 1526192
}
},
"time": 1605815608.499875,
"tid": 3048,
"flags": {}
},
"pid": 2700,
"type": "call",
"cid": 44
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "",
"registers": {
"esp": 1638240,
"edi": 4,
"eax": 0,
"ebp": 5685248,
"edx": 5696570,
"ebx": 5720217,
"esi": 1975985312,
"ecx": 0
},
"exception": {
"instruction_r": "f0 f0 c7 c8 64 67 8f 06 00 00 83 c4 04 c3 03 c5",
"symbol": "companylogodesigner+0x17490a",
"address": "0x57490a",
"module": "CompanyLogoDesigner.exe",
"exception_code": "0xc000001d",
"offset": 1526026
}
},
"time": 1605815608.499875,
"tid": 3048,
"flags": {}
},
"pid": 2700,
"type": "call",
"cid": 45
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "",
"registers": {
"esp": 1638240,
"edi": 4,
"eax": 0,
"ebp": 5685248,
"edx": 5696570,
"ebx": 5720217,
"esi": 1975985312,
"ecx": 0
},
"exception": {
"instruction_r": "c7 c8 64 67 8f 06 00 00 83 c4 04 c3 03 c5 c3 b9",
"symbol": "companylogodesigner+0x17490c",
"address": "0x57490c",
"module": "CompanyLogoDesigner.exe",
"exception_code": "0xc000001d",
"offset": 1526028
}
},
"time": 1605815608.499875,
"tid": 3048,
"flags": {}
},
"pid": 2700,
"type": "call",
"cid": 46
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "",
"registers": {
"esp": 1638240,
"edi": 4,
"eax": 0,
"ebp": 5685248,
"edx": 5696792,
"ebx": 5720053,
"esi": 1975985312,
"ecx": 0
},
"exception": {
"instruction_r": "f0 f0 c7 c8 64 67 8f 06 00 00 83 c4 04 c3 03 c5",
"symbol": "companylogodesigner+0x174868",
"address": "0x574868",
"module": "CompanyLogoDesigner.exe",
"exception_code": "0xc000001d",
"offset": 1525864
}
},
"time": 1605815608.499875,
"tid": 3048,
"flags": {}
},
"pid": 2700,
"type": "call",
"cid": 47
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "",
"registers": {
"esp": 1638240,
"edi": 4,
"eax": 0,
"ebp": 5685248,
"edx": 5696792,
"ebx": 5720053,
"esi": 1975985312,
"ecx": 0
},
"exception": {
"instruction_r": "c7 c8 64 67 8f 06 00 00 83 c4 04 c3 03 c5 c3 b9",
"symbol": "companylogodesigner+0x17486a",
"address": "0x57486a",
"module": "CompanyLogoDesigner.exe",
"exception_code": "0xc000001d",
"offset": 1525866
}
},
"time": 1605815608.499875,
"tid": 3048,
"flags": {}
},
"pid": 2700,
"type": "call",
"cid": 48
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "",
"registers": {
"esp": 1638240,
"edi": 4,
"eax": 0,
"ebp": 5685248,
"edx": 5697053,
"ebx": 5719890,
"esi": 1975985312,
"ecx": 0
},
"exception": {
"instruction_r": "f0 f0 c7 c8 64 67 8f 06 00 00 83 c4 04 c3 03 c5",
"symbol": "companylogodesigner+0x1747c4",
"address": "0x5747c4",
"module": "CompanyLogoDesigner.exe",
"exception_code": "0xc000001d",
"offset": 1525700
}
},
"time": 1605815608.499875,
"tid": 3048,
"flags": {}
},
"pid": 2700,
"type": "call",
"cid": 49
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "",
"registers": {
"esp": 1638240,
"edi": 4,
"eax": 0,
"ebp": 5685248,
"edx": 5697053,
"ebx": 5719890,
"esi": 1975985312,
"ecx": 0
},
"exception": {
"instruction_r": "c7 c8 64 67 8f 06 00 00 83 c4 04 c3 03 c5 c3 b9",
"symbol": "companylogodesigner+0x1747c6",
"address": "0x5747c6",
"module": "CompanyLogoDesigner.exe",
"exception_code": "0xc000001d",
"offset": 1525702
}
},
"time": 1605815608.499875,
"tid": 3048,
"flags": {}
},
"pid": 2700,
"type": "call",
"cid": 50
},
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "",
"registers": {
"esp": 1638240,
"edi": 4,
"eax": 0,
"ebp": 5685248,
"edx": 5697223,
"ebx": 5719726,
"esi": 1975985312,
"ecx": 0
},
"exception": {
"instruction_r": "f0 f0 c7 c8 64 67 8f 06 00 00 83 c4 04 c3 03 c5",
"symbol": "companylogodesigner+0x174721",
"address": "0x574721",
"module": "CompanyLogoDesigner.exe",
"exception_code": "0xc000001d",
"offset": 1525537
}
},
"time": 1605815608.499875,
"tid": 3048,
"flags": {}
},
"pid": 2700,
"type": "call",
"cid": 51
}
],
"references": [],
"name": "raises_exception"
},
{
"markcount": 3,
"families": [],
"description": "Starts servers listening",
"severity": 2,
"marks": [
{
"call": {
"category": "network",
"status": 1,
"stacktrace": [],
"api": "bind",
"return_value": 0,
"arguments": {
"ip_address": "127.0.0.1",
"socket": 700,
"port": 0
},
"time": 1605815610.890625,
"tid": 1776,
"flags": {}
},
"pid": 2868,
"type": "call",
"cid": 2637
},
{
"call": {
"category": "network",
"status": 1,
"stacktrace": [],
"api": "listen",
"return_value": 0,
"arguments": {
"socket": 700,
"backlog": 5
},
"time": 1605815610.921625,
"tid": 1776,
"flags": {}
},
"pid": 2868,
"type": "call",
"cid": 2731
},
{
"call": {
"category": "network",
"status": 1,
"stacktrace": [],
"api": "accept",
"return_value": 784,
"arguments": {
"ip_address": "127.0.0.1",
"socket": 700,
"port": 49216
},
"time": 1605815610.921625,
"tid": 1776,
"flags": {}
},
"pid": 2868,
"type": "call",
"cid": 2737
}
],
"references": [],
"name": "network_bind"
},
{
"markcount": 30,
"families": [],
"description": "Allocates read-write-execute memory (usually to unpack itself)",
"severity": 2,
"marks": [
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2124,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 64,
"process_handle": "0xffffffff",
"base_address": "0x00400000"
},
"time": 1605815588.922125,
"tid": 2800,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE"
}
},
"pid": 2124,
"type": "call",
"cid": 71
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2124,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 40960,
"protection": 64,
"process_handle": "0xffffffff",
"base_address": "0x00401000"
},
"time": 1605815588.922125,
"tid": 2800,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE"
}
},
"pid": 2124,
"type": "call",
"cid": 73
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2124,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 81920,
"protection": 64,
"process_handle": "0xffffffff",
"base_address": "0x0040f000"
},
"time": 1605815588.922125,
"tid": 2800,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE"
}
},
"pid": 2124,
"type": "call",
"cid": 75
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtAllocateVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 1676,
"region_size": 4096,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"protection": 64,
"process_handle": "0xffffffff",
"allocation_type": 4096,
"base_address": "0x003d0000"
},
"time": 1605815589.1715,
"tid": 2872,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE",
"allocation_type": "MEM_COMMIT"
}
},
"pid": 1676,
"type": "call",
"cid": 99
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2868,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 1,
"length": 4096,
"protection": 64,
"process_handle": "0xffffffff",
"base_address": "0x00390000"
},
"time": 1605815609.702625,
"tid": 2164,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE"
}
},
"pid": 2868,
"type": "call",
"cid": 42
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2868,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 64,
"process_handle": "0xffffffff",
"base_address": "0x77bcc000"
},
"time": 1605815609.702625,
"tid": 2164,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE"
}
},
"pid": 2868,
"type": "call",
"cid": 43
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2868,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 1,
"length": 4096,
"protection": 64,
"process_handle": "0xffffffff",
"base_address": "0x00410000"
},
"time": 1605815609.733625,
"tid": 2164,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE"
}
},
"pid": 2868,
"type": "call",
"cid": 135
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2868,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 64,
"process_handle": "0xffffffff",
"base_address": "0x75bc3000"
},
"time": 1605815609.733625,
"tid": 2164,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE"
}
},
"pid": 2868,
"type": "call",
"cid": 136
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2868,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 64,
"process_handle": "0xffffffff",
"base_address": "0x75bc8000"
},
"time": 1605815610.468625,
"tid": 2164,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE"
}
},
"pid": 2868,
"type": "call",
"cid": 1484
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2868,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 64,
"process_handle": "0xffffffff",
"base_address": "0x75bc8000"
},
"time": 1605815610.468625,
"tid": 2164,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE"
}
},
"pid": 2868,
"type": "call",
"cid": 1485
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2868,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 64,
"process_handle": "0xffffffff",
"base_address": "0x75bc8000"
},
"time": 1605815610.468625,
"tid": 2164,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE"
}
},
"pid": 2868,
"type": "call",
"cid": 1486
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2868,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 1,
"length": 4096,
"protection": 64,
"process_handle": "0xffffffff",
"base_address": "0x00ca0000"
},
"time": 1605815610.468625,
"tid": 2164,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE"
}
},
"pid": 2868,
"type": "call",
"cid": 1491
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2868,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 64,
"process_handle": "0xffffffff",
"base_address": "0x75bc8000"
},
"time": 1605815610.468625,
"tid": 2164,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE"
}
},
"pid": 2868,
"type": "call",
"cid": 1492
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2868,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 64,
"process_handle": "0xffffffff",
"base_address": "0x75bc1000"
},
"time": 1605815610.499625,
"tid": 2164,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE"
}
},
"pid": 2868,
"type": "call",
"cid": 1746
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2868,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 64,
"process_handle": "0xffffffff",
"base_address": "0x75bc1000"
},
"time": 1605815610.499625,
"tid": 2164,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE"
}
},
"pid": 2868,
"type": "call",
"cid": 1747
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2868,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 64,
"process_handle": "0xffffffff",
"base_address": "0x75bc1000"
},
"time": 1605815610.499625,
"tid": 2164,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE"
}
},
"pid": 2868,
"type": "call",
"cid": 1748
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2868,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 64,
"process_handle": "0xffffffff",
"base_address": "0x75bc1000"
},
"time": 1605815610.499625,
"tid": 2164,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE"
}
},
"pid": 2868,
"type": "call",
"cid": 1760
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2868,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 64,
"process_handle": "0xffffffff",
"base_address": "0x75bc1000"
},
"time": 1605815610.499625,
"tid": 2164,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE"
}
},
"pid": 2868,
"type": "call",
"cid": 1761
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2868,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 64,
"process_handle": "0xffffffff",
"base_address": "0x75bc1000"
},
"time": 1605815610.499625,
"tid": 2164,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE"
}
},
"pid": 2868,
"type": "call",
"cid": 1762
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2868,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 64,
"process_handle": "0xffffffff",
"base_address": "0x7631a000"
},
"time": 1605815610.515625,
"tid": 2164,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE"
}
},
"pid": 2868,
"type": "call",
"cid": 1784
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2868,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 64,
"process_handle": "0xffffffff",
"base_address": "0x7631a000"
},
"time": 1605815610.515625,
"tid": 2164,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE"
}
},
"pid": 2868,
"type": "call",
"cid": 1785
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2868,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 64,
"process_handle": "0xffffffff",
"base_address": "0x763b1000"
},
"time": 1605815619.546625,
"tid": 2164,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE"
}
},
"pid": 2868,
"type": "call",
"cid": 11060
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2868,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 64,
"process_handle": "0xffffffff",
"base_address": "0x763b1000"
},
"time": 1605815619.546625,
"tid": 2164,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE"
}
},
"pid": 2868,
"type": "call",
"cid": 11061
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2868,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 64,
"process_handle": "0xffffffff",
"base_address": "0x763b1000"
},
"time": 1605815619.546625,
"tid": 2164,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE"
}
},
"pid": 2868,
"type": "call",
"cid": 11062
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2868,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 1,
"length": 4096,
"protection": 64,
"process_handle": "0xffffffff",
"base_address": "0x0c9a0000"
},
"time": 1605815619.546625,
"tid": 2164,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE"
}
},
"pid": 2868,
"type": "call",
"cid": 11067
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2868,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 64,
"process_handle": "0xffffffff",
"base_address": "0x763b1000"
},
"time": 1605815619.546625,
"tid": 2164,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE"
}
},
"pid": 2868,
"type": "call",
"cid": 11068
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2868,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 45056,
"protection": 64,
"process_handle": "0xffffffff",
"base_address": "0x7279b000"
},
"time": 1605815642.843625,
"tid": 3696,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE"
}
},
"pid": 2868,
"type": "call",
"cid": 59047
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 560,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 1,
"length": 995328,
"protection": 64,
"process_handle": "0xffffffff",
"base_address": "0x020f1000"
},
"time": 1605815612.735578,
"tid": 2216,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE"
}
},
"pid": 560,
"type": "call",
"cid": 641
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtAllocateVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 560,
"region_size": 131072,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 1,
"protection": 64,
"process_handle": "0xffffffff",
"allocation_type": 8192,
"base_address": "0x03530000"
},
"time": 1605815613.329578,
"tid": 2216,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE",
"allocation_type": "MEM_RESERVE"
}
},
"pid": 560,
"type": "call",
"cid": 1785
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtAllocateVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 560,
"region_size": 131072,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 1,
"protection": 64,
"process_handle": "0xffffffff",
"allocation_type": 4096,
"base_address": "0x03530000"
},
"time": 1605815613.329578,
"tid": 2216,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE",
"allocation_type": "MEM_COMMIT"
}
},
"pid": 560,
"type": "call",
"cid": 1786
}
],
"references": [],
"name": "allocates_rwx"
},
{
"markcount": 3,
"families": [],
"description": "Queries the disk size which could be used to detect virtual machine with small fixed size or dynamic allocation",
"severity": 2,
"marks": [
{
"call": {
"category": "misc",
"status": 0,
"stacktrace": [],
"last_error": 3,
"nt_status": -1073741772,
"api": "GetDiskFreeSpaceExW",
"return_value": 0,
"arguments": {
"root_path": "C:\\Program Files (x86)\\CompanyLogoDesigner\\",
"free_bytes_available": 0,
"total_number_of_free_bytes": 0,
"total_number_of_bytes": 7998188493
},
"time": 1605815592.8435,
"tid": 2872,
"flags": {}
},
"pid": 1676,
"type": "call",
"cid": 1984
},
{
"call": {
"category": "misc",
"status": 1,
"stacktrace": [],
"api": "GetDiskFreeSpaceExW",
"return_value": 1,
"arguments": {
"root_path": "C:\\Program Files (x86)\\",
"free_bytes_available": 23511113728,
"total_number_of_free_bytes": 0,
"total_number_of_bytes": 34252779520
},
"time": 1605815592.8435,
"tid": 2872,
"flags": {}
},
"pid": 1676,
"type": "call",
"cid": 1987
},
{
"call": {
"category": "misc",
"status": 1,
"stacktrace": [],
"api": "GetDiskFreeSpaceExW",
"return_value": 1,
"arguments": {
"root_path": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Explorer",
"free_bytes_available": 23507869696,
"total_number_of_free_bytes": 0,
"total_number_of_bytes": 0
},
"time": 1605815608.859,
"tid": 2288,
"flags": {}
},
"pid": 1788,
"type": "call",
"cid": 11205
}
],
"references": [],
"name": "antivm_disk_size"
},
{
"markcount": 15,
"families": [],
"description": "Creates a shortcut to an executable file",
"severity": 2,
"marks": [
{
"category": "file",
"ioc": "C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Command Prompt.lnk",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Snipping Tool.lnk",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Internet Explorer.lnk",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Welcome Center.lnk",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Windows Fax and Scan.lnk",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Firefox.lnk",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Remote Desktop Connection.lnk",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Explorer.lnk",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Sticky Notes.lnk",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Calculator.lnk",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Paint.lnk",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\displayswitch.lnk",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Company Logo Designer\\Company Logo Designer.lnk",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\Windows Media Player.lnk",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\XPS Viewer.lnk",
"type": "ioc",
"description": null
}
],
"references": [],
"name": "creates_shortcut"
},
{
"markcount": 4,
"families": [],
"description": "Drops an executable to the user AppData folder",
"severity": 2,
"marks": [
{
"category": "file",
"ioc": "C:\\Users\\cuck\\AppData\\Local\\Temp\\is-1QMIS.tmp\\_isetup\\_shfoldr.dll",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\AppData\\Local\\Temp\\is-1QMIS.tmp\\_isetup\\_RegDLL.tmp",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\AppData\\Local\\Temp\\is-1QMIS.tmp\\ServiceHelper.exe",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\AppData\\Local\\Temp\\is-MNA02.tmp\\891abfbc1df80ee834d4790b35a3ad27723867dcfaa28deee423bf1ac3eab95b.tmp",
"type": "ioc",
"description": null
}
],
"references": [],
"name": "exe_appdata"
},
{
"markcount": 1,
"families": [],
"description": "Executes one or more WMI queries",
"severity": 2,
"marks": [
{
"category": "wmi",
"ioc": "SELECT * FROM Win32_BIOS",
"type": "ioc",
"description": null
}
],
"references": [],
"name": "has_wmi"
},
{
"markcount": 2,
"families": [],
"description": "Searches running processes potentially to identify processes for sandbox evasion, code injection or memory dumping",
"severity": 2,
"marks": [
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "Process32NextW",
"return_value": 1,
"arguments": {
"process_name": "891abfbc1df80ee834d4790b35a3ad27723867dcfaa28deee423bf1ac3eab95b.bin",
"snapshot_handle": "0x000000b0",
"process_identifier": 2124
},
"time": 1605815589.46925,
"tid": 2384,
"flags": {}
},
"pid": 2952,
"type": "call",
"cid": 68
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "Process32NextW",
"return_value": 1,
"arguments": {
"process_name": "ServiceHelper.exe",
"snapshot_handle": "0x000000b0",
"process_identifier": 2952
},
"time": 1605815589.46925,
"tid": 2384,
"flags": {}
},
"pid": 2952,
"type": "call",
"cid": 70
}
],
"references": [],
"name": "injection_process_search"
},
{
"markcount": 2,
"families": [],
"description": "The binary likely contains encrypted or compressed data indicative of a packer",
"severity": 2,
"marks": [
{
"entropy": 7.338100754513625,
"section": {
"size_of_data": "0x00011800",
"virtual_address": "0x00011000",
"entropy": 7.338100754513625,
"name": ".rsrc",
"virtual_size": "0x00011724"
},
"type": "generic",
"description": "A section with a high entropy has been found"
},
{
"entropy": 0.6306306306306306,
"type": "generic",
"description": "Overall entropy of this PE file is high"
}
],
"references": [
"http:\/\/www.forensickb.com\/2013\/03\/file-entropy-explained.html",
"http:\/\/virii.es\/U\/Using%20Entropy%20Analysis%20to%20Find%20Encrypted%20and%20Packed%20Malware.pdf"
],
"name": "packer_entropy"
},
{
"markcount": 8,
"families": [],
"description": "Checks for the Locally Unique Identifier on the system for a suspicious privilege",
"severity": 2,
"marks": [
{
"call": {
"category": "system",
"status": 1,
"stacktrace": [],
"api": "LookupPrivilegeValueW",
"return_value": 1,
"arguments": {
"system_name": "",
"privilege_name": "SeShutdownPrivilege"
},
"time": 1605815604.203,
"tid": 1828,
"flags": {}
},
"pid": 1788,
"type": "call",
"cid": 4475
},
{
"call": {
"category": "system",
"status": 1,
"stacktrace": [],
"api": "LookupPrivilegeValueW",
"return_value": 1,
"arguments": {
"system_name": "",
"privilege_name": "SeShutdownPrivilege"
},
"time": 1605815604.203,
"tid": 1828,
"flags": {}
},
"pid": 1788,
"type": "call",
"cid": 4503
},
{
"call": {
"category": "system",
"status": 1,
"stacktrace": [],
"api": "LookupPrivilegeValueW",
"return_value": 1,
"arguments": {
"system_name": "",
"privilege_name": "SeShutdownPrivilege"
},
"time": 1605815604.5,
"tid": 1828,
"flags": {}
},
"pid": 1788,
"type": "call",
"cid": 4984
},
{
"call": {
"category": "system",
"status": 1,
"stacktrace": [],
"api": "LookupPrivilegeValueW",
"return_value": 1,
"arguments": {
"system_name": "",
"privilege_name": "SeShutdownPrivilege"
},
"time": 1605815604.594,
"tid": 1828,
"flags": {}
},
"pid": 1788,
"type": "call",
"cid": 5139
},
{
"call": {
"category": "system",
"status": 1,
"stacktrace": [],
"api": "LookupPrivilegeValueW",
"return_value": 1,
"arguments": {
"system_name": "",
"privilege_name": "SeShutdownPrivilege"
},
"time": 1605815604.844,
"tid": 1828,
"flags": {}
},
"pid": 1788,
"type": "call",
"cid": 5644
},
{
"call": {
"category": "system",
"status": 1,
"stacktrace": [],
"api": "LookupPrivilegeValueW",
"return_value": 1,
"arguments": {
"system_name": "",
"privilege_name": "SeShutdownPrivilege"
},
"time": 1605815605.109,
"tid": 1828,
"flags": {}
},
"pid": 1788,
"type": "call",
"cid": 5988
},
{
"call": {
"category": "system",
"status": 1,
"stacktrace": [],
"api": "LookupPrivilegeValueW",
"return_value": 1,
"arguments": {
"system_name": "",
"privilege_name": "SeShutdownPrivilege"
},
"time": 1605815605.391,
"tid": 1828,
"flags": {}
},
"pid": 1788,
"type": "call",
"cid": 6577
},
{
"call": {
"category": "system",
"status": 1,
"stacktrace": [],
"api": "LookupPrivilegeValueW",
"return_value": 1,
"arguments": {
"system_name": "",
"privilege_name": "SeShutdownPrivilege"
},
"time": 1605815605.703,
"tid": 1828,
"flags": {}
},
"pid": 1788,
"type": "call",
"cid": 7064
}
],
"references": [],
"name": "privilege_luid_check"
},
{
"markcount": 1,
"families": [],
"description": "Potentially malicious URLs were found in the process memory dump",
"severity": 2,
"marks": [
{
"category": "url",
"ioc": "https:\/\/crash-reports.mozilla.com\/submit?id=",
"type": "ioc",
"description": null
}
],
"references": [],
"name": "memdump_urls"
},
{
"markcount": 4,
"families": [],
"description": "Queries for potentially installed applications",
"severity": 2,
"marks": [
{
"call": {
"category": "registry",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741772,
"api": "RegOpenKeyExA",
"return_value": 2,
"arguments": {
"access": "0x00000001",
"base_handle": "0x80000001",
"key_handle": "0x00000000",
"regkey": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{32EF7022-B623-4B6A-B41D-400558207243}_is1",
"regkey_r": "Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{32EF7022-B623-4B6A-B41D-400558207243}_is1",
"options": 0
},
"time": 1605815589.5155,
"tid": 2872,
"flags": {}
},
"pid": 1676,
"type": "call",
"cid": 1537
},
{
"call": {
"category": "registry",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741772,
"api": "RegOpenKeyExA",
"return_value": 2,
"arguments": {
"access": "0x00000001",
"base_handle": "0x80000002",
"key_handle": "0x00000000",
"regkey": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{32EF7022-B623-4B6A-B41D-400558207243}_is1",
"regkey_r": "Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{32EF7022-B623-4B6A-B41D-400558207243}_is1",
"options": 0
},
"time": 1605815589.5155,
"tid": 2872,
"flags": {}
},
"pid": 1676,
"type": "call",
"cid": 1538
},
{
"call": {
"category": "registry",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741772,
"api": "RegOpenKeyExA",
"return_value": 2,
"arguments": {
"access": "0x00000008",
"base_handle": "0x80000001",
"key_handle": "0x00000000",
"regkey": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{32EF7022-B623-4B6A-B41D-400558207243}_is1",
"regkey_r": "Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{32EF7022-B623-4B6A-B41D-400558207243}_is1",
"options": 0
},
"time": 1605815599.5465,
"tid": 2872,
"flags": {}
},
"pid": 1676,
"type": "call",
"cid": 5876
},
{
"call": {
"category": "registry",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741772,
"api": "RegOpenKeyExA",
"return_value": 2,
"arguments": {
"access": "0x00000008",
"base_handle": "0x80000002",
"key_handle": "0x00000000",
"regkey": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{32EF7022-B623-4B6A-B41D-400558207243}_is1",
"regkey_r": "Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{32EF7022-B623-4B6A-B41D-400558207243}_is1",
"options": 0
},
"time": 1605815599.5465,
"tid": 2872,
"flags": {}
},
"pid": 1676,
"type": "call",
"cid": 5878
}
],
"references": [],
"name": "queries_programs"
},
{
"markcount": 2,
"families": [],
"description": "Uses Windows utilities for basic Windows functionality",
"severity": 2,
"marks": [
{
"category": "cmdline",
"ioc": "\"C:\\Program Files (x86)\\Mozilla Firefox\\firefox.exe\" -contentproc --channel=\"2868.6.1925183474\\992608054\" -childID 2 -isForBrowser -boolPrefs 299:0| -stringPrefs 285:38;{30125161-3c7f-4c5a-bdb3-beadc01f5994}| -schedulerPrefs 0001,2 -greomni \"C:\\Program Files (x86)\\Mozilla Firefox\\omni.ja\" -appomni \"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\omni.ja\" -appdir \"C:\\Program Files (x86)\\Mozilla Firefox\\browser\" 2868 \"\\\\.\\pipe\\gecko-crash-server-pipe.2868\" 2544 tab",
"type": "ioc",
"description": null
},
{
"category": "cmdline",
"ioc": "\"C:\\Program Files (x86)\\Mozilla Firefox\\firefox.exe\" -contentproc --channel=\"2868.0.616846624\\751223851\" -childID 1 -isForBrowser -boolPrefs 299:0| -stringPrefs 285:38;{30125161-3c7f-4c5a-bdb3-beadc01f5994}| -schedulerPrefs 0001,2 -greomni \"C:\\Program Files (x86)\\Mozilla Firefox\\omni.ja\" -appomni \"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\omni.ja\" -appdir \"C:\\Program Files (x86)\\Mozilla Firefox\\browser\" 2868 \"\\\\.\\pipe\\gecko-crash-server-pipe.2868\" 1432 tab",
"type": "ioc",
"description": null
}
],
"references": [
"http:\/\/blog.jpcert.or.jp\/2016\/01\/windows-commands-abused-by-attackers.html"
],
"name": "uses_windows_utilities"
},
{
"markcount": 1,
"families": [],
"description": "Executes one or more WMI queries which can be used to identify virtual machines",
"severity": 2,
"marks": [
{
"category": "wmi",
"ioc": "SELECT * FROM Win32_BIOS",
"type": "ioc",
"description": null
}
],
"references": [],
"name": "wmi_antivm"
},
{
"markcount": 1,
"families": [],
"description": "Creates an Alternate Data Stream (ADS)",
"severity": 3,
"marks": [
{
"category": "file",
"ioc": "C:\\ProgramData\\TEMP:6319FF34",
"type": "ioc",
"description": null
}
],
"references": [],
"name": "persistence_ads"
},
{
"markcount": 2,
"families": [],
"description": "Allocates execute permission to another process indicative of possible code injection",
"severity": 3,
"marks": [
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtAllocateVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2812,
"region_size": 4096,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"protection": 64,
"process_handle": "0x000005b0",
"allocation_type": 4096,
"base_address": "0x00d48000"
},
"time": 1605815611.827625,
"tid": 2740,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE",
"allocation_type": "MEM_COMMIT"
}
},
"pid": 2868,
"type": "call",
"cid": 8383
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtAllocateVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 3444,
"region_size": 4096,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"protection": 64,
"process_handle": "0x000009ac",
"allocation_type": 4096,
"base_address": "0x00ab8000"
},
"time": 1605815621.046625,
"tid": 2740,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE",
"allocation_type": "MEM_COMMIT"
}
},
"pid": 2868,
"type": "call",
"cid": 22387
}
],
"references": [],
"name": "allocates_execute_remote_process"
},
{
"markcount": 4,
"families": [],
"description": "Checks for the presence of known devices from debuggers and forensic tools",
"severity": 3,
"marks": [
{
"category": "file",
"ioc": "\\??\\SICE",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "\\??\\SIWVID",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "\\??\\SIWDEBUG",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "\\??\\NTICE",
"type": "ioc",
"description": null
}
],
"references": [],
"name": "antidbg_devices"
},
{
"markcount": 35,
"families": [],
"description": "Checks for the presence of known windows from debuggers and forensic tools",
"severity": 3,
"marks": [
{
"call": {
"category": "ui",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741772,
"api": "FindWindowA",
"return_value": 0,
"arguments": {
"class_name": "FileMonClass",
"window_name": ""
},
"time": 1605815613.267578,
"tid": 2216,
"flags": {}
},
"pid": 560,
"type": "call",
"cid": 1460
},
{
"call": {
"category": "ui",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741772,
"api": "FindWindowA",
"return_value": 0,
"arguments": {
"class_name": "FileMonClass",
"window_name": ""
},
"time": 1605815613.267578,
"tid": 2216,
"flags": {}
},
"pid": 560,
"type": "call",
"cid": 1460
},
{
"call": {
"category": "ui",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741772,
"api": "FindWindowA",
"return_value": 0,
"arguments": {
"class_name": "RegMonClass",
"window_name": ""
},
"time": 1605815613.267578,
"tid": 2216,
"flags": {}
},
"pid": 560,
"type": "call",
"cid": 1461
},
{
"call": {
"category": "ui",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741772,
"api": "FindWindowA",
"return_value": 0,
"arguments": {
"class_name": "RegMonClass",
"window_name": ""
},
"time": 1605815613.267578,
"tid": 2216,
"flags": {}
},
"pid": 560,
"type": "call",
"cid": 1461
},
{
"call": {
"category": "ui",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741772,
"api": "FindWindowA",
"return_value": 0,
"arguments": {
"class_name": "PROCMON_WINDOW_CLASS",
"window_name": ""
},
"time": 1605815613.267578,
"tid": 2216,
"flags": {}
},
"pid": 560,
"type": "call",
"cid": 1462
},
{
"call": {
"category": "ui",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741811,
"api": "FindWindowA",
"return_value": 0,
"arguments": {
"class_name": "FileMonClass",
"window_name": ""
},
"time": 1605815628.657578,
"tid": 3140,
"flags": {}
},
"pid": 560,
"type": "call",
"cid": 22636
},
{
"call": {
"category": "ui",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741811,
"api": "FindWindowA",
"return_value": 0,
"arguments": {
"class_name": "FileMonClass",
"window_name": ""
},
"time": 1605815628.657578,
"tid": 3140,
"flags": {}
},
"pid": 560,
"type": "call",
"cid": 22636
},
{
"call": {
"category": "ui",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741811,
"api": "FindWindowA",
"return_value": 0,
"arguments": {
"class_name": "RegMonClass",
"window_name": ""
},
"time": 1605815628.657578,
"tid": 3140,
"flags": {}
},
"pid": 560,
"type": "call",
"cid": 22637
},
{
"call": {
"category": "ui",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741811,
"api": "FindWindowA",
"return_value": 0,
"arguments": {
"class_name": "RegMonClass",
"window_name": ""
},
"time": 1605815628.657578,
"tid": 3140,
"flags": {}
},
"pid": 560,
"type": "call",
"cid": 22637
},
{
"call": {
"category": "ui",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741811,
"api": "FindWindowA",
"return_value": 0,
"arguments": {
"class_name": "PROCMON_WINDOW_CLASS",
"window_name": ""
},
"time": 1605815628.657578,
"tid": 3140,
"flags": {}
},
"pid": 560,
"type": "call",
"cid": 22638
},
{
"call": {
"category": "ui",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": 0,
"api": "FindWindowA",
"return_value": 0,
"arguments": {
"class_name": "FileMonClass",
"window_name": ""
},
"time": 1605815644.657578,
"tid": 3140,
"flags": {}
},
"pid": 560,
"type": "call",
"cid": 23681
},
{
"call": {
"category": "ui",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": 0,
"api": "FindWindowA",
"return_value": 0,
"arguments": {
"class_name": "FileMonClass",
"window_name": ""
},
"time": 1605815644.657578,
"tid": 3140,
"flags": {}
},
"pid": 560,
"type": "call",
"cid": 23681
},
{
"call": {
"category": "ui",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": 0,
"api": "FindWindowA",
"return_value": 0,
"arguments": {
"class_name": "RegMonClass",
"window_name": ""
},
"time": 1605815644.657578,
"tid": 3140,
"flags": {}
},
"pid": 560,
"type": "call",
"cid": 23682
},
{
"call": {
"category": "ui",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": 0,
"api": "FindWindowA",
"return_value": 0,
"arguments": {
"class_name": "RegMonClass",
"window_name": ""
},
"time": 1605815644.657578,
"tid": 3140,
"flags": {}
},
"pid": 560,
"type": "call",
"cid": 23682
},
{
"call": {
"category": "ui",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": 0,
"api": "FindWindowA",
"return_value": 0,
"arguments": {
"class_name": "PROCMON_WINDOW_CLASS",
"window_name": ""
},
"time": 1605815644.657578,
"tid": 3140,
"flags": {}
},
"pid": 560,
"type": "call",
"cid": 23683
},
{
"call": {
"category": "ui",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": 0,
"api": "FindWindowA",
"return_value": 0,
"arguments": {
"class_name": "FileMonClass",
"window_name": ""
},
"time": 1605815660.657578,
"tid": 3140,
"flags": {}
},
"pid": 560,
"type": "call",
"cid": 24739
},
{
"call": {
"category": "ui",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": 0,
"api": "FindWindowA",
"return_value": 0,
"arguments": {
"class_name": "FileMonClass",
"window_name": ""
},
"time": 1605815660.657578,
"tid": 3140,
"flags": {}
},
"pid": 560,
"type": "call",
"cid": 24739
},
{
"call": {
"category": "ui",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": 0,
"api": "FindWindowA",
"return_value": 0,
"arguments": {
"class_name": "RegMonClass",
"window_name": ""
},
"time": 1605815660.657578,
"tid": 3140,
"flags": {}
},
"pid": 560,
"type": "call",
"cid": 24740
},
{
"call": {
"category": "ui",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": 0,
"api": "FindWindowA",
"return_value": 0,
"arguments": {
"class_name": "RegMonClass",
"window_name": ""
},
"time": 1605815660.657578,
"tid": 3140,
"flags": {}
},
"pid": 560,
"type": "call",
"cid": 24740
},
{
"call": {
"category": "ui",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": 0,
"api": "FindWindowA",
"return_value": 0,
"arguments": {
"class_name": "PROCMON_WINDOW_CLASS",
"window_name": ""
},
"time": 1605815660.657578,
"tid": 3140,
"flags": {}
},
"pid": 560,
"type": "call",
"cid": 24741
},
{
"call": {
"category": "ui",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": 0,
"api": "FindWindowA",
"return_value": 0,
"arguments": {
"class_name": "FileMonClass",
"window_name": ""
},
"time": 1605815676.657578,
"tid": 3140,
"flags": {}
},
"pid": 560,
"type": "call",
"cid": 25787
},
{
"call": {
"category": "ui",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": 0,
"api": "FindWindowA",
"return_value": 0,
"arguments": {
"class_name": "FileMonClass",
"window_name": ""
},
"time": 1605815676.657578,
"tid": 3140,
"flags": {}
},
"pid": 560,
"type": "call",
"cid": 25787
},
{
"call": {
"category": "ui",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": 0,
"api": "FindWindowA",
"return_value": 0,
"arguments": {
"class_name": "RegMonClass",
"window_name": ""
},
"time": 1605815676.657578,
"tid": 3140,
"flags": {}
},
"pid": 560,
"type": "call",
"cid": 25788
},
{
"call": {
"category": "ui",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": 0,
"api": "FindWindowA",
"return_value": 0,
"arguments": {
"class_name": "RegMonClass",
"window_name": ""
},
"time": 1605815676.657578,
"tid": 3140,
"flags": {}
},
"pid": 560,
"type": "call",
"cid": 25788
},
{
"call": {
"category": "ui",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": 0,
"api": "FindWindowA",
"return_value": 0,
"arguments": {
"class_name": "PROCMON_WINDOW_CLASS",
"window_name": ""
},
"time": 1605815676.657578,
"tid": 3140,
"flags": {}
},
"pid": 560,
"type": "call",
"cid": 25789
},
{
"call": {
"category": "ui",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": 0,
"api": "FindWindowA",
"return_value": 0,
"arguments": {
"class_name": "FileMonClass",
"window_name": ""
},
"time": 1605815692.657578,
"tid": 3140,
"flags": {}
},
"pid": 560,
"type": "call",
"cid": 26832
},
{
"call": {
"category": "ui",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": 0,
"api": "FindWindowA",
"return_value": 0,
"arguments": {
"class_name": "FileMonClass",
"window_name": ""
},
"time": 1605815692.657578,
"tid": 3140,
"flags": {}
},
"pid": 560,
"type": "call",
"cid": 26832
},
{
"call": {
"category": "ui",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": 0,
"api": "FindWindowA",
"return_value": 0,
"arguments": {
"class_name": "RegMonClass",
"window_name": ""
},
"time": 1605815692.657578,
"tid": 3140,
"flags": {}
},
"pid": 560,
"type": "call",
"cid": 26833
},
{
"call": {
"category": "ui",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": 0,
"api": "FindWindowA",
"return_value": 0,
"arguments": {
"class_name": "RegMonClass",
"window_name": ""
},
"time": 1605815692.657578,
"tid": 3140,
"flags": {}
},
"pid": 560,
"type": "call",
"cid": 26833
},
{
"call": {
"category": "ui",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": 0,
"api": "FindWindowA",
"return_value": 0,
"arguments": {
"class_name": "PROCMON_WINDOW_CLASS",
"window_name": ""
},
"time": 1605815692.657578,
"tid": 3140,
"flags": {}
},
"pid": 560,
"type": "call",
"cid": 26834
},
{
"call": {
"category": "ui",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": 0,
"api": "FindWindowA",
"return_value": 0,
"arguments": {
"class_name": "FileMonClass",
"window_name": ""
},
"time": 1605815708.657578,
"tid": 3140,
"flags": {}
},
"pid": 560,
"type": "call",
"cid": 27881
},
{
"call": {
"category": "ui",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": 0,
"api": "FindWindowA",
"return_value": 0,
"arguments": {
"class_name": "FileMonClass",
"window_name": ""
},
"time": 1605815708.657578,
"tid": 3140,
"flags": {}
},
"pid": 560,
"type": "call",
"cid": 27881
},
{
"call": {
"category": "ui",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": 0,
"api": "FindWindowA",
"return_value": 0,
"arguments": {
"class_name": "RegMonClass",
"window_name": ""
},
"time": 1605815708.657578,
"tid": 3140,
"flags": {}
},
"pid": 560,
"type": "call",
"cid": 27882
},
{
"call": {
"category": "ui",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": 0,
"api": "FindWindowA",
"return_value": 0,
"arguments": {
"class_name": "RegMonClass",
"window_name": ""
},
"time": 1605815708.657578,
"tid": 3140,
"flags": {}
},
"pid": 560,
"type": "call",
"cid": 27882
},
{
"call": {
"category": "ui",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": 0,
"api": "FindWindowA",
"return_value": 0,
"arguments": {
"class_name": "PROCMON_WINDOW_CLASS",
"window_name": ""
},
"time": 1605815708.657578,
"tid": 3140,
"flags": {}
},
"pid": 560,
"type": "call",
"cid": 27883
}
],
"references": [],
"name": "antidbg_windows"
},
{
"markcount": 1,
"families": [],
"description": "Checks the version of Bios, possibly for anti-virtualization",
"severity": 3,
"marks": [
{
"category": "registry",
"ioc": "HKEY_LOCAL_MACHINE\\HARDWARE\\DESCRIPTION\\System\\SystemBiosVersion",
"type": "ioc",
"description": null
}
],
"references": [],
"name": "antivm_generic_bios"
},
{
"markcount": 1,
"families": [],
"description": "Deletes executed files from disk",
"severity": 3,
"marks": [
{
"category": "file",
"ioc": "C:\\Users\\cuck\\AppData\\Local\\Temp\\is-1QMIS.tmp\\ServiceHelper.exe",
"type": "ioc",
"description": null
}
],
"references": [],
"name": "deletes_executed_files"
},
{
"markcount": 2,
"families": [],
"description": "Queries information on disks, possibly for anti-virtualization",
"severity": 3,
"marks": [
{
"call": {
"category": "file",
"status": 1,
"stacktrace": [],
"api": "NtCreateFile",
"return_value": 0,
"arguments": {
"create_disposition": 3,
"file_handle": "0x000001dc",
"filepath": "\\??\\PHYSICALDRIVE0",
"desired_access": "0x00100080",
"file_attributes": 0,
"filepath_r": "\\??\\PHYSICALDRIVE0",
"create_options": 96,
"status_info": 0,
"share_access": 3
},
"time": 1605815612.845578,
"tid": 2216,
"flags": {
"create_disposition": "FILE_OPEN_IF",
"desired_access": "FILE_READ_ATTRIBUTES|SYNCHRONIZE",
"create_options": "FILE_NON_DIRECTORY_FILE|FILE_SYNCHRONOUS_IO_NONALERT",
"file_attributes": "",
"status_info": "FILE_SUPERSEDED",
"share_access": "FILE_SHARE_READ|FILE_SHARE_WRITE"
}
},
"pid": 560,
"type": "call",
"cid": 1090
},
{
"call": {
"category": "file",
"status": 1,
"stacktrace": [],
"api": "DeviceIoControl",
"return_value": 1,
"arguments": {
"input_buffer": "",
"device_handle": "0x000001dc",
"control_code": 458752,
"output_buffer": "Q\u0010\u0000\u0000\u0000\u0000\u0000\u0000\f\u0000\u0000\u0000\u00ff\u0000\u0000\u0000?\u0000\u0000\u0000\u0000\u0002\u0000\u0000"
},
"time": 1605815612.845578,
"tid": 2216,
"flags": {
"control_code": "IOCTL_DISK_GET_DRIVE_GEOMETRY"
}
},
"pid": 560,
"type": "call",
"cid": 1091
}
],
"references": [],
"name": "antivm_generic_disk"
},
{
"markcount": 61,
"families": [],
"description": "Manipulates memory of a non-child process indicative of process injection",
"severity": 3,
"marks": [
{
"category": "Process injection",
"ioc": "Process 2868 manipulating memory of non-child process 2812",
"type": "ioc",
"description": null
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtAllocateVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2812,
"region_size": 1179648,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"protection": 1,
"process_handle": "0x000005b0",
"allocation_type": 8192,
"base_address": "0x000f0000"
},
"time": 1605815611.827625,
"tid": 2740,
"flags": {
"protection": "PAGE_NOACCESS",
"allocation_type": "MEM_RESERVE"
}
},
"pid": 2868,
"type": "call",
"cid": 8380
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtAllocateVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2812,
"region_size": 10682368,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"protection": 1,
"process_handle": "0x000005b0",
"allocation_type": 8192,
"base_address": "0x00310000"
},
"time": 1605815611.827625,
"tid": 2740,
"flags": {
"protection": "PAGE_NOACCESS",
"allocation_type": "MEM_RESERVE"
}
},
"pid": 2868,
"type": "call",
"cid": 8381
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtAllocateVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2812,
"region_size": 65536,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"protection": 1,
"process_handle": "0x000005b0",
"allocation_type": 8192,
"base_address": "0x00d40000"
},
"time": 1605815611.827625,
"tid": 2740,
"flags": {
"protection": "PAGE_NOACCESS",
"allocation_type": "MEM_RESERVE"
}
},
"pid": 2868,
"type": "call",
"cid": 8382
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtAllocateVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2812,
"region_size": 4096,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"protection": 64,
"process_handle": "0x000005b0",
"allocation_type": 4096,
"base_address": "0x00d48000"
},
"time": 1605815611.827625,
"tid": 2740,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE",
"allocation_type": "MEM_COMMIT"
}
},
"pid": 2868,
"type": "call",
"cid": 8383
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2812,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 8,
"process_handle": "0x000005b0",
"base_address": "0x77bb0000"
},
"time": 1605815611.827625,
"tid": 2740,
"flags": {
"protection": "PAGE_WRITECOPY"
}
},
"pid": 2868,
"type": "call",
"cid": 8388
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2812,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 32,
"process_handle": "0x000005b0",
"base_address": "0x77bb0000"
},
"time": 1605815611.827625,
"tid": 2740,
"flags": {
"protection": "PAGE_EXECUTE_READ"
}
},
"pid": 2868,
"type": "call",
"cid": 8390
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2812,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 8,
"process_handle": "0x000005b0",
"base_address": "0x77baf000"
},
"time": 1605815611.827625,
"tid": 2740,
"flags": {
"protection": "PAGE_WRITECOPY"
}
},
"pid": 2868,
"type": "call",
"cid": 8393
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2812,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 32,
"process_handle": "0x000005b0",
"base_address": "0x77baf000"
},
"time": 1605815611.827625,
"tid": 2740,
"flags": {
"protection": "PAGE_EXECUTE_READ"
}
},
"pid": 2868,
"type": "call",
"cid": 8395
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2812,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 8,
"process_handle": "0x000005b0",
"base_address": "0x77baf000"
},
"time": 1605815611.827625,
"tid": 2740,
"flags": {
"protection": "PAGE_WRITECOPY"
}
},
"pid": 2868,
"type": "call",
"cid": 8398
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2812,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 32,
"process_handle": "0x000005b0",
"base_address": "0x77baf000"
},
"time": 1605815611.827625,
"tid": 2740,
"flags": {
"protection": "PAGE_EXECUTE_READ"
}
},
"pid": 2868,
"type": "call",
"cid": 8400
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2812,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 8,
"process_handle": "0x000005b0",
"base_address": "0x77bb1000"
},
"time": 1605815611.827625,
"tid": 2740,
"flags": {
"protection": "PAGE_WRITECOPY"
}
},
"pid": 2868,
"type": "call",
"cid": 8403
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2812,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 32,
"process_handle": "0x000005b0",
"base_address": "0x77bb1000"
},
"time": 1605815611.827625,
"tid": 2740,
"flags": {
"protection": "PAGE_EXECUTE_READ"
}
},
"pid": 2868,
"type": "call",
"cid": 8405
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2812,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 8,
"process_handle": "0x000005b0",
"base_address": "0x77baf000"
},
"time": 1605815611.827625,
"tid": 2740,
"flags": {
"protection": "PAGE_WRITECOPY"
}
},
"pid": 2868,
"type": "call",
"cid": 8408
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2812,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 32,
"process_handle": "0x000005b0",
"base_address": "0x77baf000"
},
"time": 1605815611.827625,
"tid": 2740,
"flags": {
"protection": "PAGE_EXECUTE_READ"
}
},
"pid": 2868,
"type": "call",
"cid": 8410
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2812,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 8,
"process_handle": "0x000005b0",
"base_address": "0x77bb1000"
},
"time": 1605815611.827625,
"tid": 2740,
"flags": {
"protection": "PAGE_WRITECOPY"
}
},
"pid": 2868,
"type": "call",
"cid": 8413
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2812,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 32,
"process_handle": "0x000005b0",
"base_address": "0x77bb1000"
},
"time": 1605815611.827625,
"tid": 2740,
"flags": {
"protection": "PAGE_EXECUTE_READ"
}
},
"pid": 2868,
"type": "call",
"cid": 8415
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2812,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 8,
"process_handle": "0x000005b0",
"base_address": "0x77baf000"
},
"time": 1605815611.827625,
"tid": 2740,
"flags": {
"protection": "PAGE_WRITECOPY"
}
},
"pid": 2868,
"type": "call",
"cid": 8418
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2812,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 32,
"process_handle": "0x000005b0",
"base_address": "0x77baf000"
},
"time": 1605815611.827625,
"tid": 2740,
"flags": {
"protection": "PAGE_EXECUTE_READ"
}
},
"pid": 2868,
"type": "call",
"cid": 8420
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2812,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 8,
"process_handle": "0x000005b0",
"base_address": "0x77bb1000"
},
"time": 1605815611.827625,
"tid": 2740,
"flags": {
"protection": "PAGE_WRITECOPY"
}
},
"pid": 2868,
"type": "call",
"cid": 8423
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2812,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 32,
"process_handle": "0x000005b0",
"base_address": "0x77bb1000"
},
"time": 1605815611.827625,
"tid": 2740,
"flags": {
"protection": "PAGE_EXECUTE_READ"
}
},
"pid": 2868,
"type": "call",
"cid": 8425
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2812,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 8,
"process_handle": "0x000005b0",
"base_address": "0x77baf000"
},
"time": 1605815611.827625,
"tid": 2740,
"flags": {
"protection": "PAGE_WRITECOPY"
}
},
"pid": 2868,
"type": "call",
"cid": 8428
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2812,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 32,
"process_handle": "0x000005b0",
"base_address": "0x77baf000"
},
"time": 1605815611.827625,
"tid": 2740,
"flags": {
"protection": "PAGE_EXECUTE_READ"
}
},
"pid": 2868,
"type": "call",
"cid": 8430
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2812,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 8,
"process_handle": "0x000005b0",
"base_address": "0x77baf000"
},
"time": 1605815611.827625,
"tid": 2740,
"flags": {
"protection": "PAGE_WRITECOPY"
}
},
"pid": 2868,
"type": "call",
"cid": 8433
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2812,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 32,
"process_handle": "0x000005b0",
"base_address": "0x77baf000"
},
"time": 1605815611.827625,
"tid": 2740,
"flags": {
"protection": "PAGE_EXECUTE_READ"
}
},
"pid": 2868,
"type": "call",
"cid": 8435
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2812,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 8,
"process_handle": "0x000005b0",
"base_address": "0x77baf000"
},
"time": 1605815611.827625,
"tid": 2740,
"flags": {
"protection": "PAGE_WRITECOPY"
}
},
"pid": 2868,
"type": "call",
"cid": 8438
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2812,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 32,
"process_handle": "0x000005b0",
"base_address": "0x77baf000"
},
"time": 1605815611.827625,
"tid": 2740,
"flags": {
"protection": "PAGE_EXECUTE_READ"
}
},
"pid": 2868,
"type": "call",
"cid": 8440
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2812,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 8,
"process_handle": "0x000005b0",
"base_address": "0x77baf000"
},
"time": 1605815611.827625,
"tid": 2740,
"flags": {
"protection": "PAGE_WRITECOPY"
}
},
"pid": 2868,
"type": "call",
"cid": 8443
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2812,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 32,
"process_handle": "0x000005b0",
"base_address": "0x77baf000"
},
"time": 1605815611.827625,
"tid": 2740,
"flags": {
"protection": "PAGE_EXECUTE_READ"
}
},
"pid": 2868,
"type": "call",
"cid": 8445
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2812,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 32,
"process_handle": "0x000005b0",
"base_address": "0x00d48000"
},
"time": 1605815611.827625,
"tid": 2740,
"flags": {
"protection": "PAGE_EXECUTE_READ"
}
},
"pid": 2868,
"type": "call",
"cid": 8448
},
{
"category": "Process injection",
"ioc": "Process 2868 manipulating memory of non-child process 3444",
"type": "ioc",
"description": null
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtAllocateVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 3444,
"region_size": 1310720,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"protection": 1,
"process_handle": "0x000009ac",
"allocation_type": 8192,
"base_address": "0x000b0000"
},
"time": 1605815621.046625,
"tid": 2740,
"flags": {
"protection": "PAGE_NOACCESS",
"allocation_type": "MEM_RESERVE"
}
},
"pid": 2868,
"type": "call",
"cid": 22383
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtAllocateVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 3444,
"region_size": 851968,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"protection": 1,
"process_handle": "0x000009ac",
"allocation_type": 8192,
"base_address": "0x00230000"
},
"time": 1605815621.046625,
"tid": 2740,
"flags": {
"protection": "PAGE_NOACCESS",
"allocation_type": "MEM_RESERVE"
}
},
"pid": 2868,
"type": "call",
"cid": 22384
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtAllocateVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 3444,
"region_size": 7012352,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"protection": 1,
"process_handle": "0x000009ac",
"allocation_type": 8192,
"base_address": "0x00400000"
},
"time": 1605815621.046625,
"tid": 2740,
"flags": {
"protection": "PAGE_NOACCESS",
"allocation_type": "MEM_RESERVE"
}
},
"pid": 2868,
"type": "call",
"cid": 22385
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtAllocateVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 3444,
"region_size": 65536,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"protection": 1,
"process_handle": "0x000009ac",
"allocation_type": 8192,
"base_address": "0x00ab0000"
},
"time": 1605815621.046625,
"tid": 2740,
"flags": {
"protection": "PAGE_NOACCESS",
"allocation_type": "MEM_RESERVE"
}
},
"pid": 2868,
"type": "call",
"cid": 22386
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtAllocateVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 3444,
"region_size": 4096,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"protection": 64,
"process_handle": "0x000009ac",
"allocation_type": 4096,
"base_address": "0x00ab8000"
},
"time": 1605815621.046625,
"tid": 2740,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE",
"allocation_type": "MEM_COMMIT"
}
},
"pid": 2868,
"type": "call",
"cid": 22387
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 3444,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 8,
"process_handle": "0x000009ac",
"base_address": "0x77bb0000"
},
"time": 1605815621.046625,
"tid": 2740,
"flags": {
"protection": "PAGE_WRITECOPY"
}
},
"pid": 2868,
"type": "call",
"cid": 22392
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 3444,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 32,
"process_handle": "0x000009ac",
"base_address": "0x77bb0000"
},
"time": 1605815621.046625,
"tid": 2740,
"flags": {
"protection": "PAGE_EXECUTE_READ"
}
},
"pid": 2868,
"type": "call",
"cid": 22394
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 3444,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 8,
"process_handle": "0x000009ac",
"base_address": "0x77baf000"
},
"time": 1605815621.046625,
"tid": 2740,
"flags": {
"protection": "PAGE_WRITECOPY"
}
},
"pid": 2868,
"type": "call",
"cid": 22397
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 3444,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 32,
"process_handle": "0x000009ac",
"base_address": "0x77baf000"
},
"time": 1605815621.046625,
"tid": 2740,
"flags": {
"protection": "PAGE_EXECUTE_READ"
}
},
"pid": 2868,
"type": "call",
"cid": 22399
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 3444,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 8,
"process_handle": "0x000009ac",
"base_address": "0x77baf000"
},
"time": 1605815621.046625,
"tid": 2740,
"flags": {
"protection": "PAGE_WRITECOPY"
}
},
"pid": 2868,
"type": "call",
"cid": 22402
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 3444,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 32,
"process_handle": "0x000009ac",
"base_address": "0x77baf000"
},
"time": 1605815621.046625,
"tid": 2740,
"flags": {
"protection": "PAGE_EXECUTE_READ"
}
},
"pid": 2868,
"type": "call",
"cid": 22404
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 3444,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 8,
"process_handle": "0x000009ac",
"base_address": "0x77bb1000"
},
"time": 1605815621.046625,
"tid": 2740,
"flags": {
"protection": "PAGE_WRITECOPY"
}
},
"pid": 2868,
"type": "call",
"cid": 22407
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 3444,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 32,
"process_handle": "0x000009ac",
"base_address": "0x77bb1000"
},
"time": 1605815621.046625,
"tid": 2740,
"flags": {
"protection": "PAGE_EXECUTE_READ"
}
},
"pid": 2868,
"type": "call",
"cid": 22409
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 3444,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 8,
"process_handle": "0x000009ac",
"base_address": "0x77baf000"
},
"time": 1605815621.046625,
"tid": 2740,
"flags": {
"protection": "PAGE_WRITECOPY"
}
},
"pid": 2868,
"type": "call",
"cid": 22412
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 3444,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 32,
"process_handle": "0x000009ac",
"base_address": "0x77baf000"
},
"time": 1605815621.046625,
"tid": 2740,
"flags": {
"protection": "PAGE_EXECUTE_READ"
}
},
"pid": 2868,
"type": "call",
"cid": 22414
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 3444,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 8,
"process_handle": "0x000009ac",
"base_address": "0x77bb1000"
},
"time": 1605815621.046625,
"tid": 2740,
"flags": {
"protection": "PAGE_WRITECOPY"
}
},
"pid": 2868,
"type": "call",
"cid": 22417
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 3444,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 32,
"process_handle": "0x000009ac",
"base_address": "0x77bb1000"
},
"time": 1605815621.046625,
"tid": 2740,
"flags": {
"protection": "PAGE_EXECUTE_READ"
}
},
"pid": 2868,
"type": "call",
"cid": 22419
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 3444,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 8,
"process_handle": "0x000009ac",
"base_address": "0x77baf000"
},
"time": 1605815621.046625,
"tid": 2740,
"flags": {
"protection": "PAGE_WRITECOPY"
}
},
"pid": 2868,
"type": "call",
"cid": 22422
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 3444,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 32,
"process_handle": "0x000009ac",
"base_address": "0x77baf000"
},
"time": 1605815621.046625,
"tid": 2740,
"flags": {
"protection": "PAGE_EXECUTE_READ"
}
},
"pid": 2868,
"type": "call",
"cid": 22424
}
],
"references": [
"www.endgame.com\/blog\/technical-blog\/ten-process-injection-techniques-technical-survey-common-and-trending-process"
],
"name": "injection_modifies_memory"
},
{
"markcount": 70,
"families": [],
"description": "Potential code injection by writing to the memory of another process",
"severity": 3,
"marks": [
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "WriteProcessMemory",
"return_value": 1,
"arguments": {
"process_identifier": 560,
"buffer": "\u00eb\u00fe",
"process_handle": "0x000000ac",
"base_address": "0x0056c000"
},
"time": 1605815609.421875,
"tid": 3048,
"flags": {}
},
"pid": 2700,
"type": "call",
"cid": 297
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "WriteProcessMemory",
"return_value": 1,
"arguments": {
"process_identifier": 560,
"buffer": "`\u00e8",
"process_handle": "0x000000ac",
"base_address": "0x0056c000"
},
"time": 1605815612.515875,
"tid": 3048,
"flags": {}
},
"pid": 2700,
"type": "call",
"cid": 312
},
{
"category": "Process injection",
"ioc": "Process 2868 injected into non-child 2812",
"type": "ioc",
"description": null
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "WriteProcessMemory",
"return_value": 1,
"arguments": {
"process_identifier": 2812,
"buffer": "\u00b8R\u0000\u0000\u00003\u00c9\u008dT$\u0004d\u00ff\u0015\u00c0\u0000\u0000\u0000\u0083\u00c4\u0004\u00c2,\u0000\u0083\u00ec\bR\u008bT$\f\u0089T$\b\u00c7D$\f\u0010\u0080\u00d4\u0000\u00c7D$\u0004\u00f0\u00138\u0001Z\u00c3",
"process_handle": "0x000005b0",
"base_address": "0x00d48010"
},
"time": 1605815611.827625,
"tid": 2740,
"flags": {}
},
"pid": 2868,
"type": "call",
"cid": 8387
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "WriteProcessMemory",
"return_value": 1,
"arguments": {
"process_identifier": 2812,
"buffer": "\u00b8R\u0000\u0000\u0000\u00ba(\u0080\u00d4\u0000\u00ff\u00e2",
"process_handle": "0x000005b0",
"base_address": "0x77bb00a4"
},
"time": 1605815611.827625,
"tid": 2740,
"flags": {}
},
"pid": 2868,
"type": "call",
"cid": 8389
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "WriteProcessMemory",
"return_value": 1,
"arguments": {
"process_identifier": 2812,
"buffer": "\u00b80\u0000\u0000\u00003\u00c9\u008dT$\u0004d\u00ff\u0015\u00c0\u0000\u0000\u0000\u0083\u00c4\u0004\u00c2\u0018\u0000\u0083\u00ec\bR\u008bT$\f\u0089T$\b\u00c7D$\fP\u0080\u00d4\u0000\u00c7D$\u0004\u00c0\u00158\u0001Z\u00c3",
"process_handle": "0x000005b0",
"base_address": "0x00d48050"
},
"time": 1605815611.827625,
"tid": 2740,
"flags": {}
},
"pid": 2868,
"type": "call",
"cid": 8392
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "WriteProcessMemory",
"return_value": 1,
"arguments": {
"process_identifier": 2812,
"buffer": "\u00b80\u0000\u0000\u0000\u00bah\u0080\u00d4\u0000\u00ff\u00e2",
"process_handle": "0x000005b0",
"base_address": "0x77bafd54"
},
"time": 1605815611.827625,
"tid": 2740,
"flags": {}
},
"pid": 2868,
"type": "call",
"cid": 8394
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "WriteProcessMemory",
"return_value": 1,
"arguments": {
"process_identifier": 2812,
"buffer": "\u00b8:\u0000\u0000\u00003\u00c9\u008dT$\u0004d\u00ff\u0015\u00c0\u0000\u0000\u0000\u0083\u00c4\u0004\u00c2\b\u0000\u0083\u00ec\bR\u008bT$\f\u0089T$\b\u00c7D$\f\u0090\u0080\u00d4\u0000\u00c7D$\u0004p\u00178\u0001Z\u00c3",
"process_handle": "0x000005b0",
"base_address": "0x00d48090"
},
"time": 1605815611.827625,
"tid": 2740,
"flags": {}
},
"pid": 2868,
"type": "call",
"cid": 8397
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "WriteProcessMemory",
"return_value": 1,
"arguments": {
"process_identifier": 2812,
"buffer": "\u00b8:\u0000\u0000\u0000\u00ba\u00a8\u0080\u00d4\u0000\u00ff\u00e2",
"process_handle": "0x000005b0",
"base_address": "0x77bafe4c"
},
"time": 1605815611.827625,
"tid": 2740,
"flags": {}
},
"pid": 2868,
"type": "call",
"cid": 8399
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "WriteProcessMemory",
"return_value": 1,
"arguments": {
"process_identifier": 2812,
"buffer": "\u00b8\u0013\u0001\u0000\u00003\u00c9\u008dT$\u0004d\u00ff\u0015\u00c0\u0000\u0000\u0000\u0083\u00c4\u0004\u00c2\b\u0000\u0083\u00ec\bR\u008bT$\f\u0089T$\b\u00c7D$\f\u00d0\u0080\u00d4\u0000\u00c7D$\u0004\u00c0\u00188\u0001Z\u00c3",
"process_handle": "0x000005b0",
"base_address": "0x00d480d0"
},
"time": 1605815611.827625,
"tid": 2740,
"flags": {}
},
"pid": 2868,
"type": "call",
"cid": 8402
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "WriteProcessMemory",
"return_value": 1,
"arguments": {
"process_identifier": 2812,
"buffer": "\u00b8\u0013\u0001\u0000\u0000\u00ba\u00e8\u0080\u00d4\u0000\u00ff\u00e2",
"process_handle": "0x000005b0",
"base_address": "0x77bb132c"
},
"time": 1605815611.827625,
"tid": 2740,
"flags": {}
},
"pid": 2868,
"type": "call",
"cid": 8404
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "WriteProcessMemory",
"return_value": 1,
"arguments": {
"process_identifier": 2812,
"buffer": "\u00b8$\u0000\u0000\u00003\u00c9\u008dT$\u0004d\u00ff\u0015\u00c0\u0000\u0000\u0000\u0083\u00c4\u0004\u00c2\u0014\u0000\u0083\u00ec\bR\u008bT$\f\u0089T$\b\u00c7D$\f\u0010\u0081\u00d4\u0000\u00c7D$\u0004\u0010\u001a8\u0001Z\u00c3",
"process_handle": "0x000005b0",
"base_address": "0x00d48110"
},
"time": 1605815611.827625,
"tid": 2740,
"flags": {}
},
"pid": 2868,
"type": "call",
"cid": 8407
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "WriteProcessMemory",
"return_value": 1,
"arguments": {
"process_identifier": 2812,
"buffer": "\u00b8$\u0000\u0000\u0000\u00ba(\u0081\u00d4\u0000\u00ff\u00e2",
"process_handle": "0x000005b0",
"base_address": "0x77bafc28"
},
"time": 1605815611.827625,
"tid": 2740,
"flags": {}
},
"pid": 2868,
"type": "call",
"cid": 8409
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "WriteProcessMemory",
"return_value": 1,
"arguments": {
"process_identifier": 2812,
"buffer": "\u00b8\u00fe\u0000\u0000\u00003\u00c9\u008dT$\u0004d\u00ff\u0015\u00c0\u0000\u0000\u0000\u0083\u00c4\u0004\u00c2\u0010\u0000\u0083\u00ec\bR\u008bT$\f\u0089T$\b\u00c7D$\fP\u0081\u00d4\u0000\u00c7D$\u0004p\u00c88\u0001Z\u00c3",
"process_handle": "0x000005b0",
"base_address": "0x00d48150"
},
"time": 1605815611.827625,
"tid": 2740,
"flags": {}
},
"pid": 2868,
"type": "call",
"cid": 8412
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "WriteProcessMemory",
"return_value": 1,
"arguments": {
"process_identifier": 2812,
"buffer": "\u00b8\u00fe\u0000\u0000\u0000\u00bah\u0081\u00d4\u0000\u00ff\u00e2",
"process_handle": "0x000005b0",
"base_address": "0x77bb1128"
},
"time": 1605815611.827625,
"tid": 2740,
"flags": {}
},
"pid": 2868,
"type": "call",
"cid": 8414
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "WriteProcessMemory",
"return_value": 1,
"arguments": {
"process_identifier": 2812,
"buffer": "\u00b8#\u0000\u0000\u00003\u00c9\u008dT$\u0004d\u00ff\u0015\u00c0\u0000\u0000\u0000\u0083\u00c4\u0004\u00c2\u0010\u0000\u0083\u00ec\bR\u008bT$\f\u0089T$\b\u00c7D$\f\u0090\u0081\u00d4\u0000\u00c7D$\u0004 \u00c58\u0001Z\u00c3",
"process_handle": "0x000005b0",
"base_address": "0x00d48190"
},
"time": 1605815611.827625,
"tid": 2740,
"flags": {}
},
"pid": 2868,
"type": "call",
"cid": 8417
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "WriteProcessMemory",
"return_value": 1,
"arguments": {
"process_identifier": 2812,
"buffer": "\u00b8#\u0000\u0000\u0000\u00ba\u00a8\u0081\u00d4\u0000\u00ff\u00e2",
"process_handle": "0x000005b0",
"base_address": "0x77bafc10"
},
"time": 1605815611.827625,
"tid": 2740,
"flags": {}
},
"pid": 2868,
"type": "call",
"cid": 8419
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "WriteProcessMemory",
"return_value": 1,
"arguments": {
"process_identifier": 2812,
"buffer": "\u00b8\u00f9\u0000\u0000\u00003\u00c9\u008dT$\u0004d\u00ff\u0015\u00c0\u0000\u0000\u0000\u0083\u00c4\u0004\u00c2\f\u0000\u0083\u00ec\bR\u008bT$\f\u0089T$\b\u00c7D$\f\u00d0\u0081\u00d4\u0000\u00c7D$\u0004`\u00c68\u0001Z\u00c3",
"process_handle": "0x000005b0",
"base_address": "0x00d481d0"
},
"time": 1605815611.827625,
"tid": 2740,
"flags": {}
},
"pid": 2868,
"type": "call",
"cid": 8422
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "WriteProcessMemory",
"return_value": 1,
"arguments": {
"process_identifier": 2812,
"buffer": "\u00b8\u00f9\u0000\u0000\u0000\u00ba\u00e8\u0081\u00d4\u0000\u00ff\u00e2",
"process_handle": "0x000005b0",
"base_address": "0x77bb10b0"
},
"time": 1605815611.827625,
"tid": 2740,
"flags": {}
},
"pid": 2868,
"type": "call",
"cid": 8424
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "WriteProcessMemory",
"return_value": 1,
"arguments": {
"process_identifier": 2812,
"buffer": "\u00b8\n\u0000\u0000\u00003\u00c9\u008dT$\u0004d\u00ff\u0015\u00c0\u0000\u0000\u0000\u0083\u00c4\u0004\u00c2\u0010\u0000\u0083\u00ec\bR\u008bT$\f\u0089T$\b\u00c7D$\f\u0010\u0082\u00d4\u0000\u00c7D$\u0004\u00c0}8\u0001Z\u00c3",
"process_handle": "0x000005b0",
"base_address": "0x00d48210"
},
"time": 1605815611.827625,
"tid": 2740,
"flags": {}
},
"pid": 2868,
"type": "call",
"cid": 8427
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "WriteProcessMemory",
"return_value": 1,
"arguments": {
"process_identifier": 2812,
"buffer": "\u00b8\n\u0000\u0000\u0000\u00ba(\u0082\u00d4\u0000\u00ff\u00e2",
"process_handle": "0x000005b0",
"base_address": "0x77baf99c"
},
"time": 1605815611.827625,
"tid": 2740,
"flags": {}
},
"pid": 2868,
"type": "call",
"cid": 8429
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "WriteProcessMemory",
"return_value": 1,
"arguments": {
"process_identifier": 2812,
"buffer": "\u00b8!\u0000\u0000\u00003\u00c9\u008dT$\u0004d\u00ff\u0015\u00c0\u0000\u0000\u0000\u0083\u00c4\u0004\u00c2\u0010\u0000\u0083\u00ec\bR\u008bT$\f\u0089T$\b\u00c7D$\fP\u0082\u00d4\u0000\u00c7D$\u0004@}8\u0001Z\u00c3",
"process_handle": "0x000005b0",
"base_address": "0x00d48250"
},
"time": 1605815611.827625,
"tid": 2740,
"flags": {}
},
"pid": 2868,
"type": "call",
"cid": 8432
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "WriteProcessMemory",
"return_value": 1,
"arguments": {
"process_identifier": 2812,
"buffer": "\u00b8!\u0000\u0000\u0000\u00bah\u0082\u00d4\u0000\u00ff\u00e2",
"process_handle": "0x000005b0",
"base_address": "0x77bafbe0"
},
"time": 1605815611.827625,
"tid": 2740,
"flags": {}
},
"pid": 2868,
"type": "call",
"cid": 8434
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "WriteProcessMemory",
"return_value": 1,
"arguments": {
"process_identifier": 2812,
"buffer": "\u00b8-\u0000\u0000\u00003\u00c9\u008dT$\u0004d\u00ff\u0015\u00c0\u0000\u0000\u0000\u0083\u00c4\u0004\u00c2\u0010\u0000\u0083\u00ec\bR\u008bT$\f\u0089T$\b\u00c7D$\f\u0090\u0082\u00d4\u0000\u00c7D$\u0004`\u00c78\u0001Z\u00c3",
"process_handle": "0x000005b0",
"base_address": "0x00d48290"
},
"time": 1605815611.827625,
"tid": 2740,
"flags": {}
},
"pid": 2868,
"type": "call",
"cid": 8437
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "WriteProcessMemory",
"return_value": 1,
"arguments": {
"process_identifier": 2812,
"buffer": "\u00b8-\u0000\u0000\u0000\u00ba\u00a8\u0082\u00d4\u0000\u00ff\u00e2",
"process_handle": "0x000005b0",
"base_address": "0x77bafd08"
},
"time": 1605815611.827625,
"tid": 2740,
"flags": {}
},
"pid": 2868,
"type": "call",
"cid": 8439
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "WriteProcessMemory",
"return_value": 1,
"arguments": {
"process_identifier": 2812,
"buffer": "\u00b8,\u0000\u0000\u00003\u00c9\u008dT$\u0004d\u00ff\u0015\u00c0\u0000\u0000\u0000\u0083\u00c4\u0004\u00c2\u0014\u0000\u0083\u00ec\bR\u008bT$\f\u0089T$\b\u00c7D$\f\u00d0\u0082\u00d4\u0000\u00c7D$\u0004\u0080}8\u0001Z\u00c3",
"process_handle": "0x000005b0",
"base_address": "0x00d482d0"
},
"time": 1605815611.827625,
"tid": 2740,
"flags": {}
},
"pid": 2868,
"type": "call",
"cid": 8442
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "WriteProcessMemory",
"return_value": 1,
"arguments": {
"process_identifier": 2812,
"buffer": "\u00b8,\u0000\u0000\u0000\u00ba\u00e8\u0082\u00d4\u0000\u00ff\u00e2",
"process_handle": "0x000005b0",
"base_address": "0x77bafcf0"
},
"time": 1605815611.827625,
"tid": 2740,
"flags": {}
},
"pid": 2868,
"type": "call",
"cid": 8444
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "WriteProcessMemory",
"return_value": 1,
"arguments": {
"process_identifier": 2812,
"buffer": "P\u0003\u0000\u0000\u0010\u0003\u0000\u0000(C}\u0011\f\u0000\u0000\u0000",
"process_handle": "0x000005b0",
"base_address": "0x00d48000"
},
"time": 1605815611.827625,
"tid": 2740,
"flags": {}
},
"pid": 2868,
"type": "call",
"cid": 8447
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "WriteProcessMemory",
"return_value": 1,
"arguments": {
"process_identifier": 2812,
"buffer": "\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0010\u0082\u00d4\u0000P\u0082\u00d4\u0000\u00d0\u0082\u00d4\u0000P\u0081\u00d4\u0000\u0090\u0081\u00d4\u0000\u00d0\u0081\u00d4\u0000\u0090\u0082\u00d4\u0000\u0010\u0080\u00d4\u0000P\u0080\u00d4\u0000\u0090\u0080\u00d4\u0000\u00d0\u0080\u00d4\u0000\u0010\u0081\u00d4\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000",
"process_handle": "0x000005b0",
"base_address": "0x0139cc90"
},
"time": 1605815611.827625,
"tid": 2740,
"flags": {}
},
"pid": 2868,
"type": "call",
"cid": 8452
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "WriteProcessMemory",
"return_value": 1,
"arguments": {
"process_identifier": 2812,
"buffer": "\u0000\u0000\u0000\u0000",
"process_handle": "0x000005b0",
"base_address": "0x0139cd34"
},
"time": 1605815611.827625,
"tid": 2740,
"flags": {}
},
"pid": 2868,
"type": "call",
"cid": 8456
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "WriteProcessMemory",
"return_value": 1,
"arguments": {
"process_identifier": 2812,
"buffer": "\u00b0\u00fa\u00baw\u00d0\u00f9\u00baw4\u00fe\u00bawH\u00fb\u00baw@\u00fc\u00baw(\u0000\u00bbw\u00c8\u00fa\u00baw\u00e8\u00f9\u00baw@\u0000\u00bbw\u00c8\u00fb\u00bawp\u00fc\u00baw&\u00e0\u00bbw\u00b5\u00e6\u00bbw\u00b7\u0084\u00bcwI\u0002\u00bdw\u00d1\u00e5\u00c3w\u008e\u009d\u00bdw\u0085\u00df\u00bbw|\u00c2\u00bew\u00e0\u00c4\u00c0w\u00f1V\u00c6w@#\u00bbw",
"process_handle": "0x000005b0",
"base_address": "0x0139cd80"
},
"time": 1605815611.827625,
"tid": 2740,
"flags": {}
},
"pid": 2868,
"type": "call",
"cid": 8461
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "WriteProcessMemory",
"return_value": 1,
"arguments": {
"process_identifier": 2812,
"buffer": "\u0004\u0000\u0000\u0000",
"process_handle": "0x000005b0",
"base_address": "0x0139c33c"
},
"time": 1605815611.843625,
"tid": 2740,
"flags": {}
},
"pid": 2868,
"type": "call",
"cid": 8469
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "WriteProcessMemory",
"return_value": 1,
"arguments": {
"process_identifier": 2812,
"buffer": "\u0000 \u0000\u0000",
"process_handle": "0x000005b0",
"base_address": "0x0139cde8"
},
"time": 1605815611.843625,
"tid": 2740,
"flags": {}
},
"pid": 2868,
"type": "call",
"cid": 8473
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "WriteProcessMemory",
"return_value": 1,
"arguments": {
"process_identifier": 2812,
"buffer": "\u0000\u00e0\u0000\u0000",
"process_handle": "0x000005b0",
"base_address": "0x0139cdd8"
},
"time": 1605815611.843625,
"tid": 2740,
"flags": {}
},
"pid": 2868,
"type": "call",
"cid": 8477
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "WriteProcessMemory",
"return_value": 1,
"arguments": {
"process_identifier": 2812,
"buffer": "\u0004\u0000\u0000\u0000",
"process_handle": "0x000005b0",
"base_address": "0x0139b078"
},
"time": 1605815611.843625,
"tid": 2740,
"flags": {}
},
"pid": 2868,
"type": "call",
"cid": 8498
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "WriteProcessMemory",
"return_value": 1,
"arguments": {
"process_identifier": 2812,
"buffer": "`\u0003\u0000\u0000\u0000\u0000\u0000\u0000",
"process_handle": "0x000005b0",
"base_address": "0x0139ce10"
},
"time": 1605815611.843625,
"tid": 2740,
"flags": {}
},
"pid": 2868,
"type": "call",
"cid": 8502
},
{
"category": "Process injection",
"ioc": "Process 2868 injected into non-child 3444",
"type": "ioc",
"description": null
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "WriteProcessMemory",
"return_value": 1,
"arguments": {
"process_identifier": 3444,
"buffer": "\u00b8R\u0000\u0000\u00003\u00c9\u008dT$\u0004d\u00ff\u0015\u00c0\u0000\u0000\u0000\u0083\u00c4\u0004\u00c2,\u0000\u0083\u00ec\bR\u008bT$\f\u0089T$\b\u00c7D$\f\u0010\u008c\u00ab\u0000\u00c7D$\u0004\u00f0\u00138\u0001Z\u00c3",
"process_handle": "0x000009ac",
"base_address": "0x00ab8c10"
},
"time": 1605815621.046625,
"tid": 2740,
"flags": {}
},
"pid": 2868,
"type": "call",
"cid": 22391
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "WriteProcessMemory",
"return_value": 1,
"arguments": {
"process_identifier": 3444,
"buffer": "\u00b8R\u0000\u0000\u0000\u00ba(\u008c\u00ab\u0000\u00ff\u00e2",
"process_handle": "0x000009ac",
"base_address": "0x77bb00a4"
},
"time": 1605815621.046625,
"tid": 2740,
"flags": {}
},
"pid": 2868,
"type": "call",
"cid": 22393
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "WriteProcessMemory",
"return_value": 1,
"arguments": {
"process_identifier": 3444,
"buffer": "\u00b80\u0000\u0000\u00003\u00c9\u008dT$\u0004d\u00ff\u0015\u00c0\u0000\u0000\u0000\u0083\u00c4\u0004\u00c2\u0018\u0000\u0083\u00ec\bR\u008bT$\f\u0089T$\b\u00c7D$\fP\u008c\u00ab\u0000\u00c7D$\u0004\u00c0\u00158\u0001Z\u00c3",
"process_handle": "0x000009ac",
"base_address": "0x00ab8c50"
},
"time": 1605815621.046625,
"tid": 2740,
"flags": {}
},
"pid": 2868,
"type": "call",
"cid": 22396
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "WriteProcessMemory",
"return_value": 1,
"arguments": {
"process_identifier": 3444,
"buffer": "\u00b80\u0000\u0000\u0000\u00bah\u008c\u00ab\u0000\u00ff\u00e2",
"process_handle": "0x000009ac",
"base_address": "0x77bafd54"
},
"time": 1605815621.046625,
"tid": 2740,
"flags": {}
},
"pid": 2868,
"type": "call",
"cid": 22398
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "WriteProcessMemory",
"return_value": 1,
"arguments": {
"process_identifier": 3444,
"buffer": "\u00b8:\u0000\u0000\u00003\u00c9\u008dT$\u0004d\u00ff\u0015\u00c0\u0000\u0000\u0000\u0083\u00c4\u0004\u00c2\b\u0000\u0083\u00ec\bR\u008bT$\f\u0089T$\b\u00c7D$\f\u0090\u008c\u00ab\u0000\u00c7D$\u0004p\u00178\u0001Z\u00c3",
"process_handle": "0x000009ac",
"base_address": "0x00ab8c90"
},
"time": 1605815621.046625,
"tid": 2740,
"flags": {}
},
"pid": 2868,
"type": "call",
"cid": 22401
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "WriteProcessMemory",
"return_value": 1,
"arguments": {
"process_identifier": 3444,
"buffer": "\u00b8:\u0000\u0000\u0000\u00ba\u00a8\u008c\u00ab\u0000\u00ff\u00e2",
"process_handle": "0x000009ac",
"base_address": "0x77bafe4c"
},
"time": 1605815621.046625,
"tid": 2740,
"flags": {}
},
"pid": 2868,
"type": "call",
"cid": 22403
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "WriteProcessMemory",
"return_value": 1,
"arguments": {
"process_identifier": 3444,
"buffer": "\u00b8\u0013\u0001\u0000\u00003\u00c9\u008dT$\u0004d\u00ff\u0015\u00c0\u0000\u0000\u0000\u0083\u00c4\u0004\u00c2\b\u0000\u0083\u00ec\bR\u008bT$\f\u0089T$\b\u00c7D$\f\u00d0\u008c\u00ab\u0000\u00c7D$\u0004\u00c0\u00188\u0001Z\u00c3",
"process_handle": "0x000009ac",
"base_address": "0x00ab8cd0"
},
"time": 1605815621.046625,
"tid": 2740,
"flags": {}
},
"pid": 2868,
"type": "call",
"cid": 22406
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "WriteProcessMemory",
"return_value": 1,
"arguments": {
"process_identifier": 3444,
"buffer": "\u00b8\u0013\u0001\u0000\u0000\u00ba\u00e8\u008c\u00ab\u0000\u00ff\u00e2",
"process_handle": "0x000009ac",
"base_address": "0x77bb132c"
},
"time": 1605815621.046625,
"tid": 2740,
"flags": {}
},
"pid": 2868,
"type": "call",
"cid": 22408
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "WriteProcessMemory",
"return_value": 1,
"arguments": {
"process_identifier": 3444,
"buffer": "\u00b8$\u0000\u0000\u00003\u00c9\u008dT$\u0004d\u00ff\u0015\u00c0\u0000\u0000\u0000\u0083\u00c4\u0004\u00c2\u0014\u0000\u0083\u00ec\bR\u008bT$\f\u0089T$\b\u00c7D$\f\u0010\u008d\u00ab\u0000\u00c7D$\u0004\u0010\u001a8\u0001Z\u00c3",
"process_handle": "0x000009ac",
"base_address": "0x00ab8d10"
},
"time": 1605815621.046625,
"tid": 2740,
"flags": {}
},
"pid": 2868,
"type": "call",
"cid": 22411
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "WriteProcessMemory",
"return_value": 1,
"arguments": {
"process_identifier": 3444,
"buffer": "\u00b8$\u0000\u0000\u0000\u00ba(\u008d\u00ab\u0000\u00ff\u00e2",
"process_handle": "0x000009ac",
"base_address": "0x77bafc28"
},
"time": 1605815621.046625,
"tid": 2740,
"flags": {}
},
"pid": 2868,
"type": "call",
"cid": 22413
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "WriteProcessMemory",
"return_value": 1,
"arguments": {
"process_identifier": 3444,
"buffer": "\u00b8\u00fe\u0000\u0000\u00003\u00c9\u008dT$\u0004d\u00ff\u0015\u00c0\u0000\u0000\u0000\u0083\u00c4\u0004\u00c2\u0010\u0000\u0083\u00ec\bR\u008bT$\f\u0089T$\b\u00c7D$\fP\u008d\u00ab\u0000\u00c7D$\u0004p\u00c88\u0001Z\u00c3",
"process_handle": "0x000009ac",
"base_address": "0x00ab8d50"
},
"time": 1605815621.046625,
"tid": 2740,
"flags": {}
},
"pid": 2868,
"type": "call",
"cid": 22416
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "WriteProcessMemory",
"return_value": 1,
"arguments": {
"process_identifier": 3444,
"buffer": "\u00b8\u00fe\u0000\u0000\u0000\u00bah\u008d\u00ab\u0000\u00ff\u00e2",
"process_handle": "0x000009ac",
"base_address": "0x77bb1128"
},
"time": 1605815621.046625,
"tid": 2740,
"flags": {}
},
"pid": 2868,
"type": "call",
"cid": 22418
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "WriteProcessMemory",
"return_value": 1,
"arguments": {
"process_identifier": 3444,
"buffer": "\u00b8#\u0000\u0000\u00003\u00c9\u008dT$\u0004d\u00ff\u0015\u00c0\u0000\u0000\u0000\u0083\u00c4\u0004\u00c2\u0010\u0000\u0083\u00ec\bR\u008bT$\f\u0089T$\b\u00c7D$\f\u0090\u008d\u00ab\u0000\u00c7D$\u0004 \u00c58\u0001Z\u00c3",
"process_handle": "0x000009ac",
"base_address": "0x00ab8d90"
},
"time": 1605815621.046625,
"tid": 2740,
"flags": {}
},
"pid": 2868,
"type": "call",
"cid": 22421
}
],
"references": [],
"name": "injection_write_memory"
},
{
"markcount": 2,
"families": [],
"description": "One or more martian processes was created",
"severity": 3,
"marks": [
{
"parent_process": "firefox.exe",
"type": "generic",
"martian_process": "\"C:\\Program Files (x86)\\Mozilla Firefox\\firefox.exe\" -contentproc --channel=\"2868.6.1925183474\\992608054\" -childID 2 -isForBrowser -boolPrefs 299:0| -stringPrefs 285:38;{30125161-3c7f-4c5a-bdb3-beadc01f5994}| -schedulerPrefs 0001,2 -greomni \"C:\\Program Files (x86)\\Mozilla Firefox\\omni.ja\" -appomni \"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\omni.ja\" -appdir \"C:\\Program Files (x86)\\Mozilla Firefox\\browser\" 2868 \"\\\\.\\pipe\\gecko-crash-server-pipe.2868\" 2544 tab"
},
{
"parent_process": "firefox.exe",
"type": "generic",
"martian_process": "\"C:\\Program Files (x86)\\Mozilla Firefox\\firefox.exe\" -contentproc --channel=\"2868.0.616846624\\751223851\" -childID 1 -isForBrowser -boolPrefs 299:0| -stringPrefs 285:38;{30125161-3c7f-4c5a-bdb3-beadc01f5994}| -schedulerPrefs 0001,2 -greomni \"C:\\Program Files (x86)\\Mozilla Firefox\\omni.ja\" -appomni \"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\omni.ja\" -appdir \"C:\\Program Files (x86)\\Mozilla Firefox\\browser\" 2868 \"\\\\.\\pipe\\gecko-crash-server-pipe.2868\" 1432 tab"
}
],
"references": [],
"name": "process_martian"
},
{
"markcount": 85,
"families": [],
"description": "Drops 85 unknown file mime types indicative of ransomware writing encrypted files back to disk",
"severity": 3,
"marks": [
{
"category": "file",
"ioc": "C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\1657114595AmcateirvtiSty.sqlite-shm",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-phish-proto.metadata",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\mozplugin-block-digest256.sbstore",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "c:\\program files (x86)\\companylogodesigner\\vorlagen\\pyramide.companylogo",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-malware-simple.sbstore",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "c:\\program files (x86)\\companylogodesigner\\vorlagen\\sektor.companylogo",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "c:\\program files (x86)\\companylogodesigner\\vorlagen\\globe.companylogo",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "c:\\users\\cuck\\appdata\\roaming\\mozilla\\firefox\\profiles\\74r5sasm.default\\crashes\\store.json.mozlz4",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "c:\\program files (x86)\\companylogodesigner\\symbols.dat",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "c:\\program files (x86)\\companylogodesigner\\vorlagen\\circle.companylogo",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Program Files (x86)\\CompanyLogoDesigner\\unins000.dat",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "c:\\program files (x86)\\companylogodesigner\\vorlagen\\geneticsuccess.companylogo",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-phish-simple.sbstore",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\archived\\2018-06\\1529094127660.769b1bb0-a4dd-45df-94dc-162afa98b7dc.first-shutdown.jsonlz4",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "c:\\program files (x86)\\companylogodesigner\\vorlagen\\exotic.companylogo",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "c:\\program files (x86)\\companylogodesigner\\vorlagen\\fireball.companylogo",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "c:\\program files (x86)\\companylogodesigner\\vorlagen\\slim.companylogo",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\AppData\\Roaming\\Itsth\\Company Logo Designer\\cld.cfg",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "c:\\program files (x86)\\companylogodesigner\\vorlagen\\innamegap.companylogo",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "c:\\program files (x86)\\companylogodesigner\\vorlagen\\shockwave.companylogo",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-harmful-simple.sbstore",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-unwanted-proto.metadata",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "c:\\program files (x86)\\companylogodesigner\\vorlagen\\cutinrect.companylogo",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "c:\\program files (x86)\\companylogodesigner\\vorlagen\\simpel.companylogo",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\archived\\2018-06\\1529094127628.b6c0f8ae-6867-461f-8b4e-0e5ad121f572.new-profile.jsonlz4",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "c:\\users\\cuck\\appdata\\local\\mozilla\\firefox\\profiles\\74r5sasm.default\\startupcache\\scriptcache.bin",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\allow-flashallow-digest256.pset",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "c:\\program files (x86)\\companylogodesigner\\vorlagen\\biotech.companylogo",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cookies.sqlite-shm",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\block-flashsubdoc-digest256.sbstore",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\except-flash-digest256.sbstore",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "c:\\program files (x86)\\companylogodesigner\\vorlagen\\coolending.companylogo",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "c:\\program files (x86)\\companylogodesigner\\vorlagen\\vertical.companylogo",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\archived\\2018-06\\1529094538341.9c7aca19-57fd-4e4f-b088-84d9d1e147b1.main.jsonlz4",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "c:\\program files (x86)\\companylogodesigner\\vorlagen\\sail.companylogo",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "c:\\program files (x86)\\companylogodesigner\\vorlagen\\spacy.companylogo",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-block-simple.sbstore",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "c:\\program files (x86)\\companylogodesigner\\vorlagen\\stylish rect.companylogo",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "c:\\users\\cuck\\appdata\\local\\mozilla\\firefox\\profiles\\74r5sasm.default\\startupcache\\scriptcache-child.bin",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "c:\\program files (x86)\\companylogodesigner\\vorlagen\\simplemolecule.companylogo",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "c:\\users\\cuck\\appdata\\local\\mozilla\\firefox\\profiles\\74r5sasm.default\\startupcache\\urlcache.bin",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\allow-flashallow-digest256.sbstore",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-badbinurl-proto.metadata",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-track-simple.sbstore",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "c:\\program files (x86)\\companylogodesigner\\vorlagen\\nice feathers.companylogo",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "c:\\program files (x86)\\companylogodesigner\\vorlagen\\seal.companylogo",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-downloadwhite-proto.pset",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "c:\\program files (x86)\\companylogodesigner\\vorlagen\\lightdome.companylogo",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "c:\\program files (x86)\\companylogodesigner\\vorlagen\\cutoff.companylogo",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-downloadwhite-proto.metadata",
"type": "ioc",
"description": null
}
],
"references": [],
"name": "ransomware_dropped_files"
},
{
"markcount": 1,
"families": [],
"description": "Appends a known multi-family ransomware file extension to files that have been encrypted",
"severity": 3,
"marks": [
{
"category": "file",
"ioc": "C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\parent.lock",
"type": "ioc",
"description": null
}
],
"references": [],
"name": "ransomware_extensions"
},
{
"markcount": 9,
"families": [],
"description": "Resumed a suspended thread in a remote process potentially indicative of process injection",
"severity": 3,
"marks": [
{
"category": "Process injection",
"ioc": "Process 2700 resumed a thread in remote process 560",
"type": "ioc",
"description": null
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtResumeThread",
"return_value": 0,
"arguments": {
"thread_handle": "0x000000a8",
"suspend_count": 1,
"process_identifier": 560
},
"time": 1605815610.452875,
"tid": 3048,
"flags": {}
},
"pid": 2700,
"type": "call",
"cid": 298
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtResumeThread",
"return_value": 0,
"arguments": {
"thread_handle": "0x000000a8",
"suspend_count": 1,
"process_identifier": 560
},
"time": 1605815612.296875,
"tid": 3048,
"flags": {}
},
"pid": 2700,
"type": "call",
"cid": 302
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtResumeThread",
"return_value": 0,
"arguments": {
"thread_handle": "0x000000a8",
"suspend_count": 1,
"process_identifier": 560
},
"time": 1605815612.515875,
"tid": 3048,
"flags": {}
},
"pid": 2700,
"type": "call",
"cid": 306
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtResumeThread",
"return_value": 0,
"arguments": {
"thread_handle": "0x000000a8",
"suspend_count": 2,
"process_identifier": 560
},
"time": 1605815612.640875,
"tid": 3048,
"flags": {}
},
"pid": 2700,
"type": "call",
"cid": 319
},
{
"category": "Process injection",
"ioc": "Process 2868 resumed a thread in remote process 2812",
"type": "ioc",
"description": null
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtResumeThread",
"return_value": 0,
"arguments": {
"thread_handle": "0x000005c4",
"suspend_count": 1,
"process_identifier": 2812
},
"time": 1605815611.905625,
"tid": 2740,
"flags": {}
},
"pid": 2868,
"type": "call",
"cid": 8529
},
{
"category": "Process injection",
"ioc": "Process 2868 resumed a thread in remote process 3444",
"type": "ioc",
"description": null
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtResumeThread",
"return_value": 0,
"arguments": {
"thread_handle": "0x000009b0",
"suspend_count": 1,
"process_identifier": 3444
},
"time": 1605815621.093625,
"tid": 2740,
"flags": {}
},
"pid": 2868,
"type": "call",
"cid": 22547
}
],
"references": [
"www.endgame.com\/blog\/technical-blog\/ten-process-injection-techniques-technical-survey-common-and-trending-process"
],
"name": "injection_resumethread"
},
{
"markcount": 1,
"families": [],
"description": "Detects VMWare through the in instruction feature",
"severity": 3,
"marks": [
{
"call": {
"category": "__notification__",
"status": 1,
"stacktrace": [],
"raw": [
"stacktrace"
],
"api": "__exception__",
"return_value": 0,
"arguments": {
"stacktrace": "S\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n-\n0\nx\n7\n4\n0\n5\n1\n \n@\n \n0\nx\n2\n1\n0\ne\n0\nb\nf\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\n7\n4\n4\n1\n \n@\n \n0\nx\n2\n1\na\n9\n5\n5\n1\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n-\n0\nx\n7\n4\n0\n7\n0\n \n@\n \n0\nx\n2\n1\n0\ne\n0\na\n0\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n-\n0\nx\n7\nb\n8\nd\n0\n \n@\n \n0\nx\n2\n1\n0\n6\n8\n4\n0\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n-\n0\nx\n3\n6\nf\n4\n3\n \n@\n \n0\nx\n2\n1\n4\nb\n1\nc\nd\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n+\n0\nx\n2\n7\n4\n4\n1\n \n@\n \n0\nx\n2\n1\na\n9\n5\n5\n1\n\n\nS\ne\nt\nF\nu\nn\nc\nt\ni\no\nn\nA\nd\nd\nr\ne\ns\ns\ne\ns\n-\n0\nx\n3\n8\n6\n9\n2\n \n@\n \n0\nx\n2\n1\n4\n9\na\n7\ne\n\n\nc\no\nm\np\na\nn\ny\nl\no\ng\no\nd\ne\ns\ni\ng\nn\ne\nr\n+\n0\nx\nd\nb\n9\nd\n8\n \n@\n \n0\nx\n4\nd\nb\n9\nd\n8\n\n\nc\no\nm\np\na\nn\ny\nl\no\ng\no\nd\ne\ns\ni\ng\nn\ne\nr\n+\n0\nx\nd\nd\n0\nd\n9\n \n@\n \n0\nx\n4\nd\nd\n0\nd\n9\n\n\nc\no\nm\np\na\nn\ny\nl\no\ng\no\nd\ne\ns\ni\ng\nn\ne\nr\n+\n0\nx\nd\nd\n1\nc\n8\n \n@\n \n0\nx\n4\nd\nd\n1\nc\n8\n\n\nc\no\nm\np\na\nn\ny\nl\no\ng\no\nd\ne\ns\ni\ng\nn\ne\nr\n+\n0\nx\nb\nc\n4\n4\na\n \n@\n \n0\nx\n4\nb\nc\n4\n4\na\n\n\nc\no\nm\np\na\nn\ny\nl\no\ng\no\nd\ne\ns\ni\ng\nn\ne\nr\n+\n0\nx\n1\n2\n9\nd\n2\n6\n \n@\n \n0\nx\n5\n2\n9\nd\n2\n6\n\n\nc\no\nm\np\na\nn\ny\nl\no\ng\no\nd\ne\ns\ni\ng\nn\ne\nr\n+\n0\nx\n1\n6\nc\n0\n0\n0\n \n@\n \n0\nx\n5\n6\nc\n0\n0\n0",
"registers": {
"esp": 1630904,
"edi": 3165064978,
"eax": 1447909480,
"ebp": 1630912,
"edx": 22104,
"ebx": 0,
"esi": 1456174715,
"ecx": 10
},
"exception": {
"instruction_r": "ed 81 fb 68 58 4d 56 75 04 c6 45 ff 01 8a 45 ff",
"instruction": "in eax, dx",
"exception_code": "0xc0000096",
"symbol": "SetFunctionAddresses-0x74023",
"address": "0x210e0ed"
}
},
"time": 1605815613.251578,
"tid": 2216,
"flags": {}
},
"pid": 560,
"type": "call",
"cid": 1454
}
],
"references": [],
"name": "antivm_vmware_in_instruction"
},
{
"markcount": 200,
"families": [],
"description": "Executed a process and injected code into it, probably while unpacking",
"severity": 5,
"marks": [
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "CreateProcessInternalW",
"return_value": 1,
"arguments": {
"thread_identifier": 2872,
"thread_handle": "0x000000d0",
"process_identifier": 1676,
"current_directory": "",
"filepath": "",
"track": 1,
"command_line": "\"C:\\Users\\cuck\\AppData\\Local\\Temp\\is-MNA02.tmp\\891abfbc1df80ee834d4790b35a3ad27723867dcfaa28deee423bf1ac3eab95b.tmp\" \/SL5=\"$1902E6,1858858,114688,C:\\Users\\cuck\\AppData\\Local\\Temp\\891abfbc1df80ee834d4790b35a3ad27723867dcfaa28deee423bf1ac3eab95b.bin\" ",
"filepath_r": "",
"stack_pivoted": 0,
"creation_flags": 0,
"process_handle": "0x000000d4",
"inherit_handles": 0
},
"time": 1605815589.000125,
"tid": 2800,
"flags": {
"creation_flags": ""
}
},
"pid": 2124,
"type": "call",
"cid": 312
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "CreateProcessInternalW",
"return_value": 1,
"arguments": {
"thread_identifier": 2384,
"thread_handle": "0x0000010c",
"process_identifier": 2952,
"current_directory": "C:\\Users\\cuck\\AppData\\Local\\Temp\\is-1QMIS.tmp",
"filepath": "",
"track": 1,
"command_line": "\"C:\\Users\\cuck\\AppData\\Local\\Temp\\is-1QMIS.tmp\\ServiceHelper.exe\" \/setup C:\\Users\\cuck\\AppData\\Local\\Temp\\891abfbc1df80ee834d4790b35a3ad27723867dcfaa28deee423bf1ac3eab95b.bin",
"filepath_r": "",
"stack_pivoted": 0,
"creation_flags": 67108864,
"process_handle": "0x00000118",
"inherit_handles": 0
},
"time": 1605815589.3275,
"tid": 2872,
"flags": {
"creation_flags": "CREATE_DEFAULT_ERROR_MODE"
}
},
"pid": 1676,
"type": "call",
"cid": 574
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "CreateProcessInternalW",
"return_value": 1,
"arguments": {
"thread_identifier": 3048,
"thread_handle": "0x000001a8",
"process_identifier": 2700,
"current_directory": "C:\\Program Files (x86)\\CompanyLogoDesigner",
"filepath": "",
"track": 1,
"command_line": "\"C:\\Program Files (x86)\\CompanyLogoDesigner\\CompanyLogoDesigner.exe\"",
"filepath_r": "",
"stack_pivoted": 0,
"creation_flags": 67108864,
"process_handle": "0x00000290",
"inherit_handles": 0
},
"time": 1605815607.2805,
"tid": 2872,
"flags": {
"creation_flags": "CREATE_DEFAULT_ERROR_MODE"
}
},
"pid": 1676,
"type": "call",
"cid": 6320
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "CreateProcessInternalW",
"return_value": 1,
"arguments": {
"thread_identifier": 2164,
"thread_handle": "0x000002cc",
"process_identifier": 2868,
"current_directory": "C:\\Program Files (x86)\\CompanyLogoDesigner",
"filepath": "C:\\Program Files (x86)\\Mozilla Firefox\\firefox.exe",
"track": 1,
"command_line": "\"C:\\Program Files (x86)\\Mozilla Firefox\\firefox.exe\" -osint -url \"C:\\Program Files (x86)\\CompanyLogoDesigner\\cld-readme.htm\"",
"filepath_r": "C:\\Program Files (x86)\\Mozilla Firefox\\firefox.exe",
"stack_pivoted": 0,
"creation_flags": 67634192,
"process_handle": "0x000002c8",
"inherit_handles": 0
},
"time": 1605815609.1245,
"tid": 1348,
"flags": {
"creation_flags": "CREATE_DEFAULT_ERROR_MODE|CREATE_NEW_CONSOLE|CREATE_UNICODE_ENVIRONMENT|EXTENDED_STARTUPINFO_PRESENT"
}
},
"pid": 1676,
"type": "call",
"cid": 6821
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "CreateProcessInternalW",
"return_value": 1,
"arguments": {
"thread_identifier": 2216,
"thread_handle": "0x000000a8",
"process_identifier": 560,
"current_directory": "",
"filepath": "C:\\Program Files (x86)\\CompanyLogoDesigner\\CompanyLogoDesigner.exe",
"track": 1,
"command_line": "\"C:\\Program Files (x86)\\CompanyLogoDesigner\\CompanyLogoDesigner.exe\"",
"filepath_r": "C:\\Program Files (x86)\\CompanyLogoDesigner\\CompanyLogoDesigner.exe",
"stack_pivoted": 0,
"creation_flags": 1028,
"process_handle": "0x000000ac",
"inherit_handles": 1
},
"time": 1605815609.421875,
"tid": 3048,
"flags": {
"creation_flags": "CREATE_SUSPENDED|CREATE_UNICODE_ENVIRONMENT"
}
},
"pid": 2700,
"type": "call",
"cid": 295
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "WriteProcessMemory",
"return_value": 1,
"arguments": {
"process_identifier": 560,
"buffer": "\u00eb\u00fe",
"process_handle": "0x000000ac",
"base_address": "0x0056c000"
},
"time": 1605815609.421875,
"tid": 3048,
"flags": {}
},
"pid": 2700,
"type": "call",
"cid": 297
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtResumeThread",
"return_value": 0,
"arguments": {
"thread_handle": "0x000000a8",
"suspend_count": 1,
"process_identifier": 560
},
"time": 1605815610.452875,
"tid": 3048,
"flags": {}
},
"pid": 2700,
"type": "call",
"cid": 298
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtGetContextThread",
"return_value": 0,
"arguments": {
"thread_handle": "0x000000a8"
},
"time": 1605815610.562875,
"tid": 3048,
"flags": {}
},
"pid": 2700,
"type": "call",
"cid": 301
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtResumeThread",
"return_value": 0,
"arguments": {
"thread_handle": "0x000000a8",
"suspend_count": 1,
"process_identifier": 560
},
"time": 1605815612.296875,
"tid": 3048,
"flags": {}
},
"pid": 2700,
"type": "call",
"cid": 302
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtGetContextThread",
"return_value": 0,
"arguments": {
"thread_handle": "0x000000a8"
},
"time": 1605815612.405875,
"tid": 3048,
"flags": {}
},
"pid": 2700,
"type": "call",
"cid": 305
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtResumeThread",
"return_value": 0,
"arguments": {
"thread_handle": "0x000000a8",
"suspend_count": 1,
"process_identifier": 560
},
"time": 1605815612.515875,
"tid": 3048,
"flags": {}
},
"pid": 2700,
"type": "call",
"cid": 306
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "WriteProcessMemory",
"return_value": 1,
"arguments": {
"process_identifier": 560,
"buffer": "`\u00e8",
"process_handle": "0x000000ac",
"base_address": "0x0056c000"
},
"time": 1605815612.515875,
"tid": 3048,
"flags": {}
},
"pid": 2700,
"type": "call",
"cid": 312
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtResumeThread",
"return_value": 0,
"arguments": {
"thread_handle": "0x000000a8",
"suspend_count": 2,
"process_identifier": 560
},
"time": 1605815612.640875,
"tid": 3048,
"flags": {}
},
"pid": 2700,
"type": "call",
"cid": 319
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtResumeThread",
"return_value": 0,
"arguments": {
"thread_handle": "0x00000200",
"suspend_count": 1,
"process_identifier": 2868
},
"time": 1605815610.827625,
"tid": 2164,
"flags": {}
},
"pid": 2868,
"type": "call",
"cid": 2049
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtResumeThread",
"return_value": 0,
"arguments": {
"thread_handle": "0x00000210",
"suspend_count": 1,
"process_identifier": 2868
},
"time": 1605815610.827625,
"tid": 2164,
"flags": {}
},
"pid": 2868,
"type": "call",
"cid": 2056
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtResumeThread",
"return_value": 0,
"arguments": {
"thread_handle": "0x00000220",
"suspend_count": 1,
"process_identifier": 2868
},
"time": 1605815610.827625,
"tid": 2164,
"flags": {}
},
"pid": 2868,
"type": "call",
"cid": 2061
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtResumeThread",
"return_value": 0,
"arguments": {
"thread_handle": "0x000002b4",
"suspend_count": 1,
"process_identifier": 2868
},
"time": 1605815610.843625,
"tid": 2164,
"flags": {}
},
"pid": 2868,
"type": "call",
"cid": 2231
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtResumeThread",
"return_value": 0,
"arguments": {
"thread_handle": "0x000002d4",
"suspend_count": 1,
"process_identifier": 2868
},
"time": 1605815610.890625,
"tid": 2164,
"flags": {}
},
"pid": 2868,
"type": "call",
"cid": 2629
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtResumeThread",
"return_value": 0,
"arguments": {
"thread_handle": "0x00000318",
"suspend_count": 1,
"process_identifier": 2868
},
"time": 1605815610.983625,
"tid": 2164,
"flags": {}
},
"pid": 2868,
"type": "call",
"cid": 2862
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtResumeThread",
"return_value": 0,
"arguments": {
"thread_handle": "0x00000324",
"suspend_count": 1,
"process_identifier": 2868
},
"time": 1605815610.983625,
"tid": 2164,
"flags": {}
},
"pid": 2868,
"type": "call",
"cid": 2869
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtResumeThread",
"return_value": 0,
"arguments": {
"thread_handle": "0x00000330",
"suspend_count": 1,
"process_identifier": 2868
},
"time": 1605815610.999625,
"tid": 2164,
"flags": {}
},
"pid": 2868,
"type": "call",
"cid": 2896
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtResumeThread",
"return_value": 0,
"arguments": {
"thread_handle": "0x00000334",
"suspend_count": 1,
"process_identifier": 2868
},
"time": 1605815610.999625,
"tid": 2164,
"flags": {}
},
"pid": 2868,
"type": "call",
"cid": 2898
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtResumeThread",
"return_value": 0,
"arguments": {
"thread_handle": "0x00000348",
"suspend_count": 1,
"process_identifier": 2868
},
"time": 1605815610.999625,
"tid": 2164,
"flags": {}
},
"pid": 2868,
"type": "call",
"cid": 3122
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtResumeThread",
"return_value": 0,
"arguments": {
"thread_handle": "0x00000364",
"suspend_count": 1,
"process_identifier": 2868
},
"time": 1605815611.030625,
"tid": 2164,
"flags": {}
},
"pid": 2868,
"type": "call",
"cid": 3205
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtResumeThread",
"return_value": 0,
"arguments": {
"thread_handle": "0x00000350",
"suspend_count": 1,
"process_identifier": 2868
},
"time": 1605815611.046625,
"tid": 2164,
"flags": {}
},
"pid": 2868,
"type": "call",
"cid": 3276
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtResumeThread",
"return_value": 0,
"arguments": {
"thread_handle": "0x0000036c",
"suspend_count": 1,
"process_identifier": 2868
},
"time": 1605815611.296625,
"tid": 2164,
"flags": {}
},
"pid": 2868,
"type": "call",
"cid": 4982
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtResumeThread",
"return_value": 0,
"arguments": {
"thread_handle": "0x00000430",
"suspend_count": 1,
"process_identifier": 2868
},
"time": 1605815611.421625,
"tid": 2164,
"flags": {}
},
"pid": 2868,
"type": "call",
"cid": 5525
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtResumeThread",
"return_value": 0,
"arguments": {
"thread_handle": "0x0000043c",
"suspend_count": 1,
"process_identifier": 2868
},
"time": 1605815611.421625,
"tid": 2164,
"flags": {}
},
"pid": 2868,
"type": "call",
"cid": 5540
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtResumeThread",
"return_value": 0,
"arguments": {
"thread_handle": "0x00000470",
"suspend_count": 1,
"process_identifier": 2868
},
"time": 1605815611.499625,
"tid": 2164,
"flags": {}
},
"pid": 2868,
"type": "call",
"cid": 5875
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtResumeThread",
"return_value": 0,
"arguments": {
"thread_handle": "0x00000500",
"suspend_count": 1,
"process_identifier": 2868
},
"time": 1605815611.562625,
"tid": 2164,
"flags": {}
},
"pid": 2868,
"type": "call",
"cid": 6421
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtResumeThread",
"return_value": 0,
"arguments": {
"thread_handle": "0x0000050c",
"suspend_count": 1,
"process_identifier": 2868
},
"time": 1605815611.577625,
"tid": 2164,
"flags": {}
},
"pid": 2868,
"type": "call",
"cid": 6559
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtResumeThread",
"return_value": 0,
"arguments": {
"thread_handle": "0x00000520",
"suspend_count": 1,
"process_identifier": 2868
},
"time": 1605815611.577625,
"tid": 2164,
"flags": {}
},
"pid": 2868,
"type": "call",
"cid": 6585
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtResumeThread",
"return_value": 0,
"arguments": {
"thread_handle": "0x00000524",
"suspend_count": 1,
"process_identifier": 2868
},
"time": 1605815611.577625,
"tid": 2164,
"flags": {}
},
"pid": 2868,
"type": "call",
"cid": 6606
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtResumeThread",
"return_value": 0,
"arguments": {
"thread_handle": "0x00000544",
"suspend_count": 1,
"process_identifier": 2868
},
"time": 1605815611.624625,
"tid": 2164,
"flags": {}
},
"pid": 2868,
"type": "call",
"cid": 6977
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtResumeThread",
"return_value": 0,
"arguments": {
"thread_handle": "0x00000340",
"suspend_count": 1,
"process_identifier": 2868
},
"time": 1605815611.640625,
"tid": 2164,
"flags": {}
},
"pid": 2868,
"type": "call",
"cid": 7076
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtResumeThread",
"return_value": 0,
"arguments": {
"thread_handle": "0x0000053c",
"suspend_count": 1,
"process_identifier": 2868
},
"time": 1605815611.640625,
"tid": 2164,
"flags": {}
},
"pid": 2868,
"type": "call",
"cid": 7192
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtResumeThread",
"return_value": 0,
"arguments": {
"thread_handle": "0x00000510",
"suspend_count": 1,
"process_identifier": 2868
},
"time": 1605815611.702625,
"tid": 2164,
"flags": {}
},
"pid": 2868,
"type": "call",
"cid": 7574
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtResumeThread",
"return_value": 0,
"arguments": {
"thread_handle": "0x0000050c",
"suspend_count": 1,
"process_identifier": 2868
},
"time": 1605815611.702625,
"tid": 2164,
"flags": {}
},
"pid": 2868,
"type": "call",
"cid": 7586
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtResumeThread",
"return_value": 0,
"arguments": {
"thread_handle": "0x00000338",
"suspend_count": 1,
"process_identifier": 2868
},
"time": 1605815611.718625,
"tid": 2164,
"flags": {}
},
"pid": 2868,
"type": "call",
"cid": 7595
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtResumeThread",
"return_value": 0,
"arguments": {
"thread_handle": "0x00000550",
"suspend_count": 1,
"process_identifier": 2868
},
"time": 1605815611.718625,
"tid": 2164,
"flags": {}
},
"pid": 2868,
"type": "call",
"cid": 7620
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtResumeThread",
"return_value": 0,
"arguments": {
"thread_handle": "0x00000560",
"suspend_count": 1,
"process_identifier": 2868
},
"time": 1605815611.718625,
"tid": 2164,
"flags": {}
},
"pid": 2868,
"type": "call",
"cid": 7653
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "CreateProcessInternalW",
"return_value": 1,
"arguments": {
"thread_identifier": 2948,
"thread_handle": "0x000005b8",
"process_identifier": 2812,
"current_directory": "",
"filepath": "C:\\Program Files (x86)\\Mozilla Firefox\\firefox.exe",
"track": 1,
"command_line": "\"C:\\Program Files (x86)\\Mozilla Firefox\\firefox.exe\" -contentproc --channel=\"2868.0.616846624\\751223851\" -childID 1 -isForBrowser -boolPrefs 299:0| -stringPrefs 285:38;{30125161-3c7f-4c5a-bdb3-beadc01f5994}| -schedulerPrefs 0001,2 -greomni \"C:\\Program Files (x86)\\Mozilla Firefox\\omni.ja\" -appomni \"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\omni.ja\" -appdir \"C:\\Program Files (x86)\\Mozilla Firefox\\browser\" 2868 \"\\\\.\\pipe\\gecko-crash-server-pipe.2868\" 1432 tab",
"filepath_r": "C:\\Program Files (x86)\\Mozilla Firefox\\firefox.exe",
"stack_pivoted": 0,
"creation_flags": 17302540,
"process_handle": "0x000005b0",
"inherit_handles": 1
},
"time": 1605815611.827625,
"tid": 2740,
"flags": {
"creation_flags": "CREATE_BREAKAWAY_FROM_JOB|CREATE_SUSPENDED|CREATE_UNICODE_ENVIRONMENT|DETACHED_PROCESS|EXTENDED_STARTUPINFO_PRESENT"
}
},
"pid": 2868,
"type": "call",
"cid": 8371
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtAllocateVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2812,
"region_size": 1179648,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"protection": 1,
"process_handle": "0x000005b0",
"allocation_type": 8192,
"base_address": "0x000f0000"
},
"time": 1605815611.827625,
"tid": 2740,
"flags": {
"protection": "PAGE_NOACCESS",
"allocation_type": "MEM_RESERVE"
}
},
"pid": 2868,
"type": "call",
"cid": 8380
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtAllocateVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2812,
"region_size": 10682368,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"protection": 1,
"process_handle": "0x000005b0",
"allocation_type": 8192,
"base_address": "0x00310000"
},
"time": 1605815611.827625,
"tid": 2740,
"flags": {
"protection": "PAGE_NOACCESS",
"allocation_type": "MEM_RESERVE"
}
},
"pid": 2868,
"type": "call",
"cid": 8381
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtAllocateVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2812,
"region_size": 65536,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"protection": 1,
"process_handle": "0x000005b0",
"allocation_type": 8192,
"base_address": "0x00d40000"
},
"time": 1605815611.827625,
"tid": 2740,
"flags": {
"protection": "PAGE_NOACCESS",
"allocation_type": "MEM_RESERVE"
}
},
"pid": 2868,
"type": "call",
"cid": 8382
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtAllocateVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2812,
"region_size": 4096,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"protection": 64,
"process_handle": "0x000005b0",
"allocation_type": 4096,
"base_address": "0x00d48000"
},
"time": 1605815611.827625,
"tid": 2740,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE",
"allocation_type": "MEM_COMMIT"
}
},
"pid": 2868,
"type": "call",
"cid": 8383
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "WriteProcessMemory",
"return_value": 1,
"arguments": {
"process_identifier": 2812,
"buffer": "\u00b8R\u0000\u0000\u00003\u00c9\u008dT$\u0004d\u00ff\u0015\u00c0\u0000\u0000\u0000\u0083\u00c4\u0004\u00c2,\u0000\u0083\u00ec\bR\u008bT$\f\u0089T$\b\u00c7D$\f\u0010\u0080\u00d4\u0000\u00c7D$\u0004\u00f0\u00138\u0001Z\u00c3",
"process_handle": "0x000005b0",
"base_address": "0x00d48010"
},
"time": 1605815611.827625,
"tid": 2740,
"flags": {}
},
"pid": 2868,
"type": "call",
"cid": 8387
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "WriteProcessMemory",
"return_value": 1,
"arguments": {
"process_identifier": 2812,
"buffer": "\u00b8R\u0000\u0000\u0000\u00ba(\u0080\u00d4\u0000\u00ff\u00e2",
"process_handle": "0x000005b0",
"base_address": "0x77bb00a4"
},
"time": 1605815611.827625,
"tid": 2740,
"flags": {}
},
"pid": 2868,
"type": "call",
"cid": 8389
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "WriteProcessMemory",
"return_value": 1,
"arguments": {
"process_identifier": 2812,
"buffer": "\u00b80\u0000\u0000\u00003\u00c9\u008dT$\u0004d\u00ff\u0015\u00c0\u0000\u0000\u0000\u0083\u00c4\u0004\u00c2\u0018\u0000\u0083\u00ec\bR\u008bT$\f\u0089T$\b\u00c7D$\fP\u0080\u00d4\u0000\u00c7D$\u0004\u00c0\u00158\u0001Z\u00c3",
"process_handle": "0x000005b0",
"base_address": "0x00d48050"
},
"time": 1605815611.827625,
"tid": 2740,
"flags": {}
},
"pid": 2868,
"type": "call",
"cid": 8392
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "WriteProcessMemory",
"return_value": 1,
"arguments": {
"process_identifier": 2812,
"buffer": "\u00b80\u0000\u0000\u0000\u00bah\u0080\u00d4\u0000\u00ff\u00e2",
"process_handle": "0x000005b0",
"base_address": "0x77bafd54"
},
"time": 1605815611.827625,
"tid": 2740,
"flags": {}
},
"pid": 2868,
"type": "call",
"cid": 8394
}
],
"references": [],
"name": "injection_runpe"
}
]Yara
The Yara rules did not detect anything in the file.
Network
{
"tls": [],
"udp": [
{
"src": "192.168.56.101",
"dst": "192.168.56.255",
"offset": 662,
"time": 6.221463918685913,
"dport": 137,
"sport": 137
},
{
"src": "192.168.56.101",
"dst": "192.168.56.255",
"offset": 7286,
"time": 12.221565961837769,
"dport": 138,
"sport": 138
},
{
"src": "192.168.56.101",
"dst": "224.0.0.252",
"offset": 9130,
"time": 6.1533730030059814,
"dport": 5355,
"sport": 51001
},
{
"src": "192.168.56.101",
"dst": "224.0.0.252",
"offset": 9458,
"time": 4.158427953720093,
"dport": 5355,
"sport": 53595
},
{
"src": "192.168.56.101",
"dst": "224.0.0.252",
"offset": 9786,
"time": 6.1609508991241455,
"dport": 5355,
"sport": 53848
},
{
"src": "192.168.56.101",
"dst": "224.0.0.252",
"offset": 10114,
"time": 4.7973339557647705,
"dport": 5355,
"sport": 54255
},
{
"src": "192.168.56.101",
"dst": "224.0.0.252",
"offset": 10442,
"time": 3.057760000228882,
"dport": 5355,
"sport": 55314
},
{
"src": "192.168.56.101",
"dst": "224.0.0.252",
"offset": 10770,
"time": 29.785645008087158,
"dport": 5355,
"sport": 55880
},
{
"src": "192.168.56.101",
"dst": "239.255.255.250",
"offset": 11090,
"time": 4.722951889038086,
"dport": 1900,
"sport": 1900
},
{
"src": "192.168.56.101",
"dst": "239.255.255.250",
"offset": 30500,
"time": 4.227989912033081,
"dport": 3702,
"sport": 49152
},
{
"src": "192.168.56.101",
"dst": "239.255.255.250",
"offset": 38884,
"time": 6.252677917480469,
"dport": 1900,
"sport": 53598
}
],
"dns_servers": [],
"http": [],
"icmp": [],
"smtp": [],
"tcp": [],
"smtp_ex": [],
"mitm": [],
"hosts": [],
"pcap_sha256": "36b900e5235efce30e0188a7d819eefe106a8c19f960fb64fa79dfacc73d9464",
"dns": [],
"http_ex": [],
"domains": [],
"dead_hosts": [],
"sorted_pcap_sha256": "f31dd732e95e74dbaae0205408a797de570c903d12ab51badddf7fbfd8bbe8be",
"irc": [],
"https_ex": []
}Screenshots
Hashes [?]
| Property | Value |
|---|---|
| MD5 | aa928fc1588b5984860edf76e9e4b648 |
| SHA256 | 891abfbc1df80ee834d4790b35a3ad27723867dcfaa28deee423bf1ac3eab95b |
Error Messages
These are some of the error messages that can appear related to companylogodesignere_trial.exe:
companylogodesignere_trial.exe has encountered a problem and needs to close. We are sorry for the inconvenience.
companylogodesignere_trial.exe - Application Error. The instruction at "0xXXXXXXXX" referenced memory at "0xXXXXXXXX". The memory could not be "read/written". Click on OK to terminate the program.
Company Logo Designer Setup has stopped working.
End Program - companylogodesignere_trial.exe. This program is not responding.
companylogodesignere_trial.exe is not a valid Win32 application.
companylogodesignere_trial.exe - Application Error. The application failed to initialize properly (0xXXXXXXXX). Click OK to terminate the application.
What will you do with the file?
To help other users, please let us know what you will do with the file:
Malware or legitimate?
If you feel that you need more information to determine if your should keep this file or remove it, please read this guide.
And now some shameless self promotion ;)
Hi, my name is Roger Karlsson. I've been running this website since 2006. I want to let you know about the FreeFixer program. FreeFixer is a freeware tool that analyzes your system and let you manually identify unwanted programs. Once you've identified some malware files, FreeFixer is pretty good at removing them. You can download FreeFixer here. It runs on Windows 2000/XP/2003/2008/2016/2019/Vista/7/8/8.1/10. Supports both 32- and 64-bit Windows.
If you have questions, feedback on FreeFixer or the freefixer.com website, need help analyzing FreeFixer's scan result or just want to say hello, please contact me. You can find my email address at the contact page.
Comments
Please share with the other users what you think about this file. What does this file do? Is it legitimate or something that your computer is better without? Do you know how it was installed on your system? Did you install it yourself or did it come bundled with some other software? Is it running smoothly or do you get some error message? Any information that will help to document this file is welcome. Thank you for your contributions.
I'm reading all new comments so don't hesitate to post a question about the file. If I don't have the answer perhaps another user can help you.
No comments posted yet.