What is dsc230ri.exe?
dsc230ri.exe is part of DS Clock and developed by Duality Software according to the dsc230ri.exe version information.
dsc230ri.exe's description is "DS Clock Setup "
dsc230ri.exe is digitally signed by Duality Software Co. Ltd..
dsc230ri.exe is usually located in the 'c:\downloads\' folder.
None of the anti-virus scanners at VirusTotal reports anything malicious about dsc230ri.exe.
If you have additional information about the file, please share it with the FreeFixer users by posting a comment at the bottom of this page.
Vendor and version information [?]
The following is the available information on dsc230ri.exe:
| Property | Value |
|---|---|
| Product name | DS Clock |
| Company name | Duality Software |
| File description | DS Clock Setup |
| Comments | This installation was built with Inno Setup. |
| Legal copyright | Copyright © 2000-2019 Duality Software |
| Product version | 4.0.1 |
| File version | 4.0.1.0 |
Here's a screenshot of the file properties when displayed by Windows Explorer:
| Product name | DS Clock .. |
| Company name | Duality Software .. |
| File description | DS Clock Setup .. |
| Comments | This installation was built with Inn.. |
| Legal copyright | Copyright © 2000-2019 Duality Softw.. |
| Product version | 4.0.1 .. |
| File version | 4.0.1.0 |
Digital signatures [?]
dsc230ri.exe has a valid digital signature.
| Property | Value |
|---|---|
| Signer name | Duality Software Co. Ltd. |
| Certificate issuer name | DigiCert SHA2 Assured ID Code Signing CA |
| Certificate serial number | 0188033518d133b1f756373d4a55d9b2 |
VirusTotal report
None of the 73 anti-virus programs at VirusTotal detected the dsc230ri.exe file.
Sandbox Report
The following information was gathered by executing the file inside Cuckoo Sandbox.
Summary
Successfully executed process in sandbox.
Summary
{
"file_opened": [
"",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\1E6CC88205509B4729347C79C048D6FEE47BA702",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4A7B3B12544D1B7ECC140DBCC7F13159E5C2811A",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\116C29D749EF02BBC3455756D834442785F9A388",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\desktop.ini",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\53DAE4B1D7BFF6744CCAF7207DE631267F9883DC",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\C7BCCD2D2CA294B38AE834D818CF5D5C0C7A65BE",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\1657114595AmcateirvtiSty.sqlite",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\F17F04878A68505AE5481A71D8B733C5FFC6F285",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\InstallTime20180605171542",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\80C4BD9CF4D3178043F25467076DC8E0EDCA7FA2",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\25BA5C2B3FD98507850409FC3A4FD981B4B57A95",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\0C2824F70ADF87E5071FE4771AF36357A5500643",
"C:\\ProgramData\\Microsoft",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\mozplugin-block-digest256.pset",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\sessionCheckpoints.json",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\406A03EE0E91037465ACB2B4F4105250A54F282B",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\12C5797F729FEAC529B8B47C188D14EB02D8CB76",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-phish-proto.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\B7DB036074231ACC212F58CA5B8AF0545A418060",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-downloadwhite-proto.metadata",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\A698B6CF98F43F9B0EE1C1DAF3F2CB9BFF09A47C",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\464DAA9FB3675E2054BC44273AFC184FA46471CB",
"C:\\Windows\\Globalization\\Sorting\\sortdefault.nls",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\7B303216787123E2E98A2B9594CDF8211C77C0EA",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-harmful-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\14C9FC10F03F11BB6CBD75EA217AB33E64DCC1D8",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\7129FF815464CD6B0D2D26BA6F4172DEB37EEEAD",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\addons.json",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\SiteSecurityServiceState.txt",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\03C2D63D520038594126B6B542E92CB503EF60B6",
"C:\\Program Files (x86)\\DS Clock\\timesvrs.dat",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\9548F9611999ED8CA357720E12017816424CFB6F",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\B871BCA40A90227E35C39797525C79C94A1D99BE",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-downloadwhite-proto.pset",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\except-flashsubdoc-digest256.pset",
"C:\\Windows\\Fonts\\segoeuii.ttf",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-utility-l1-1-0.dll",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\5910B209536948818F465D83D2569E7CE0895207",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\content-prefs.sqlite",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\89ACBB962943FAF1EF2F1C7CA72502C77A714625",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-phish-proto.metadata",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\BD75785200C0E1E894D78880C72AC03D1B02A575",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\89DBE1DF558BB8439E2062ECC3272086F2E3FF1F",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4945586D32183A203E85FAFFD463A7684FD62668",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-malware-proto.metadata",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\6052DF2D478CD99FDE4D4B2D810BB2BA580793EC",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D6BFEAEE7117A9C7FDE6A10EAB400F894E4195A8",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\2FD2E2A71F89E3A92F68CB796207228217259289",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Python 2.7",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-math-l1-1-0.dll",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\BF13DDDC114B55CF8532A4CD90403A99233AEC0E",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4E7F371E5CFBFD3AFD85C29D7EEFFFE842B3C777",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\A41FBA22DC5012AD425DF960BDD5033BAB7C7CB6",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\aushelper@mozilla.org.xpi",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\allow-flashallow-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\scriptCache-current.bin",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\permissions.sqlite",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\handlers.json",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\B028362E3889BEAC998CED49FD74BA83B106FF93",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\698AC159A6BCBA0D13FE6F10F1A38E498F826F33",
"C:\\Program Files (x86)\\Mozilla Firefox\\defaults\\pref\\channel-prefs.js",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\46E3AF25E304979396708B69DA68563169275511",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\allow-flashallow-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\onboarding@mozilla.org.xpi",
"C:\\Program Files (x86)\\Mozilla Firefox\\gmp-clearkey\\0.1\\manifest.json",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\17AFA6B228D2D87514B84B53E61306EC9F76A8AE",
"C:\\Program Files (x86)\\DS Clock\\dsclock.chm",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\179F6D8969C48967D77229126C8892C5E40DBC29",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Games\\desktop.ini",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000004.db",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D5E6BECED2D69F7DA21EFD7B80D6C386F459CAF3",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default",
"C:\\Program Files (x86)\\Mozilla Firefox\\firefox.exe",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\53A3BB8B513161BF46CD7ED76BE06E8E633BE492",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cookies.sqlite",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\92B5C9352DD00CE3BC97E4D5F624D41C2B3E8A45",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-phish-simple.sbstore",
"C:\\Users\\cuck\\AppData",
"C:\\Windows\\SysWOW64\\",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-harmful-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\2B0BB856207559EBA5FC5511DF6FF5F51DFB5146",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\E771454BB360CA5F7AA169E5416B493549BC2F59",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4FA5EE242D6F5B358CE45D291E80054726F198AC",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\addonStartup.json.lz4",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\EE34617993BEF52E93EC1819B22D42B99366214A",
"C:\\Windows\\System32",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\F18D85F52EBBBA2AB081EF739ED0D6E8A76D497C",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\blocklist.xml",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\96ABC2EA8266E6EA2ABE62F8766B67BC8CA527BD",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\AlternateServices.txt",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\",
"C:\\Windows\\win.ini",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-multibyte-l1-1-0.dll",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-badbinurl-proto.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D1B90B03F8D7A2BA6BA1E9251F8101DECDB2CBEC",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\AFE5FBBD40656A0DF79CF1E5D0A1DF072C6B9AE9",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\base-track-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\08F6935A08DB711CA491DE732807CFAEAB3E4D3B",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\64E75C732D9C3F23724ACEF48E9B6C566BC6D9BE",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\followonsearch@mozilla.com.xpi",
"C:\\Windows\\System32\\wshqos.dll",
"C:\\",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\22C4B7AADA22F61015D43F2AC3959E959BFA7C92",
"C:\\Program Files (x86)\\Mozilla Firefox\\fonts\\EmojiOneMozilla.ttf",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\B25B8C1B43CF7FBFAE6666322FAC0E83376388E2",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\24AB539CB6640E15DB1604220F3951544785212C",
"C:\\Program Files (x86)\\Mozilla Firefox\\lgpllibs.dll",
"C:\\Program Files (x86)\\DS Clock\\",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D88DC229735F2EE8DFE494C6D1F37FA7BB2227CE",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\BA91797ACB41F0E0E1E95742571EEE322A6A70F0",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\webext.sc.lz4",
"C:\\Program Files (x86)\\Mozilla Firefox\\mozglue.dll",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\CCB2BB2D87699CA64DCF0C60BDECD1E30D1D6A11",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\773ADD9F62EEAF7F2246C8AD56A9F1B7BAA7B703",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\2E3648501A7ACB740BAFCE7FC3EAF3D4DC4E995D",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\9BA38CD17924C08AD334BFB3903E3E7CD5627B1B",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\2DDBF58F5F7BF1E52CD38B42B90ABC8A4B082461",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-block-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\mozplugin-block-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\E7EAFD1748127CEAA48DCDD05E7998E3CAA95B8C",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\C4FA0268E64A0AD9E2040B07A1F10F120BD4EB0C",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\EAF97F7535E2FBDA3D23E536591F7BBFE203FAC1",
"\\Device\\NamedPipe\\",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D5D7B247774E63182A9E2C82B62424AAB64C79A8",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\745D8B14DE6A12F1FAB4E03C1DDDB18AADB91107",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\6E1FED29EBE0BFDE3E498E4192938BE957FF9246",
"C:\\Users\\Public\\Desktop\\desktop.ini",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\xulstore.json",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\A9004750076EB06EEC33AA7B9CC6D2557CD44CF4",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-malware-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\0CB83587A5F8FCB502CB86AC361A93E2B36E861C",
"C:\\Users\\Public\\desktop.ini",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\2F8B15C93D75669CC70EBF85BF71871359837EAF",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-unwanted-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\5014D54D3346C39B07AF70090657B2AD092771C7",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\C9BC79B1EF4DD1EF133FEDF6433E235214534AB1",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\search.json.mozlz4",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\10506E8A46D6B713DA6BAF52F85CF29652AB094C",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\19AE0F43DA3528C6C3423A49A8C88E2268C93A9F",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\A9970A5D52CA09C13D9BD1531BCA7CF8B73E283E",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\A2FD2AEC52AD764EF05C6E7CE3A4CE4B752EA5F0",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\719CE0C009C49A27AA9874570F196BC7E8FB4270",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\except-flashsubdoc-digest256.sbstore",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\Desktop.ini",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\block-flash-digest256.sbstore",
"C:\\Program Files (x86)",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\6301F538B782708AB243E2D7E05058C93BB83863",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\DF08D94982E136FE7C4F2C94421F9E48C2C74A77",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\C664ABAE6A070392F60C7BFF721450AA0CF7DBA0",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\B10EA6E071F884F477118DC8A00E82FC8DE58639",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\key4.db",
"C:\\Program Files (x86)\\Mozilla Firefox\\omni.ja",
"C:\\Users\\cuck\\AppData\\Local\\",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cert9.db",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-badbinurl-proto.metadata",
"C:\\Windows\\System32\\imageres.dll",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\E8F333B9BE75EC8017017DAE4ACE9DCC6677A983",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Caches\\cversions.1.db",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-block-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\1E1444ABF82EF1DC8EE0944028E4CDA455D636F3",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\05582FF5C196A4485F189490FEC9ECEA0890DA32",
"C:\\Windows\\SysWOW64\\en-US\\KERNELBASE.dll.mui",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\589D8E1EA927649272150213A47BD1143DECB82A",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\ED89A8241905354BB4530DC06257CEF53C1580A2",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-phish-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\BFF1B70350A6A2E0FDC6CD336ADB9119D951BACD",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-string-l1-1-0.dll",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-trackwhite-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\66F684AF9CC570C6247262B47C769C601C2A338B",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\63FFF734326AB3EF836515DFE9353A5E12B66B71",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\containers.json",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\prefs.js",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\7ADD52E257AB16553D632B8F4B6830030878A19E",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D1A8E6A06938A84BEC26B6A4F8D583FB4A3E4875",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\1D7A050D55E3C4EE69402F8D55391DE5B50ADDB9",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\pkcs11.txt",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\6C9B846926C287B15F67D64CE91F1CFA7D812660",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\except-flashallow-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\C57B57965CBA09581E320B5AA0337D210F8F93D2",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-phish-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-harmful-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\0CDAD0FEE8D457A239E21FCEAC3C12851FD524BB",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Tablet PC",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\32D3D40B1A49D72C523AF9C518AFE673224DF48F",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\times.json",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\E2E836DA4479746F0312710A7F9EE78D7DFD4750",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-trackwhite-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\2E51A9404F7D0D33DB132CAF4A9C7B8FA64549AA",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-unwanted-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\120B4106EC203FC932984367D86BBE11C2B9B93C",
"C:\\Users\\Public",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\2361C75DF0C4148925BB777DAFEA1BF4F9552B47",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\favicons.sqlite-wal",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\3A472858AE5D0DD4813DF4EFC9F1037A487B1A64",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\c377d2bfb91b3167f78e37ed202a391e174323b2399b75fac291322d3865c60a.bin",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-block-simple.sbstore",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-locale-l1-1-0.dll",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\CA53C817FAB68ABF181745737562B15E8CCB7039",
"C:\\Program Files (x86)\\",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\C03DE41C9476F437402F1B6C64B0E4AB01A863E0",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4E83181E964BD40E1FE4C41BAFED645D4BA363B1",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\25D9FE4CEA5B58770648CDAF3242ACDE286A6CBF",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\extensions\\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4AFCE23AA61A96885DF21D2DE2FFB502C41EBD3C",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\3561288849sdhlie.sqlite",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\1FD79E550E990A5DE8BC811C9BBECF380A66A9DF",
"C:\\Program Files (x86)\\Mozilla Firefox\\nss3.dll",
"C:\\Users\\cuck",
"C:\\Windows\\Fonts\\times.ttf",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-malware-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\361B548BA913570AB336F9E5FA9152F01E567AB9",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\mozstd-trackwhite-digest256.pset",
"C:\\ProgramData",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\9843E084E02CC996A82AAAF091B968B2F443AA96",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\base-track-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\webappsstore.sqlite-wal",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\F456E8433011E699C016D5F1A2CD66D7F02F61A1",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\63F48F4F7F1BC3195F5AB831F9794F3DBA2D30E1",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\desktop.ini",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\favicons.sqlite",
"C:\\Windows\\System32\\netmsg.dll",
"C:\\Program Files (x86)\\Mozilla Firefox\\",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\7F2254AA2A8BC4A627A43E0A537084540A1E884B",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\",
"C:\\Program Files (x86)\\Mozilla Firefox\\chrome.manifest",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\950506BC89C1114E4E75E993855000430CECD9D9",
"C:\\Windows\\System32\\shell32.dll",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-track-simple.pset",
"C:\\Program Files (x86)\\DS Clock",
"C:\\Windows\\System32\\oleaccrc.dll",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\1F3A3A34BAF218785600EB46E9182918B9928898",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4824C8FFDEE786A5D8721AF47836EA89F72B9E63",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\DS Clock\\DS Clock Help.lnk",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-phish-simple.sbstore",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Windows PowerShell",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\startupCache.4.little",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\compatibility.ini",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\235A8ED310BFD65966E1EE36D0FD4BE498C8B73C",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\thumbnails\\f8f5d529d35334f2fb264d19f656224e.png",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\.metadata-v2",
"\\\\?\\PIPE\\samr",
"C:\\Program Files (x86)\\Mozilla Firefox",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\DS Clock\\DS Clock.lnk",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-time-l1-1-0.dll",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\5E4954707B44E5A4B4ACF5F22B52219A1DCA477F",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\AA109EF5680522CB655C98111C00F5A6B7B092B2",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D7152E928865BCA4A03E2E2EA4F70459D0A65CA9",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\1AB027184D2B00AF60C1FC40EDE4333DEACDB184",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\B597DA2E9B2D181DF7F2FB8D2BAEC133C8DBA0A3",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\65C9C9A27B78717F1015DE362F028E04C3945DEC",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\crashes\\store.json.mozlz4",
"C:\\Program Files (x86)\\Mozilla Firefox\\dependentlibs.list",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\webappsstore.sqlite",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\desktop.ini",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\TRRBlacklist.txt",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\FF55B8192FB0DF5264A1A67E55A281598969EDD1",
"C:\\Users\\cuck\\AppData\\Roaming",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-trackwhite-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-malware-proto.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\block-flashsubdoc-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\BA3014356B4F6ECADF1B5288B6841EB407783B99",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\75E50D054B90189E74DAB0C86F5E8680BE580C29",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\session-state.json",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\34D9B2F464DD8C129F58DFEE470B079556A7A3F9",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\167493A5CFB1A41265EC1B95DA06580C32BCF814",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\activity-stream.tippytop.json",
"C:\\ProgramData\\Microsoft\\Windows",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\68B1EB9E09D4BD74CA7A9C1BB118BE821BD39E93",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\DC933A410E769DFD115C892EAF014A6E15ED59CE",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D172C03F361E7325D8F391F992106A828306767D",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\911B0C61350C012E383F7D0845A33B4D64F1AD2A",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D381FB47D731C2651FB103E2F7BC18AF380F7B1F",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\0FEBD8BDBFAC8B82791945DC7E04F675419B2F42",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\block-flash-digest256.pset",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-runtime-l1-1-0.dll",
"C:\\Users\\cuck\\AppData\\LocalLow\\Mozilla\\Temp-{30125161-3c7f-4c5a-bdb3-beadc01f5994}",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\7A140995F2B1632A4366B29F84525E129CE8019A",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-block-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\13AD07F4960A54F2D183ACF9E94C5128138B1927",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\scriptCache-child-current.bin",
"C:\\Users\\",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\8C98F893C7DC5F2C401AD1482A81572B54197408",
"C:\\Users",
"C:\\Program Files (x86)\\Mozilla Firefox\\VCRUNTIME140.dll",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\10822A86FA4EA4E601152426CBC79395A1336DF4",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\481A82674A6B66F0DE510C9A714F8CD8C49CECDC",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Internet Explorer",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\5DE23E815D1A97B1F4BEA115D8FEE9A592A6F071",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\B3F357E619352C003E94A8CF5A48F89305F38330",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D56D07CBF04B0388B53B943F61C75FC6620FA0A9",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4EC268BEC38CFB516EF780E0EBE4E401AF241132",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\796EA7DED8F33BFD4F2F0CD98C76865D063E1FE1",
"C:\\Users\\cuck\\AppData\\",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Desktop.ini",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D8779A474EF9F188508C00F92B9CE49A7892A0AD",
"C:\\Program Files (x86)\\Mozilla Firefox\\xul.dll",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\87526A8EBFB030E474085D20EF15DC8C63814072",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\screenshots@mozilla.org.xpi",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\AC09BBF6FF451E6C03BF3FB18C85B1A52662C4FC",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\0EDDF8C091E2FED62E44BEDDDC1723F5BF38FE4F",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\is-6QC0S.tmp\\c377d2bfb91b3167f78e37ed202a391e174323b2399b75fac291322d3865c60a.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-track-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\except-flash-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-track-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\profiles.ini",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\3105ECE5A1F29E3F4D2F5EDF3C6DC5FE4443FD4A",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-harmful-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\93B95B92B63A5C2327A8048A4BF57824C56B8CF1",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-track-simple.pset",
"C:\\Windows\\Fonts\\segoeui.ttf",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\DS Clock",
"C:\\PROGRAM FILES (X86)\\MOZILLA FIREFOX\\fonts\\EMOJIONEMOZILLA.TTF",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\9B1007AC2F741C4FD7099C41A741D0FD35957BB8",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\places.sqlite-wal",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4966EE335F8967FC706E89E6D02E8524E946F1B9",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\except-flashallow-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\196BCA845E91608F7B4CA6127A60D20AF55413AC",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\F8AC72083E334F70A553AE68455FBDF0E65C5221",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\E59C4C731883450D84A0BAE7FDD94546BBC8DE04",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\SecurityPreloadState.txt",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D3AEF13BE0B76F1272C2F5536D4AF952DE6D2579",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-unwanted-simple.pset",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\Desktop.ini",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\desktop.ini",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\8366CD083751DA973B30F80B11D910A45A6D920D",
"C:\\Users\\cuck\\Desktop\\desktop.ini",
"C:\\Windows\\SysWOW64\\ieframe.dll",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\webcompat@mozilla.org.xpi",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\6509930F4539DB79DA356F2C5D01976D46756302",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\8322BC5E83D3D80175E749D29197F9800286F253",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\2732BCC97E7EB9EC9DE3E8EA8F56D7971CBDCD22",
"C:\\Program Files (x86)\\DS Clock\\dsclock.exe",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\except-flash-digest256.pset",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu",
"C:\\Windows\\System32\\wship6.dll",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\E910D1FCE8BF27F5536B88567A4DC32624377CC3",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\B2D65EE14ED1EB19E1A3B4C871D8C24A13F52918",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\desktop.ini",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\firefox@getpocket.com.xpi",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\7A8D3A9360CC37F0AD80962D4AEA72B6D0F0B2B3",
"C:\\Windows\\AppPatch\\sysmain.sdb",
"C:\\Program Files (x86)\\DS Clock\\unins000.exe",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-trackwhite-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\AC5E012C1887C7B691A8EA00C4E754025E25C235",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-malware-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\F2BD0701B9399ABF52C338C39C42391FD12832D2",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\01B2BB0FC84221A3593CA7991D57E56AC2CAE656",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\F10983A15DD515D828BE4E816299B9E87852132A",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\EFE71EF03AD3DD79AAEBAA0A3F9596521CBA2FFE",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-filesystem-l1-1-0.dll",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\B43D30F6F6BD7155ECCE1FFC98748C5FE69D8051",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-heap-l1-1-0.dll",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-unwanted-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\71E6B979E60B9BE891481CC4F4A274E2DECFFCD7",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\EA9C51236A8D1BE9B123FE65F49772A97F2EAAEC",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\EFC872FB5405AFC377348FFCDD26E62BBB612D81",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\499B8F86D3D7ACD12153BFF4E7D9C21E20E57862",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4DE8480C465A21C0F01AA2B6F4E13E551F78BBB1",
"C:\\Program Files (x86)\\desktop.ini",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\chrome.manifest",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\8763F97414AC5D93807FCCBC67DBAAAEE2972A52",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\F6C3C960F259CC3B54FF1DAD70E2F2E9E5020CA6",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\505DF13F4DA2C53FEB1945E0598B23F47FDBDCC7",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\F85DD1E57E8C61DF501ABFFCE74943A8035E83A6",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\state.json",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\shield-preference-experiments.json",
"C:\\Program Files (x86)\\Mozilla Firefox\\msvcp140.dll",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\archived",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\sessionstore.jsonlz4",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\omni.ja",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\006309EAFFD4653F45B69F09BF6F930B6C5B394C",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\639DC9A240AA5E77CE1A930EDDD634BE796CBFA8",
"C:\\Windows\\System32\\ExplorerFrame.dll",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\54EF37D18C4E81EE554527CBAE4A41871ECA817A",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\extensions.json",
"C:\\Users\\desktop.ini",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-environment-l1-1-0.dll",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\2918063365piupsah.sqlite",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-unwanted-proto.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\A3031C2052A395A7FE246EFE1783C6205B841295",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\E600EF8778C4BFEC40D87FF56E5C46E3377094F0",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\desktop.ini",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\16114BA75206B6FA4C51ADC8A73DB4C6635F6AF9",
"C:\\Windows\\System32\\spool\\drivers\\color\\sRGB Color Space Profile.icm",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\2F0CC71C57B06F9DEA5A4A190CC4CF489D97C1F4",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\mozstd-trackwhite-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\9B10ECC55593004CB6F9763CF9201C09433055FD",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\79AEB0050B19F23A061AD4C2045261954485EF33",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-malware-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\88A3A91F296EB21A832CB76FA4FDB06CCDE147B9",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\1679441B8AA7B4D31717C773CC4E86A25B37532B",
"C:\\Users\\cuck\\",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\6D0B804EDDF9F0A04ED44C3E1673404FC2EF042D",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\crashes\\events",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Tablet PC\\Desktop.ini",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\25FCAA86CF448D2943B56A5788C3C21E5EA8DBC4",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\urlCache-current.bin",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Games",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\events",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\places.sqlite",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-unwanted-proto.metadata",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage.sqlite",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\BB03D28C0A5842A9006EBFBFCDEC58959BE6B505",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\activity-stream@mozilla.org.xpi",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\53B7A8254D12E292946E4514B3D598C1E6539AE8",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-stdio-l1-1-0.dll",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-convert-l1-1-0.dll",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\24C085D72E4DC34C183B0875733BBC71612D9696",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\formautofill@mozilla.org.xpi",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Windows PowerShell\\desktop.ini",
"C:\\Windows\\System32\\KBDUS.DLL",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\723D2D7D52AD8AD9A4B8D12D69CBCD97CB4FFC65",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\448A2AB129B26377E2408BBC44A6B4E984B0F25D",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\FDC043D6190638980733E805CC7517F27A931511",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\70F12FE0F788181112B9AEE541D1E9E7E0FAEDE3",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\block-flashsubdoc-digest256.sbstore",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Desktop.ini",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\thumbnails\\ad5a4453bea49203135688a7b8db842d.png",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\ABA24AAB8A9EA0E34C3E86EFD7EE2992CE614003"
],
"regkey_opened": [
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\PropertyBag",
"HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows NT\\DnsClient",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\KnownFolderSettings",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\285499F23409ED14FB4A01230F5DFA91",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Comdlg32",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\0F4DC93AAA8AD1D448BC4E6A207F4FE0",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\Desktop\\NameSpace\\{450D8FBA-AD25-11D0-98A8-0800361B1103}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{0000897b-83df-4b96-be07-0fb58b01c4a4}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_CURRENT_USER\\Software\\Duality Software\\DS Clock\\Common",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\DelegateFolders",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.html",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\0EF52818FCE3E7B488427C1F8266654E",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\669C9DC1419C0F240B35B36B99AAB50C",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\PropertyBag",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{E429B25A-E5D3-4D1F-9BE3-0C608477E3A1}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Clients\\Mail\\Microsoft Outlook",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\1E82F31DC0D05AA4CB291B7BAA23FC8E",
"HKEY_CLASSES_ROOT\\Directory",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{905E63B6-C1BF-494E-B29C-65B732D3D21A}\\PropertyBag",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\Desktop\\NameSpace\\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}",
"HKEY_CLASSES_ROOT\\Drive\\shellex\\FolderExtensions",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\F356843B045CC0A4BA0D83C1D85AAAFD",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\LSA\\AccessProviders",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\A7E9995902A24964C9C5D461E1C86F19",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\4486F7CE8F022FB4EB0154C5226C27A0",
"HKEY_CURRENT_USER\\Software\\CodeGear\\Locales",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Shell Icons",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Tracing\\firefox_RASMANCS",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\5E429E5BC27530F4786481EC687D9EC9",
"HKEY_CURRENT_USER\\Software\\Microsoft\\CTF\\DirectSwitchHotkeys",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\0411990C889EE9B47BB0B5D356564877",
"HKEY_LOCAL_MACHINE\\Software\\Mozilla\\Firefox\\TaskBarIDs",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Blocked",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\CB2182A03B6B11341A1F09A021991CE1",
"HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\PropertyBag",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\7BF7ABF4D25C03F4582D4BC3082FB208",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ShellCompatibility\\Applications\\c377d2bfb91b3167f78e37ed202a391e174323b2399b75fac291322d3865c60a.tmp",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\000000000003",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\CF65AB832507EDB4BB357F9D8E0431BD",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{905E63B6-C1BF-494E-B29C-65B732D3D21A}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Duality Software\\DS Clock\\Install",
"HKEY_CLASSES_ROOT\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\PropertyBag",
"HKEY_CURRENT_USER\\Software\\Policies",
"HKEY_LOCAL_MACHINE\\Software\\Classes\\Installer\\Features\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\Desktop\\NameSpace\\{645FF040-5081-101B-9F08-00AA002F954E}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{DCBD6FA8-032F-11D3-B5B1-00C04FC324A1}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\DocObject",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\B4BBDDC88CEE4DD439E8BB261CE222A8",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Keyboard Layouts\\04090409",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\PropertyBag",
"HKEY_LOCAL_MACHINE\\System\\Setup",
"HKEY_CURRENT_USER\\Software\\Microsoft\\CTF\\LayoutIcon\\0409\\0000041d",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\30FAECE2400494D4FB69207288EB5B73",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\WinSock2\\Parameters",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Action Center\\Checks\\{01979c6a-42fa-414c-b8aa-eee2c8202018}.check.100",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\A558E619ABC4CE5479C1DA5070EFBF81",
"HKEY_CURRENT_USER\\Software\\Classes\\.pdf",
"HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows NT\\Rpc",
"HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\ShellEx\\IconHandler",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Avalon.Graphics",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\11E2BA15171FE704B98E7505E58D7749",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\E40FDF839772BEB41AC977860DBB4853",
"HKEY_CLASSES_ROOT\\FirefoxHTML-E7CF176E110C211B\\shell\\open\\command",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\Interface\\{1C1C45EE-4395-11D2-B60B-00104B703EFD}\\ProxyStubClsid32",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\863CA21BBA4DFCE489FDF96EAB898616",
"HKEY_CLASSES_ROOT\\Software\\Microsoft\\Windows\\Shell\\Associations\\UrlAssociations\\mailto\\UserChoice\\shell\\open\\command",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\Clsid",
"HKEY_CURRENT_USER\\Keyboard Layout\\Toggle",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\PropertyBag",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{531FDEBF-9B4C-4A43-A2AA-960E8FCDC732}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_CURRENT_USER\\Software\\Duality Software\\DS Clock\\TimeSync",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\18F5DB38C45303843B06B1B5025E4820",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\",
"HKEY_CURRENT_USER\\SOFTWARE\\Policies",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\FontSubstitutes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{5CD7AEE2-2219-4A67-B85D-6C9CE15660CB}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AutoComplete",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\Desktop\\NameSpace\\{11016101-E366-4D22-BC06-4ADA335C892B}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\Managed\\S-1-5-21-699399860-4089948139-3198924279-1001\\Installer\\Features\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_CURRENT_USER\\FirefoxURL-E7CF176E110C211B\\CurVer",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Installer\\Products\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\D725CB8E57307E64EB574E04214D8B5F",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control",
"HKEY_CURRENT_USER\\Software\\Duality Software",
"HKEY_CURRENT_USER\\Control Panel\\Desktop",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\C4040CC509FB0DC4886F590DDF6B6132",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\F21868A51A175874BB819DCA5FAA40A3",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE",
"HKEY_CURRENT_USER\\Software\\Microsoft\\RestartManager\\Session0000",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StartPage\\NewShortcuts",
"HKEY_CURRENT_USER\\Software\\Borland\\Delphi\\Locales",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\F41A458014D57E54E8DBD0B0CBC361A2",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\9E40FDB6330EBA242A4BD5F4FDD0B803",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\5E3DAE67887931944BCD7171908FA775",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\ClusSvc",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\Tcpip\\Parameters",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\335F6F64CD461D9469519574D34757EB",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\17E23EF6C775D324DB90E0E2B7D1CA72",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Keyboard Layouts\\041D0409",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\95EE473833000D6409127D1B85882AC9",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ShellCompatibility\\Objects\\{871C5380-42A0-1069-A2EA-08002B30309D}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{81D4E9C9-1D3B-41BC-9E6C-4B40BF79E35E}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\PropertyBag",
"HKEY_CURRENT_USER\\Software\\Elantech",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Products\\586A8930D8DF3B6489614C37910BFCF5\\Features",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\PropertyBag",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\F05C8358C56DAD54BB81D0A11DD52F41",
"HKEY_CURRENT_USER\\Software\\Duality Software\\DS Clock",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\ShellEx\\IconHandler",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\895805CC90C04694887EF6BD140A622D",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\B06071FE021ECB04E8B3BF1E39AD5BB3",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\8020CF43278B2644190F51544810251E",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies",
"HKEY_CLASSES_ROOT\\Folder",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\RestartManager",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\PropertyBag",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\Desktop\\NameSpace\\{ED228FDF-9EA8-4870-83b1-96b02CFE0D52}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\PropertyBag",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\D3541DFF9B79C584284E8981624C04CB",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\E85E64F0A7FC58E47A87E5AB98A6F2DD",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.html\\UserChoice",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Mozilla\\MaintenanceService",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\B1D5EA6004F809D48B117CE563261011",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\Desktop\\NameSpace\\{89D83576-6BD1-4c86-9454-BEB04E94C819}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\PropertyBag",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\5B04950B5EC5C924B8F428B5484A2720",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{03B5835F-F03C-411B-9CE2-AA23E1171E36}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\75B368B60C908BA4E87C31F66B02F3F0",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\(Default)",
"HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\Explorer",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3D644C9B-1FB8-4F30-9B45-F670235F79C0}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\000000000010",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\DnsCache\\Parameters",
"HKEY_LOCAL_MACHINE\\Software\\Duality Software\\DS Clock\\Common",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\Desktop\\NameSpace\\{04731B67-D933-450a-90E6-4ACD2E9408FE}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\63B1AF366905AF641BA514CCBAE803C4",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\Managed\\S-1-5-21-699399860-4089948139-3198924279-1001\\Installer\\Products\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\Desktop\\NameSpace\\{4336a54d-038b-4685-ab02-99bb52d3fb8b}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\8D0CBB37A94C46943A90AC5008CF1CC9",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Mozilla\\Firefox\\32to64DidMigrate",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\IETld",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\9F5ED6B416EF0A1448D94799D0FF20BA",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\7FEB01D34D0F67E4F9CD810B432C1B91",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\4514EC211C8947C4B9BA24F353AFFD50",
"HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ICM\\RegisteredProfiles",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\Desktop\\NameSpace\\{9343812e-1c37-4a49-a12e-4b2d810d956b}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\7814D91294731FF4DBBB840810BEB3BB",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\67C12EF40671B7342A2F990919031A57",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{3f5cc1b6-70f9-11e8-b07b-806e6f6e6963}\\",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\PropertyBag",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\B690B72A999998C47B5F93C94A8D43B2",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\PropertyBag",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\LanmanWorkstation\\Parameters",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\965742E8F65116F4BB2CB01341464FA7",
"HKEY_CLASSES_ROOT\\FirefoxURL-E7CF176E110C211B\\shell\\open\\command",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\7C0477DE66D1A6749864FCE02A6DCB6C",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\BrowseInPlace",
"HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AutoComplete",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\1",
"HKEY_LOCAL_MACHINE\\Software\\MozillaPlugins",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Video\\{6FABAC3A-B3E4-4C2F-82E9-AA53D01C5093}\\0000",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\315C767EFC72D8445B1D2D16F72653F0",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Setup",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\Desktop\\NameSpace\\{59031a47-3f72-44a7-89c5-5595fe6b30ee}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\PropertyBag",
"HKEY_CLASSES_ROOT\\Drive\\shellex\\FolderExtensions\\{fbeb8a05-beee-4442-804e-409d6c4515e9}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\PropertyBag",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\Compatibility\\dsclock.exe",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\PropertyBag",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\89BBBC8A0D32B014696C4BA3C20CDD34",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\9DD74C0626DC33C479C1929714AB5295",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\53F08364FFD17F14B8FD7CA7F52FAE76",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Class\\{4D36E96E-E325-11CE-BFC1-08002BE10318}\\0000",
"HKEY_CURRENT_USER\\Interface\\{1C1C45EE-4395-11D2-B60B-00104B703EFD}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\A0256FF64030E0746A4AA95D3FFD0BE4",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\00000005",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\8D04063BE69797D4D8505462827A0D19",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\73964AA699D5B5140ADC41ED3F7DB38A",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\7FE547D6F0D72534A80F89C4AB727618",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Avalon.Graphics\\DISPLAY1",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\MMDevices\\Audio\\Render\\{6fcf1fb3-47c2-4dea-98cf-b6fd0420a46f}",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{78CB5B0E-26ED-4FCC-854C-77E8F3D1AA80}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ICM\\RegisteredProfiles",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\PropertyBag",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StuckRects2",
"HKEY_LOCAL_MACHINE\\Software\\Policies",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\AD21E12039BB3BC47B1938BC4ABDFEE2",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\MS Sans Serif",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.html\\(Default)",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\034A8F8E06031EF46BCB4C10469098E5",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\84BBAC70FB00B6046881B55CB3122F0F",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Run",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\\PropertyBag",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{F89E9E58-BD2F-4008-9AC2-0F816C09F4EE}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\D5FD8239A83FE564F97379EA15CE8CB6",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\Desktop\\NameSpace\\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\Desktop\\NameSpace\\{BD7A2E7B-21CB-41b2-A086-B309680C6B7E}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontSubstitutes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\PropertyBag",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder",
"HKEY_LOCAL_MACHINE\\Software\\Cisco Systems\\VPN Client",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}",
"HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ICM",
"HKEY_LOCAL_MACHINE\\Software\\Duality Software",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\PropertyBag",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\7636A94AA21EDBB48B6AFFB17E5907B8",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\MMDevices\\Audio\\Render\\{c8ce7349-e519-42ea-bfb7-698f1844ee25}",
"HKEY_CURRENT_USER\\Software\\Synaptics\\SynTPEnh\\UltraNavPS2",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList",
"HKEY_CURRENT_USER\\Software\\Lenovo\\TrackPoint",
"HKEY_CLASSES_ROOT\\FirefoxHTML-E7CF176E110C211B",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\9BA984AD4F03E284382FFBB7A68BEE27",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\BE0BD5097A638224EB0DAAE870267F03",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl",
"HKEY_CURRENT_USER\\FirefoxURL-E7CF176E110C211B\\shell",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\5B5C8B2FB95B57147954C18085D53ACE",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\040E2A370D6DB2F45AE45A0032BC2179",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\3D197E722531D614AB40C182904D9A31",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\KnownClasses",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{3f5cc1b5-70f9-11e8-b07b-806e6f6e6963}\\",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\000000000008",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\000000000009",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{C1EE01F2-B3B6-4A6A-9DDD-E988C088EC82}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\Clsid",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\000000000001",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\000000000002",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\FBEAAA6C37E8AF24B87AAEA0047433BD",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\000000000004",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\000000000005",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\000000000006",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\000000000007",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-699399860-4089948139-3198924279-1001",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\87C48B95924E3294FBC1766C9225DD0C",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\DS Clock_is1",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Cached",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume",
"HKEY_CURRENT_USER\\Software\\Borland\\Locales",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\33AB3CD4D27277545B5A93CD4ECB96B4",
"HKEY_CURRENT_USER\\Software\\Elantech\\MainOption",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\9753E3A35E3BDFB468DF95B5D19C8A04",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\89DF671CDA74E9D4EB10275B10D5CF3F",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{618736E0-3C3D-11CF-810C-00AA00389B71}\\ProxyStubClsid32",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\9D22CD4619F5DBC499A083AAD70FE7B3",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\Compatibility\\c377d2bfb91b3167f78e37ed202a391e174323b2399b75fac291322d3865c60a.tmp",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\Desktop\\NameSpace\\{daf95313-e44d-46af-be1b-cbacea2c3065}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\CE5B971A0DBB8FD4F83AE0DADC348104",
"HKEY_CURRENT_USER\\Software\\Policies\\Mozilla\\Firefox",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Websense\\Agent",
"HKEY_CLASSES_ROOT\\CLSID\\{00BB2763-6A77-11D0-A535-00C04FD7D062}\\InProcServer32",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Windows",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\Desktop\\NameSpace\\{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}",
"HKEY_LOCAL_MACHINE\\Software\\CodeGear\\Locales",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Shell\\Associations\\UrlAssociations\\Directory",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Mozilla\\Firefox\\TaskBarIDs",
"HKEY_CLASSES_ROOT\\CLSID\\{208D2C60-3AEA-1069-A2D7-08002B30309D}\\ShellFolder",
"HKEY_CLASSES_ROOT\\CLSID\\{03C036F1-A186-11D0-824A-00AA005B4383}\\InProcServer32",
"HKEY_CURRENT_USER\\Software\\Lenovo\\UltraNav",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\DS Clock_is1",
"HKEY_LOCAL_MACHINE\\Software\\Synaptics\\SynTP\\Install",
"HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\0A191B45599EEB74CA305184EA3C2A94",
"HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\System\\DNSClient",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\04C56B5D827A9194FA2CBFD014EAD0DA",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\18D84E9490A485948A17A1F02CDAA62A",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\App Paths\\c377d2bfb91b3167f78e37ed202a391e174323b2399b75fac291322d3865c60a.tmp",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\8D38A6F5FC8262149A9FAAE8C621EE3F",
"HKEY_LOCAL_MACHINE\\Software",
"HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\DWM",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{AE6BE008-07FB-400D-8BEB-337A64F7051F}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\PropertyBag",
"HKEY_CURRENT_USER\\Software\\Alps\\Apoint\\TrackPoint",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\95E2C34402A93A14FA8CB3420B85375C",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.pdf",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\C1EF68F348457B246A0AD0C18B3079AF",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{BCBD3057-CA5C-4622-B42D-BC56DB0AE516}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\1C1ED53B8F25FD248955C15232E46886",
"HKEY_LOCAL_MACHINE\\Software\\Duality Software\\DS Clock\\Install",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\Desktop\\NameSpace\\{26EE0668-A00A-44D7-9371-BEB064C98683}",
"HKEY_CURRENT_USER\\FirefoxURL-E7CF176E110C211B\\shell\\open",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\LDAP",
"HKEY_LOCAL_MACHINE\\Software\\Duality Software\\DS Clock",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Shell\\Associations\\UrlAssociations\\http\\UserChoice",
"HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl",
"HKEY_CURRENT_USER\\Software",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder",
"HKEY_CURRENT_USER\\SOFTWARE\\Mozilla\\Firefox\\Extensions",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\Desktop\\NameSpace\\{e345f35f-9397-435c-8f95-4e922c26259e}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\1A0857155A8EF604FA5D1648CF382DC7",
"HKEY_LOCAL_MACHINE\\SOFTWARE",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\PropertyBag",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{07EB03D6-B001-41DF-9192-BF9B841EE71F}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_CURRENT_USER\\Software\\Mozilla\\Firefox",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_USE_IETLDLIST_FOR_DOMAIN_DETERMINATION",
"HKEY_CLASSES_ROOT\\AllFilesystemObjects",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\DocObject",
"HKEY_LOCAL_MACHINE\\software\\microsoft\\windows\\currentversion\\setup\\PnpLockdownFiles",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\OLEAUT",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\PropertyBag",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{A028AE76-01B1-46C2-99C4-ACD9858AE02F}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AutoComplete",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Rpc\\SecurityService",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\PropertyBag",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_ALLOW_REVERSE_SOLIDUS_IN_USERINFO_KB932562",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{8613E14C-D0C0-4161-AC0F-1DD2563286BC}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\CDBF699A8F2EAC2438564C3D50E9E638",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Class\\{4d36e968-e325-11ce-bfc1-08002be10318}\\0000",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\CTF\\TIP\\{0000897b-83df-4b96-be07-0fb58b01c4a4}\\LanguageProfile\\0x00000000\\{0001bea3-ed56-483d-a2e2-aeae25577436}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Session Manager",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\103857F24A2EDA54A800A41FA570861F",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\App Paths\\c377d2bfb91b3167f78e37ed202a391e174323b2399b75fac291322d3865c60a.tmp",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\958C4A0DE6C8D5C428C6E9D875BC33B6",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders",
"HKEY_CURRENT_USER\\FirefoxURL-E7CF176E110C211B\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\msasn1",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\AE5A0040C41ACA642AF6DB16F4D2F638",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\2FA90A429E82313489DAA2E2C2F0872C",
"HKEY_CURRENT_USER\\Interface\\{423EC01E-2E35-11D2-B604-00104B703EFD}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\62293D511DB84E5489074C5AFA18E882",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Shell\\Associations\\UrlAssociations\\mailto\\UserChoice",
"HKEY_LOCAL_MACHINE\\HARDWARE\\DESCRIPTION\\System\\CentralProcessor\\0",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{208D2C60-3AEA-1069-A2D7-08002B30309D}\\ShellFolder",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\FF9FDEA72CD9DDC47A6DAB85F9F76B81",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\Clsid",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}",
"HKEY_LOCAL_MACHINE\\Software\\Classes\\Installer\\Products\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\8691BCC36FF121849A90B085BFAF5E5E",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3D644C9B-1FB8-4F30-9B45-F670235F79C0}\\PropertyBag",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer",
"HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\Explorer",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{F25E9F57-2FC8-4EB3-A41A-CCE5F08541E6}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\4FE19F224928A59468049F045950CB08",
"HKEY_CURRENT_USER\\Software\\Synaptics\\SynTPEnh\\UltraNavUSB",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\Interface\\{423EC01E-2E35-11D2-B604-00104B703EFD}\\ProxyStubClsid32",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\84C584688CFC74A4E9D36E5EE2E02FA7",
"HKEY_CLASSES_ROOT\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\BrowseInPlace",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\4FE462B32EFD81040A184ED17E00452B",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{5CD7AEE2-2219-4A67-B85D-6C9CE15660CB}\\PropertyBag",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Installer\\Features\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\296744B7EBFEB2741A47781AE6E32269",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\92F9143E715DEF045A539256438E41FB",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\CurVer",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\16AC40BE991DF1643B2800729063B2F9",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\717591555BCB1604BA9777E8A55D0E41",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\1\\Desktop\\NameSpace",
"HKEY_LOCAL_MACHINE\\Software\\Alps\\Apoint",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\4626147D107665540A84D43A5908E74D",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\PropertyBag",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\DocObject",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\1\\KnownFolders",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Shell\\Associations\\UrlAssociations\\http",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\PropertyBag",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\1\\Desktop\\NameSpace\\DelegateFolders",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\Shell\\RegisteredApplications\\UrlAssociations\\Directory\\OpenWithProgids",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\MMDevices\\Audio\\Render\\",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\PropertyBag",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\",
"HKEY_CURRENT_USER\\software",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AutoComplete",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\8ECC347096FA78C4E8291F449F71E16E",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\FE056816E41FD2F4CACD03E7A2CA2E6E",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\MMDevices\\Audio\\Render\\{c8ce7349-e519-42ea-bfb7-698f1844ee25}\\Properties",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Blocked",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\E116C831A95AB5B4787CE3086FE83631",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\Shell\\RegisteredApplications\\UrlAssociations\\http\\OpenWithProgids",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\PropertyBag",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}\\PropertyBag",
"HKEY_CURRENT_USER\\SOFTWARE\\Mozilla\\Firefox\\32to64DidMigrate",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\FFFA6DF7EA9EDFC45A1F02FE6DF8F067",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}",
"HKEY_CLASSES_ROOT\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\InProcServer32",
"HKEY_CURRENT_USER\\Software\\MozillaPlugins",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AutoComplete",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Mozilla\\Firefox\\Extensions",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Websense\\Agent",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Network",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Mozilla\\Firefox",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{03022430-ABC4-11D0-BDE2-00AA001A1953}\\InProcServer32",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\DelegateFolders",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\application\/pdf",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\ShellEx\\IconHandler",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\crypt32",
"HKEY_CLASSES_ROOT\\FirefoxURL-E7CF176E110C211B",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\3C68656E520593A45925ADFB41F821B5",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\90860AAA7BD3DE34EB32330DD29CAD62",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\002F6EFFA8A0A40498F3035BD153685A",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\PropertyBag",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{BCBD3057-CA5C-4622-B42D-BC56DB0AE516}\\PropertyBag",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\F591EF48DE97A00428A5BC1AFFFAA868",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\Desktop\\NameSpace\\{031E4825-7B94-4dc3-B131-E946B44C8DD5}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{208D2C60-3AEA-1069-A2D7-08002B30309D}\\ShellFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\PropertyBag",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{3697C5FA-60DD-4B56-92D4-74A569205C16}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AutoComplete\\Client\\",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\0FD387D006FD9734FA65B249F36DE42A",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\EEF8AA9EB45B5DB4BBE46B8634C910CD",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\BrowseInPlace",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}"
],
"guid": [
"{ea1afb91-9e28-4b86-90e9-9e9f8a5eefaf}",
"{6f237df9-9ddb-47ad-b218-400d54c286ad}",
"{c08956a2-1cd3-11d1-b1c5-00805fc1270e}",
"{c43dc798-95d1-4bea-9030-bb99e2983a1a}",
"{17072f7b-9abe-4a74-a261-1eb76b55107a}",
"{0000015b-0000-0000-c000-000000000046}",
"{44aca674-e8fc-11d0-a07c-00c04fb68820}",
"{8bc3f05e-d86b-11d0-a075-00c04fb68820}",
"{529a9e6b-6587-4f23-ab9e-9c7d683e3c50}",
"{591209c7-767b-42b2-9fba-44ee4615f2c7}",
"{660b90c8-73a9-4b58-8cae-355b7f55341b}",
"{ba126ae5-2166-11d1-b1d0-00805fc1270e}",
"{6332debf-87b5-4670-90c0-5e57b408a49e}",
"{4e530b0a-e611-4c77-a3ac-9031d022281b}",
"{00bb2765-6a77-11d0-a535-00c04fd7d062}",
"{5e078e03-8265-4bbe-9487-d242edbef910}",
"{9b63616c-36b2-46bc-959f-c1593952d19b}",
"{1a1f4206-0688-4e7f-be03-d82ec69df9a5}",
"{5762f2a7-4658-4c7a-a4ac-bdabfe154e0d}",
"{42aedc87-2188-41fd-b9a3-0c966feabec1}",
"{00000000-0000-0000-c000-000000000046}",
"{4590f811-1d3a-11d0-891f-00aa004b2e24}",
"{00bb2763-6a77-11d0-a535-00c04fd7d062}",
"{d0074ffd-570f-4a9b-8d69-199fdba5723b}",
"{76765b11-3f95-4af2-ac9d-ea55d8994f1a}",
"{674b6698-ee92-11d0-ad71-00c04fd8fdff}",
"{00021401-0000-0000-c000-000000000046}",
"{d5f569d0-593b-101a-b569-08002b2dbf7a}",
"{af230d27-baba-4e42-aced-f524f22cfce2}",
"{871c5380-42a0-1069-a2ea-08002b30309d}",
"{000214e6-0000-0000-c000-000000000046}",
"{dc12a687-737f-11cf-884d-00aa004b2e24}",
"{2fb499a3-cfce-480f-a5f3-2453db7a2b7a}",
"{bcde0395-e52f-467c-8e3d-c4579291692e}",
"{ba126ad1-2166-11d1-b1d0-00805fc1270e}",
"{77f10cf0-3db5-4966-b520-b7c54fd35ed6}",
"{56fdf344-fd6d-11d0-958a-006097c9a090}",
"{28b4d88b-e072-49e6-804d-26edbe21a7b9}",
"{7c857801-7381-11cf-884d-00aa004b2e24}",
"{faedcf69-31fe-11d1-aad2-00805fc1270e}",
"{eac04bc0-3791-11d2-bb95-0060977b464c}",
"{0000034b-0000-0000-c000-000000000046}",
"{f309ad18-d86a-11d0-a075-00c04fb68820}",
"{a95664d2-9614-4f35-a746-de8db63617e6}",
"{aa80e801-2021-11d2-93e0-0060b067b86e}",
"{a47979d2-c419-11d9-a5b4-001185ad2b89}",
"{2c5bc43e-3369-4c33-ab0c-be9469677af4}",
"{722a338c-6e8e-4e72-ac27-1417fb0c81c2}",
"{46a6eeff-908e-4dc6-92a6-64be9177b41c}",
"{7007acc7-3202-11d1-aad2-00805fc1270e}",
"{807c1e6c-1d00-453f-b920-b61bb7cdd997}",
"{465a756d-45ad-4305-85fd-d3321650f3b7}",
"{e77cc89b-7401-4c04-8ced-149db35add04}",
"{e2b3c97f-6ae1-41ac-817a-f6f92166d7dd}",
"{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}",
"{03c036f1-a186-11d0-824a-00aa005b4383}",
"{98325047-c671-4174-8d81-defcd3f03186}"
],
"file_deleted": [
"C:\\Users\\cuck\\AppData\\Local\\Temp\\is-FCNCD.tmp\\_isetup\\_setup64.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-downloadwhite-proto.metadata",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cookies.sqlite-wal",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\3561288849sdhlie.sqlite-wal",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\mozstd-trackwhite-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-downloadwhite-proto.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-unwanted-proto.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\except-flash-digest256.sbstore",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\DS Clock\\DS Clock.pif",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-phish-simple.pset",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\xulstore.json",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\DS Clock\\DS Clock.lnk",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-block-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-badbinurl-proto.pset",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\DS Clock\\DS Clock Help.lnk",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-unwanted-simple.sbstore",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\DS Clock\\Uninstall DS Clock.lnk",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\except-flashsubdoc-digest256.pset",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cookies.sqlite-shm",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\healthreport.sqlite-wal",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-unwanted-proto.metadata",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-block-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-harmful-simple.pset",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\session-state.json",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\2918063365piupsah.sqlite-wal",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\is-6QC0S.tmp\\c377d2bfb91b3167f78e37ed202a391e174323b2399b75fac291322d3865c60a.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\mozstd-trackwhite-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-unwanted-simple.pset",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\DS Clock\\Uninstall DS Clock.url",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\allow-flashallow-digest256.pset",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\DS Clock\\DS Clock Help.url",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\.startup-incomplete",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-trackwhite-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-malware-proto.metadata",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\3561288849sdhlie.sqlite-shm",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\block-flash-digest256.pset",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\archived\\2018-06\\1529094432250.8d1c7fee-79f4-470a-abe5-30f64452b184.main.jsonlz4",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\DS Clock\\DS Clock.url",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-malware-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\sessionCheckpoints.json",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\archived\\2018-06\\1529094127628.b6c0f8ae-6867-461f-8b4e-0e5ad121f572.new-profile.jsonlz4",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\except-flashsubdoc-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-track-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-trackwhite-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-phish-proto.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-harmful-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\except-flashallow-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-track-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\is-FCNCD.tmp\\dscsfw.dll",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\except-flashallow-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\block-flash-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-phish-proto.metadata",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\mozplugin-block-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-malware-proto.pset",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\archived\\2018-06\\1529094127657.3ee56f54-bdce-46eb-a6d1-98f68cca4570.main.jsonlz4",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-badbinurl-proto.metadata",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\1657114595AmcateirvtiSty.sqlite-shm",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\base-track-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\except-flash-digest256.pset",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\1657114595AmcateirvtiSty.sqlite-wal",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\allow-flashallow-digest256.sbstore",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\DS Clock\\Uninstall DS Clock.pif",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\archived\\2018-06\\1529094538341.9c7aca19-57fd-4e4f-b088-84d9d1e147b1.main.jsonlz4",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\mozplugin-block-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-malware-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-phish-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\block-flashsubdoc-digest256.pset",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\DS Clock\\DS Clock Help.pif",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\healthreport.sqlite",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\archived\\2018-06\\1529094127660.769b1bb0-a4dd-45df-94dc-162afa98b7dc.first-shutdown.jsonlz4",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\block-flashsubdoc-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\base-track-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\2918063365piupsah.sqlite-shm",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\addons.json",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\healthreport.sqlite-shm"
],
"regkey_written": [
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StartPage\\NewShortcuts\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\DS Clock\\DS Clock.lnk",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\DS Clock_is1\\QuietUninstallString",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\DS Clock_is1\\InstallLocation",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\DS Clock_is1\\Inno Setup: Language",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\DS Clock_is1\\MinorVersion",
"HKEY_CURRENT_USER\\Software\\Duality Software\\DS Clock\\TimeSync\\NOD",
"HKEY_CURRENT_USER\\Software\\Duality Software\\DS Clock\\Common\\H2",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\DS Clock_is1\\InstallDate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\DS Clock_is1\\EstimatedSize",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Shell\\Bags\\1\\Desktop\\GroupByKey:FMTID",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Shell\\BagMRU\\NodeSlots",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Shell\\Bags\\1\\Desktop\\IconSize",
"HKEY_CURRENT_USER\\Software\\Duality Software\\DS Clock\\TimeSync\\MSO",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Shell\\Bags\\1\\Desktop\\FFlags",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Shell\\BagMRU\\MRUListEx",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Shell\\Bags\\1\\Desktop\\Sort",
"HKEY_CURRENT_USER\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\TrayNotify\\IconStreams",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\DS Clock_is1\\HelpLink",
"HKEY_CURRENT_USER\\Software\\Microsoft\\RestartManager\\Session0000\\Sequence",
"HKEY_CURRENT_USER\\Software\\Duality Software\\DS Clock\\Common\\AU",
"HKEY_CURRENT_USER\\Software\\Duality Software\\DS Clock\\Common\\H0",
"HKEY_CURRENT_USER\\Software\\Duality Software\\DS Clock\\TimeSync\\FST",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Shell\\Bags\\1\\Desktop\\ColInfo",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\HRZR_PGYFRFFVBA",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\DS Clock_is1\\NoModify",
"HKEY_CURRENT_USER\\Software\\Duality Software\\DS Clock\\TimeSync\\AHR",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\DS Clock_is1\\UninstallString",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\DS Clock_is1\\Inno Setup: Setup Version",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\DS Clock_is1\\VersionMajor",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StartPage2\\ProgramsCache",
"HKEY_CURRENT_USER\\Software\\Microsoft\\RestartManager\\Session0000\\RegFilesHash",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Duality Software\\DS Clock\\Install\\Path",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StartPage\\NewShortcuts\\C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\DS Clock\\DS Clock.lnk",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Run\\DS Clock",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Shell\\Bags\\1\\Desktop\\GroupByDirection",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\DS Clock_is1\\URLUpdateInfo",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\DS Clock_is1\\Inno Setup: User",
"HKEY_CURRENT_USER\\Software\\Duality Software\\DS Clock\\TimeSync\\SVR",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\DS Clock_is1\\URLInfoAbout",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\DS Clock_is1\\NoRepair",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{7P5N40RS-N0SO-4OSP-874N-P0S2R0O9SN8R}\\QF Pybpx\\qfpybpx.rkr",
"HKEY_CURRENT_USER\\Software\\Microsoft\\RestartManager\\Session0000\\RegFiles0000",
"HKEY_CURRENT_USER\\Local Settings\\MuiCache\\2\\52C64B7E\\LanguageList",
"HKEY_CURRENT_USER\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\TrayNotify\\LastAdvertisement",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\DS Clock_is1\\VersionMinor",
"HKEY_CURRENT_USER\\Software\\Duality Software\\DS Clock\\Common\\CF",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Duality Software\\DS Clock\\Install\\Stamp",
"HKEY_CURRENT_USER\\Software\\Microsoft\\RestartManager\\Session0000\\Owner",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\DS Clock_is1\\DisplayName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\DS Clock_is1\\Inno Setup: Icon Group",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\DS Clock_is1\\DisplayVersion",
"HKEY_CURRENT_USER\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\TrayNotify\\PastIconsStream",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Shell\\Bags\\1\\Desktop\\GroupView",
"HKEY_CURRENT_USER\\Software\\Duality Software\\DS Clock\\TimeSync\\ATA",
"HKEY_CURRENT_USER\\Software\\Duality Software\\DS Clock\\Common\\Stamp",
"HKEY_CURRENT_USER\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\TrayNotify\\UserStartTime",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\DS Clock_is1\\MajorVersion",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\DS Clock_is1\\DisplayIcon",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StuckRects2\\Settings",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Shell\\Bags\\1\\Desktop\\GroupByKey:PID",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Action Center\\Checks\\{01979c6a-42fa-414c-b8aa-eee2c8202018}.check.100\\CheckSetting",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Shell\\Bags\\1\\Desktop\\LogicalViewMode",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Shell\\Bags\\1\\Desktop\\Mode",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\\pzq.rkr",
"HKEY_CURRENT_USER\\Software\\Duality Software\\DS Clock\\Common\\CC",
"HKEY_CURRENT_USER\\Software\\Duality Software\\DS Clock\\TimeSync\\W2F",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\DS Clock_is1\\Inno Setup: App Path",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\DS Clock_is1\\Publisher",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Streams\\Desktop\\TaskbarWinXP",
"HKEY_CURRENT_USER\\Software\\Microsoft\\RestartManager\\Session0000\\SessionHash",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\R7PS176R110P211O"
],
"file_copied": [
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\block-flashsubdoc-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\block-flashsubdoc-digest256.pset"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-track-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-track-simple.pset"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-malware-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-malware-simple.pset"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\except-flashallow-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\except-flashallow-digest256.sbstore"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-phish-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-phish-simple.sbstore"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-harmful-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-harmful-simple.pset"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-trackwhite-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-trackwhite-simple.pset"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\allow-flashallow-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\allow-flashallow-digest256.pset"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-block-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-block-simple.pset"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-badbinurl-proto.metadata",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-badbinurl-proto.metadata"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-harmful-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-harmful-simple.sbstore"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\block-flash-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\block-flash-digest256.pset"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\except-flashallow-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\except-flashallow-digest256.pset"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\except-flash-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\except-flash-digest256.pset"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-downloadwhite-proto.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-downloadwhite-proto.pset"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-malware-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-malware-simple.sbstore"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-phish-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-phish-simple.pset"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-malware-proto.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-malware-proto.pset"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-unwanted-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-unwanted-simple.sbstore"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\mozstd-trackwhite-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\mozstd-trackwhite-digest256.pset"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\mozplugin-block-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\mozplugin-block-digest256.pset"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-malware-proto.metadata",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-malware-proto.metadata"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-trackwhite-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-trackwhite-simple.sbstore"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\allow-flashallow-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\allow-flashallow-digest256.sbstore"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\mozplugin-block-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\mozplugin-block-digest256.sbstore"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-badbinurl-proto.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-badbinurl-proto.pset"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-block-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-block-simple.sbstore"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-unwanted-proto.metadata",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-unwanted-proto.metadata"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\mozstd-trackwhite-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\mozstd-trackwhite-digest256.sbstore"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-track-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-track-simple.sbstore"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\block-flashsubdoc-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\block-flashsubdoc-digest256.sbstore"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-downloadwhite-proto.metadata",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-downloadwhite-proto.metadata"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-unwanted-proto.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-unwanted-proto.pset"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\except-flashsubdoc-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\except-flashsubdoc-digest256.pset"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\base-track-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\base-track-digest256.pset"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\base-track-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\base-track-digest256.sbstore"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\except-flashsubdoc-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\except-flashsubdoc-digest256.sbstore"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-unwanted-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-unwanted-simple.pset"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-phish-proto.metadata",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-phish-proto.metadata"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\except-flash-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\except-flash-digest256.sbstore"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\block-flash-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\block-flash-digest256.sbstore"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-phish-proto.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-phish-proto.pset"
]
],
"command_line": [
"http:\/\/www.dualitysoft.com\/t\/dsc-install?src=dsc-install&version=4.0.1.0&os=6.1.7601&pi=x86&pa=x64",
"\"C:\\Program Files (x86)\\DS Clock\\dsetime.exe\" -install",
"\"C:\\Users\\cuck\\AppData\\Local\\Temp\\is-6QC0S.tmp\\c377d2bfb91b3167f78e37ed202a391e174323b2399b75fac291322d3865c60a.tmp\" \/SL5=\"$1902E6,1924549,147456,C:\\Users\\cuck\\AppData\\Local\\Temp\\c377d2bfb91b3167f78e37ed202a391e174323b2399b75fac291322d3865c60a.bin\" ",
"\"C:\\Program Files (x86)\\DS Clock\\dsclock.exe\"",
"\"C:\\Program Files (x86)\\Mozilla Firefox\\firefox.exe\" -contentproc --channel=\"264.6.977687142\\849956440\" -childID 2 -isForBrowser -boolPrefs 299:0| -stringPrefs 285:38;{30125161-3c7f-4c5a-bdb3-beadc01f5994}| -schedulerPrefs 0001,2 -greomni \"C:\\Program Files (x86)\\Mozilla Firefox\\omni.ja\" -appomni \"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\omni.ja\" -appdir \"C:\\Program Files (x86)\\Mozilla Firefox\\browser\" 264 \"\\\\.\\pipe\\gecko-crash-server-pipe.264\" 2188 tab",
"\"C:\\Program Files (x86)\\Mozilla Firefox\\firefox.exe\" -contentproc --channel=\"264.0.1889308942\\1280955394\" -childID 1 -isForBrowser -boolPrefs 299:0| -stringPrefs 285:38;{30125161-3c7f-4c5a-bdb3-beadc01f5994}| -schedulerPrefs 0001,2 -greomni \"C:\\Program Files (x86)\\Mozilla Firefox\\omni.ja\" -appomni \"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\omni.ja\" -appdir \"C:\\Program Files (x86)\\Mozilla Firefox\\browser\" 264 \"\\\\.\\pipe\\gecko-crash-server-pipe.264\" 1536 tab",
"\"C:\\Program Files (x86)\\Mozilla Firefox\\firefox.exe\" -osint -url \"http:\/\/www.dualitysoft.com\/t\/dsc-install?src=dsc-install&version=4.0.1.0&os=6.1.7601&pi=x86&pa=x64\""
],
"regkey_deleted": [
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Shell\\Bags\\1\\Desktop\\GroupCollapseState",
"HKEY_CURRENT_USER\\System\\CurrentControlSet\\Control\\Network\\ShowWirelessConnectingOnStart",
"HKEY_CURRENT_USER\\Software\\Microsoft\\RestartManager\\Session0000\\RegFilesHash",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\DS Clock_is1",
"HKEY_CURRENT_USER\\Software\\Microsoft\\RestartManager\\Session0000\\Sequence",
"HKEY_CURRENT_USER\\Software\\Microsoft\\RestartManager\\Session0000\\SessionHash",
"HKEY_CURRENT_USER\\Software\\Microsoft\\RestartManager\\Session0000\\Owner",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Shell\\Bags\\1\\Desktop\\ItemPos800x600x96(1)",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Shell\\Bags\\1\\Desktop\\ItemOrder",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\DS Clock_is1",
"HKEY_CURRENT_USER\\Software\\Microsoft\\RestartManager\\Session0000",
"HKEY_CURRENT_USER\\Software\\Microsoft\\RestartManager\\Session0000\\RegFiles0000"
],
"mutex": [
"Local\\Shell.CMruPidlList",
"Local\\RstrMgr-3887CAB8-533F-4C85-B0DC-3E5639F8D511-Session0000",
"Local\\FirefoxStartupMutex",
"Local\\RstrMgr3887CAB8-533F-4C85-B0DC-3E5639F8D511",
"Global\\MozillaUpdateMutex-AWkbzLFmEHPmIFtactC8kpT7UdM=",
"RasPbFile",
"m_dsclock32"
],
"wmi_query": [
"SELECT * FROM Win32_BIOS"
],
"file_read": [
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\9843E084E02CC996A82AAAF091B968B2F443AA96",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\1E6CC88205509B4729347C79C048D6FEE47BA702",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4A7B3B12544D1B7ECC140DBCC7F13159E5C2811A",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\116C29D749EF02BBC3455756D834442785F9A388",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\C03DE41C9476F437402F1B6C64B0E4AB01A863E0",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\desktop.ini",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\base-track-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\8366CD083751DA973B30F80B11D910A45A6D920D",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\BB03D28C0A5842A9006EBFBFCDEC58959BE6B505",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\1657114595AmcateirvtiSty.sqlite",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\F17F04878A68505AE5481A71D8B733C5FFC6F285",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\B3F357E619352C003E94A8CF5A48F89305F38330",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\BF13DDDC114B55CF8532A4CD90403A99233AEC0E",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D7152E928865BCA4A03E2E2EA4F70459D0A65CA9",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\5DE23E815D1A97B1F4BEA115D8FEE9A592A6F071",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\80C4BD9CF4D3178043F25467076DC8E0EDCA7FA2",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\63F48F4F7F1BC3195F5AB831F9794F3DBA2D30E1",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\22C4B7AADA22F61015D43F2AC3959E959BFA7C92",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\25BA5C2B3FD98507850409FC3A4FD981B4B57A95",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\desktop.ini",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\FF55B8192FB0DF5264A1A67E55A281598969EDD1",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\7A140995F2B1632A4366B29F84525E129CE8019A",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\favicons.sqlite",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-convert-l1-1-0.dll",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-trackwhite-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4945586D32183A203E85FAFFD463A7684FD62668",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4E7F371E5CFBFD3AFD85C29D7EEFFFE842B3C777",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\24AB539CB6640E15DB1604220F3951544785212C",
"C:\\Program Files (x86)\\Mozilla Firefox\\lgpllibs.dll",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\0C2824F70ADF87E5071FE4771AF36357A5500643",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\7F2254AA2A8BC4A627A43E0A537084540A1E884B",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D88DC229735F2EE8DFE494C6D1F37FA7BB2227CE",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\92B5C9352DD00CE3BC97E4D5F624D41C2B3E8A45",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\BA91797ACB41F0E0E1E95742571EEE322A6A70F0",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\webext.sc.lz4",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\desktop.ini",
"C:\\Program Files (x86)\\Mozilla Firefox\\defaults\\pref\\channel-prefs.js",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\BD75785200C0E1E894D78880C72AC03D1B02A575",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\9B1007AC2F741C4FD7099C41A741D0FD35957BB8",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\F85DD1E57E8C61DF501ABFFCE74943A8035E83A6",
"C:\\Program Files (x86)\\Mozilla Firefox\\mozglue.dll",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\sessionCheckpoints.json",
"C:\\Users\\cuck\\Desktop\\desktop.ini",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\406A03EE0E91037465ACB2B4F4105250A54F282B",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-phish-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\EFC872FB5405AFC377348FFCDD26E62BBB612D81",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\12C5797F729FEAC529B8B47C188D14EB02D8CB76",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\F8AC72083E334F70A553AE68455FBDF0E65C5221",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\6509930F4539DB79DA356F2C5D01976D46756302",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-trackwhite-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-phish-proto.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-track-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\C7BCCD2D2CA294B38AE834D818CF5D5C0C7A65BE",
"C:\\Program Files (x86)\\DS Clock\\dsclock.exe",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\except-flash-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\B7DB036074231ACC212F58CA5B8AF0545A418060",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\773ADD9F62EEAF7F2246C8AD56A9F1B7BAA7B703",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\2E3648501A7ACB740BAFCE7FC3EAF3D4DC4E995D",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-downloadwhite-proto.metadata",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\A698B6CF98F43F9B0EE1C1DAF3F2CB9BFF09A47C",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\9BA38CD17924C08AD334BFB3903E3E7CD5627B1B",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\2DDBF58F5F7BF1E52CD38B42B90ABC8A4B082461",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-block-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\mozplugin-block-digest256.sbstore",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\Desktop.ini",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\E7EAFD1748127CEAA48DCDD05E7998E3CAA95B8C",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D1A8E6A06938A84BEC26B6A4F8D583FB4A3E4875",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\464DAA9FB3675E2054BC44273AFC184FA46471CB",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\1F3A3A34BAF218785600EB46E9182918B9928898",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\10822A86FA4EA4E601152426CBC79395A1336DF4",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\B2D65EE14ED1EB19E1A3B4C871D8C24A13F52918",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4824C8FFDEE786A5D8721AF47836EA89F72B9E63",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\A41FBA22DC5012AD425DF960BDD5033BAB7C7CB6",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\7B303216787123E2E98A2B9594CDF8211C77C0EA",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\desktop.ini",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D5D7B247774E63182A9E2C82B62424AAB64C79A8",
"C:\\Users\\Public\\desktop.ini",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-harmful-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\745D8B14DE6A12F1FAB4E03C1DDDB18AADB91107",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\14C9FC10F03F11BB6CBD75EA217AB33E64DCC1D8",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\87526A8EBFB030E474085D20EF15DC8C63814072",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\desktop.ini",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\7A8D3A9360CC37F0AD80962D4AEA72B6D0F0B2B3",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\compatibility.ini",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\BFF1B70350A6A2E0FDC6CD336ADB9119D951BACD",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\235A8ED310BFD65966E1EE36D0FD4BE498C8B73C",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\F456E8433011E699C016D5F1A2CD66D7F02F61A1",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\addons.json",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\SiteSecurityServiceState.txt",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\1E1444ABF82EF1DC8EE0944028E4CDA455D636F3",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\B597DA2E9B2D181DF7F2FB8D2BAEC133C8DBA0A3",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\thumbnails\\f8f5d529d35334f2fb264d19f656224e.png",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\xulstore.json",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4EC268BEC38CFB516EF780E0EBE4E401AF241132",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\A9004750076EB06EEC33AA7B9CC6D2557CD44CF4",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\.metadata-v2",
"\\\\?\\PIPE\\samr",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\9B10ECC55593004CB6F9763CF9201C09433055FD",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\CA53C817FAB68ABF181745737562B15E8CCB7039",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\0CB83587A5F8FCB502CB86AC361A93E2B36E861C",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\DS Clock\\DS Clock.lnk",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-time-l1-1-0.dll",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\5E4954707B44E5A4B4ACF5F22B52219A1DCA477F",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\2F8B15C93D75669CC70EBF85BF71871359837EAF",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-unwanted-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\AA109EF5680522CB655C98111C00F5A6B7B092B2",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\1679441B8AA7B4D31717C773CC4E86A25B37532B",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-harmful-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\9548F9611999ED8CA357720E12017816424CFB6F",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\B871BCA40A90227E35C39797525C79C94A1D99BE",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\1AB027184D2B00AF60C1FC40EDE4333DEACDB184",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-downloadwhite-proto.pset",
"C:\\Program Files (x86)\\DS Clock\\timesvrs.dat",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\search.json.mozlz4",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\65C9C9A27B78717F1015DE362F028E04C3945DEC",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\except-flashsubdoc-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\54EF37D18C4E81EE554527CBAE4A41871ECA817A",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\C57B57965CBA09581E320B5AA0337D210F8F93D2",
"C:\\Program Files (x86)\\Mozilla Firefox\\dependentlibs.list",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\webappsstore.sqlite",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\AC5E012C1887C7B691A8EA00C4E754025E25C235",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\desktop.ini",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\19AE0F43DA3528C6C3423A49A8C88E2268C93A9F",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-unwanted-simple.pset",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-utility-l1-1-0.dll",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-trackwhite-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\5910B209536948818F465D83D2569E7CE0895207",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\content-prefs.sqlite",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-malware-proto.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\block-flashsubdoc-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\89ACBB962943FAF1EF2F1C7CA72502C77A714625",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\2732BCC97E7EB9EC9DE3E8EA8F56D7971CBDCD22",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-phish-proto.metadata",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-malware-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\950506BC89C1114E4E75E993855000430CECD9D9",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\719CE0C009C49A27AA9874570F196BC7E8FB4270",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\F2BD0701B9399ABF52C338C39C42391FD12832D2",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\796EA7DED8F33BFD4F2F0CD98C76865D063E1FE1",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\B25B8C1B43CF7FBFAE6666322FAC0E83376388E2",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\C9BC79B1EF4DD1EF133FEDF6433E235214534AB1",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\34D9B2F464DD8C129F58DFEE470B079556A7A3F9",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\except-flashsubdoc-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\A9970A5D52CA09C13D9BD1531BCA7CF8B73E283E",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\Desktop.ini",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\block-flash-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\E59C4C731883450D84A0BAE7FDD94546BBC8DE04",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\01B2BB0FC84221A3593CA7991D57E56AC2CAE656",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4966EE335F8967FC706E89E6D02E8524E946F1B9",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\F10983A15DD515D828BE4E816299B9E87852132A",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\7129FF815464CD6B0D2D26BA6F4172DEB37EEEAD",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-malware-proto.metadata",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\EFE71EF03AD3DD79AAEBAA0A3F9596521CBA2FFE",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\6052DF2D478CD99FDE4D4B2D810BB2BA580793EC",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\DF08D94982E136FE7C4F2C94421F9E48C2C74A77",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-filesystem-l1-1-0.dll",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\167493A5CFB1A41265EC1B95DA06580C32BCF814",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\2FD2E2A71F89E3A92F68CB796207228217259289",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-heap-l1-1-0.dll",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\C4FA0268E64A0AD9E2040B07A1F10F120BD4EB0C",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\911B0C61350C012E383F7D0845A33B4D64F1AD2A",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-unwanted-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\activity-stream.tippytop.json",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\71E6B979E60B9BE891481CC4F4A274E2DECFFCD7",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\7ADD52E257AB16553D632B8F4B6830030878A19E",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\10506E8A46D6B713DA6BAF52F85CF29652AB094C",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\B10EA6E071F884F477118DC8A00E82FC8DE58639",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\32D3D40B1A49D72C523AF9C518AFE673224DF48F",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-math-l1-1-0.dll",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\8322BC5E83D3D80175E749D29197F9800286F253",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\499B8F86D3D7ACD12153BFF4E7D9C21E20E57862",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\EE34617993BEF52E93EC1819B22D42B99366214A",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D381FB47D731C2651FB103E2F7BC18AF380F7B1F",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4DE8480C465A21C0F01AA2B6F4E13E551F78BBB1",
"C:\\Program Files (x86)\\desktop.ini",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\8763F97414AC5D93807FCCBC67DBAAAEE2972A52",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cert9.db",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\0FEBD8BDBFAC8B82791945DC7E04F675419B2F42",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\block-flash-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-badbinurl-proto.metadata",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\03C2D63D520038594126B6B542E92CB503EF60B6",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\505DF13F4DA2C53FEB1945E0598B23F47FDBDCC7",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\E8F333B9BE75EC8017017DAE4ACE9DCC6677A983",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\EA9C51236A8D1BE9B123FE65F49772A97F2EAAEC",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\state.json",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-runtime-l1-1-0.dll",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-block-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\shield-preference-experiments.json",
"C:\\Program Files (x86)\\Mozilla Firefox\\msvcp140.dll",
"C:\\Users\\Public\\Desktop\\desktop.ini",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\05582FF5C196A4485F189490FEC9ECEA0890DA32",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\6301F538B782708AB243E2D7E05058C93BB83863",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-block-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\63FFF734326AB3EF836515DFE9353A5E12B66B71",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\sessionstore.jsonlz4",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\448A2AB129B26377E2408BBC44A6B4E984B0F25D",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\13AD07F4960A54F2D183ACF9E94C5128138B1927",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\589D8E1EA927649272150213A47BD1143DECB82A",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-malware-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\allow-flashallow-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\006309EAFFD4653F45B69F09BF6F930B6C5B394C",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\permissions.sqlite",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\E771454BB360CA5F7AA169E5416B493549BC2F59",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\ED89A8241905354BB4530DC06257CEF53C1580A2",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\handlers.json",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\B028362E3889BEAC998CED49FD74BA83B106FF93",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-phish-simple.pset",
"C:\\Program Files (x86)\\Mozilla Firefox\\VCRUNTIME140.dll",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\96ABC2EA8266E6EA2ABE62F8766B67BC8CA527BD",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D3AEF13BE0B76F1272C2F5536D4AF952DE6D2579",
"C:\\Windows\\System32\\ExplorerFrame.dll",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\68B1EB9E09D4BD74CA7A9C1BB118BE821BD39E93",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\698AC159A6BCBA0D13FE6F10F1A38E498F826F33",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\0CDAD0FEE8D457A239E21FCEAC3C12851FD524BB",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\extensions.json",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-unwanted-proto.metadata",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-trackwhite-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D8779A474EF9F188508C00F92B9CE49A7892A0AD",
"C:\\Users\\desktop.ini",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\66F684AF9CC570C6247262B47C769C601C2A338B",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\46E3AF25E304979396708B69DA68563169275511",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\allow-flashallow-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\53DAE4B1D7BFF6744CCAF7207DE631267F9883DC",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\2918063365piupsah.sqlite",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\containers.json",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\CCB2BB2D87699CA64DCF0C60BDECD1E30D1D6A11",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-unwanted-proto.pset",
"C:\\Program Files (x86)\\Mozilla Firefox\\gmp-clearkey\\0.1\\manifest.json",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\InstallTime20180605171542",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\prefs.js",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\17AFA6B228D2D87514B84B53E61306EC9F76A8AE",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\A3031C2052A395A7FE246EFE1783C6205B841295",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\179F6D8969C48967D77229126C8892C5E40DBC29",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\E600EF8778C4BFEC40D87FF56E5C46E3377094F0",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D56D07CBF04B0388B53B943F61C75FC6620FA0A9",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\F6C3C960F259CC3B54FF1DAD70E2F2E9E5020CA6",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\C664ABAE6A070392F60C7BFF721450AA0CF7DBA0",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\A2FD2AEC52AD764EF05C6E7CE3A4CE4B752EA5F0",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\DS Clock\\DS Clock Help.lnk",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\16114BA75206B6FA4C51ADC8A73DB4C6635F6AF9",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Games\\desktop.ini",
"C:\\Windows\\System32\\spool\\drivers\\color\\sRGB Color Space Profile.icm",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\2F0CC71C57B06F9DEA5A4A190CC4CF489D97C1F4",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\08F6935A08DB711CA491DE732807CFAEAB3E4D3B",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D5E6BECED2D69F7DA21EFD7B80D6C386F459CAF3",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\mozstd-trackwhite-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\53A3BB8B513161BF46CD7ED76BE06E8E633BE492",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\B43D30F6F6BD7155ECCE1FFC98748C5FE69D8051",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cookies.sqlite",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\1D7A050D55E3C4EE69402F8D55391DE5B50ADDB9",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\mozplugin-block-digest256.pset",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\pkcs11.txt",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\3105ECE5A1F29E3F4D2F5EDF3C6DC5FE4443FD4A",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\6C9B846926C287B15F67D64CE91F1CFA7D812660",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\79AEB0050B19F23A061AD4C2045261954485EF33",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\E910D1FCE8BF27F5536B88567A4DC32624377CC3",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\except-flashallow-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D6BFEAEE7117A9C7FDE6A10EAB400F894E4195A8",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-phish-simple.sbstore",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Desktop.ini",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\88A3A91F296EB21A832CB76FA4FDB06CCDE147B9",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\BA3014356B4F6ECADF1B5288B6841EB407783B99",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\5014D54D3346C39B07AF70090657B2AD092771C7",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-phish-simple.pset",
"C:\\Program Files (x86)\\Mozilla Firefox\\xul.dll",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\2B0BB856207559EBA5FC5511DF6FF5F51DFB5146",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\639DC9A240AA5E77CE1A930EDDD634BE796CBFA8",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\6D0B804EDDF9F0A04ED44C3E1673404FC2EF042D",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-harmful-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4FA5EE242D6F5B358CE45D291E80054726F198AC",
"C:\\Windows\\SysWOW64\\ieframe.dll",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Tablet PC\\Desktop.ini",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\25FCAA86CF448D2943B56A5788C3C21E5EA8DBC4",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\times.json",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\E2E836DA4479746F0312710A7F9EE78D7DFD4750",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\8C98F893C7DC5F2C401AD1482A81572B54197408",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\AC09BBF6FF451E6C03BF3FB18C85B1A52662C4FC",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\profiles.ini",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\0EDDF8C091E2FED62E44BEDDDC1723F5BF38FE4F",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\places.sqlite",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\EAF97F7535E2FBDA3D23E536591F7BBFE203FAC1",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-string-l1-1-0.dll",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage.sqlite",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\addonStartup.json.lz4",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\2E51A9404F7D0D33DB132CAF4A9C7B8FA64549AA",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\75E50D054B90189E74DAB0C86F5E8680BE580C29",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-unwanted-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-track-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\except-flash-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\key4.db",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\DC933A410E769DFD115C892EAF014A6E15ED59CE",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\session-state.json",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-track-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\2361C75DF0C4148925BB777DAFEA1BF4F9552B47",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\53B7A8254D12E292946E4514B3D598C1E6539AE8",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\3A472858AE5D0DD4813DF4EFC9F1037A487B1A64",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\F18D85F52EBBBA2AB081EF739ED0D6E8A76D497C",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-stdio-l1-1-0.dll",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\c377d2bfb91b3167f78e37ed202a391e174323b2399b75fac291322d3865c60a.bin",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-block-simple.sbstore",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-locale-l1-1-0.dll",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\blocklist.xml",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\481A82674A6B66F0DE510C9A714F8CD8C49CECDC",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\70F12FE0F788181112B9AEE541D1E9E7E0FAEDE3",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Windows PowerShell\\desktop.ini",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4E83181E964BD40E1FE4C41BAFED645D4BA363B1",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\FDC043D6190638980733E805CC7517F27A931511",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-harmful-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\93B95B92B63A5C2327A8048A4BF57824C56B8CF1",
"C:\\Windows\\win.ini",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\25D9FE4CEA5B58770648CDAF3242ACDE286A6CBF",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-track-simple.pset",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-multibyte-l1-1-0.dll",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\6E1FED29EBE0BFDE3E498E4192938BE957FF9246",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-badbinurl-proto.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\723D2D7D52AD8AD9A4B8D12D69CBCD97CB4FFC65",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\crashes\\store.json.mozlz4",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4AFCE23AA61A96885DF21D2DE2FFB502C41EBD3C",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-environment-l1-1-0.dll",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D1B90B03F8D7A2BA6BA1E9251F8101DECDB2CBEC",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\3561288849sdhlie.sqlite",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\89DBE1DF558BB8439E2062ECC3272086F2E3FF1F",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\AFE5FBBD40656A0DF79CF1E5D0A1DF072C6B9AE9",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D172C03F361E7325D8F391F992106A828306767D",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\base-track-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\1FD79E550E990A5DE8BC811C9BBECF380A66A9DF",
"C:\\Program Files (x86)\\Mozilla Firefox\\nss3.dll",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\is-6QC0S.tmp\\c377d2bfb91b3167f78e37ed202a391e174323b2399b75fac291322d3865c60a.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-malware-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\64E75C732D9C3F23724ACEF48E9B6C566BC6D9BE",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-malware-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\120B4106EC203FC932984367D86BBE11C2B9B93C",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\thumbnails\\ad5a4453bea49203135688a7b8db842d.png",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\24C085D72E4DC34C183B0875733BBC71612D9696",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\block-flashsubdoc-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\except-flashallow-digest256.sbstore",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Desktop.ini",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\196BCA845E91608F7B4CA6127A60D20AF55413AC",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\361B548BA913570AB336F9E5FA9152F01E567AB9",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\mozstd-trackwhite-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\ABA24AAB8A9EA0E34C3E86EFD7EE2992CE614003"
],
"regkey_read": [
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\0A191B45599EEB74CA305184EA3C2A94\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\LocalizedName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{905E63B6-C1BF-494E-B29C-65B732D3D21A}\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3D644C9B-1FB8-4F30-9B45-F670235F79C0}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\Roamable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{9113A02D-00A3-46B9-BC5F-9C04DADDD5D7}\\ShellFolder\\HideOnDesktopPerUser",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Favorites",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontSubstitutes\\Tahoma Armenian",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{BCBD3057-CA5C-4622-B42D-BC56DB0AE516}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Tracing\\firefox_RASAPI32\\EnableConsoleTracing",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\CreateUriCacheSize",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\AccListViewV6",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{9113A02D-00A3-46B9-BC5F-9C04DADDD5D7}\\ShellFolder\\WantsUniversalDelegate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{7007ACC7-3202-11D1-AAD2-00805FC1270E}\\ShellFolder\\Attributes",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\Zvpebfbsg.NhgbTrarengrq.{NN198O3P-PQ8P-7QR1-98Q1-O460S637193O}",
"HKEY_CURRENT_USER\\Software\\Duality Software\\DS Clock\\Common\\COA",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\PublishExpandedPath",
"HKEY_CURRENT_USER\\Software\\Duality Software\\DS Clock\\Common\\MAPI",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\863CA21BBA4DFCE489FDF96EAB898616\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\ParsingName",
"HKEY_CURRENT_USER\\.pdf\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder\\MapNetDriveVerbs",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{35786D3C-B075-49B9-88DD-029876E11C01}\\ShellFolder\\NoFileFolderJunction",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{9113A02D-00A3-46B9-BC5F-9C04DADDD5D7}\\ShellFolder\\MapNetDriveVerbs",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\RestrictedAttributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\Desktop\\NameSpace\\{59031a47-3f72-44a7-89c5-5595fe6b30ee}\\SuppressionPolicy",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{905E63B6-C1BF-494E-B29C-65B732D3D21A}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StartPage\\FavoritesRemovedChanges",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Npprffbevrf\\Zngu Vachg Cnary.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Rpc\\SecurityService\\DefaultAuthLevel",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Npprffbevrf\\Jvaqbjf CbjreFuryy\\Jvaqbjf CbjreFuryy VFR.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\PnpLockdownFiles\\%SystemDrive%\\Program Files (x86)\\DS Clock\\dsclock.exe",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\DocObject",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\InfoTip",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\CreateUriCacheSize",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{7007ACC7-3202-11D1-AAD2-00805FC1270E}\\ShellFolder\\HideInWebView",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{35786D3C-B075-49B9-88DD-029876E11C01}\\ShellFolder\\MapNetDriveVerbs",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\Zvpebfbsg.Jvaqbjf.TrggvatFgnegrq",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\F356843B045CC0A4BA0D83C1D85AAAFD\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\\Stream",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\PublishExpandedPath",
"HKEY_CURRENT_USER\\Software\\Duality Software\\DS Clock\\TimeSync\\MSO",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Npprffbevrf\\Flfgrz Gbbyf\\qsethv.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\103857F24A2EDA54A800A41FA570861F\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\RegisteredOrganization",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace\\DelegateFolders\\{9113A02D-00A3-46B9-BC5F-9C04DADDD5D7}\\SuppressionPolicy",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\Security",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\MapNetDrvBtn",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\95E2C34402A93A14FA8CB3420B85375C\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Shell\\BagMRU Size",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\InfoTip",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Npprffbevrf\\Pnyphyngbe.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Duality Software\\DS Clock\\Install\\Path",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2227A280-3AEA-1069-A2DE-08002B30309D}\\ShellFolder\\HideOnDesktopPerUser",
"HKEY_CURRENT_USER\\Local Settings\\MuiCache\\2\\52C64B7E\\@C:\\Windows\\system32\\SnippingTool.exe,-15051",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\en",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\ShowTypeOverlay",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{7007ACC7-3202-11D1-AAD2-00805FC1270E}\\System.ItemNameDisplay",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\HideFileExt",
"HKEY_CURRENT_USER\\FirefoxHTML-E7CF176E110C211B\\shell\\open\\command\\(Default)",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{Q65231O0-O2S1-4857-N4PR-N8R7P6RN7Q27}\\JvaqbjfCbjreFuryy\\i1.0\\CbjreFuryy_VFR.rkr",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Nqzvavfgengvir Gbbyf\\Jvaqbjf CbjreFuryy Zbqhyrf.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{00BB2763-6A77-11D0-A535-00C04FD7D062}\\InProcServer32\\(Default)",
"HKEY_CURRENT_USER\\Local Settings\\MuiCache\\2\\52C64B7E\\@C:\\Windows\\system32\\netshell.dll,-1200",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{905E63B6-C1BF-494E-B29C-65B732D3D21A}\\Security",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\SESSION MANAGER\\PendingFileRenameOperations2",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\9BA984AD4F03E284382FFBB7A68BEE27\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3D644C9B-1FB8-4F30-9B45-F670235F79C0}\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows NT\\CurrentVersion\\ProductName",
"HKEY_CURRENT_USER\\Software\\Duality Software\\DS Clock\\Common\\LW",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder\\CallForAttributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontSubstitutes\\FangSong_GB2312",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\Security",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\ListviewShadow",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoWebView",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\My Pictures",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Znvagranapr\\Perngr Erpbirel Qvfp.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\chm.file\\IsShortcut",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{B155BDF8-02F0-451E-9A26-AE317CFD7779}\\ShellFolder\\CallForAttributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{B155BDF8-02F0-451E-9A26-AE317CFD7779}\\ShellFolder\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\17E23EF6C775D324DB90E0E2B7D1CA72\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\4626147D107665540A84D43A5908E74D\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Fvqrone.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\4486F7CE8F022FB4EB0154C5226C27A0\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\\qsethv.rkr",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{ED228FDF-9EA8-4870-83B1-96B02CFE0D52}\\SortOrderIndex",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{5CD7AEE2-2219-4A67-B85D-6C9CE15660CB}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\InProcServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\9D22CD4619F5DBC499A083AAD70FE7B3\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{BCBD3057-CA5C-4622-B42D-BC56DB0AE516}\\LocalizedName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\002F6EFFA8A0A40498F3035BD153685A\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\LDAP\\UseOldHostResolutionOrder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\Desktop\\NameSpace\\{89D83576-6BD1-4c86-9454-BEB04E94C819}\\SuppressionPolicy",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{6Q809377-6NS0-444O-8957-N3773S02200R}\\Pbzzba Svyrf\\Zvpebfbsg Funerq\\Vax\\zvc.rkr",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\717591555BCB1604BA9777E8A55D0E41\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\Description",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\\bqopnq32.rkr",
"HKEY_CURRENT_USER\\Local Settings\\MuiCache\\2\\52C64B7E\\@C:\\Windows\\system32\\displayswitch.exe,-320",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\Security",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\Icon",
"HKEY_CURRENT_USER\\FirefoxURL-E7CF176E110C211B\\shell\\open\\command\\(Default)",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\R7PS176R110P211O",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{7007ACC7-3202-11D1-AAD2-00805FC1270E}\\ShellFolder\\RestrictedAttributes",
"HKEY_CURRENT_USER\\Software\\Duality Software\\DS Clock\\Common\\Stamp",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{208D2C60-3AEA-1069-A2D7-08002B30309D}\\ShellFolder\\WantsUniversalDelegate",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Language\\InstallLanguageFallback",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\3C68656E520593A45925ADFB41F821B5\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\Desktop\\NameSpace\\{031E4825-7B94-4dc3-B131-E946B44C8DD5}\\SuppressionPolicy",
"HKEY_CURRENT_USER\\Software\\Duality Software\\DS Clock\\Common\\LR",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\000000000002\\PackedCatalogItem",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2227A280-3AEA-1069-A2DE-08002B30309D}\\ShellFolder\\WantsFORDISPLAY",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\LocalizedName",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\IETld\\IETldVersionHigh",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Npprffbevrf\\Jbeqcnq.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\FolderTypeID",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Zrqvn Pragre.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\Security",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3D644C9B-1FB8-4F30-9B45-F670235F79C0}\\LocalRedirectOnly",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\LocalRedirectOnly",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{208D2C60-3AEA-1069-A2D7-08002B30309D}\\ShellFolder\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\PublishExpandedPath",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\\erpqvfp.rkr",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\QueryForInfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\CE5B971A0DBB8FD4F83AE0DADC348104\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\PnpLockdownFiles\\%SystemDrive%\\Program Files (x86)\\DS Clock\\license.txt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\LocalRedirectOnly",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{BCBD3057-CA5C-4622-B42D-BC56DB0AE516}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.chm\\PerceivedType",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Nqzvavfgengvir Gbbyf\\Rirag Ivrjre.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\InfoTip",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Npprffbevrf\\Gnoyrg CP\\GnoGvc.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\InProcServer32\\LoadWithoutCOM",
"HKEY_CURRENT_USER\\Local Settings\\MuiCache\\2\\52C64B7E\\@C:\\Windows\\system32\\mstsc.exe,-4000",
"HKEY_CURRENT_USER\\Software\\Duality Software\\DS Clock\\Common\\SE",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Mozilla\\Firefox\\32to64DidMigrate\\C:\\Program Files (x86)\\Mozilla Firefox",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2227A280-3AEA-1069-A2DE-08002B30309D}\\ShellFolder\\CallForAttributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\958C4A0DE6C8D5C428C6E9D875BC33B6\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\Stream",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\NeverShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\Stream",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{905E63B6-C1BF-494E-B29C-65B732D3D21A}\\Stream",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\Security",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\Description",
"HKEY_CURRENT_USER\\Software\\Duality Software\\DS Clock\\Common\\FTZTM",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontSubstitutes\\KaiTi_GB2312",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3D644C9B-1FB8-4F30-9B45-F670235F79C0}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{9113A02D-00A3-46B9-BC5F-9C04DADDD5D7}\\ShellFolder\\WantsFORDISPLAY",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\Desktop\\NameSpace\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\SuppressionPolicy",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\PreCreate",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Shell Folders\\Cache",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\Roamable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\PreCreate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\Stream",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\WantsFORPARSING",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\WaitToKillServiceTimeout",
"HKEY_CURRENT_USER\\Software\\Duality Software\\DS Clock\\Common\\AT",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Npprffbevrf\\Flap Pragre.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\LocalRedirectOnly",
"HKEY_CURRENT_USER\\Software\\Duality Software\\DS Clock\\Common\\AL",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{35786D3C-B075-49B9-88DD-029876E11C01}\\ShellFolder\\WantsFORPARSING",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\Stream",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{B155BDF8-02F0-451E-9A26-AE317CFD7779}\\ShellFolder\\HideFolderVerbs",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\Roamable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\PreCreate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoInternetIcon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\Desktop\\NameSpace\\{ED228FDF-9EA8-4870-83b1-96b02CFE0D52}\\SuppressionPolicy",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\5B04950B5EC5C924B8F428B5484A2720\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder\\WantsFORDISPLAY",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\Category",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Npprffbevrf\\Npprffvovyvgl\\Fcrrpu Erpbtavgvba.yax",
"HKEY_LOCAL_MACHINE\\HARDWARE\\DESCRIPTION\\System\\CentralProcessor\\0\\Identifier",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\User Shell Folders\\{3D644C9B-1FB8-4F30-9B45-F670235F79C0}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\LocalizedName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\FBEAAA6C37E8AF24B87AAEA0047433BD\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\AutoComplete\\Client\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\Security",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\crypt32\\DebugHeapFlags",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Nqzvavfgengvir Gbbyf\\Cresbeznapr Zbavgbe.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\chm.file\\NeverShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\Stream",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\StreamResourceType",
"HKEY_CURRENT_USER\\Software\\Microsoft\\RestartManager\\Session0000\\RegProcs0000",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SQMClient\\Windows\\DisabledProcesses\\A97E3BAA",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\ParentFolder",
"HKEY_CURRENT_USER\\Software\\Duality Software\\DS Clock\\Common\\SFS",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\Category",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\\bfx.rkr",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{7007ACC7-3202-11D1-AAD2-00805FC1270E}\\ShellFolder\\QueryForOverlay",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_TrackProgs",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{7007ACC7-3202-11D1-AAD2-00805FC1270E}\\InProcServer32\\LoadWithoutCOM",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder\\Attributes",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_LargeMFUIcons",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Start Menu",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2227A280-3AEA-1069-A2DE-08002B30309D}\\ShellFolder\\WantsUniversalDelegate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Tracing\\firefox_RASAPI32\\MaxFileSize",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\Description",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\RelativePath",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\\qvfcynlfjvgpu.rkr",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\CreateUriCacheSize",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\Security",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\CallForAttributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{905E63B6-C1BF-494E-B29C-65B732D3D21A}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\StreamResourceType",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\Zvpebfbsg.NhgbTrarengrq.{P804OON7-SN5S-POS7-8O55-2096R5S972PO}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\Stream",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum\\{2227A280-3AEA-1069-A2DE-08002B30309D}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder\\HideOnDesktopPerUser",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontSubstitutes\\Times",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{905E63B6-C1BF-494E-B29C-65B732D3D21A}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\LanmanWorkstation\\Parameters\\RpcCacheTimeout",
"HKEY_CURRENT_USER\\FirefoxURL-E7CF176E110C211B\\shell\\(Default)",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\\kcfepuij.rkr",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\Description",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\2FA90A429E82313489DAA2E2C2F0872C\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{N77S5Q77-2R2O-44P3-N6N2-NON601054N51}\\Npprffbevrf\\Pbzznaq Cebzcg.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\HasNavigationEnum",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\User Shell Folders\\CommonPictures",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SQMClient\\Windows\\DisabledSessions\\GlobalSession",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\Roamable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Tracing\\firefox_RASAPI32\\EnableFileTracing",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\\aneengbe.rkr",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{B155BDF8-02F0-451E-9A26-AE317CFD7779}\\ShellFolder\\WantsFORPARSING",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Clguba 2.7\\Zbqhyr Qbpf.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\Roamable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\000000000006\\PackedCatalogItem",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\LocalizedName",
"HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\EnablePunycode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\335F6F64CD461D9469519574D34757EB\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontSubstitutes\\Arabic Transparent Bold,0",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\LocalizedName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\WantsUniversalDelegate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\F41A458014D57E54E8DBD0B0CBC361A2\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontSubstitutes\\Miriam Transparent",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{9113A02D-00A3-46B9-BC5F-9C04DADDD5D7}\\ShellFolder\\Attributes",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\NoNetCrawling",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\\LocalizedName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\7814D91294731FF4DBBB840810BEB3BB\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_CURRENT_USER\\Software\\Duality Software\\DS Clock\\TimeSync\\ATA",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\Security",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\LocalRedirectOnly",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\DWM\\AccentColor",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\Description",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{7007ACC7-3202-11D1-AAD2-00805FC1270E}\\ShellFolder\\UseDropHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{B155BDF8-02F0-451E-9A26-AE317CFD7779}\\ShellFolder\\HideOnDesktopPerUser",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\8D0CBB37A94C46943A90AC5008CF1CC9\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\Description",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontSubstitutes\\Segoe UI",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{905E63B6-C1BF-494E-B29C-65B732D3D21A}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\chm.file\\BrowseInPlace",
"HKEY_CURRENT_USER\\Software\\Microsoft\\RestartManager\\Session0000\\RegFilesHash",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\BrowseInPlace",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\Roamable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{BCBD3057-CA5C-4622-B42D-BC56DB0AE516}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\Public",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE\\c377d2bfb91b3167f78e37ed202a391e174323b2399b75fac291322d3865c60a.tmp",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\E116C831A95AB5B4787CE3086FE83631\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\PnpLockdownFiles\\%SystemDrive%\\Program Files (x86)\\DS Clock\\timesvrs.dat",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\User Shell Folders\\Common Startup",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\Security",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\PublishExpandedPath",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_NotifyNewApps",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\Description",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Nqzvavfgengvir Gbbyf\\freivprf.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2227A280-3AEA-1069-A2DE-08002B30309D}\\ShellFolder\\MapNetDriveVerbs",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{9113A02D-00A3-46B9-BC5F-9C04DADDD5D7}\\ShellFolder\\NoFileFolderJunction",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\Security",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Clguba 2.7\\VQYR (Clguba THV).yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\AE5A0040C41ACA642AF6DB16F4D2F638\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{208D2C60-3AEA-1069-A2D7-08002B30309D}\\ShellFolder\\HideOnDesktopPerUser",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\Roamable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\LocalRedirectOnly",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3D644C9B-1FB8-4F30-9B45-F670235F79C0}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}\\Description",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}\\InfoTip",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Nqzvavfgengvir Gbbyf\\Zrzbel Qvntabfgvpf Gbby.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\Description",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\LocalRedirectOnly",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\PnpLockdownFiles\\%SystemDrive%\\Program Files (x86)\\DS Clock\\dsetime.exe",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\000000000007\\PackedCatalogItem",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\Stream",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Npprffbevrf\\Flfgrz Gbbyf\\Flfgrz Vasbezngvba.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\Description",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\GRE_Initialize\\DisableMetaFiles",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\RelativePath",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\\zfpbasvt.rkr",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Hidden",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Jvaqbjf QIQ Znxre.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\CB2182A03B6B11341A1F09A021991CE1\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Mozilla\\MaintenanceService\\Installed",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontSubstitutes\\Helv",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.chm\\Content Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\11E2BA15171FE704B98E7505E58D7749\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2227A280-3AEA-1069-A2DE-08002B30309D}\\ShellFolder\\HideInWebView",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\MMDevices\\Audio\\Render\\{c8ce7349-e519-42ea-bfb7-698f1844ee25}\\Protocol",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\Roamable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\75B368B60C908BA4E87C31F66B02F3F0\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder\\HideFolderVerbs",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\67C12EF40671B7342A2F990919031A57\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\90860AAA7BD3DE34EB32330DD29CAD62\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\Icon",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\\rhqprqvg.rkr",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Npprffbevrf\\Erzbgr Qrfxgbc Pbaarpgvba.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\Desktop\\NameSpace\\{daf95313-e44d-46af-be1b-cbacea2c3065}\\SuppressionPolicy",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoSetFolders",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{BCBD3057-CA5C-4622-B42D-BC56DB0AE516}\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\ParsingName",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows\\ScrollDelay",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3D644C9B-1FB8-4F30-9B45-F670235F79C0}\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\NoFileFolderJunction",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{35786D3C-B075-49B9-88DD-029876E11C01}\\ShellFolder\\RestrictedAttributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\DisableImprovedZoneCheck",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\Description",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontSubstitutes\\Fixed Miriam Transparent",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\Stream",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\PreCreate",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\\zntavsl.rkr",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\ProgramFilesDir",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\InitFolderHandler",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{6Q809377-6NS0-444O-8957-N3773S02200R}\\QIQ Znxre\\QIQZnxre.rkr",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Next_Catalog_Entry_ID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\InstallDate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\InfoTip",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{3f5cc1b6-70f9-11e8-b07b-806e6f6e6963}\\Data",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\WantsAliasedNotifications",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{B155BDF8-02F0-451E-9A26-AE317CFD7779}\\ShellFolder\\QueryForInfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\StreamResource",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Taskband\\FavoritesChanges",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\285499F23409ED14FB4A01230F5DFA91\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\Zvpebfbsg.NhgbTrarengrq.{53123611-QN37-S8QN-SNP9-03R76QO9Q64Q}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{208D2C60-3AEA-1069-A2D7-08002B30309D}\\ShellFolder\\WantsParseDisplayName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\A7E9995902A24964C9C5D461E1C86F19\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{5CD7AEE2-2219-4A67-B85D-6C9CE15660CB}\\StreamResourceType",
"HKEY_CURRENT_USER\\Software\\Duality Software\\DS Clock\\Common\\FSW",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Video\\{6FABAC3A-B3E4-4C2F-82E9-AA53D01C5093}\\0000\\InstalledDisplayDrivers",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\InitFolderHandler",
"HKEY_CURRENT_USER\\Software\\Duality Software\\DS Clock\\TimeSync\\SVR",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\DontPrettyPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\DevicePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\Description",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\LocalRedirectOnly",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\en-US",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{B155BDF8-02F0-451E-9A26-AE317CFD7779}\\ShellFolder\\NoFileFolderJunction",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{9113A02D-00A3-46B9-BC5F-9C04DADDD5D7}\\ShellFolder\\CallForAttributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2227A280-3AEA-1069-A2DE-08002B30309D}\\LocalizedString",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3D644C9B-1FB8-4F30-9B45-F670235F79C0}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\LocalizedName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2227A280-3AEA-1069-A2DE-08002B30309D}\\ShellFolder\\NoFileFolderJunction",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{905E63B6-C1BF-494E-B29C-65B732D3D21A}\\LocalRedirectOnly",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\Zvpebfbsg.Jvaqbjf.ZrqvnCynlre32",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3D644C9B-1FB8-4F30-9B45-F670235F79C0}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{9113A02D-00A3-46B9-BC5F-9C04DADDD5D7}\\ShellFolder\\PinToNameSpaceTree",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\Roamable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{905E63B6-C1BF-494E-B29C-65B732D3D21A}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\RelativePath",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{9R3995NO-1S9P-4S13-O827-48O24O6P7174}\\GnfxOne\\Jvaqbjf Rkcybere.yax",
"HKEY_CURRENT_USER\\Software\\Duality Software\\DS Clock\\Common\\TPS",
"HKEY_CURRENT_USER\\Keyboard Layout\\Preload\\1",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontSubstitutes\\Arabic Transparent,0",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\8ECC347096FA78C4E8291F449F71E16E\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_CURRENT_USER\\Local Settings\\MuiCache\\2\\52C64B7E\\@C:\\Windows\\system32\\prnfldr.dll,-8036",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ICM\\RegisteredProfiles\\sRGB",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\8D38A6F5FC8262149A9FAAE8C621EE3F\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\PreCreate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\MapNetDriveVerbs",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\SeparateProcess",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Npprffbevrf\\Gnoyrg CP\\Jvaqbjf Wbheany.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\ProfilesDirectory",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\Description",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\ParentFolder",
"HKEY_CURRENT_USER\\Control Panel\\International\\Geo\\Nation",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontSubstitutes\\Courier New Baltic,186",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\895805CC90C04694887EF6BD140A622D\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontSubstitutes\\Arabic Transparent",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\MMDevices\\Audio\\Render\\{c8ce7349-e519-42ea-bfb7-698f1844ee25}\\DeviceState",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\89BBBC8A0D32B014696C4BA3C20CDD34\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Tracing\\firefox_RASMANCS\\ConsoleTracingMask",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\ListviewAlphaSelect",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{0000897b-83df-4b96-be07-0fb58b01c4a4}\\LanguageProfile\\0x00000000\\{0001bea3-ed56-483d-a2e2-aeae25577436}\\Enable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\F05C8358C56DAD54BB81D0A11DD52F41\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{BCBD3057-CA5C-4622-B42D-BC56DB0AE516}\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{9113A02D-00A3-46B9-BC5F-9C04DADDD5D7}\\ShellFolder\\WantsFORPARSING",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{BCBD3057-CA5C-4622-B42D-BC56DB0AE516}\\Roamable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_TrackProgs",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\000000000010\\PackedCatalogItem",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\RestrictedAttributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\NeverShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\ParsingName",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\\efgehv.rkr",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\Security",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{5CD7AEE2-2219-4A67-B85D-6C9CE15660CB}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\9753E3A35E3BDFB468DF95B5D19C8A04\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\LocalRedirectOnly",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\Roamable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\InitFolderHandler",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\Zvpebfbsg.NhgbTrarengrq.{Q4N262QQ-PR44-Q105-S36O-9Q77N8PO65N4}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\NoFileFolderJunction",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{B155BDF8-02F0-451E-9A26-AE317CFD7779}\\ShellFolder\\UseDropHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{9113A02D-00A3-46B9-BC5F-9C04DADDD5D7}\\ShellFolder\\HasNavigationEnum",
"HKEY_LOCAL_MACHINE\\HARDWARE\\DESCRIPTION\\System\\CentralProcessor\\0\\~Mhz",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{905E63B6-C1BF-494E-B29C-65B732D3D21A}\\InitFolderHandler",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Jvaqbjf Zrqvn Cynlre.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\4514EC211C8947C4B9BA24F353AFFD50\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SQMClient\\Windows\\DisabledSessions\\MachineThrottling",
"HKEY_CURRENT_USER\\Software\\Duality Software\\DS Clock\\Common\\PS",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\Attributes",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\My Music",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\LocalRedirectOnly",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\My Video",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\A0256FF64030E0746A4AA95D3FFD0BE4\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\\LocalRedirectOnly",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{7007ACC7-3202-11D1-AAD2-00805FC1270E}\\ShellFolder\\WantsFORPARSING",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\BrowseInPlace",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{9113A02D-00A3-46B9-BC5F-9C04DADDD5D7}\\ShellFolder\\HideInWebView",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\7C0477DE66D1A6749864FCE02A6DCB6C\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\\zboflap.rkr",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{BCBD3057-CA5C-4622-B42D-BC56DB0AE516}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\Roamable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{208D2C60-3AEA-1069-A2D7-08002B30309D}\\ShellFolder\\UseDropHandler",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\P:\\Clguba27\\clguba.rkr",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\D725CB8E57307E64EB574E04214D8B5F\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Npprffbevrf\\Flfgrz Gbbyf\\Punenpgre Znc.yax",
"HKEY_CURRENT_USER\\Software\\Duality Software\\DS Clock\\TimeSync\\AHR",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontSubstitutes\\David Transparent",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{7007ACC7-3202-11D1-AAD2-00805FC1270E}\\ShellFolder\\HideFolderVerbs",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Tracing\\firefox_RASAPI32\\FileDirectory",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Startup",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\Security",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\LocalizedName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ProgramFilesDir (x86)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\LocalRedirectOnly",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\IsShortcut",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoPropertiesRecycleBin",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoPropertiesMyComputer",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\Attributes",
"HKEY_CURRENT_USER\\Software\\Duality Software\\DS Clock\\Common\\FT",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\HasNavigationEnum",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShellState",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\Zvpebfbsg.NhgbTrarengrq.{7SR8Q22N-SO1Q-N8OR-01R3-6P8693961R6R}",
"HKEY_CURRENT_USER\\Software\\Duality Software\\DS Clock\\Common\\FN",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\LocalizedName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\Desktop\\NameSpace\\{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}\\SuppressionPolicy",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\LocalizedName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\PreCreate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Drive\\shellex\\FolderExtensions\\{fbeb8a05-beee-4442-804e-409d6c4515e9}\\DriveMask",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{S38OS404-1Q43-42S2-9305-67QR0O28SP23}\\rkcybere.rkr",
"HKEY_CURRENT_USER\\Software\\Duality Software\\DS Clock\\Common\\CTA",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{3f5cc1b6-70f9-11e8-b07b-806e6f6e6963}\\Generation",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2227A280-3AEA-1069-A2DE-08002B30309D}\\System.ItemNameDisplay",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\LocalizedName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoControlPanel",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{B155BDF8-02F0-451E-9A26-AE317CFD7779}\\ShellFolder\\WantsFORDISPLAY",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{5CD7AEE2-2219-4A67-B85D-6C9CE15660CB}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\LocalRedirectOnly",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\Stream",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontSubstitutes\\Times New Roman CE,238",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\\JvaqbjfNalgvzrHctenqrHV.rkr",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{5CD7AEE2-2219-4A67-B85D-6C9CE15660CB}\\Stream",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\B06071FE021ECB04E8B3BF1E39AD5BB3\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Security",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\User Shell Folders\\Common Desktop",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\84BBAC70FB00B6046881B55CB3122F0F\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\QueryForOverlay",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{N77S5Q77-2R2O-44P3-N6N2-NON601054N51}\\Vagrearg Rkcybere (64-ovg).yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum\\{B155BDF8-02F0-451E-9A26-AE317CFD7779}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\BE0BD5097A638224EB0DAAE870267F03\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Npprffbevrf\\Fgvpxl Abgrf.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\UseDropHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{35786D3C-B075-49B9-88DD-029876E11C01}\\ShellFolder\\HideOnDesktopPerUser",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\Roamable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\LocalizedName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3D644C9B-1FB8-4F30-9B45-F670235F79C0}\\Description",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\InfoTip",
"HKEY_CURRENT_USER\\Software\\Duality Software\\DS Clock\\Common\\CFQ",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\000000000003\\PackedCatalogItem",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\\ArgCebw.rkr",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2227A280-3AEA-1069-A2DE-08002B30309D}\\ShellFolder\\WantsFORPARSING",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\MapNetDriveVerbs",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\QueryForInfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\Icon",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{N77S5Q77-2R2O-44P3-N6N2-NON601054N51}\\Npprffbevrf\\Abgrcnq.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\Enabled",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\Attributes",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows\\ScrollInset",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{9113A02D-00A3-46B9-BC5F-9C04DADDD5D7}\\ShellFolder\\QueryForInfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Roamable",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Local AppData",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\HideOnDesktopPerUser",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\Zvpebfbsg.Jvaqbjf.ErzbgrQrfxgbc",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\Attributes",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Npprffbevrf\\Fbhaq Erpbeqre.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder\\QueryForInfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\PnpLockdownFiles\\%SystemDrive%\\ProgramData\\Duality Software\\DS Clock\\dsetime.log",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{BCBD3057-CA5C-4622-B42D-BC56DB0AE516}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\9F5ED6B416EF0A1448D94799D0FF20BA\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\04C56B5D827A9194FA2CBFD014EAD0DA\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\HideFolderVerbs",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{B155BDF8-02F0-451E-9A26-AE317CFD7779}\\ShellFolder\\QueryForOverlay",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoNetCrawling",
"HKEY_CURRENT_USER\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\TrayNotify\\PromotedIconCache",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E96E-E325-11CE-BFC1-08002BE10318}\\0000\\ProfileEnumMode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\ParentFolder",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Npprffbevrf\\Favccvat Gbby.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{BCBD3057-CA5C-4622-B42D-BC56DB0AE516}\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\MMDevices\\Audio\\Render\\{6fcf1fb3-47c2-4dea-98cf-b6fd0420a46f}\\DeviceState",
"HKEY_CURRENT_USER\\Software\\Duality Software\\DS Clock\\Common\\GPSTT",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\Description",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\\FbhaqErpbeqre.rkr",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\\zvtjvm\\cbfgzvt.rkr",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder\\NoFileFolderJunction",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Nqzvavfgengvir Gbbyf\\Cevag Znantrzrag.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\LocalizedName",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows\\DragDelay",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\PreCreate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\Desktop\\NameSpace\\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}\\SuppressionPolicy",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{N77S5Q77-2R2O-44P3-N6N2-NON601054N51}\\Npprffbevrf\\Npprffvovyvgl\\Zntavsl.yax",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{6Q809377-6NS0-444O-8957-N3773S02200R}\\Jvaqbjf Wbheany\\Wbheany.rkr",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\F591EF48DE97A00428A5BC1AFFFAA868\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder\\PinToNameSpaceTree",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\Roamable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\PreCreate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\LocalizedName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\87C48B95924E3294FBC1766C9225DD0C\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\LocalizedName",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\ShowSuperHidden",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{35786D3C-B075-49B9-88DD-029876E11C01}\\ShellFolder\\HideFolderVerbs",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\B1D5EA6004F809D48B117CE563261011\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\Roamable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{905E63B6-C1BF-494E-B29C-65B732D3D21A}\\LocalizedName",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\\zfvasb32.rkr",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\PreCreate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\AutoComplete\\Always Use Tab",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\LocalizedName",
"HKEY_CURRENT_USER\\Keyboard Layout\\Toggle\\Hotkey",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\LocalizedName",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\\ZqFpurq.rkr",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontSubstitutes\\Arial Greek,161",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\WantsFORDISPLAY",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\16AC40BE991DF1643B2800729063B2F9\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Description",
"HKEY_CURRENT_USER\\Local Settings\\MuiCache\\2\\52C64B7E\\@C:\\Windows\\system32\\OobeFldr.dll,-33056",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\Description",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}\\LocalizedName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\LocalizedName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows NT\\CurrentVersion\\Windows\\LoadAppInit_DLLs",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\Roamable",
"HKEY_CURRENT_USER\\FirefoxURL-E7CF176E110C211B\\shell\\open\\NeverDefault",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\Desktop\\NameSpace\\{645FF040-5081-101B-9F08-00AA002F954E}\\SuppressionPolicy",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\ClassicShell",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ICM\\RegisteredProfiles\\camp",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{905E63B6-C1BF-494E-B29C-65B732D3D21A}\\Roamable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\WantsParseDisplayName",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\EnablePunycode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2227A280-3AEA-1069-A2DE-08002B30309D}\\ShellFolder\\HideFolderVerbs",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\IconsOnly",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{BCBD3057-CA5C-4622-B42D-BC56DB0AE516}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\Security",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\HideOnDesktopPerUser",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\0FD387D006FD9734FA65B249F36DE42A\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ProgramFilesDir",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\Zvpebfbsg.NhgbTrarengrq.{OO044OSQ-25O7-2SNN-22N8-6371N93R0456}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\FFFA6DF7EA9EDFC45A1F02FE6DF8F067\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder\\HideInWebView",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E968-E325-11CE-BFC1-08002BE10318}\\0000\\DriverDate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}\\LocalRedirectOnly",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{7007ACC7-3202-11D1-AAD2-00805FC1270E}\\LocalizedString",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\RelativePath",
"HKEY_CURRENT_USER\\Control Panel\\Desktop\\PreferredUILanguages",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\Stream",
"HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\CreateUriCacheSize",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{905E63B6-C1BF-494E-B29C-65B732D3D21A}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\LocalRedirectOnly",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\EEF8AA9EB45B5DB4BBE46B8634C910CD\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\Desktop\\NameSpace\\{26EE0668-A00A-44D7-9371-BEB064C98683}\\SuppressionPolicy",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ICM\\RegisteredProfiles\\rip",
"HKEY_CURRENT_USER\\Software\\Duality Software\\DS Clock\\Common\\PST",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{5CD7AEE2-2219-4A67-B85D-6C9CE15660CB}\\PreCreate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{9113A02D-00A3-46B9-BC5F-9C04DADDD5D7}\\ShellFolder\\HideFolderVerbs",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\PreCreate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\AlwaysShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\Security",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{7007ACC7-3202-11D1-AAD2-00805FC1270E}\\ShellFolder\\CallForAttributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\Description",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{35786D3C-B075-49B9-88DD-029876E11C01}\\ShellFolder\\WantsAliasedNotifications",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{BCBD3057-CA5C-4622-B42D-BC56DB0AE516}\\LocalRedirectOnly",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2227A280-3AEA-1069-A2DE-08002B30309D}\\ShellFolder\\HasNavigationEnum",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Common Programs",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Shell\\BagMRU\\MRUListEx",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Mozilla\\MaintenanceService\\Attempted",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{35786D3C-B075-49B9-88DD-029876E11C01}\\ShellFolder\\QueryForInfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\PreCreate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{905E63B6-C1BF-494E-B29C-65B732D3D21A}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\Security",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\Security",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{905E63B6-C1BF-494E-B29C-65B732D3D21A}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\LocalRedirectOnly",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\IsShortcut",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Tracing\\firefox_RASMANCS\\EnableConsoleTracing",
"HKEY_CURRENT_USER\\Local Settings\\MuiCache\\2\\52C64B7E\\@C:\\Windows\\system32\\XpsRchVw.exe,-102",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\5B5C8B2FB95B57147954C18085D53ACE\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\BrowseInPlace",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder\\HasNavigationEnum",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\CF65AB832507EDB4BB357F9D8E0431BD\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\E85E64F0A7FC58E47A87E5AB98A6F2DD\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\8D04063BE69797D4D8505462827A0D19\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontSubstitutes\\Times New Roman TUR,162",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{905E63B6-C1BF-494E-B29C-65B732D3D21A}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Num_Catalog_Entries",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Tcpip\\Parameters\\Domain",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Znvagranapr\\Erzbgr Nffvfgnapr.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\Stream",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\LocalizedName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontSubstitutes\\Courier New CE,238",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Programs",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\Attributes",
"HKEY_LOCAL_MACHINE\\HARDWARE\\DESCRIPTION\\System\\CentralProcessor\\0\\VendorIdentifier",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\1E82F31DC0D05AA4CB291B7BAA23FC8E\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{208D2C60-3AEA-1069-A2D7-08002B30309D}\\ShellFolder\\QueryForOverlay",
"HKEY_CURRENT_USER\\Software\\Duality Software\\DS Clock\\Common\\CH1",
"HKEY_CURRENT_USER\\Software\\Duality Software\\DS Clock\\Common\\CH0",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder\\WantsFORPARSING",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\0411990C889EE9B47BB0B5D356564877\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\LocalizedName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\D3541DFF9B79C584284E8981624C04CB\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{9113A02D-00A3-46B9-BC5F-9C04DADDD5D7}\\ShellFolder\\UseDropHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\7BF7ABF4D25C03F4582D4BC3082FB208\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\8691BCC36FF121849A90B085BFAF5E5E\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Npprffbevrf\\Jvaqbjf CbjreFuryy\\Jvaqbjf CbjreFuryy (k86).yax",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StartPage2\\FavoritesChanges",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\FolderTypeID",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\\FavccvatGbby.rkr",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\AllowFileCLSIDJunctions",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_LargeMFUIcons",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\PreCreate",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Npprffbevrf\\ArgjbexCebwrpgvba.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\PreCreate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontSubstitutes\\MS Shell Dlg 2",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Taskband\\FavoritesRemovedChanges",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StartPage\\StartMenu_Balloon_Time",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\LocalRedirectOnly",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace\\DelegateFolders\\{b155bdf8-02f0-451e-9a26-ae317cfd7779}\\SuppressionPolicy",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\ParentFolder",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\Zvpebfbsg.NhgbTrarengrq.{15067OP1-P5N8-425R-37P6-SN0O891674S9}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Security",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\Stream",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{9113A02D-00A3-46B9-BC5F-9C04DADDD5D7}\\ShellFolder\\WantsParseDisplayName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\62293D511DB84E5489074C5AFA18E882\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{5CD7AEE2-2219-4A67-B85D-6C9CE15660CB}\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E968-E325-11CE-BFC1-08002BE10318}\\0000\\DriverVersion",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\IETld\\IETldDllVersionHigh",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\89DF671CDA74E9D4EB10275B10D5CF3F\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\\zfcnvag.rkr",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{35786D3C-B075-49B9-88DD-029876E11C01}\\ShellFolder\\WantsFORDISPLAY",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{B155BDF8-02F0-451E-9A26-AE317CFD7779}\\ShellFolder\\HasNavigationEnum",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\InitFolderHandler",
"HKEY_CURRENT_USER\\Control Panel\\Desktop\\SmoothScroll",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\Roamable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder\\RestrictedAttributes",
"HKEY_CURRENT_USER\\Software\\Duality Software\\DS Clock\\Common\\UO",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{9R3995NO-1S9P-4S13-O827-48O24O6P7174}\\GnfxOne\\Jvaqbjf Zrqvn Cynlre.yax",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Jvaqbjf Nalgvzr Hctenqr.yax",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{N77S5Q77-2R2O-44P3-N6N2-NON601054N51}\\Vagrearg Rkcybere.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\Security",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\Stream",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\Category",
"HKEY_CURRENT_USER\\Local Settings\\MuiCache\\2\\52C64B7E\\@C:\\Windows\\system32\\SNTSearch.dll,-505",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\MMDevices\\Audio\\Render\\{c8ce7349-e519-42ea-bfb7-698f1844ee25}\\Properties\\{5a9125b7-f367-4924-ace2-0803a4a3a471},0",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{B155BDF8-02F0-451E-9A26-AE317CFD7779}\\ShellFolder\\PinToNameSpaceTree",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\9DD74C0626DC33C479C1929714AB5295\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{5CD7AEE2-2219-4A67-B85D-6C9CE15660CB}\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\PreCreate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{7007ACC7-3202-11D1-AAD2-00805FC1270E}\\InProcServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{208D2C60-3AEA-1069-A2D7-08002B30309D}\\ShellFolder\\PinToNameSpaceTree",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\LocalizedName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{35786D3C-B075-49B9-88DD-029876E11C01}\\ShellFolder\\HasNavigationEnum",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Nqzvavfgengvir Gbbyf\\vFPFV Vavgvngbe.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{905E63B6-C1BF-494E-B29C-65B732D3D21A}\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{5CD7AEE2-2219-4A67-B85D-6C9CE15660CB}\\InitFolderHandler",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{BCBD3057-CA5C-4622-B42D-BC56DB0AE516}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{208D2C60-3AEA-1069-A2D7-08002B30309D}\\ShellFolder\\NoFileFolderJunction",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Tracing\\firefox_RASAPI32\\ConsoleTracingMask",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Npprffbevrf\\Flfgrz Gbbyf\\Erfbhepr Zbavgbe.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\Description",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\\Roamable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\PublishExpandedPath",
"HKEY_CURRENT_USER\\Software\\Microsoft\\RestartManager\\Session0000\\RRCount",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{35786D3C-B075-49B9-88DD-029876E11C01}\\ShellFolder\\WantsParseDisplayName",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{9R3995NO-1S9P-4S13-O827-48O24O6P7174}\\GnfxOne\\Vagrearg Rkcybere.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoCommonGroups",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\PinToNameSpaceTree",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\LocalizedName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\Stream",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\User Shell Folders\\CommonMusic",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\Security",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\\JvaqbjfCbjreFuryy\\i1.0\\cbjrefuryy.rkr",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{B155BDF8-02F0-451E-9A26-AE317CFD7779}\\ShellFolder\\RestrictedAttributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2227A280-3AEA-1069-A2DE-08002B30309D}\\ShellFolder\\QueryForInfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\000000000009\\PackedCatalogItem",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\LocalRedirectOnly",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows\\ScrollInterval",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\Description",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\ShowCompColor",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\PreCreate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{5CD7AEE2-2219-4A67-B85D-6C9CE15660CB}\\LocalRedirectOnly",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\LocalRedirectOnly",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\Zvpebfbsg.VagreargRkcybere.64Ovg",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{7007ACC7-3202-11D1-AAD2-00805FC1270E}\\ShellFolder\\MapNetDriveVerbs",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\000000000004\\PackedCatalogItem",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\InfoTip",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{9R3995NO-1S9P-4S13-O827-48O24O6P7174}\\GnfxOne\\Sversbk.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\Security",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\Desktop\\NameSpace\\{11016101-E366-4D22-BC06-4ADA335C892B}\\SuppressionPolicy",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\3D197E722531D614AB40C182904D9A31\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\Description",
"HKEY_CURRENT_USER\\Software\\Duality Software\\DS Clock\\Common\\TR",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace\\DelegateFolders\\(Default)",
"HKEY_CURRENT_USER\\Software\\Duality Software\\DS Clock\\Common\\TT",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\LocalizedName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\Description",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane2",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\Security",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\PublishExpandedPath",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{Q65231O0-O2S1-4857-N4PR-N8R7P6RN7Q27}\\JvaqbjfCbjreFuryy\\i1.0\\cbjrefuryy.rkr",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontSubstitutes\\Helvetica",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Shell\\BagMRU\\NodeSlots",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\PreCreate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{5CD7AEE2-2219-4A67-B85D-6C9CE15660CB}\\LocalizedName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\Name",
"HKEY_CURRENT_USER\\FirefoxURL-E7CF176E110C211B\\NoStaticDefaultVerb",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\MUI\\StringCacheSettings\\StringCacheGeneration",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\\JS.zfp",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{6Q809377-6NS0-444O-8957-N3773S02200R}\\Pbzzba Svyrf\\Zvpebfbsg Funerq\\Vax\\GnoGvc.rkr",
"HKEY_CURRENT_USER\\Software\\Duality Software\\DS Clock\\Common\\H4",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{7007ACC7-3202-11D1-AAD2-00805FC1270E}\\ShellFolder\\HideOnDesktopPerUser",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\AccessProviders\\MartaExtension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\Desktop\\NameSpace\\{450D8FBA-AD25-11D0-98A8-0800361B1103}\\SuppressionPolicy",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\Name",
"HKEY_CURRENT_USER\\Local Settings\\MuiCache\\2\\52C64B7E\\@C:\\Windows\\system32\\FXSRESM.dll,-114",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\63B1AF366905AF641BA514CCBAE803C4\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder\\UseDropHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\Stream",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\PreCreate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum\\{35786D3C-B075-49B9-88DD-029876E11C01}",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{3f5cc1b5-70f9-11e8-b07b-806e6f6e6963}\\Generation",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\Desktop\\NameSpace\\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\\SuppressionPolicy",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Video\\{6FABAC3A-B3E4-4C2F-82E9-AA53D01C5093}\\0000\\HardwareInformation.MemorySize",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\\JSF.rkr",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Rpc\\Extensions\\NdrOleExtDLL",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\040E2A370D6DB2F45AE45A0032BC2179\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\PreCreate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\LocalizedName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\Description",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\E40FDF839772BEB41AC977860DBB4853\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\WantsAliasedNotifications",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Tracing\\firefox_RASMANCS\\FileDirectory",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Name",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StartPage2\\FavoritesRemovedChanges",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\Roamable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\84C584688CFC74A4E9D36E5EE2E02FA7\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\LocalRedirectOnly",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\\pbzrkc.zfp",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{5CD7AEE2-2219-4A67-B85D-6C9CE15660CB}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontSubstitutes\\Rod Transparent",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DontShowSuperHidden",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\Stream",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\Security",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\Security",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Nqzvavfgengvir Gbbyf\\Frphevgl Pbasvthengvba Znantrzrag.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\Category",
"HKEY_CURRENT_USER\\Software\\Duality Software\\DS Clock\\Common\\ATF",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{208D2C60-3AEA-1069-A2D7-08002B30309D}\\ShellFolder\\MapNetDriveVerbs",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\\PreCreate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{7007ACC7-3202-11D1-AAD2-00805FC1270E}\\ShellFolder\\HasNavigationEnum",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\LocalizedName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\chm.file\\AlwaysShowExt",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Npprffbevrf\\Flfgrz Gbbyf\\Jvaqbjf Rnfl Genafsre Ercbegf.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{7007ACC7-3202-11D1-AAD2-00805FC1270E}\\{B725F130-47EF-101A-A5F1-02608C9EEBAC} 10",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}\\Security",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Nqzvavfgengvir Gbbyf\\Flfgrz Pbasvthengvba.yax",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\EnableBalloonTips",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\Stream",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\Description",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{BCBD3057-CA5C-4622-B42D-BC56DB0AE516}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\RegisteredOwner",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\PreCreate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\HideInWebView",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{7007ACC7-3202-11D1-AAD2-00805FC1270E}\\ShellFolder\\WantsFORDISPLAY",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontSubstitutes\\Times New Roman Greek,161",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\LocalRedirectOnly",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\PinToNameSpaceTree",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Shell\\Associations\\UrlAssociations\\http\\UserChoice\\Progid",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\LocalRedirectOnly",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\PreCreate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\System.NamespaceCLSID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\C1EF68F348457B246A0AD0C18B3079AF\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\RelativePath",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Jvaqbjf Snk naq Fpna.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\PnpLockdownFiles\\%SystemDrive%\\ProgramData\\Duality Software\\DS Clock\\Sounds\\Chimes.wav",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3D644C9B-1FB8-4F30-9B45-F670235F79C0}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\4FE19F224928A59468049F045950CB08\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\669C9DC1419C0F240B35B36B99AAB50C\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\92F9143E715DEF045A539256438E41FB\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\AppData",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\000000000005\\PackedCatalogItem",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{9E3995AB-1F9C-4F13-B827-48B24B6C7174}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{9113A02D-00A3-46B9-BC5F-9C04DADDD5D7}\\ShellFolder\\QueryForOverlay",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{B155BDF8-02F0-451E-9A26-AE317CFD7779}\\ShellFolder\\WantsUniversalDelegate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Stream",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\Zvpebfbsg.NhgbTrarengrq.{8NOQ94SO-R7Q6-84N6-N997-P918RQQR0NR5}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\LDAP\\UseHostnameAsAlias",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\Interface\\{618736E0-3C3D-11CF-810C-00AA00389B71}\\ProxyStubClsid32\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Tracing\\firefox_RASMANCS\\EnableFileTracing",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3D644C9B-1FB8-4F30-9B45-F670235F79C0}\\LocalizedName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3D644C9B-1FB8-4F30-9B45-F670235F79C0}\\Stream",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{7007ACC7-3202-11D1-AAD2-00805FC1270E}\\ShellFolder\\WantsParseDisplayName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2227A280-3AEA-1069-A2DE-08002B30309D}\\ShellFolder\\RestrictedAttributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\B690B72A999998C47B5F93C94A8D43B2\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{7007ACC7-3202-11D1-AAD2-00805FC1270E}\\ShellFolder\\PinToNameSpaceTree",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{7007ACC7-3202-11D1-AAD2-00805FC1270E}\\SortOrderIndex",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\WantsUniversalDelegate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{208D2C60-3AEA-1069-A2D7-08002B30309D}\\ShellFolder\\QueryForInfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\QueryForOverlay",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\Description",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\5E3DAE67887931944BCD7171908FA775\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{21EC2020-3AEA-1069-A2DD-08002B30309D}\\SortOrderIndex",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}\\ParentFolder",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\\JvaqbjfCbjreFuryy\\i1.0\\CbjreFuryy_VFR.rkr",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{N77S5Q77-2R2O-44P3-N6N2-NON601054N51}\\Npprffbevrf\\Npprffvovyvgl\\Aneengbe.yax",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\000000000001\\PackedCatalogItem",
"HKEY_CURRENT_USER\\Software\\Microsoft\\RestartManager\\Session0000\\Sequence",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontSubstitutes\\Courier New CYR,204",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3D644C9B-1FB8-4F30-9B45-F670235F79C0}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\InfoTip",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{6Q809377-6NS0-444O-8957-N3773S02200R}\\Jvaqbjf AG\\Npprffbevrf\\jbeqcnq.rkr",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder\\QueryForOverlay",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\LDAP\\LdapClientIntegrity",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum\\{871C5380-42A0-1069-A2EA-08002B30309D}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\Stream",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\\zfen.rkr",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Products\\586A8930D8DF3B6489614C37910BFCF5\\Features\\TclTk",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\DocObject",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2227A280-3AEA-1069-A2DE-08002B30309D}\\{B725F130-47EF-101A-A5F1-02608C9EEBAC} 10",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\LocalRedirectOnly",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\\pyrnazte.rkr",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\MUI\\UILanguages\\en-US\\AlternateCodePage",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\Desktop\\NameSpace\\{e345f35f-9397-435c-8f95-4e922c26259e}\\SuppressionPolicy",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2227A280-3AEA-1069-A2DE-08002B30309D}\\ShellFolder\\WantsParseDisplayName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Duality Software\\DS Clock\\Install\\Stamp",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\RelativePath",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{N77S5Q77-2R2O-44P3-N6N2-NON601054N51}\\Npprffbevrf\\Npprffvovyvgl\\Ba-Fperra Xrlobneq.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2227A280-3AEA-1069-A2DE-08002B30309D}\\ShellFolder\\WantsAliasedNotifications",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\QF Pybpx\\QF Pybpx.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{BCBD3057-CA5C-4622-B42D-BC56DB0AE516}\\InfoTip",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Npprffbevrf\\Jrypbzr Pragre.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3D644C9B-1FB8-4F30-9B45-F670235F79C0}\\PreCreate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\Roamable",
"HKEY_CURRENT_USER\\Software\\Microsoft\\RestartManager\\Session0000\\RegSvcs0000",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\AD21E12039BB3BC47B1938BC4ABDFEE2\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3D644C9B-1FB8-4F30-9B45-F670235F79C0}\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\18F5DB38C45303843B06B1B5025E4820\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\HARDWARE\\DESCRIPTION\\System\\CentralProcessor\\0\\Update Signature",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\Security",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\MMDevices\\Audio\\Render\\{6fcf1fb3-47c2-4dea-98cf-b6fd0420a46f}\\Protocol",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Common Start Menu",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{35786D3C-B075-49B9-88DD-029876E11C01}\\ShellFolder\\CallForAttributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{BCBD3057-CA5C-4622-B42D-BC56DB0AE516}\\PreCreate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Tracing\\firefox_RASMANCS\\MaxFileSize",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\CDBF699A8F2EAC2438564C3D50E9E638\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Security_HKLM_only",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\Icon",
"HKEY_CURRENT_USER\\Software\\Duality Software\\DS Clock\\Common\\GPST",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\Attributes",
"HKEY_CURRENT_USER\\Software\\Duality Software\\DS Clock\\TimeSync\\NOD",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{208D2C60-3AEA-1069-A2D7-08002B30309D}\\ShellFolder\\WantsAliasedNotifications",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\\vfpfvpcy.rkr",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\MMDevices\\Audio\\Render\\{c8ce7349-e519-42ea-bfb7-698f1844ee25}\\Role:1",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\EnablePunycode",
"HKEY_CURRENT_USER\\Software\\Duality Software\\DS Clock\\TimeSync\\NOR",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\PnpLockdownFiles\\%SystemDrive%\\Program Files (x86)\\DS Clock\\libcurl.dll",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{9113A02D-00A3-46B9-BC5F-9C04DADDD5D7}\\ShellFolder\\WantsAliasedNotifications",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\D5FD8239A83FE564F97379EA15CE8CB6\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\HideFolderVerbs",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\1C1ED53B8F25FD248955C15232E46886\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\\zvtjvm\\zvtjvm.rkr",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\30FAECE2400494D4FB69207288EB5B73\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\PnpLockdownFiles\\%SystemDrive%\\ProgramData\\Duality Software\\DS Clock\\Sounds\\Cuckoo.wav",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\Security",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\CallForAttributes",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Cached\\{871C5380-42A0-1069-A2EA-08002B30309D} {000214E6-0000-0000-C000-000000000046} 0xFFFF",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SQMClient\\Windows\\CEIPEnable",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E96E-E325-11CE-BFC1-08002BE10318}\\0000\\ICMProfile",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Description",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows\\DragMinDist",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\PnpLockdownFiles\\%SystemDrive%\\Program Files (x86)\\DS Clock\\dsclock.chm",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{7007ACC7-3202-11D1-AAD2-00805FC1270E}\\ShellFolder\\NoFileFolderJunction",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\Roamable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\StreamResourceType",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Personal",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Serial_Access_Num",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\PnpLockdownFiles\\%SystemDrive%\\Program Files (x86)\\DS Clock\\dsound.dll",
"HKEY_CURRENT_USER\\Software\\Duality Software\\DS Clock\\TimeSync\\FST",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-699399860-4089948139-3198924279-1001\\ProfileImagePath",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\Zvpebfbsg.VagreargRkcybere.Qrsnhyg",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2227A280-3AEA-1069-A2DE-08002B30309D}\\ShellFolder\\PinToNameSpaceTree",
"HKEY_CURRENT_USER\\Software\\Duality Software\\DS Clock\\Common\\FTZ",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{208D2C60-3AEA-1069-A2D7-08002B30309D}\\ShellFolder\\WantsFORDISPLAY",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Npprffbevrf\\Gnoyrg CP\\FuncrPbyyrpgbe.yax",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Nqzvavfgengvir Gbbyf\\Jvaqbjf Sverjnyy jvgu Nqinaprq Frphevgl.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontSubstitutes\\Tms Rmn",
"HKEY_CURRENT_USER\\Software\\Duality Software\\DS Clock\\Common\\FDOW",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\HideIcons",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\PnpLockdownFiles\\%SystemDrive%\\Program Files (x86)\\DS Clock\\unins000.exe",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\Security",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\Stream",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Stream",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\FolderTypeID",
"HKEY_CURRENT_USER\\Software\\Duality Software\\DS Clock\\Common\\FWOY",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\B4BBDDC88CEE4DD439E8BB261CE222A8\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{B155BDF8-02F0-451E-9A26-AE317CFD7779}\\ShellFolder\\MapNetDriveVerbs",
"HKEY_CURRENT_USER\\Software\\Duality Software\\DS Clock\\Common\\H2",
"HKEY_CURRENT_USER\\Software\\Duality Software\\DS Clock\\Common\\H0",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\IsShortcut",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\EMPTY",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\Category",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\IETld\\IETldDllVersionLow",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\CommonFilesDir",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{B155BDF8-02F0-451E-9A26-AE317CFD7779}\\ShellFolder\\WantsParseDisplayName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\Stream",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\FE056816E41FD2F4CACD03E7A2CA2E6E\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{35786D3C-B075-49B9-88DD-029876E11C01}\\ShellFolder\\PinToNameSpaceTree",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{5CD7AEE2-2219-4A67-B85D-6C9CE15660CB}\\Security",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\PnpLockdownFiles\\%SystemDrive%\\Program Files (x86)\\DS Clock\\dbghelp.dll",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{03022430-ABC4-11D0-BDE2-00AA001A1953}\\InProcServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\Name",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\WebView",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3D644C9B-1FB8-4F30-9B45-F670235F79C0}\\Security",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\CommonFilesDir",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\Zvpebfbsg.NhgbTrarengrq.{P1P6S8NP-40N3-0S5P-146S-65N9QP70OOO4}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3D644C9B-1FB8-4F30-9B45-F670235F79C0}\\Roamable",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\\freivprf.zfp",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\7FEB01D34D0F67E4F9CD810B432C1B91\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\FF9FDEA72CD9DDC47A6DAB85F9F76B81\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\LocalRedirectOnly",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Npprffbevrf\\Flfgrz Gbbyf\\Qvfx Pyrnahc.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\296744B7EBFEB2741A47781AE6E32269\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\Zvpebfbsg.Jvaqbjf.FgvpxlAbgrf",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{N77S5Q77-2R2O-44P3-N6N2-NON601054N51}\\Npprffbevrf\\Jvaqbjf Rkcybere.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.chm\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\7636A94AA21EDBB48B6AFFB17E5907B8\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{3f5cc1b5-70f9-11e8-b07b-806e6f6e6963}\\Data",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\Icon",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\Zvpebfbsg.NhgbTrarengrq.{OQ3S924R-55SO-N1ON-9QR6-O50S9S2460NP}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\5E429E5BC27530F4786481EC687D9EC9\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_CURRENT_USER\\FirefoxHTML-E7CF176E110C211B\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\Description",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\Description",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\LocalizedName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\PreCreate",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\\pnyp.rkr",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Npprffbevrf\\Jvaqbjf CbjreFuryy\\Jvaqbjf CbjreFuryy VFR (k86).yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontSubstitutes\\Arabic Transparent Bold",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{208D2C60-3AEA-1069-A2D7-08002B30309D}\\ShellFolder\\CallForAttributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\Roamable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{5CD7AEE2-2219-4A67-B85D-6C9CE15660CB}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Products\\586A8930D8DF3B6489614C37910BFCF5\\Features\\DefaultFeature",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{35786D3C-B075-49B9-88DD-029876E11C01}\\ShellFolder\\WantsUniversalDelegate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\PreCreate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_MinMFU",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{N77S5Q77-2R2O-44P3-N6N2-NON601054N51}\\Npprffbevrf\\Flfgrz Gbbyf\\Cevingr Punenpgre Rqvgbe.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Mozilla\\Firefox\\TaskBarIDs\\C:\\Program Files (x86)\\Mozilla Firefox",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\LocalizedName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\Roamable",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\Setup\\SystemSetupInProgress",
"HKEY_CURRENT_USER\\Software\\Duality Software\\DS Clock\\Common\\MS",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Keyboard Layout\\d0010409",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\SourcePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\LocalRedirectOnly",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{7P5N40RS-N0SO-4OSP-874N-P0S2R0O9SN8R}\\QF Pybpx\\qfpybpx.rkr",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\WantsParseDisplayName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{208D2C60-3AEA-1069-A2D7-08002B30309D}\\ShellFolder\\HideInWebView",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_MinMFU",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\Roamable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontSubstitutes\\Times New Roman Baltic,186",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{5CD7AEE2-2219-4A67-B85D-6C9CE15660CB}\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\LocalRedirectOnly",
"HKEY_CURRENT_USER\\Software\\Duality Software\\DS Clock\\Common\\RTL",
"HKEY_CURRENT_USER\\Software\\Duality Software\\DS Clock\\Common\\OT",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Features\\586A8930D8DF3B6489614C37910BFCF5\\DefaultFeature",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{35786D3C-B075-49B9-88DD-029876E11C01}\\ShellFolder\\QueryForOverlay",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\4FE462B32EFD81040A184ED17E00452B\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\Security",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\KCF Ivrjre.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\PreCreate",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\en",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\ClearRecentDocsOnExit",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{35786D3C-B075-49B9-88DD-029876E11C01}\\ShellFolder\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{BCBD3057-CA5C-4622-B42D-BC56DB0AE516}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2227A280-3AEA-1069-A2DE-08002B30309D}\\ShellFolder\\UseDropHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}\\PreCreate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\8020CF43278B2644190F51544810251E\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\C4040CC509FB0DC4886F590DDF6B6132\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3D644C9B-1FB8-4F30-9B45-F670235F79C0}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\WantsFORPARSING",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\MMDevices\\Audio\\Render\\{c8ce7349-e519-42ea-bfb7-698f1844ee25}\\Properties\\{f3e80bef-1723-4ff2-bcc4-7f83dc5e46d4},3",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\MUI\\UILanguages\\en-US\\Type",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\AutoCheckSelect",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\0EF52818FCE3E7B488427C1F8266654E\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace\\DelegateFolders\\{35786D3C-B075-49b9-88DD-029876E11C01}\\SuppressionPolicy",
"HKEY_CURRENT_USER\\Software\\Duality Software\\DS Clock\\Common\\SSA",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{374DE290-123F-4565-9164-39C4925E467B}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\0F4DC93AAA8AD1D448BC4E6A207F4FE0\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{00021401-0000-0000-C000-000000000046}\\EnableShareDenyNone",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\Description",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\Stream",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{B155BDF8-02F0-451E-9A26-AE317CFD7779}\\ShellFolder\\HideInWebView",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Desktop",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontSubstitutes\\Arial TUR,162",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE\\*",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\Roamable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{BCBD3057-CA5C-4622-B42D-BC56DB0AE516}\\Description",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\Pacific Standard Time\\Dynamic DST\\2019",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Tcpip\\Parameters\\Hostname",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\PreCreate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\LocalizedName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\Pacific Standard Time\\Dynamic DST\\LastEntry",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\LocalRedirectOnly",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Tracing\\firefox_RASMANCS\\FileTracingMask",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Icon",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Nqzvavfgengvir Gbbyf\\Qngn Fbheprf (BQOP).yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\315C767EFC72D8445B1D2D16F72653F0\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\{28636AA6-953D-11D2-B5D6-00C04FD918D0} 6",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{6Q809377-6NS0-444O-8957-N3773S02200R}\\Pbzzba Svyrf\\Zvpebfbsg Funerq\\Vax\\FuncrPbyyrpgbe.rkr",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows NT\\CurrentVersion\\Windows\\AppInit_DLLs",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontSubstitutes\\Courier New TUR,162",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Tracing\\firefox_RASAPI32\\FileTracingMask",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder\\WantsUniversalDelegate",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Clguba 2.7\\Clguba (pbzznaq yvar).yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ICM\\RegisteredProfiles\\ri",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\PreCreate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\Roamable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace\\DelegateFolders\\SuppressionPolicy",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\Security",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\LocalRedirectOnly",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\1A0857155A8EF604FA5D1648CF382DC7\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Npprffbevrf\\Flfgrz Gbbyf\\Jvaqbjf Rnfl Genafsre.yax",
"HKEY_CURRENT_USER\\Software\\Duality Software\\DS Clock\\Common\\3D",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Sversbk.yax",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Nqzvavfgengvir Gbbyf\\Pbzcbarag Freivprf.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontSubstitutes\\Times New Roman CYR,204",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}\\Roamable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\RelativePath",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\IETld\\IETldVersionLow",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\StreamResourceType",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{56784854-C6CB-462B-8169-88E350ACB882}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_NotifyNewApps",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Shell\\BagMRU\\NodeSlot",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\Name",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.html\\UserChoice\\Progid",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\Icon",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Nqzvavfgengvir Gbbyf\\Gnfx Fpurqhyre.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\RelativePath",
"HKEY_CURRENT_USER\\Software\\Microsoft\\RestartManager\\Session0000\\ESCount",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Filter",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\WantsFORDISPLAY",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\CTF\\EnableAnchorContext",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{905E63B6-C1BF-494E-B29C-65B732D3D21A}\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{5CD7AEE2-2219-4A67-B85D-6C9CE15660CB}\\Description",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3D644C9B-1FB8-4F30-9B45-F670235F79C0}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\LocalRedirectOnly",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\\pzq.rkr",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\User Shell Folders\\CommonVideo",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Npprffbevrf\\Cnvag.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\Attributes",
"HKEY_CURRENT_USER\\Software\\Microsoft\\RestartManager\\Session0000\\RegFiles0001",
"HKEY_CURRENT_USER\\Software\\Microsoft\\RestartManager\\Session0000\\RegFiles0000",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\Stream",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2227A280-3AEA-1069-A2DE-08002B30309D}\\ShellFolder\\QueryForOverlay",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder\\WantsParseDisplayName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\Desktop\\NameSpace\\{9343812e-1c37-4a49-a12e-4b2d810d956b}\\SuppressionPolicy",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\LocalRedirectOnly",
"HKEY_CURRENT_USER\\Keyboard Layout\\Toggle\\Layout Hotkey",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\Name",
"HKEY_CURRENT_USER\\Software\\Duality Software\\DS Clock\\Common\\XY",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\53F08364FFD17F14B8FD7CA7F52FAE76\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{5CD7AEE2-2219-4A67-B85D-6C9CE15660CB}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\UseDropHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\chm.file\\DocObject",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\PreCreate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\Category",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Npprffbevrf\\Flfgrz Gbbyf\\Flfgrz Erfgber.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\Roamable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontSubstitutes\\Arial CYR,204",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\PreCreate",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\\puneznc.rkr",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\Interface\\{423EC01E-2E35-11D2-B604-00104B703EFD}\\ProxyStubClsid32\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\InitFolderHandler",
"HKEY_CURRENT_USER\\Software\\Duality Software\\DS Clock\\TimeSync\\W2F",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\\abgrcnq.rkr",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StartPage\\StartMenu_Balloon_Time",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\Description",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\034A8F8E06031EF46BCB4C10469098E5\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{7007ACC7-3202-11D1-AAD2-00805FC1270E}\\ShellFolder\\WantsUniversalDelegate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\PublishExpandedPath",
"HKEY_CURRENT_USER\\Software\\Microsoft\\RestartManager\\Session0000\\JSCount",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{BCBD3057-CA5C-4622-B42D-BC56DB0AE516}\\Security",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum\\{208D2C60-3AEA-1069-A2D7-08002B30309D}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\TurnOffSPIAnimations",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Name",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\UseDoubleClickTimer",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Roamable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{7007ACC7-3202-11D1-AAD2-00805FC1270E}\\ShellFolder\\WantsAliasedNotifications",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{905E63B6-C1BF-494E-B29C-65B732D3D21A}\\PreCreate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\EnablePunycode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum\\{9113A02D-00A3-46B9-BC5F-9C04DADDD5D7}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\Icon",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\en-US",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\\Description",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Attributes",
"HKEY_LOCAL_MACHINE\\HARDWARE\\DESCRIPTION\\System\\CentralProcessor\\0\\Update Revision",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\LocalizedName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\DocObject",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\Zvpebfbsg.NhgbTrarengrq.{8NN47365-O2O3-1961-69RO-S866R376O12S}",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\Zvpebfbsg.Jvaqbjf.ZrqvnPragre",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Npprffbevrf\\Flfgrz Gbbyf\\Gnfx Fpurqhyre.yax",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\ShowInfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{35786D3C-B075-49B9-88DD-029876E11C01}\\ShellFolder\\UseDropHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{35786D3C-B075-49B9-88DD-029876E11C01}\\ShellFolder\\HideInWebView",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\Stream",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{208D2C60-3AEA-1069-A2D7-08002B30309D}\\ShellFolder\\HideFolderVerbs",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\Pacific Standard Time\\Dynamic DST\\2007",
"HKEY_CURRENT_USER\\Keyboard Layout\\Toggle\\Language Hotkey",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum\\{7007ACC7-3202-11D1-AAD2-00805FC1270E}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{5CD7AEE2-2219-4A67-B85D-6C9CE15660CB}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\LocalRedirectOnly",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\PreCreate",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\\cevagznantrzrag.zfp",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2227A280-3AEA-1069-A2DE-08002B30309D}\\ShellFolder\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\Stream",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{208D2C60-3AEA-1069-A2D7-08002B30309D}\\ShellFolder\\WantsFORPARSING",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{BCBD3057-CA5C-4622-B42D-BC56DB0AE516}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\7FE547D6F0D72534A80F89C4AB727618\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Mozilla\\Firefox\\32to64DidMigrate\\Never",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{03C036F1-A186-11D0-824A-00AA005B4383}\\InProcServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\33AB3CD4D27277545B5A93CD4ECB96B4\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\Zvpebfbsg.NhgbTrarengrq.{QNN168QR-4306-P8OP-8P11-O596240OQQRQ}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontSubstitutes\\Courier New Greek,161",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\Name",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\SESSION MANAGER\\PendingFileRenameOperations",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontSubstitutes\\Arial Baltic,186",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}\\Stream",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\Desktop\\NameSpace\\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\\SuppressionPolicy",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder\\WantsAliasedNotifications",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Video\\{6FABAC3A-B3E4-4C2F-82E9-AA53D01C5093}\\0000\\HardwareInformation.qwMemorySize",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\PnpLockdownFiles\\%SystemDrive%\\Program Files (x86)\\DS Clock\\readme.txt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontSubstitutes\\MS Shell Dlg",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\Pacific Standard Time\\Dynamic DST\\FirstEntry",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{5CD7AEE2-2219-4A67-B85D-6C9CE15660CB}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{905E63B6-C1BF-494E-B29C-65B732D3D21A}\\Description",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\Roamable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\AutoComplete\\AutoSuggest",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{208D2C60-3AEA-1069-A2D7-08002B30309D}\\ShellFolder\\RestrictedAttributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\\Security",
"HKEY_CURRENT_USER\\Control Panel\\Desktop\\MuiCached\\MachinePreferredUILanguages",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\HideInWebView",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\PreCreate",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\SeparateProcess",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\A558E619ABC4CE5479C1DA5070EFBF81\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\PnpLockdownFiles\\%SystemDrive%\\Users\\cuck\\AppData\\Roaming\\Duality Software\\DS Clock\\synclog.txt",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Current_Protocol_Catalog",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Features\\586A8930D8DF3B6489614C37910BFCF5\\TclTk",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\95EE473833000D6409127D1B85882AC9\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3D644C9B-1FB8-4F30-9B45-F670235F79C0}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\Attributes",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Npprffbevrf\\Zbovyvgl Pragre.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\Description",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\965742E8F65116F4BB2CB01341464FA7\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\Stream",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\73964AA699D5B5140ADC41ED3F7DB38A\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\Interface\\{1C1C45EE-4395-11D2-B60B-00104B703EFD}\\ProxyStubClsid32\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\Desktop\\NameSpace\\{BD7A2E7B-21CB-41b2-A086-B309680C6B7E}\\SuppressionPolicy",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{208D2C60-3AEA-1069-A2D7-08002B30309D}\\ShellFolder\\HasNavigationEnum",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Npprffbevrf\\Jvaqbjf CbjreFuryy\\Jvaqbjf CbjreFuryy.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\Stream",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{9113A02D-00A3-46B9-BC5F-9C04DADDD5D7}\\ShellFolder\\RestrictedAttributes",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Nqzvavfgengvir Gbbyf\\Pbzchgre Znantrzrag.yax",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Npprffbevrf\\qvfcynlfjvgpu.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\Stream",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\LocalizedName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\Roamable",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\000000000008\\PackedCatalogItem",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\User Shell Folders\\Common Documents",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{B155BDF8-02F0-451E-9A26-AE317CFD7779}\\ShellFolder\\WantsAliasedNotifications",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Common Desktop",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontSubstitutes\\Arial CE,238",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{BCBD3057-CA5C-4622-B42D-BC56DB0AE516}\\Stream",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\9E40FDB6330EBA242A4BD5F4FDD0B803\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\LocalRedirectOnly",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{5CD7AEE2-2219-4A67-B85D-6C9CE15660CB}\\Roamable",
"HKEY_CURRENT_USER\\Software\\Duality Software\\DS Clock\\Common\\CT",
"HKEY_CURRENT_USER\\Software\\Duality Software\\DS Clock\\Common\\CR",
"HKEY_CURRENT_USER\\Software\\Duality Software\\DS Clock\\Common\\CO",
"HKEY_CURRENT_USER\\Software\\Duality Software\\DS Clock\\Common\\CF",
"HKEY_CURRENT_USER\\Software\\Duality Software\\DS Clock\\Common\\CB",
"HKEY_CURRENT_USER\\Software\\Duality Software\\DS Clock\\Common\\CC",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\NeverShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\F21868A51A175874BB819DCA5FAA40A3\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{7007ACC7-3202-11D1-AAD2-00805FC1270E}\\ShellFolder\\QueryForInfoTip",
"HKEY_CURRENT_USER\\Software\\Duality Software\\DS Clock\\Common\\DR",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{5CD7AEE2-2219-4A67-B85D-6C9CE15660CB}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoSimpleStartMenu",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\18D84E9490A485948A17A1F02CDAA62A\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\WinSock_Registry_Version",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\RelativePath"
],
"file_created": [
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cookies.sqlite-wal",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\3561288849sdhlie.sqlite-wal",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\addons.json.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-phish-simple-1.sbstore",
"C:\\Users\\cuck\\AppData\\Roaming\\Duality Software\\DS Clock\\is-9I4U2.tmp",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\webappsstore.sqlite-wal",
"C:\\Program Files (x86)\\DS Clock\\unins000.dat",
"C:\\Program Files (x86)\\DS Clock\\is-OED12.tmp",
"C:\\Program Files (x86)\\DS Clock\\is-I9HQT.tmp",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\session-state.json.tmp",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cookies.sqlite-shm",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\aborted-session-ping.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-block-simple-1.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\.startup-incomplete",
"C:\\ProgramData\\Duality Software\\DS Clock\\Sounds\\is-3N6F3.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\is-6QC0S.tmp\\c377d2bfb91b3167f78e37ed202a391e174323b2399b75fac291322d3865c60a.tmp",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\DS Clock\\DS Clock.lnk",
"C:\\Program Files (x86)\\DS Clock\\is-RSUF6.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\urlCache-new.bin",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-unwanted-simple-1.sbstore",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\3561288849sdhlie.sqlite-shm",
"C:\\Program Files (x86)\\DS Clock\\is-4P5KH.tmp",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\favicons.sqlite-wal",
"C:\\Program Files (x86)\\DS Clock\\is-GHV9C.tmp",
"C:\\ProgramData\\Duality Software\\DS Clock\\Sounds\\is-VGC0N.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-harmful-simple-1.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\is-FCNCD.tmp\\_isetup\\_setup64.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-trackwhite-simple-1.sbstore",
"C:\\Program Files (x86)\\DS Clock\\is-5SKAC.tmp",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\2918063365piupsah.sqlite-wal",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\places.sqlite-shm",
"C:\\Program Files (x86)\\DS Clock\\is-T8B1Q.tmp",
"C:\\Program Files (x86)\\DS Clock\\unins000.msg",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\is-FCNCD.tmp\\dscsfw.dll",
"C:\\Program Files (x86)\\DS Clock\\is-F182O.tmp",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\1657114595AmcateirvtiSty.sqlite-shm",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\favicons.sqlite-shm",
"C:\\Users\\cuck\\AppData\\Roaming\\Duality Software\\DS Clock\\dsclocklog.txt",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\1657114595AmcateirvtiSty.sqlite-wal",
"C:\\Program Files (x86)\\DS Clock\\is-A8OII.tmp",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\prefs-1.js",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\DS Clock\\DS Clock Help.lnk",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-track-simple-1.sbstore",
"C:\\ProgramData\\Duality Software\\DS Clock\\is-P54GA.tmp",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\sessionCheckpoints.json.tmp",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\crashes\\store.json.mozlz4.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-malware-simple-1.sbstore",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\places.sqlite-wal",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\webappsstore.sqlite-shm",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\DS Clock\\Uninstall DS Clock.lnk",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\scriptCache-child-new.bin",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\Setup Log 2019-09-16 #001.txt",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\xulstore.json.tmp",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\2918063365piupsah.sqlite-shm",
"C:\\Program Files (x86)\\DS Clock\\is-EHKT0.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\scriptCache-new.bin"
],
"dll_loaded": [
"C:\\Windows\\system32\\sfc.dll",
"C:\\Windows\\system32\\pnrpnsp.dll",
"API-MS-Win-Security-LSALookup-L1-1-0.dll",
"LINKINFO.dll",
"DNSAPI.dll",
"UxTheme.dll",
"C:\\Windows\\system32\\ole32.dll",
"dwmapi.dll",
"slc.dll",
"C:\\Windows\\system32\\uxtheme.dll",
"C:\\Windows\\system32\\propsys.dll",
"PROPSYS.dll",
"C:\\Program Files (x86)\\Mozilla Firefox\\lgpllibs.dll",
"API-MS-Win-Core-LocalRegistry-L1-1-0.dll",
"C:\\Windows\\SysWOW64\\bcryptprimitives.dll",
"API-MS-WIN-Service-winsvc-L1-1-0.dll",
"comctl32",
"ole32.dll",
"SHLWAPI.dll",
"ws2_32.dll",
"USER32.dll",
"C:\\Program Files (x86)\\Mozilla Firefox\\mozglue.dll",
"C:\\Windows\\system32\\MSFTEDIT.DLL",
"C:\\Windows\\system32\\shlwapi.dll",
"WINTRUST.dll",
"C:\\Windows\\system32\\comres.dll",
"C:\\Windows\\system32\\version.dll",
"C:\\Windows\\System32\\mswsock.dll",
"C:\\Windows\\system32\\shfolder.dll",
"SHELL32.dll",
"C:\\Windows\\system32\\shell32.dll",
"Kernel32",
"CFGMGR32.dll",
"Dnsapi.dll",
"Kernel32.dll",
"samcli.dll",
"Comctl32.dll",
"C:\\Windows\\system32\\clbcatq.dll",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-convert-l1-1-0.dll",
"WINSTA.dll",
"apphelp.dll",
"C:\\Windows\\system32\\setupapi.dll",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-time-l1-1-0.dll",
"kernel32.dll",
"API-MS-Win-Security-SDDL-L1-1-0.dll",
"ntdll.dll",
"C:\\Windows\\system32\\napinsp.dll",
"C:\\Windows\\system32\\apphelp.dll",
"RASAPI32.dll",
"WININET.dll",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-utility-l1-1-0.dll",
"cryptbase.dll",
"C:\\Program Files (x86)\\Mozilla Firefox\\freebl3.dll",
"IMM32.dll",
"rtutils.dll",
"Iphlpapi.dll",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-runtime-l1-1-0.dll",
"uxtheme.dll",
"profapi.dll",
"rpcrt4.dll",
"ADVAPI32.DLL",
"comctl32.dll",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-filesystem-l1-1-0.dll",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-heap-l1-1-0.dll",
"VERSION.dll",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-math-l1-1-0.dll",
"DEVRTL.dll",
"user32.dll",
"gdi32.dll",
"urlmon.dll",
"C:\\Windows\\syswow64\\MSCTF.dll",
"mscms.dll",
"C:\\Program Files (x86)\\Mozilla Firefox\\VCRUNTIME140.dll",
"CRYPTSP.dll",
"C:\\Windows\\system32\\cryptbase.dll",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-string-l1-1-0.dll",
"kbdus.dll",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-environment-l1-1-0.dll",
"C:\\Windows\\system32\\xmllite.dll",
"netutils.dll",
"C:\\Windows\\system32\\oleacc.dll",
"C:\\Windows\\system32\\NLAapi.dll",
"Gdi32.dll",
"C:\\Windows\\system32\\dxgi.dll",
"C:\\Program Files (x86)\\Mozilla Firefox\\MSVCP140.dll",
"C:\\Program Files (x86)\\Mozilla Firefox\\firefox.exe",
"ADVAPI32.dll",
"SETUPAPI.dll",
"WS2_32.dll",
"dbghelp.dll",
"kernel32",
"srvcli.dll",
"C:\\Program Files (x86)\\Mozilla Firefox\\xul.dll",
"AUDIOSES.DLL",
"C:\\Windows\\WinSxS\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\\gdiplus.dll",
"imm32.dll",
"ntmarta.dll",
"API-MS-WIN-Service-Management-L1-1-0.dll",
"C:\\Program Files (x86)\\Mozilla Firefox\\softokn3.dll",
"C:\\Windows\\system32\\Rstrtmgr.dll",
"C:\\PROGRA~2\\MOZILL~1\\nssckbi.dll",
"RASMAN.DLL",
"OLEAUT32.DLL",
"setupapi.dll",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-stdio-l1-1-0.dll",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-locale-l1-1-0.dll",
"C:\\Windows\\system32\\IMM32.DLL",
"C:\\Windows\\system32\\dwmapi.dll",
"dwrite.dll",
"C:\\Windows\\system32\\profapi.dll",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\is-FCNCD.tmp\\dscsfw.dll",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-multibyte-l1-1-0.dll",
"OLEAUT32.dll",
"RPCRT4.dll",
"C:\\Windows\\System32\\winrnr.dll",
"C:\\Windows\\system32\\userenv.dll",
"C:\\Program Files (x86)\\Mozilla Firefox\\nss3.dll",
"SAMLIB.dll",
"xul.dll",
"ntshrui.dll",
"C:\\Windows\\system32\\ntmarta.dll"
],
"file_moved": [
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\urlCache.bin",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\urlCache-current.bin"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-trackwhite-simple-1.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-trackwhite-simple.sbstore"
],
[
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\session-state.json.tmp",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\session-state.json"
],
[
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\addons.json.tmp",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\addons.json"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating"
],
[
"C:\\ProgramData\\Duality Software\\DS Clock\\is-P54GA.tmp",
"C:\\ProgramData\\Duality Software\\DS Clock\\dsetime.log"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\urlCache-new.bin",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\urlCache.bin"
],
[
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\sessionCheckpoints.json.tmp",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\sessionCheckpoints.json"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\scriptCache-child.bin",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\scriptCache-child-current.bin"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-harmful-simple-1.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-harmful-simple.sbstore"
],
[
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\aborted-session-ping.tmp",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\aborted-session-ping"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-block-simple-1.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-block-simple.sbstore"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-backup",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing"
],
[
"C:\\Program Files (x86)\\DS Clock\\is-F182O.tmp",
"C:\\Program Files (x86)\\DS Clock\\license.txt"
],
[
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\prefs-1.js",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\prefs.js"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-phish-simple-1.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-phish-simple.sbstore"
],
[
"C:\\Program Files (x86)\\DS Clock\\is-RSUF6.tmp",
"C:\\Program Files (x86)\\DS Clock\\unins000.exe"
],
[
"C:\\Program Files (x86)\\DS Clock\\is-T8B1Q.tmp",
"C:\\Program Files (x86)\\DS Clock\\dsetime.exe"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-backup"
],
[
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\crashes\\store.json.mozlz4.tmp",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\crashes\\store.json.mozlz4"
],
[
"C:\\Program Files (x86)\\DS Clock\\is-OED12.tmp",
"C:\\Program Files (x86)\\DS Clock\\readme.txt"
],
[
"C:\\ProgramData\\Duality Software\\DS Clock\\Sounds\\is-3N6F3.tmp",
"C:\\ProgramData\\Duality Software\\DS Clock\\Sounds\\Cuckoo.wav"
],
[
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\xulstore.json.tmp",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\xulstore.json"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\scriptCache-child-new.bin",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\scriptCache-child.bin"
],
[
"C:\\Program Files (x86)\\DS Clock\\is-5SKAC.tmp",
"C:\\Program Files (x86)\\DS Clock\\dsclock.exe"
],
[
"C:\\Program Files (x86)\\DS Clock\\is-I9HQT.tmp",
"C:\\Program Files (x86)\\DS Clock\\dbghelp.dll"
],
[
"C:\\Program Files (x86)\\DS Clock\\is-4P5KH.tmp",
"C:\\Program Files (x86)\\DS Clock\\dsclock.chm"
],
[
"C:\\ProgramData\\Duality Software\\DS Clock\\Sounds\\is-VGC0N.tmp",
"C:\\ProgramData\\Duality Software\\DS Clock\\Sounds\\Chimes.wav"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-unwanted-simple-1.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-unwanted-simple.sbstore"
],
[
"C:\\Users\\cuck\\AppData\\Roaming\\Duality Software\\DS Clock\\is-9I4U2.tmp",
"C:\\Users\\cuck\\AppData\\Roaming\\Duality Software\\DS Clock\\synclog.txt"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-malware-simple-1.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-malware-simple.sbstore"
],
[
"C:\\Program Files (x86)\\DS Clock\\is-A8OII.tmp",
"C:\\Program Files (x86)\\DS Clock\\dsound.dll"
],
[
"C:\\Program Files (x86)\\DS Clock\\is-EHKT0.tmp",
"C:\\Program Files (x86)\\DS Clock\\libcurl.dll"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\scriptCache-new.bin",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\scriptCache.bin"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-track-simple-1.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-track-simple.sbstore"
],
[
"C:\\Program Files (x86)\\DS Clock\\is-GHV9C.tmp",
"C:\\Program Files (x86)\\DS Clock\\timesvrs.dat"
]
],
"file_written": [
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cookies.sqlite-wal",
"\\\\?\\PIPE\\samr",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\addons.json.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-phish-simple-1.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\is-FCNCD.tmp\\_isetup\\_setup64.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-phish-simple.pset",
"C:\\Program Files (x86)\\DS Clock\\unins000.dat",
"C:\\Program Files (x86)\\DS Clock\\is-OED12.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-harmful-simple.pset",
"C:\\Program Files (x86)\\DS Clock\\is-I9HQT.tmp",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\session-state.json.tmp",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\aborted-session-ping.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-block-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-block-simple-1.sbstore",
"C:\\ProgramData\\Duality Software\\DS Clock\\Sounds\\is-3N6F3.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\is-6QC0S.tmp\\c377d2bfb91b3167f78e37ed202a391e174323b2399b75fac291322d3865c60a.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-malware-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-unwanted-simple.pset",
"C:\\Program Files (x86)\\DS Clock\\is-RSUF6.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\urlCache-new.bin",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-unwanted-simple-1.sbstore",
"C:\\Program Files (x86)\\DS Clock\\is-5SKAC.tmp",
"C:\\Program Files (x86)\\DS Clock\\is-4P5KH.tmp",
"C:\\Program Files (x86)\\DS Clock\\is-GHV9C.tmp",
"C:\\ProgramData\\Duality Software\\DS Clock\\Sounds\\is-VGC0N.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-harmful-simple-1.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-trackwhite-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-trackwhite-simple-1.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-track-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\is-FCNCD.tmp\\dscsfw.dll",
"C:\\Program Files (x86)\\DS Clock\\is-T8B1Q.tmp",
"C:\\Program Files (x86)\\DS Clock\\unins000.msg",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\DS Clock\\DS Clock.lnk",
"C:\\Program Files (x86)\\DS Clock\\is-F182O.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D1B90B03F8D7A2BA6BA1E9251F8101DECDB2CBEC",
"C:\\Users\\cuck\\AppData\\Roaming\\Duality Software\\DS Clock\\dsclocklog.txt",
"C:\\Program Files (x86)\\DS Clock\\is-A8OII.tmp",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\prefs-1.js",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\DS Clock\\DS Clock Help.lnk",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-track-simple-1.sbstore",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\sessionCheckpoints.json.tmp",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\crashes\\store.json.mozlz4.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-malware-simple-1.sbstore",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\DS Clock\\Uninstall DS Clock.lnk",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\scriptCache-child-new.bin",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\Setup Log 2019-09-16 #001.txt",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\xulstore.json.tmp",
"C:\\Program Files (x86)\\DS Clock\\is-EHKT0.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\scriptCache-new.bin"
],
"file_recreated": [
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-malware-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-phish-simple-1.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-phish-simple.pset",
"C:\\Program Files (x86)\\DS Clock\\unins000.dat",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-harmful-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-block-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-block-simple-1.sbstore",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\prefs-1.js",
"\\??\\MountPointManager",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-unwanted-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-unwanted-simple-1.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-harmful-simple-1.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-trackwhite-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-trackwhite-simple-1.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-track-simple.pset",
"\\Device\\KsecDD",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\parent.lock",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-track-simple-1.sbstore",
"C:\\ProgramData\\Duality Software\\DS Clock\\dsetime.log",
"\\??\\C:",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-malware-simple-1.sbstore",
"\\??\\Nsi"
],
"directory_created": [
"C:\\Users\\cuck\\AppData\\LocalLow\\Mozilla",
"C:\\ProgramData\\Duality Software\\DS Clock",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting",
"C:\\Users\\cuck\\AppData",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default",
"C:\\Users\\cuck\\AppData\\LocalLow\\Mozilla\\Temp-{30125161-3c7f-4c5a-bdb3-beadc01f5994}",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\crashes\\events",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\crashes",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\is-FCNCD.tmp\\_isetup",
"C:\\Users\\cuck\\AppData\\LocalLow",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\events",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\is-FCNCD.tmp",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\bookmarkbackups",
"C:\\Users\\cuck\\AppData\\Roaming\\Duality Software",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\DS Clock",
"C:\\Users\\cuck\\AppData\\Local\\Programs\\Common",
"C:\\Users\\cuck\\AppData\\Roaming",
"C:\\ProgramData\\Duality Software",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent",
"C:\\Users\\cuck\\AppData\\Local\\Programs",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\gmp\\WINNT_x86-msvc",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\gmp",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage",
"C:\\Users",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Caches",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Pending Pings",
"C:\\Program Files (x86)\\DS Clock",
"C:\\Users\\cuck\\AppData\\Local",
"C:\\Users\\cuck\\AppData\\Roaming\\Duality Software\\DS Clock",
"C:\\ProgramData\\Duality Software\\DS Clock\\Sounds",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla",
"C:\\Users\\cuck",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\is-6QC0S.tmp",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating"
],
"file_failed": [
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\bs_Cyrl.res",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\ur.res",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\user.js",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\my.res",
"C:\\Windows\\System32\\twinapi.appcore.dll",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\mt.res",
"C:\\Program Files (x86)\\DS Clock",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\en_US_POSIX.res",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\sv_SE.res",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\to.res",
"C:\\cuckoo_2700.ini",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\be.res",
"C:\\Program Files (x86)\\DS Clock\\dbghelp.dll",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\it.res",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\sl.res",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\km.res",
"C:\\Windows\\SysWOW64\\icudt60l\\cnvalias.icu",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\hy.res",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\vi.res",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\en.res",
"C:\\cuckoo_2572.ini",
"C:\\Windows\\System32\\DataExchange.dll",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\wae.res",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\sv.res",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\ga.res",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\fa_AF.res",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\haw.res",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\fil.res",
"C:\\Program Files (x86)\\DS Clock\\dsclock.exe",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\kl.res",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\ug.res",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\ln.res",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\cy.res",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\postSigningData",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\aborted-session-ping",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\sw.res",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\as.res",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\cs.res",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\mr.res",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-phish-proto.sbstore",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\ucadata.icu",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-phish-simple.sbstore",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\ja.res",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\ms.res",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\lo.res",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\bs.res",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\zu.res",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\sk.res",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\kn.res",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\ta.res",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\hsb.res",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\eo.res",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\wo.res",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\pt.res",
"C:\\Program Files (x86)\\DS Clock\\dsound.dll",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\ShutdownDuration.json",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\dsb.res",
"C:\\Program Files (x86)\\Mozilla Firefox\\distribution\\policies.json",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\pl.res",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\se.res",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\sq.res",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-trackwhite-simple.sbstore",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\fr.res",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-malware-simple.sbstore",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\si.res",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-downloadwhite-proto.sbstore",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\chr.res",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\ka.res",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\dz.res",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\sr.res",
"C:\\Windows\\SysWOW64\\icudt60l\\uts46.nrm",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\ca.res",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\tr.res",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\az.res",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\pending-deletion-ping",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\te.res",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\yo.res",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\res_index.res",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\is.res",
"C:\\Windows\\winsxs\\FileMaps\\programdata_duality_software_ds_clock_84b4576ef31d254e.cdf-ms",
"C:\\Windows\\SysWOW64\\icudt60l\\likelySubtags.res",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\af.res",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\logins.json",
"C:\\Windows\\System32\\twinapi.dll",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\smn.res",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\am.res",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\fo.res",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\ru.res",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-block-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\he.res",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\mn.res",
"C:\\cuckoo_2828.ini",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\uk.res",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\fi.res",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\kok.res",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\uz.res",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\ar.res",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-unwanted-simple.sbstore",
"C:\\cuckoo_1788.ini",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\id.res",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cert_override.txt",
"C:\\Program Files (x86)\\DS Clock\\dsetime.exe",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\nl.res",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\pa.res",
"C:\\Windows\\winsxs\\FileMaps\\programdata_duality_software_ds_clock_sounds_80afbfe0df556ad6.cdf-ms",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-unwanted-proto.sbstore",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\hr.res",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\bo.res",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-badbinurl-proto.sbstore",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\fr_CA.res",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\lt.res",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\gu.res",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\prefs.js",
"C:\\Windows\\winsxs\\FileMaps\\users_cuck_appdata_roaming_duality_software_ds_clock_ff4b2c8d31d081dc.cdf-ms",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\desktop.ini",
"C:\\Program Files (x86)\\DS Clock\\dsclock.chm",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\el.res",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\ig.res",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\ps.res",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\da.res",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\om.res",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\fa.res",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\lb.res",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\hi.res",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\or.res",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\bn.res",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\de.res",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\yi.res",
"C:\\Program Files (x86)\\DS Clock\\libcurl.dll",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing",
"C:\\Windows\\SysWOW64\\icudt60l.dat",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\th.res",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\kk.res",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\ee.res",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\ro.res",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\nb.res",
"C:\\Windows\\winsxs\\FileMaps\\program_files_x86_ds_clock_bfd91d9ded885059.cdf-ms",
"C:\\Windows\\SysWOW64\\icudt60l\\res_index.res",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\ko.res",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\zh.res",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\et.res",
"C:\\ProgramData\\Microsoft\\desktop.ini",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\ky.res",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-track-simple.sbstore",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\sr_Latn.res",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\nn.res",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\ml.res",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\lv.res",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\de_AT.res",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\hu.res",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\gl.res",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-harmful-simple.sbstore",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\root.res",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\lkt.res",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\zh_Hant.res",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\es.res",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-malware-proto.sbstore",
"C:\\cuckoo_264.ini",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\ne.res",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\en_US.res",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\downloads.json",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\experiments.json",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\ha.res",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\bg.res",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\mk.res",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\updates\\0\\update.version"
],
"resolves_host": [
"aus5.mozilla.org",
"tiles.services.mozilla.com",
"www.dualitysoft.com",
"search.services.mozilla.com",
"ciscobinary.openh264.org",
"shavar.services.mozilla.com",
"detectportal.firefox.com",
"safebrowsing.googleapis.com",
"redirector.gvt1.com",
"services.addons.mozilla.org",
"versioncheck-bg.addons.mozilla.org"
],
"connects_ip": [
"127.0.0.1"
],
"directory_removed": [
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\archived\\2018-06",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\is-FCNCD.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\is-6QC0S.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\is-FCNCD.tmp\\_isetup"
],
"file_exists": [
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\1E6CC88205509B4729347C79C048D6FEE47BA702",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cookies.sqlite-wal",
"C:\\Windows\\SysWOW64",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\406A03EE0E91037465ACB2B4F4105250A54F282B",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\C7BCCD2D2CA294B38AE834D818CF5D5C0C7A65BE",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\1657114595AmcateirvtiSty.sqlite",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\F17F04878A68505AE5481A71D8B733C5FFC6F285",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4A7B3B12544D1B7ECC140DBCC7F13159E5C2811A",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\onboarding@mozilla.org.xpi\\install.rdf",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\5DE23E815D1A97B1F4BEA115D8FEE9A592A6F071",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\80C4BD9CF4D3178043F25467076DC8E0EDCA7FA2",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\plugins",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\25BA5C2B3FD98507850409FC3A4FD981B4B57A95",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\is-FCNCD.tmp\\_isetup",
"C:\\cuckoo_2700.ini",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\chrome\\userContent.css",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\DS Clock\\DS Clock Help.url",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\0C2824F70ADF87E5071FE4771AF36357A5500643",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\499B8F86D3D7ACD12153BFF4E7D9C21E20E57862",
"C:\\Program Files (x86)\\DS Clock\\is-5SKAC.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\mozplugin-block-digest256.pset",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\sessionCheckpoints.json",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\53DAE4B1D7BFF6744CCAF7207DE631267F9883DC",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\12C5797F729FEAC529B8B47C188D14EB02D8CB76",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-phish-proto.pset",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\webcompat@mozilla.org.xpi\\manifest.json",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\B7DB036074231ACC212F58CA5B8AF0545A418060",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-downloadwhite-proto.metadata",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\A698B6CF98F43F9B0EE1C1DAF3F2CB9BFF09A47C",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\1657114595AmcateirvtiSty.sqlite-shm",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\464DAA9FB3675E2054BC44273AFC184FA46471CB",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-track-simple-1.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-harmful-simple.sbstore",
"C:\\Program Files (x86)\\DS Clock\\is-4P5KH.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\14C9FC10F03F11BB6CBD75EA217AB33E64DCC1D8",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\7129FF815464CD6B0D2D26BA6F4172DEB37EEEAD",
"C:\\Program Files (x86)\\Mozilla Firefox\\gmp-clearkey\\0.1\\clearkey.info",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\Setup Log 2019-09-16 #001.txt",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\addons.json",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\03C2D63D520038594126B6B542E92CB503EF60B6",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4EC268BEC38CFB516EF780E0EBE4E401AF241132",
"C:\\Program Files (x86)\\Mozilla Firefox\\*",
"C:\\Program Files (x86)\\DS Clock\\timesvrs.dat",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\9548F9611999ED8CA357720E12017816424CFB6F",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\B871BCA40A90227E35C39797525C79C94A1D99BE",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-downloadwhite-proto.pset",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\except-flashsubdoc-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\mozstd-trackwhite-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\allow-flashallow-digest256.pset",
"C:\\ProgramData\\Duality Software\\DS Clock\\Sounds\\Cuckoo.wav",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\5910B209536948818F465D83D2569E7CE0895207",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\content-prefs.sqlite",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4",
"C:\\Program Files (x86)\\Mozilla Firefox\\dictionaries",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-phish-proto.metadata",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\key4.db-wal",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\Cache",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\BD75785200C0E1E894D78880C72AC03D1B02A575",
"C:\\Program Files (x86)\\Mozilla Firefox\\distribution\\searchplugins",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\except-flashallow-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\89DBE1DF558BB8439E2062ECC3272086F2E3FF1F",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-malware-proto.metadata",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\6052DF2D478CD99FDE4D4B2D810BB2BA580793EC",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\2918063365piupsah.files",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\2FD2E2A71F89E3A92F68CB796207228217259289",
"C:\\Windows\\System32\\spool\\drivers\\color\\Photo.gmmp",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\F456E8433011E699C016D5F1A2CD66D7F02F61A1",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\scriptCache-child-new.bin",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\scriptCache-new.bin",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\BF13DDDC114B55CF8532A4CD90403A99233AEC0E",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\3561288849sdhlie.sqlite-wal",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4E7F371E5CFBFD3AFD85C29D7EEFFFE842B3C777",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-phish-simple-1.sbstore",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\A41FBA22DC5012AD425DF960BDD5033BAB7C7CB6",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage.sqlite-wal",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\plugins",
"C:\\cuckoo_2828.ini",
"C:\\Users\\cuck\\AppData\\LocalLow",
"C:\\cuckoo_2256.ini",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\prefs-1.js",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\allow-flashallow-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\scriptCache-current.bin",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\extensions\\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi\\manifest.json",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\mozplugin-block-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\B028362E3889BEAC998CED49FD74BA83B106FF93",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\aushelper@mozilla.org.xpi\\install.rdf",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\698AC159A6BCBA0D13FE6F10F1A38E498F826F33",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\extensions\\staged",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-trackwhite-simple-1.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\46E3AF25E304979396708B69DA68563169275511",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\chrome\\custom-strings.txt",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\serviceworker.txt",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\onboarding@mozilla.org.xpi",
"C:\\Program Files (x86)\\Mozilla Firefox\\gmp-clearkey\\0.1\\manifest.json",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\17AFA6B228D2D87514B84B53E61306EC9F76A8AE",
"C:\\Program Files (x86)\\DS Clock\\is-F182O.tmp",
"C:\\Program Files (x86)\\DS Clock\\dsclock.chm",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\179F6D8969C48967D77229126C8892C5E40DBC29",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\content-prefs.sqlite-wal",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\1657114595AmcateirvtiSty.sqlite-journal",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D5E6BECED2D69F7DA21EFD7B80D6C386F459CAF3",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default",
"C:\\Program Files (x86)\\Mozilla Firefox\\firefox.exe",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\53A3BB8B513161BF46CD7ED76BE06E8E633BE492",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cookies.sqlite",
"C:\\Program Files (x86)\\Mozilla Firefox\\dictionaries\\sv.aff",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\92B5C9352DD00CE3BC97E4D5F624D41C2B3E8A45",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-phish-simple.sbstore",
"C:\\Users\\cuck\\AppData",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\2918063365piupsah.sqlite-journal",
"C:\\Program Files (x86)\\DS Clock\\libcurl.dll",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-harmful-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\2B0BB856207559EBA5FC5511DF6FF5F51DFB5146",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\extensions",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\E771454BB360CA5F7AA169E5416B493549BC2F59",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4FA5EE242D6F5B358CE45D291E80054726F198AC",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\OfflineCache",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\places.sqlite-journal",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\DS Clock\\Uninstall DS Clock.url",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\scriptCache.bin",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\B10EA6E071F884F477118DC8A00E82FC8DE58639",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\favicons.sqlite-journal",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\EE34617993BEF52E93EC1819B22D42B99366214A",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\3561288849sdhlie.sqlite-shm",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\B43D30F6F6BD7155ECCE1FFC98748C5FE69D8051",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\AC09BBF6FF451E6C03BF3FB18C85B1A52662C4FC",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\F18D85F52EBBBA2AB081EF739ED0D6E8A76D497C",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\aushelper@mozilla.org.xpi\\manifest.json",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\except-flashsubdoc-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\Cache",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\96ABC2EA8266E6EA2ABE62F8766B67BC8CA527BD",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\FDC043D6190638980733E805CC7517F27A931511",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\is-FCNCD.tmp\\dscsfw.dll",
"C:\\ProgramData\\Duality Software\\DS Clock\\Sounds\\Chimes.wav",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\block-flash-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-badbinurl-proto.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D1B90B03F8D7A2BA6BA1E9251F8101DECDB2CBEC",
"C:\\cuckoo_264.ini",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\base-track-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\08F6935A08DB711CA491DE732807CFAEAB3E4D3B",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\2918063365piupsah.sqlite-shm",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\.metadata",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\webappsstore.sqlite-shm",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\followonsearch@mozilla.com.xpi",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\9843E084E02CC996A82AAAF091B968B2F443AA96",
"C:\\",
"C:\\Users\\cuck\\AppData\\Roaming\\Duality Software\\DS Clock\\is-9I4U2.tmp",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cert9.db",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\Cache.Trash10639",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D7152E928865BCA4A03E2E2EA4F70459D0A65CA9",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\22C4B7AADA22F61015D43F2AC3959E959BFA7C92",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\index.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\FF55B8192FB0DF5264A1A67E55A281598969EDD1",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\B25B8C1B43CF7FBFAE6666322FAC0E83376388E2",
"C:\\Program Files (x86)\\DS Clock\\dbghelp.dll",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cookies.sqlite-journal",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D88DC229735F2EE8DFE494C6D1F37FA7BB2227CE",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\BA91797ACB41F0E0E1E95742571EEE322A6A70F0",
"C:\\Windows\\System32\\spool\\drivers\\color\\D65.camp",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\formautofill@mozilla.org.xpi\\install.rdf",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\CCB2BB2D87699CA64DCF0C60BDECD1E30D1D6A11",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\773ADD9F62EEAF7F2246C8AD56A9F1B7BAA7B703",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\2E3648501A7ACB740BAFCE7FC3EAF3D4DC4E995D",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\9BA38CD17924C08AD334BFB3903E3E7CD5627B1B",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\2DDBF58F5F7BF1E52CD38B42B90ABC8A4B082461",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-block-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\mozplugin-block-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\E7EAFD1748127CEAA48DCDD05E7998E3CAA95B8C",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\C4FA0268E64A0AD9E2040B07A1F10F120BD4EB0C",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\EAF97F7535E2FBDA3D23E536591F7BBFE203FAC1",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Extensions\\*",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D5D7B247774E63182A9E2C82B62424AAB64C79A8",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\745D8B14DE6A12F1FAB4E03C1DDDB18AADB91107",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-malware-simple-1.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\7B303216787123E2E98A2B9594CDF8211C77C0EA",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\6E1FED29EBE0BFDE3E498E4192938BE957FF9246",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\xulstore.json",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\A9004750076EB06EEC33AA7B9CC6D2557CD44CF4",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-malware-simple.pset",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\0CB83587A5F8FCB502CB86AC361A93E2B36E861C",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\A3031C2052A395A7FE246EFE1783C6205B841295",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-badbinurl-proto.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\2F8B15C93D75669CC70EBF85BF71871359837EAF",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-unwanted-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\1679441B8AA7B4D31717C773CC4E86A25B37532B",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\C9BC79B1EF4DD1EF133FEDF6433E235214534AB1",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-block-simple-1.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\54EF37D18C4E81EE554527CBAE4A41871ECA817A",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\10506E8A46D6B713DA6BAF52F85CF29652AB094C",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\19AE0F43DA3528C6C3423A49A8C88E2268C93A9F",
"C:\\Python27\\python.exe",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\A9970A5D52CA09C13D9BD1531BCA7CF8B73E283E",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\A2FD2AEC52AD764EF05C6E7CE3A4CE4B752EA5F0",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cert9.db-wal",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\719CE0C009C49A27AA9874570F196BC7E8FB4270",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\except-flashsubdoc-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\block-flash-digest256.sbstore",
"C:\\Program Files (x86)",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\mozplugin-block-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\6301F538B782708AB243E2D7E05058C93BB83863",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\116C29D749EF02BBC3455756D834442785F9A388",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\parent.lock",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\DF08D94982E136FE7C4F2C94421F9E48C2C74A77",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\crashreporter-override.ini",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\C664ABAE6A070392F60C7BFF721450AA0CF7DBA0",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\allow-flashallow-digest256.sbstore",
"C:\\Users\\Public\\Desktop",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\is-6QC0S.tmp",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\activity-stream@mozilla.org.xpi\\install.rdf",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\key4.db",
"C:\\Program Files (x86)\\Mozilla Firefox\\omni.ja",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\webappsstore.sqlite-journal",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-downloadwhite-proto.metadata",
"C:\\ProgramData\\Duality Software\\DS Clock",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-badbinurl-proto.metadata",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\E8F333B9BE75EC8017017DAE4ACE9DCC6677A983",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\plugins",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-block-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\d3d11layers.guard",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\1E1444ABF82EF1DC8EE0944028E4CDA455D636F3",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\05582FF5C196A4485F189490FEC9ECEA0890DA32",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\2918063365piupsah.sqlite-wal",
"C:\\Users\\cuck\\AppData\\Roaming\\Duality Software",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\589D8E1EA927649272150213A47BD1143DECB82A",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-to_delete",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-malware-proto.metadata",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-phish-simple.pset",
"C:\\Program Files (x86)\\DS Clock\\dsetime.exe",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\3561288849sdhlie.files",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\BFF1B70350A6A2E0FDC6CD336ADB9119D951BACD",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\content-prefs.sqlite-journal",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-trackwhite-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-phish-proto.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\66F684AF9CC570C6247262B47C769C601C2A338B",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\63FFF734326AB3EF836515DFE9353A5E12B66B71",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\1FD79E550E990A5DE8BC811C9BBECF380A66A9DF",
"C:\\Users\\cuck",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\prefs.js",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\7ADD52E257AB16553D632B8F4B6830030878A19E",
"C:\\Users\\cuck\\AppData\\Local",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\followonsearch@mozilla.com.xpi\\manifest.json",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\CB29EDE1FD7262A61FFAB793A382D515CAC77D01",
"C:\\Program Files (x86)\\Mozilla Firefox\\fonts",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\extensions",
"C:\\Program Files (x86)\\DS Clock\\is-OED12.tmp",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\dictionaries",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-backup",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\1657114595AmcateirvtiSty.files",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\1D7A050D55E3C4EE69402F8D55391DE5B50ADDB9",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\.purgecaches",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\except-flashallow-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\except-flash-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\C57B57965CBA09581E320B5AA0337D210F8F93D2",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-phish-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\64E75C732D9C3F23724ACEF48E9B6C566BC6D9BE",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-harmful-simple.pset",
"C:\\Python27\\pythonw.exe",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\chrome",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\32D3D40B1A49D72C523AF9C518AFE673224DF48F",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\E2E836DA4479746F0312710A7F9EE78D7DFD4750",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\onboarding@mozilla.org.xpi\\manifest.json",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\2E51A9404F7D0D33DB132CAF4A9C7B8FA64549AA",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-unwanted-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\urlCache-new.bin",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4966EE335F8967FC706E89E6D02E8524E946F1B9",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\2361C75DF0C4148925BB777DAFEA1BF4F9552B47",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\favicons.sqlite-wal",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\3A472858AE5D0DD4813DF4EFC9F1037A487B1A64",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-block-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\CA53C817FAB68ABF181745737562B15E8CCB7039",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\C03DE41C9476F437402F1B6C64B0E4AB01A863E0",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4E83181E964BD40E1FE4C41BAFED645D4BA363B1",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\25D9FE4CEA5B58770648CDAF3242ACDE286A6CBF",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\places.sqlite-shm",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\extensions\\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\urlCache.bin",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\firefox@getpocket.com.xpi\\manifest.json",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\3561288849sdhlie.sqlite",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\SystemExtensionsDev",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\DS Clock\\DS Clock.url",
"C:\\ProgramData\\Duality Software\\DS Clock\\is-P54GA.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-malware-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cert9.db-journal",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\361B548BA913570AB336F9E5FA9152F01E567AB9",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\mozstd-trackwhite-digest256.pset",
"C:\\ProgramData",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\base-track-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\webappsstore.sqlite-wal",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\F8AC72083E334F70A553AE68455FBDF0E65C5221",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\63F48F4F7F1BC3195F5AB831F9794F3DBA2D30E1",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\chrome\\userChrome.css",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\extensions\\*",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\favicons.sqlite",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4945586D32183A203E85FAFFD463A7684FD62668",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\7F2254AA2A8BC4A627A43E0A537084540A1E884B",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\aushelper@mozilla.org.xpi",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\950506BC89C1114E4E75E993855000430CECD9D9",
"C:\\Users\\cuck\\AppData\\Roaming",
"C:\\ProgramData\\Duality Software",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-track-simple.pset",
"C:\\Program Files (x86)\\DS Clock\\readme.txt",
"C:\\Program Files (x86)\\DS Clock",
"C:\\Program Files (x86)\\DS Clock\\license.txt",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D1A8E6A06938A84BEC26B6A4F8D583FB4A3E4875",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\1F3A3A34BAF218785600EB46E9182918B9928898",
"C:\\Program Files (x86)\\DS Clock\\is-A8OII.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4824C8FFDEE786A5D8721AF47836EA89F72B9E63",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-phish-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\89ACBB962943FAF1EF2F1C7CA72502C77A714625",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\3561288849sdhlie.sqlite-journal",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\startupCache.4.little",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\235A8ED310BFD65966E1EE36D0FD4BE498C8B73C",
"C:\\Program Files (x86)\\DS Clock\\is-EHKT0.tmp",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\.metadata-v2",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\LastCrash",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\firefox@getpocket.com.xpi\\install.rdf",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\DS Clock\\DS Clock.lnk",
"C:\\cuckoo_2636.ini",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\AA109EF5680522CB655C98111C00F5A6B7B092B2",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\1AB027184D2B00AF60C1FC40EDE4333DEACDB184",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\B597DA2E9B2D181DF7F2FB8D2BAEC133C8DBA0A3",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\65C9C9A27B78717F1015DE362F028E04C3945DEC",
"C:\\Program Files (x86)\\DS Clock\\dsound.dll",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\webappsstore.sqlite",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D3AEF13BE0B76F1272C2F5536D4AF952DE6D2579",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\43CB3924B4D48AD39D6282AE7C1F2C500B3D6732",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-unwanted-simple-1.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-trackwhite-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-malware-proto.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\block-flashsubdoc-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\BA3014356B4F6ECADF1B5288B6841EB407783B99",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\75E50D054B90189E74DAB0C86F5E8680BE580C29",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-downloadwhite-proto.pset",
"C:\\ProgramData\\Duality Software\\DS Clock\\Sounds\\is-VGC0N.tmp",
"C:\\Users\\cuck\\AppData\\LocalLow\\Mozilla\\Temp-{30125161-3c7f-4c5a-bdb3-beadc01f5994}\\*",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\34D9B2F464DD8C129F58DFEE470B079556A7A3F9",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\167493A5CFB1A41265EC1B95DA06580C32BCF814",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\webcompat@mozilla.org.xpi\\install.rdf",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\68B1EB9E09D4BD74CA7A9C1BB118BE821BD39E93",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\DC933A410E769DFD115C892EAF014A6E15ED59CE",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D172C03F361E7325D8F391F992106A828306767D",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\minidumps",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\DS Clock\\DS Clock",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\block-flashsubdoc-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D381FB47D731C2651FB103E2F7BC18AF380F7B1F",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\6C9B846926C287B15F67D64CE91F1CFA7D812660",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\0FEBD8BDBFAC8B82791945DC7E04F675419B2F42",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\block-flash-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-unwanted-proto.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\24AB539CB6640E15DB1604220F3951544785212C",
"C:\\Users\\cuck\\AppData\\LocalLow\\Mozilla\\Temp-{30125161-3c7f-4c5a-bdb3-beadc01f5994}",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\7A140995F2B1632A4366B29F84525E129CE8019A",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-block-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\13AD07F4960A54F2D183ACF9E94C5128138B1927",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\8C98F893C7DC5F2C401AD1482A81572B54197408",
"C:\\cuckoo_1788.ini",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\updates\\0\\update.status",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\permissions.sqlite-wal",
"C:\\Users",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\FE9B4B8E239A016792D26E2E2AB299E00D2EC8CA",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\DS Clock\\DS Clock Help",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\10822A86FA4EA4E601152426CBC79395A1336DF4",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D6BFEAEE7117A9C7FDE6A10EAB400F894E4195A8",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\481A82674A6B66F0DE510C9A714F8CD8C49CECDC",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Extensions\\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\InstallTime20180605171542",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\B3F357E619352C003E94A8CF5A48F89305F38330",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\favicons.sqlite-shm",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D56D07CBF04B0388B53B943F61C75FC6620FA0A9",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\scriptCache-child.bin",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\1657114595AmcateirvtiSty.files\\journals",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\796EA7DED8F33BFD4F2F0CD98C76865D063E1FE1",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\mozstd-trackwhite-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D8779A474EF9F188508C00F92B9CE49A7892A0AD",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\allow-flashallow-digest256.sbstore",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\87526A8EBFB030E474085D20EF15DC8C63814072",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage.sqlite-journal",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\except-flashsubdoc-digest256.pset",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\screenshots@mozilla.org.xpi",
"C:\\Windows\\System32",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\0EDDF8C091E2FED62E44BEDDDC1723F5BF38FE4F",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\is-FCNCD.tmp",
"C:\\Program Files (x86)\\DS Clock\\is-T8B1Q.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\is-6QC0S.tmp\\c377d2bfb91b3167f78e37ed202a391e174323b2399b75fac291322d3865c60a.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-track-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\except-flash-digest256.sbstore",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\DS Clock\\Uninstall DS Clock.lnk",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\session-state.json",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-track-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\except-flashallow-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Programs",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\profiles.ini",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\3105ECE5A1F29E3F4D2F5EDF3C6DC5FE4443FD4A",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-harmful-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\93B95B92B63A5C2327A8048A4BF57824C56B8CF1",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\index.log",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-track-simple.pset",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\DS Clock",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\9B1007AC2F741C4FD7099C41A741D0FD35957BB8",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\block-flashsubdoc-digest256.pset",
"C:\\Program Files (x86)\\Mozilla Firefox\\distribution\\extensions",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\places.sqlite-wal",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\120B4106EC203FC932984367D86BBE11C2B9B93C",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\except-flashallow-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\196BCA845E91608F7B4CA6127A60D20AF55413AC",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\chrome\\icons\\default\\main-window.ico",
"C:\\Users\\cuck\\AppData\\Local\\Temp",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\E59C4C731883450D84A0BAE7FDD94546BBC8DE04",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cookies.sqlite-shm",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\chrome\\*",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\activity-stream@mozilla.org.xpi\\manifest.json",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-unwanted-simple.pset",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Extensions",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\.startup-incomplete",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-trackwhite-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\pluginreg.dat",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\screenshots@mozilla.org.xpi\\install.rdf",
"C:\\cuckoo_2572.ini",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\8366CD083751DA973B30F80B11D910A45A6D920D",
"C:\\Program Files (x86)\\DS Clock\\is-GHV9C.tmp",
"C:\\Windows\\SysWOW64\\ieframe.dll",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\webcompat@mozilla.org.xpi",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\6509930F4539DB79DA356F2C5D01976D46756302",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\8322BC5E83D3D80175E749D29197F9800286F253",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\2732BCC97E7EB9EC9DE3E8EA8F56D7971CBDCD22",
"C:\\Program Files (x86)\\DS Clock\\dsclock.exe",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\except-flash-digest256.pset",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-badbinurl-proto.metadata",
"C:\\Users\\cuck\\AppData\\Roaming\\Duality Software\\DS Clock",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\base-track-digest256.pset",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\aborted-session-ping",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\E910D1FCE8BF27F5536B88567A4DC32624377CC3",
"C:\\ProgramData\\Duality Software\\DS Clock\\Sounds",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\B2D65EE14ED1EB19E1A3B4C871D8C24A13F52918",
"C:\\Users\\cuck\\AppData\\Roaming\\Duality Software\\DS Clock\\dsclocklog.txt",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\SystemExtensionsDev\\*",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\followonsearch@mozilla.com.xpi\\install.rdf",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\chrome\\icons\\default\\default.ico",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\firefox@getpocket.com.xpi",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\7A8D3A9360CC37F0AD80962D4AEA72B6D0F0B2B3",
"C:\\Users\\cuck\\AppData\\LocalLow\\Mozilla",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\280DEB31796CE454CD8D9594397E4D89E8E5D64F",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\screenshots@mozilla.org.xpi\\manifest.json",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\formautofill@mozilla.org.xpi\\manifest.json",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\DS Clock\\Uninstall DS Clock",
"C:\\ProgramData\\Duality Software\\DS Clock\\Sounds\\is-3N6F3.tmp",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\chrome",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries",
"C:\\Program Files (x86)\\DS Clock\\unins000.exe",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-trackwhite-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\block-flash-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\AC5E012C1887C7B691A8EA00C4E754025E25C235",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\extensions\\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi\\install.rdf",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-malware-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\index",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\F2BD0701B9399ABF52C338C39C42391FD12832D2",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\01B2BB0FC84221A3593CA7991D57E56AC2CAE656",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\F10983A15DD515D828BE4E816299B9E87852132A",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\EFE71EF03AD3DD79AAEBAA0A3F9596521CBA2FFE",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\persdict.dat",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-unwanted-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\5E4954707B44E5A4B4ACF5F22B52219A1DCA477F",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\71E6B979E60B9BE891481CC4F4A274E2DECFFCD7",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\EA9C51236A8D1BE9B123FE65F49772A97F2EAAEC",
"C:\\ProgramData\\Duality Software\\DS Clock\\dsetime.log",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\EFC872FB5405AFC377348FFCDD26E62BBB612D81",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\defaults\\preferences",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\permissions.sqlite-journal",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4DE8480C465A21C0F01AA2B6F4E13E551F78BBB1",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\AFE5FBBD40656A0DF79CF1E5D0A1DF072C6B9AE9",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\8763F97414AC5D93807FCCBC67DBAAAEE2972A52",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\F6C3C960F259CC3B54FF1DAD70E2F2E9E5020CA6",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\505DF13F4DA2C53FEB1945E0598B23F47FDBDCC7",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\F85DD1E57E8C61DF501ABFFCE74943A8035E83A6",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\E9B5F1423155DB2E35FD739FC2008DB01C93DE1E",
"C:\\Program Files (x86)\\DS Clock\\is-RSUF6.tmp",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\permissions.sqlite",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4AFCE23AA61A96885DF21D2DE2FFB502C41EBD3C",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\omni.ja",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\2918063365piupsah.files\\journals",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\006309EAFFD4653F45B69F09BF6F930B6C5B394C",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\ED89A8241905354BB4530DC06257CEF53C1580A2",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\639DC9A240AA5E77CE1A930EDDD634BE796CBFA8",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\0CDAD0FEE8D457A239E21FCEAC3C12851FD524BB",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\extensions.json",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-harmful-simple-1.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\911B0C61350C012E383F7D0845A33B4D64F1AD2A",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\2918063365piupsah.sqlite",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-unwanted-proto.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-unwanted-proto.metadata",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\E600EF8778C4BFEC40D87FF56E5C46E3377094F0",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\DS Clock\\DS Clock Help.lnk",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\16114BA75206B6FA4C51ADC8A73DB4C6635F6AF9",
"C:\\Program Files (x86)\\Mozilla Firefox",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\2F0CC71C57B06F9DEA5A4A190CC4CF489D97C1F4",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\mozstd-trackwhite-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Roaming\\Duality Software\\DS Clock\\synclog.txt",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\9B10ECC55593004CB6F9763CF9201C09433055FD",
"C:\\Program Files (x86)\\DS Clock\\is-I9HQT.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\79AEB0050B19F23A061AD4C2045261954485EF33",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\88A3A91F296EB21A832CB76FA4FDB06CCDE147B9",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\key4.db-journal",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\5014D54D3346C39B07AF70090657B2AD092771C7",
"C:\\Users\\cuck\\Desktop",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\6D0B804EDDF9F0A04ED44C3E1673404FC2EF042D",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\25FCAA86CF448D2943B56A5788C3C21E5EA8DBC4",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\places.sqlite",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-unwanted-proto.metadata",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage.sqlite",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\BB03D28C0A5842A9006EBFBFCDEC58959BE6B505",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\activity-stream@mozilla.org.xpi",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\53B7A8254D12E292946E4514B3D598C1E6539AE8",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\doomed",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\archived\\2018-06",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\70F12FE0F788181112B9AEE541D1E9E7E0FAEDE3",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\formautofill@mozilla.org.xpi",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\block-flashsubdoc-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-phish-proto.metadata",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-malware-proto.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\723D2D7D52AD8AD9A4B8D12D69CBCD97CB4FFC65",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\448A2AB129B26377E2408BBC44A6B4E984B0F25D",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\except-flash-digest256.pset",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\1657114595AmcateirvtiSty.sqlite-wal",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-malware-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\24C085D72E4DC34C183B0875733BBC71612D9696",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\base-track-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\3561288849sdhlie.files\\journals",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\ABA24AAB8A9EA0E34C3E86EFD7EE2992CE614003"
],
"directory_enumerated": [
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\*",
"C:\\Users\\cuck\\AppData\\LocalLow\\Mozilla",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\*",
"C:\\Users\\cuck\\AppData\\LocalLow",
"C:\\Users\\cuck\\AppData",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Extensions\\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\\*",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\extensions\\*",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\archived\\*",
"C:\\Windows\\SysWOW64",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\extensions\\*",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\is-6QC0S.tmp\\c377d2bfb91b3167f78e37ed202a391e174323b2399b75fac291322d3865c60a.tmp",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles",
"C:\\Windows\\SysWOW64\\*.*",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\events\\*",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\saved-telemetry-pings\\*",
"C:\\Program Files (x86)\\Mozilla Firefox\\fonts\\*",
"C:\\Users\\cuck\\AppData\\Roaming",
"C:\\Users",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\archived\\2018-06\\*",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\*",
"C:\\Program Files (x86)\\Mozilla Firefox\\defaults\\pref\\*",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\*",
"C:\\Windows\\SysWOW64\\ieframe.dll",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\*",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\doomed\\*",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Pending Pings\\*",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\is-FCNCD.tmp\\*",
"C:\\Windows",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\*",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\crashes\\events\\*",
"C:\\Users\\cuck",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\*",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\is-FCNCD.tmp\\_isetup\\*",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\bookmarkbackups\\*",
"C:\\Program Files (x86)\\DS Clock\\unins???.*",
"C:\\Program Files (x86)\\Mozilla Firefox\\firefox.exe",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\*",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\*",
"C:\\Program Files (x86)\\Mozilla Firefox\\dictionaries\\*"
]
}Dropped
[
{
"yara": [],
"sha1": "6c6210bc9fc17d562dc534cc86a887b23e562736",
"name": "dcc418a7770384bd_goog-phish-proto.metadata",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-phish-proto.metadata",
"type": "data",
"sha256": "dcc418a7770384bd334020641728a0b3de630b541063318221c9777c408069d2",
"urls": [],
"crc32": "89C3F02D",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2576\/files\/dcc418a7770384bd_goog-phish-proto.metadata",
"ssdeep": null,
"size": 67,
"sha512": "917e795a38debf84a25306122b779ea42429b8db2d8e53cfa0428f368a1ed53b8b0341dd73f2ecb4364efc52418146d53c6be1d9f6d3e7f19fd7eb7b986fa651",
"pids": [],
"md5": "c4665c7a6d597a501392274a599af139"
},
{
"yara": [],
"sha1": "649a598b1f2da0b8cc38b6bb6b617b953c108132",
"name": "20fb9516395f60b2_session-state.json",
"filepath": "c:\\users\\cuck\\appdata\\roaming\\mozilla\\firefox\\profiles\\74r5sasm.default\\datareporting\\session-state.json",
"type": "ASCII text, with no line terminators",
"sha256": "20fb9516395f60b24365a8be749f7559a9f9c7c05a2d91c1276f6f53e2666bad",
"urls": [],
"crc32": "3190EF95",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2576\/files\/20fb9516395f60b2_session-state.json",
"ssdeep": null,
"size": 161,
"sha512": "a3c0369422d5a5d24cedf9aa03b6412ad1d449ea55862c4d8659c0c633bcb9b4e721e3b9cd9dcbdc125e4bdebbdc0425bcdf3c2284dcedd5ba660e64ac62e23a",
"pids": [
264
],
"md5": "6b09133401c7ca69560c0fa73ee4da3c"
},
{
"yara": [],
"sha1": "5c54ad3ff47c6b925e7ac17d361fe0fa60b9181e",
"name": "5525cbf8f8dc41d1_mozplugin-block-digest256.sbstore",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\mozplugin-block-digest256.sbstore",
"type": "data",
"sha256": "5525cbf8f8dc41d19ac632ed324e55293a510ae0eeba16d0e3f33c707aa58a0c",
"urls": [],
"crc32": "96B20E1D",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2576\/files\/5525cbf8f8dc41d1_mozplugin-block-digest256.sbstore",
"ssdeep": null,
"size": 3580,
"sha512": "1f72c01aa332a6e3fc5f966ed2b12534653bcacf2dc242850877961cc4c16ac3bd1846939d56ea6e230a71f336f4b37f67e0070dddb66d57bb51526de52819ca",
"pids": [],
"md5": "d6acf2573e12afdd7939568804d3fcc1"
},
{
"yara": [],
"sha1": "75678ba39c92830497ccb463e4528e64f344fba0",
"name": "9e338170f2e682c8_cuckoo.wav",
"filepath": "c:\\programdata\\duality software\\ds clock\\sounds\\cuckoo.wav",
"type": "RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 11025 Hz",
"sha256": "9e338170f2e682c8e7b848f0f152c56391fbb3b062e2b9fb4e06dcbc3c4066f8",
"urls": [],
"crc32": "73465D83",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2576\/files\/9e338170f2e682c8_cuckoo.wav",
"ssdeep": null,
"size": 10300,
"sha512": "8963ee251ec616c3a451ece5dbdca0d5dde9552ba0d1eddaf92f4383299995413afd1a3fe6c59e2ae765a3c0e5e3106420bb48011ced05e2de47fdabb3314ee1",
"pids": [
2828
],
"md5": "e99a9a2862dc1cbf07f4acaa64868d5d"
},
{
"yara": [],
"sha1": "6fcab0c408a8b88b4cbf9cb1818831d498a45967",
"name": "edcfcac906d7124a_xulstore.json",
"filepath": "C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\xulstore.json",
"type": "ASCII text, with no line terminators",
"sha256": "edcfcac906d7124a328886aa1aa94be512206cfe899d8c79d5a096a3992cebb3",
"urls": [],
"crc32": "B8524E16",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2576\/files\/edcfcac906d7124a_xulstore.json",
"ssdeep": null,
"size": 214,
"sha512": "b90b6d11c28a18f7dd4f1a77208b5e9271d5cb9616515a4b2719a0904d5e45c60621310398139c9059f87409761f6a6bec2f67300be888220a3de3a5b2ada22b",
"pids": [],
"md5": "d75474380a8808b0b81e58cf63708eb2"
},
{
"yara": [],
"sha1": "8711844a41a4ace77ba0a01a4d3af2b2e59e6a75",
"name": "23d108134bed6099_test-malware-simple.sbstore",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-malware-simple.sbstore",
"type": "data",
"sha256": "23d108134bed6099793f7dd6b8b6e62081ec3b945efdbc7c5e0e779fd9b82f98",
"urls": [],
"crc32": "CAE3DB42",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2576\/files\/23d108134bed6099_test-malware-simple.sbstore",
"ssdeep": null,
"size": 232,
"sha512": "9344ca1456e1e74a4dac833e0af55db9730f8ab2954a855b4a775a938b2055c86eff367f25bae80f2ffea45acebade10a8347add18222e715620dd864f2d8e4f",
"pids": [
264
],
"md5": "3675254e341df799d4307c1f59109185"
},
{
"yara": [],
"sha1": "cecdd4c4dcae10c2ffc8eb938121b6231de48cd3",
"name": "078648c042b9b084_store.json.mozlz4",
"filepath": "c:\\users\\cuck\\appdata\\roaming\\mozilla\\firefox\\profiles\\74r5sasm.default\\crashes\\store.json.mozlz4",
"type": "data",
"sha256": "078648c042b9b08483ce246b7f01371072541a2e90d1beb0c8009a6118cbd965",
"urls": [],
"crc32": "A332ED7E",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2576\/files\/078648c042b9b084_store.json.mozlz4",
"ssdeep": null,
"size": 66,
"sha512": "d950227ac83f4e8246d73f9f35c19e88ce65d0ca5f1ef8ccbb02ed6efc66b1b7e683e2ba0200279d7ca4b49831fd8c3ceb0584265b10accff2611ec1ca8c0c6c",
"pids": [
264
],
"md5": "a6338865eb252d0ef8fcf11fa9af3f0d"
},
{
"yara": [],
"sha1": "8b8a132ffac6847ee62c1f5cdb4ac1b01086a7d3",
"name": "e10a6794978e417d_session-state.json",
"filepath": "C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\session-state.json",
"type": "ASCII text, with no line terminators",
"sha256": "e10a6794978e417d8450cf2fe7f95a9c644f4c7ff75c8f31f6a704e6622029df",
"urls": [],
"crc32": "D50BA0C3",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2576\/files\/e10a6794978e417d_session-state.json",
"ssdeep": null,
"size": 161,
"sha512": "7524bf8eaa58bbcb74e2df47a91064ec44a5f0d421476fb8d251bd30fad79bff77b32be56fa940f84522a6cb3201ab3df031beffafd3ad59048e620dce525880",
"pids": [],
"md5": "1f6cbe9d2ac01eaf6bd263b1e8a16d15"
},
{
"yara": [],
"sha1": "293adb43c6d4a38abd63299e858db6792c56f5ee",
"name": "1794570a20769b63_dscsfw.dll",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\is-FCNCD.tmp\\dscsfw.dll",
"type": "PE32 executable (DLL) (GUI) Intel 80386, for MS Windows",
"sha256": "1794570a20769b63552a90951d63d0335a16f1898705134b8375ead264060790",
"urls": [],
"crc32": "35D367D1",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2576\/files\/1794570a20769b63_dscsfw.dll",
"ssdeep": null,
"size": 291840,
"sha512": "3b44afe21a779d5d385ee591584dd1fc25cb44ce83611a9d7bae63b4c712da402d1eea2c402f5055689aa229c71e0db4bcab0bc7740e220fab72b8192b46075c",
"pids": [
2828
],
"md5": "e124c57ef16bcd2f5c8db5c991881a2e"
},
{
"yara": [],
"sha1": "fc2acf66748d1e7138ce85d01b30f5e6020560c9",
"name": "a13174f20dde2249_addons.json",
"filepath": "C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\addons.json",
"type": "ASCII text, with no line terminators",
"sha256": "a13174f20dde2249a49853d6eae20f07ffc4ddf1e3007ab3e4911e511ecffc1c",
"urls": [],
"crc32": "92029A63",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2576\/files\/a13174f20dde2249_addons.json",
"ssdeep": null,
"size": 45,
"sha512": "8ad0afcaf6604f5524a63af94472137549df1ad01a448b46459c754e9059ba5d253218b4a3f17ebe290934662559bc261133824a17830e38daae3a52aa720e02",
"pids": [],
"md5": "55b5026150dc3a60d07b8bea2ae0f983"
},
{
"yara": [],
"sha1": "1d2777d210ab9d326ae0ca34ead9f13419634e31",
"name": "7bd00753013f354a_cookies.sqlite-wal",
"filepath": "C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cookies.sqlite-wal",
"type": "SQLite Write-Ahead Log, version 3007000",
"sha256": "7bd00753013f354ae989803fcdf7a93f34052e053285d0a399cd6fdea01efec5",
"urls": [],
"crc32": "7AA68D54",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2576\/files\/7bd00753013f354a_cookies.sqlite-wal",
"ssdeep": null,
"size": 32824,
"sha512": "f4c7687ffbabb4e5bc3bc690c52d703f18a8e26691ca31621037c4743ea0f3f04ba35df0f2477027974d9f6ff9b1e1cc82f9f6498245d7e2136e79de15805c03",
"pids": [
264
],
"md5": "e554c9b45a4ab91636e810d7adf8bec0"
},
{
"yara": [],
"sha1": "10c66032c5acac22d70670b9302437141e6371ef",
"name": "1e13d05d482c3d53_test-phish-simple.sbstore",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-phish-simple.sbstore",
"type": "data",
"sha256": "1e13d05d482c3d533dc6035af2b2d6e84749412a5748d1435b70cec8b312340b",
"urls": [],
"crc32": "D5EBE34A",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2576\/files\/1e13d05d482c3d53_test-phish-simple.sbstore",
"ssdeep": null,
"size": 232,
"sha512": "ae2f35c0549c26251053689c90ce831f0c5742d6f7c1dc13482560b02fb4a6029f107e472fcb26bf41b4e89e47559490f5da049d5b51864a3c4c2c2ae3f588c2",
"pids": [
264
],
"md5": "3d1ce5e50208f0cb3b979186043a548f"
},
{
"yara": [
{
"meta": {
"description": "Possibly employs anti-virtualization techniques",
"author": "nex"
},
"name": "vmdetect",
"offsets": {
"virtualbox8": [
[
7271,
0
]
]
},
"strings": [
"VkJPWCBIQVJERElTSw=="
]
}
],
"sha1": "40a3711f4efe6c8508a5c6639becc164dafcde5d",
"name": "c051dc0c554da7fc_1529094127660.769b1bb0-a4dd-45df-94dc-162afa98b7dc.first-shutdown.jsonlz4",
"filepath": "C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\archived\\2018-06\\1529094127660.769b1bb0-a4dd-45df-94dc-162afa98b7dc.first-shutdown.jsonlz4",
"type": "data",
"sha256": "c051dc0c554da7fc37a6cae1c8237edede90b9b9347364abc8f3ae938224a56f",
"urls": [
"https:\/\/hg."
],
"crc32": "46832564",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2576\/files\/c051dc0c554da7fc_1529094127660.769b1bb0-a4dd-45df-94dc-162afa98b7dc.first-shutdown.jsonlz4",
"ssdeep": null,
"size": 9016,
"sha512": "5a775191306d23f388d29074eaa7ac41bea79fbc638b5a8f600e913d498fcde30cb5611096b8d048a0d7bec04c735bc2d2714342e32f3e9afab213d82c8dc80d",
"pids": [],
"md5": "eab01f3f3320def39de31945729d6e73"
},
{
"yara": [],
"sha1": "b7f2aded7b10faab88e80d5ddebbd37e4904b81d",
"name": "b17837170f354688_setup log 2019-09-16 #001.txt",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\Setup Log 2019-09-16 #001.txt",
"type": "UTF-8 Unicode (with BOM) text, with CRLF line terminators",
"sha256": "b17837170f35468852d179feebb04169d532f9e5458c6b2c18443cd616342a4e",
"urls": [],
"crc32": "85D451E0",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2576\/files\/b17837170f354688_setup log 2019-09-16 #001.txt",
"ssdeep": null,
"size": 11382,
"sha512": "e2eedf525dbbb9177709868b7535abda909bebcf7aa41127c9e0acfb301d538848301ed105b47649e8d4981fd4cc77fc93f87c0b8a45ef22d21918f54052adda",
"pids": [
2828
],
"md5": "ee62a15ff7d19bf2faef711139436634"
},
{
"yara": [],
"sha1": "b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a",
"name": "792955295ae9c382_sessionCheckpoints.json",
"filepath": "C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\sessionCheckpoints.json",
"type": "ASCII text, with no line terminators",
"sha256": "792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da",
"urls": [],
"crc32": "697BBACB",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2576\/files\/792955295ae9c382_sessionCheckpoints.json",
"ssdeep": null,
"size": 53,
"sha512": "076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19",
"pids": [
264
],
"md5": "ea8b62857dfdbd3d0be7d7e4a954ec9a"
},
{
"yara": [],
"sha1": "5f5af8dbe9d155258b9316776e2da0dc75d70b5e",
"name": "fad7d6a0c8482ab7_dsound.dll",
"filepath": "c:\\program files (x86)\\ds clock\\dsound.dll",
"type": "PE32 executable (DLL) (console) Intel 80386, for MS Windows",
"sha256": "fad7d6a0c8482ab7220a794597dd6dd21373511c752cc35fa2fca39f6e5e2227",
"urls": [],
"crc32": "AFBE8D95",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2576\/files\/fad7d6a0c8482ab7_dsound.dll",
"ssdeep": null,
"size": 1184256,
"sha512": "ca662c5149fe924a6f95d23186605f4f986a96c6d0cae16a953c9bcfbac1169fc035bb294f4eeb9cbcab27850a25da940ec2d7ff6cfe60c00894cb916b0813de",
"pids": [
2828
],
"md5": "835d486bc45a59536b4772fd637102f7"
},
{
"yara": [],
"sha1": "e41ead27dc1d48ae1b8381c842804978e1570dab",
"name": "ce6daf69c1a18785_dsclock.exe",
"filepath": "c:\\program files (x86)\\ds clock\\dsclock.exe",
"type": "PE32 executable (GUI) Intel 80386, for MS Windows",
"sha256": "ce6daf69c1a1878587eae99b703c910562e67e521ab81c6d4595273f84ec9197",
"urls": [
"http:\/\/crl3.digicert.com\/DigiCertAssuredIDRootCA.crl0:",
"http:\/\/ocsp.digicert.com0C",
"http:\/\/ocsp.digicert.com0A",
"http:\/\/crl4.digicert.com\/DigiCertAssuredIDRootCA.crl0",
"http:\/\/ocsp.digicert.com0N",
"http:\/\/cacerts.digicert.com\/DigiCertAssuredIDCA-1.crt0",
"http:\/\/crl4.digicert.com\/DigiCertAssuredIDRootCA.crl0:",
"http:\/\/crl4.digicert.com\/DigiCertAssuredIDCA-1.crl0w",
"http:\/\/crl3.digicert.com\/sha2-assured-cs-g1.crl05",
"http:\/\/crl3.digicert.com\/DigiCertAssuredIDRootCA.crl0O",
"http:\/\/cacerts.digicert.com\/DigiCertAssuredIDRootCA.crt0",
"http:\/\/crl4.digicert.com\/sha2-assured-cs-g1.crl0L",
"http:\/\/cacerts.digicert.com\/DigiCertSHA2AssuredIDCodeSigningCA.crt0",
"https:\/\/www.digicert.com\/CPS0",
"http:\/\/www.digicert.com\/ssl-cps-repository.htm0",
"http:\/\/crl3.digicert.com\/DigiCertAssuredIDCA-1.crl08"
],
"crc32": "F0D7F443",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2576\/files\/ce6daf69c1a18785_dsclock.exe",
"ssdeep": null,
"size": 1381904,
"sha512": "10f8a324f4360fd5f0afc67364e0bfc96c7c62bfbc209c123c6435921ab5e4bd2327b01807b97b488d1b9e6df01d55b9932ea863e8c5f6f52017872040fefc04",
"pids": [
2828
],
"md5": "087f62f346f6c63f3e6855f72928c3f7"
},
{
"yara": [],
"sha1": "aa7e894e0d7f456d46c587abc68e0be1c420d466",
"name": "0cc658e68e938b49_dsetime.exe",
"filepath": "c:\\program files (x86)\\ds clock\\dsetime.exe",
"type": "PE32 executable (GUI) Intel 80386, for MS Windows",
"sha256": "0cc658e68e938b49450e9b8154c81508bb3bb8c311fd0b73562f14c76f126559",
"urls": [],
"crc32": "8AC9998D",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2576\/files\/0cc658e68e938b49_dsetime.exe",
"ssdeep": null,
"size": 81408,
"sha512": "76e092ca33b31f1aff79c41a62a22ba5c0f80b1ab68469172f714b324cfd123ae0613bf77b8c9ec9ce7e84b3da29ebf4d6ec48e3c5d35e2262b4c4e6dac2a371",
"pids": [
2828
],
"md5": "944e0640779856ca363e7c0d1ce15a41"
},
{
"yara": [],
"sha1": "e7a787ff14c3d7e784fb6a6ae7adb92c14ebf998",
"name": "d2bd28c6219fb66f_timesvrs.dat",
"filepath": "c:\\program files (x86)\\ds clock\\timesvrs.dat",
"type": "ASCII text, with CRLF line terminators",
"sha256": "d2bd28c6219fb66f624bfee0c621e7ea5dfdf3a98bf985049ffd4a7cecb3c9c6",
"urls": [],
"crc32": "1235B42D",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2576\/files\/d2bd28c6219fb66f_timesvrs.dat",
"ssdeep": null,
"size": 3331,
"sha512": "6a88f499ac7986f6c334f8f3ed1c8d9b1071acafef4c31b52896d522e68a4a02f9a2e12922af43b7216730f87e898eb1d547e0bd648c6e48d5d66cf10c337c3f",
"pids": [
2828
],
"md5": "3669083b53f807d73a5e7e32def3962b"
},
{
"yara": [],
"sha1": "a30d26cee0f69fa67bf9e60ba692f4831373cc07",
"name": "0806d98fb3de55f7_test-harmful-simple.sbstore",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-harmful-simple.sbstore",
"type": "data",
"sha256": "0806d98fb3de55f75d7c0b17e26146567e08c483031526659a4a35d09b97ef19",
"urls": [],
"crc32": "B9D2E9EA",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2576\/files\/0806d98fb3de55f7_test-harmful-simple.sbstore",
"ssdeep": null,
"size": 232,
"sha512": "add2d3c503616070f056ea4e3a64fb54a2d8e75af8fd5d9f1f8ee6b72a1d548fd4ab7d4a3256e4a6f4e1422631439db62b251ee3f9d07b38a612aff5e58936d5",
"pids": [
264
],
"md5": "051fb32dece757ba112ac36dc72e3a91"
},
{
"yara": [],
"sha1": "59b4479e46eebc984f6398facb41eb897625bd7b",
"name": "c81313eb3febff81_goog-unwanted-proto.metadata",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-unwanted-proto.metadata",
"type": "data",
"sha256": "c81313eb3febff8104f05785a1f00b0f3863d7145c7938abd7c1f77b46ff0d7c",
"urls": [],
"crc32": "5D853F5E",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2576\/files\/c81313eb3febff81_goog-unwanted-proto.metadata",
"ssdeep": null,
"size": 67,
"sha512": "de7f5780309d61d156c849b9821324880925d0bc02f94eabe037e53f457c0c2b60af31e4cbd0df6762fb5d6cfa977de4fb602a74f2bd4a5a744f7c531709e283",
"pids": [],
"md5": "b7d48a5d1458c835a2c6fb8961d165d1"
},
{
"yara": [],
"sha1": "1ef2dd86548273185857fd9728d469a935f53081",
"name": "823afcd9e9333c90_dsclock.chm",
"filepath": "c:\\program files (x86)\\ds clock\\dsclock.chm",
"type": "MS Windows HtmlHelp Data",
"sha256": "823afcd9e9333c90c880c0b009f8f01e233ddb7d57697c0b8dc07f9ce15eca5d",
"urls": [],
"crc32": "815A8D0D",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2576\/files\/823afcd9e9333c90_dsclock.chm",
"ssdeep": null,
"size": 106066,
"sha512": "fc749d696dae324d05b184d317f2816782e26f76ab31ae25f06b4374906753c976fc668cf84a022d52852432576b69c64109b8d6219974c16b6621440e92f361",
"pids": [
2828
],
"md5": "21fb7b62d61dcff07563387dcd8db227"
},
{
"yara": [
{
"meta": {
"description": "Possibly employs anti-virtualization techniques",
"author": "nex"
},
"name": "vmdetect",
"offsets": {
"virtualbox8": [
[
929,
0
]
]
},
"strings": [
"VkJPWCBIQVJERElTSw=="
]
}
],
"sha1": "ce3fe1e80840165befc660fb4bba1c198946799f",
"name": "022799133a65ecd8_1529094127628.b6c0f8ae-6867-461f-8b4e-0e5ad121f572.new-profile.jsonlz4",
"filepath": "C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\archived\\2018-06\\1529094127628.b6c0f8ae-6867-461f-8b4e-0e5ad121f572.new-profile.jsonlz4",
"type": "data",
"sha256": "022799133a65ecd86de230909d6341781fad6a843e19c236be5a27773945dc00",
"urls": [
"https:\/\/www."
],
"crc32": "C1DAD3BA",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2576\/files\/022799133a65ecd8_1529094127628.b6c0f8ae-6867-461f-8b4e-0e5ad121f572.new-profile.jsonlz4",
"ssdeep": null,
"size": 2932,
"sha512": "03655abe57aa03d61be0236af8fd0b87525aeff54e8f09afcecd0038ab66159dbe346316fb86576bc46983f8bb48b7c4913ed29e01c2d5f86e8c70d95d90d3d1",
"pids": [],
"md5": "7b9675d3ffb3336853453e069b8cbf54"
},
{
"yara": [],
"sha1": "5942cd6505fc8a9daba403b082067e1cdefdfbc4",
"name": "00ad9799527c3fd2_sessioncheckpoints.json",
"filepath": "c:\\users\\cuck\\appdata\\roaming\\mozilla\\firefox\\profiles\\74r5sasm.default\\sessioncheckpoints.json",
"type": "ASCII text, with no line terminators",
"sha256": "00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2",
"urls": [],
"crc32": "B270EB94",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2576\/files\/00ad9799527c3fd2_sessioncheckpoints.json",
"ssdeep": null,
"size": 90,
"sha512": "71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2",
"pids": [
264
],
"md5": "c4ab2ee59ca41b6d6a6ea911f35bdc00"
},
{
"yara": [],
"sha1": "da39a3ee5e6b4b0d3255bfef95601890afd80709",
"name": "e3b0c44298fc1c14_cookies.sqlite-wal",
"type": "empty",
"sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855",
"urls": [],
"crc32": "00000000",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2576\/files\/e3b0c44298fc1c14_cookies.sqlite-wal",
"ssdeep": null,
"size": 0,
"sha512": "cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e",
"md5": "d41d8cd98f00b204e9800998ecf8427e"
},
{
"yara": [],
"sha1": "7eb1bd8b4fc65b7fa43cafeaef5f7180dcf40300",
"name": "0dae525eb83da957_xulstore.json",
"filepath": "c:\\users\\cuck\\appdata\\roaming\\mozilla\\firefox\\profiles\\74r5sasm.default\\xulstore.json",
"type": "ASCII text, with no line terminators",
"sha256": "0dae525eb83da9573c5e45e6fc33935b558660e0209251c3e08508976cb1d245",
"urls": [],
"crc32": "75342AC6",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2576\/files\/0dae525eb83da957_xulstore.json",
"ssdeep": null,
"size": 185,
"sha512": "e4a9d2e5d51f9f5db337fddcc836dc27ce338e0a2e98c703871635b2250c3822547e0bf335de683b96af8dfbf7f2fdabe1fa7ec44076f41a956d56d7b67645f8",
"pids": [
264
],
"md5": "b82266191585c3f6e488fa2a835b54ce"
},
{
"yara": [],
"sha1": "4188442577fa77f25820d9b2d01cc446e30684ac",
"name": "4cbbd8ca5215b8d1_allow-flashallow-digest256.pset",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\allow-flashallow-digest256.pset",
"type": "data",
"sha256": "4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0",
"urls": [],
"crc32": "42D3DAC4",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2576\/files\/4cbbd8ca5215b8d1_allow-flashallow-digest256.pset",
"ssdeep": null,
"size": 16,
"sha512": "6fcee9a7b7a7b821d241c03c82377928bc6882e7a08c78a4221199bfa220cdc55212273018ee613317c8293bb8d1ce08d1e017508e94e06ab85a734c99c7cc34",
"pids": [],
"md5": "076933ff9904d1110d896e2c525e39e5"
},
{
"yara": [
{
"meta": {
"description": "(no description)"
},
"name": "LnkHeader",
"offsets": {
"guid": [
[
4,
0
]
],
"signature": [
[
0,
1
]
]
},
"strings": [
"ARQCAAAAAADAAAAAAAAARg==",
"TAAAAA=="
]
}
],
"sha1": "0ed51b46bb4f06be29f6dad07fe92317b9828c19",
"name": "03ede2297097c318_ds clock help.lnk",
"filepath": "C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\DS Clock\\DS Clock Help.lnk",
"type": "MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Mon Sep 16 21:53:20 2019, mtime=Mon Sep 16 21:53:20 2019, atime=Fri Aug 24 22:44:28 2018, length=106066, window=hide",
"sha256": "03ede2297097c31813577c6a7f877bc3d41c826b944f25e11972854f518aa366",
"urls": [],
"crc32": "F529F446",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2576\/files\/03ede2297097c318_ds clock help.lnk",
"ssdeep": null,
"size": 1018,
"sha512": "78657b65664328be7991aaa563e66bf633516b49a0746f272bebf18a765afc871e8f92eaf52ef2030776431196d0ceb2f49de9453deb23420f08be8bc487f4dc",
"pids": [
2828
],
"md5": "d4be31a4a3e56e53459f9de406d44bcf"
},
{
"yara": [],
"sha1": "773893b58cf0effefc722512caec0aecc2381d2c",
"name": "4a90fe1741cf029d_chimes.wav",
"filepath": "c:\\programdata\\duality software\\ds clock\\sounds\\chimes.wav",
"type": "RIFF (little-endian) data, WAVE audio, Microsoft PCM, 8 bit, mono 11127 Hz",
"sha256": "4a90fe1741cf029d72b1149b406227369b405fb872c2838d71a5f689801d5927",
"urls": [],
"crc32": "3AF6700B",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2576\/files\/4a90fe1741cf029d_chimes.wav",
"ssdeep": null,
"size": 18160,
"sha512": "2ad3dd21174c52fddaa0c214a3bf949b4b7e84293ac34ada3d8cdb860c5357930f99016151a29c936a818bd5f53b8114f9fb976ad84b8351f7ada3b058d84d44",
"pids": [
2828
],
"md5": "2920f477c1f08ae7a6dcec5829f6bc65"
},
{
"yara": [],
"sha1": "608eeb7488042453c9ca40f7e1398fc1a270f3f4",
"name": "fd4c9fda9cd3f9ae_cookies.sqlite-shm",
"filepath": "C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cookies.sqlite-shm",
"type": "data",
"sha256": "fd4c9fda9cd3f9ae7c962b0ddf37232294d55580e1aa165aa06129b8549389eb",
"urls": [],
"crc32": "DDC506B6",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2576\/files\/fd4c9fda9cd3f9ae_cookies.sqlite-shm",
"ssdeep": null,
"size": 32768,
"sha512": "d8d75760f29b1e27ac9430bc4f4ffcec39f1590be5aef2bfb5a535850302e067c288ef59cf3b2c5751009a22a6957733f9f80fa18f2b0d33d90c068a3f08f3b0",
"pids": [],
"md5": "b7c14ec6110fa820ca6b65f5aec85911"
},
{
"yara": [],
"sha1": "c2636e8ffa8a5256d7d1f21e147101356e783114",
"name": "b48e58ebab82e4c3_block-flashsubdoc-digest256.sbstore",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\block-flashsubdoc-digest256.sbstore",
"type": "data",
"sha256": "b48e58ebab82e4c376f16150a3fff850c1111ff1f5985d68819cfd6f0db159d2",
"urls": [],
"crc32": "E364BCD6",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2576\/files\/b48e58ebab82e4c3_block-flashsubdoc-digest256.sbstore",
"ssdeep": null,
"size": 82744,
"sha512": "92914b56fb2bdcddcc1bee2bf4dc98420cf0b923d380bb889c8a6ebc333d74ea4ddca915218bea0e729782c4904983424f1de15be7087c5a5338aed7319a03e5",
"pids": [],
"md5": "04824a1f92353f43ebb9e7f74b7476fd"
},
{
"yara": [],
"sha1": "8cfeefd7ce6a2e72b5755802669e5bd3c0985158",
"name": "212966ca109e34a2_scriptcache.bin",
"filepath": "c:\\users\\cuck\\appdata\\local\\mozilla\\firefox\\profiles\\74r5sasm.default\\startupcache\\scriptcache.bin",
"type": "data",
"sha256": "212966ca109e34a2cb5d063d969838b0c751ea993cf06ddbed5f577faa4d41ed",
"urls": [
"https:\/\/bugzilla.mozilla.org\/show_bug.cgi?id=1100294",
"http:\/\/www.mozilla.org\/keymaster\/gatekeeper\/there.is.only.xul",
"https:\/\/bugzilla.mozilla.org\/show_bug.cgi?id=1238180",
"http:\/\/www.mozilla.org\/2006\/browser\/search\/",
"https:\/\/discovery.addons.mozilla.org",
"https:\/\/hg.mozilla.org\/releases\/mozilla-release\/rev\/a0b222c551f586904f51228c49149d9b6b7e2a81",
"https:\/\/bugzilla.mozilla.org\/show_bug.cgi?id=1243643",
"http:\/\/www.mozilla.org\/keymaster\/gatekeeper\/there.is.only.xulY",
"http:\/\/a9.com\/-\/spec\/opensearchdescription\/1.1\/_",
"https:\/\/discovery.addons-dev.allizom.org",
"https:\/\/support.mozilla.org\/kb\/warning-unresponsive-script",
"http:\/\/a9.com\/-\/spec\/opensearch\/1.1\/_",
"http:\/\/www.mozilla.org\/2005\/app-update",
"http:\/\/www.mozilla.org\/newlayout\/xml\/parsererror.xmlc",
"http:\/\/a9.com\/-\/spec\/opensearchdescription\/1.0\/",
"http:\/\/www.mozilla.org\/2006\/addons-blocklist",
"http:\/\/a9.com\/-\/spec\/opensearch\/1.0\/I",
"https:\/\/screenshots.firefox.com\/",
"https:\/\/developer.mozilla.org\/docs\/JavaScript_OS.File",
"https:\/\/discovery.addons.allizom.orgQ",
"http:\/\/www.mozilla.org\/2005\/app-updateW",
"http:\/\/www.openh264.org\/",
"http:\/\/example.com",
"https:\/\/support.mozilla.org\/kb\/reset-firefox-easily-fix-most-problems",
"http:\/\/www.mozilla.org\/keymaster\/gatekeeper\/there.is.only.xul\/",
"https:\/\/support.mozilla.org\/kb\/flash-protected-mode-autodisabled",
"http:\/\/www.mozilla.org\/2006\/addons-blocklisti",
"https:\/\/developer.mozilla.org\/en-US\/docs\/JavaScript_OS.File\/OS.File.Info",
"https:\/\/www.google.com\/policies\/privacy\/3",
"https:\/\/developer.mozilla.org\/en-US\/docs\/XPCOM_Interface_Reference\/nsIBrowserSearchService",
"https:\/\/www.widevine.com\/"
],
"crc32": "0AD60674",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2576\/files\/212966ca109e34a2_scriptcache.bin",
"ssdeep": null,
"size": 5210511,
"sha512": "fef2aff97492af0b4e60cc9920ec61b1e7661f6243ef1492263ff92eb3b646b163d47708741feff8c327ea6859a450afda999643afc1887a329e11e0fe5e6aec",
"pids": [
264
],
"md5": "f51ef7b3aa07d38d75fc923cd2c56736"
},
{
"yara": [],
"sha1": "9d23b452ad0d06c355477cf70e3aa5d0adfe6278",
"name": "4ef1038730ec8bc7_except-flash-digest256.sbstore",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\except-flash-digest256.sbstore",
"type": "data",
"sha256": "4ef1038730ec8bc7206713c29a936768831b922c5e6c83355fd62d7401d8c1dc",
"urls": [],
"crc32": "EF8A630C",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2576\/files\/4ef1038730ec8bc7_except-flash-digest256.sbstore",
"ssdeep": null,
"size": 268,
"sha512": "d06422752562afd1f8b94ff09fc9460be58e07a84fc537fb6b56b1551c37db7e56cb7932cc2d27d2ffe2cbab6ec85bdda6778f2e812e69e5193fcd6bc77066f2",
"pids": [],
"md5": "c921d8e98fa01b4f303481e112202e92"
},
{
"yara": [
{
"meta": {
"description": "Possibly employs anti-virtualization techniques",
"author": "nex"
},
"name": "vmdetect",
"offsets": {
"virtualbox8": [
[
5824,
0
]
]
},
"strings": [
"VkJPWCBIQVJERElTSw=="
]
}
],
"sha1": "c8769e3a071a2622bb4f42375da7f1ce6ba9d74b",
"name": "b545fa48e9979757_1529094538341.9c7aca19-57fd-4e4f-b088-84d9d1e147b1.main.jsonlz4",
"filepath": "C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\archived\\2018-06\\1529094538341.9c7aca19-57fd-4e4f-b088-84d9d1e147b1.main.jsonlz4",
"type": "data",
"sha256": "b545fa48e997975788d5f5d86526369ae42e2d0d2e383007bb1c816fbf6503e8",
"urls": [
"https:\/\/hg.mR8S.org\/"
],
"crc32": "7346FF20",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2576\/files\/b545fa48e9979757_1529094538341.9c7aca19-57fd-4e4f-b088-84d9d1e147b1.main.jsonlz4",
"ssdeep": null,
"size": 7642,
"sha512": "99a972a41de51d0d9c4cc9fa552717c07f7ff37a94b176d08195f1ba04ed39eb952c87c82e944b29e52a71fa0f91778f4b45b381a6be0cb668069b93afcdeb54",
"pids": [],
"md5": "11deec10e4e7bb2db9697555151b1de0"
},
{
"yara": [],
"sha1": "88a555717e8a4a33eccfb7d47a2a4aa31038f9c0",
"name": "2fca1f29b73dd5b4_sessionCheckpoints.json",
"filepath": "C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\sessionCheckpoints.json",
"type": "ASCII text, with no line terminators",
"sha256": "2fca1f29b73dd5b4159fa1eb16e69276482f5224ba7d2219a547039129a51f0e",
"urls": [],
"crc32": "A3E8300B",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2576\/files\/2fca1f29b73dd5b4_sessionCheckpoints.json",
"ssdeep": null,
"size": 288,
"sha512": "17e2f65c33f47c8bb4beca31db2aff3d4bbb6c2d36924057f9f847e207bdcb85ffcbb32c80dd06862ffc9b7f0bd3f5e2e65b48bb1bc3363732751101d5596b1a",
"pids": [],
"md5": "948a7403e323297c6bb8a5c791b42866"
},
{
"yara": [],
"sha1": "c354190bb2b8a00a6051ef2fb86e189ab053fe93",
"name": "f1e07b1d717433f4_test-block-simple.sbstore",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-block-simple.sbstore",
"type": "data",
"sha256": "f1e07b1d717433f47073dc54a7d98e3e87b3d0fa88e53466f93ea544af885d11",
"urls": [],
"crc32": "C3BCA3E0",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2576\/files\/f1e07b1d717433f4_test-block-simple.sbstore",
"ssdeep": null,
"size": 232,
"sha512": "7a585735abfb1292b9fc4709b797f09c6be4dc90a133fbedb14428aae79c6de5faae0b151758a75bf90566c98e5bd2a8201e738f321688180bc5b5814a97bb69",
"pids": [
264
],
"md5": "e2cf527ca7550b7e7bdf7311e483a2c3"
},
{
"yara": [],
"sha1": "0d49003594108518cb460bbf61260e2c524a086e",
"name": "da9cac4b6689dc9a_scriptcache-child.bin",
"filepath": "c:\\users\\cuck\\appdata\\local\\mozilla\\firefox\\profiles\\74r5sasm.default\\startupcache\\scriptcache-child.bin",
"type": "data",
"sha256": "da9cac4b6689dc9a80787e11b5799fce2e537ba28281b37207095fa75a8b0dd6",
"urls": [],
"crc32": "1DE8066C",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2576\/files\/da9cac4b6689dc9a_scriptcache-child.bin",
"ssdeep": null,
"size": 200455,
"sha512": "24d97091c888a83fc2d86097ec3c570ae7b2bff9788767450d693d8bf6d8a88968b04813c28091e365f5ee229e603e74bdc74ab5759fc8cddd93fdc65feec13f",
"pids": [
264
],
"md5": "a942a77b751dc571e830aa20bd5df8c1"
},
{
"yara": [],
"sha1": "08fc50d746b427ac02636a9bd48980ede8503070",
"name": "c803e78541691d66_urlcache.bin",
"filepath": "c:\\users\\cuck\\appdata\\local\\mozilla\\firefox\\profiles\\74r5sasm.default\\startupcache\\urlcache.bin",
"type": "data",
"sha256": "c803e78541691d66e8b759d3220c3201b1b07831e9d2afc8bb50e21da98d65a1",
"urls": [],
"crc32": "9B1CC92C",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2576\/files\/c803e78541691d66_urlcache.bin",
"ssdeep": null,
"size": 3360,
"sha512": "2db3a301b7588cb80c61a4851c65bfc32c18a0948165fdbaca768e78dc077fb3bc7a59eea3212de57fa3c45e5db22d5b6a05697dc6f15f91d326f4943b9b943b",
"pids": [
264
],
"md5": "82b2a124fb31c0fde2aeed5a2c57ad87"
},
{
"yara": [],
"sha1": "59e863e0d2b4e428d8c738d48fa0f6f7bac36849",
"name": "a03c5e2656d2f292_allow-flashallow-digest256.sbstore",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\allow-flashallow-digest256.sbstore",
"type": "data",
"sha256": "a03c5e2656d2f292bf5794c8eeb8d223cd6ba4f4bfb2ed1f325460e879d0bcf7",
"urls": [],
"crc32": "99C6119F",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2576\/files\/a03c5e2656d2f292_allow-flashallow-digest256.sbstore",
"ssdeep": null,
"size": 232,
"sha512": "8b5a117bc33463f181458f0a99c14657b365ce2a7695db346d2d086109176ad019dbd5a5f34f09dc3438e6c89ca93d83875daa6d463eb06d995a2523fe51a5ed",
"pids": [],
"md5": "d886a47c89d9c49c795da345bc236990"
},
{
"yara": [],
"sha1": "17232a4e8125f03ceb8f18f49bc16f2e32079477",
"name": "dc39dbe5d2e1c3cd_goog-badbinurl-proto.metadata",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-badbinurl-proto.metadata",
"type": "data",
"sha256": "dc39dbe5d2e1c3cd7e3f515adf9edfa64c989e34046c11767c9b202b83a7bb29",
"urls": [],
"crc32": "928B241F",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2576\/files\/dc39dbe5d2e1c3cd_goog-badbinurl-proto.metadata",
"ssdeep": null,
"size": 67,
"sha512": "f0151b0c62659aa74080556581e442c72089dd922ab33b8904796ff2a4afce47cbda45b57fcffcffc10bcba11bf25c36777385da835e4fe39df5d578163d6923",
"pids": [],
"md5": "40af141e7ec9ad9fba987072531dc8b9"
},
{
"yara": [],
"sha1": "80f7d95afc0de8c608f672a6837c664ef847bcd5",
"name": "87763df78772f7d7_test-track-simple.sbstore",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-track-simple.sbstore",
"type": "data",
"sha256": "87763df78772f7d750b0fa5a31eec23e931fd3bd1cbb33beddfc61889da36478",
"urls": [],
"crc32": "2A4B9D4F",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2576\/files\/87763df78772f7d7_test-track-simple.sbstore",
"ssdeep": null,
"size": 272,
"sha512": "c6e09c76840ddea559e243e5c13881cfbcdcc7b0c2163461fdcce1f3f5110e2b0bb553de447a4e1e0d5edf516eeee2fad5efc15c398e101ef3c81501e55320af",
"pids": [
264
],
"md5": "95f28ede25c301301f25fbbd9a3c56ec"
},
{
"yara": [],
"sha1": "755ff3a5a8e1955141cf8f45885f86415738c52b",
"name": "00dce01845d833ef_goog-downloadwhite-proto.pset",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-downloadwhite-proto.pset",
"type": "data",
"sha256": "00dce01845d833eff11f38b41499714ee6d3d1b343473c2686dc830cf5297fbe",
"urls": [],
"crc32": "751FD1F8",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2576\/files\/00dce01845d833ef_goog-downloadwhite-proto.pset",
"ssdeep": null,
"size": 15993,
"sha512": "97653f98f1be95fdbbd156676792daa5f2ae3eb1d9cc6248e1c8f6eb1b74a025ce44d8e58a202c549e2e7f9de0ded9881ac17e1b3352dd336db7883b8b2e373e",
"pids": [],
"md5": "16c5aee35e9d1fd0e735cfbef142be20"
},
{
"yara": [],
"sha1": "d1bc28e911bc5fee861381b7e206527bab859db9",
"name": "f8734143174cb20d_dsclocklog.txt",
"filepath": "C:\\Users\\cuck\\AppData\\Roaming\\Duality Software\\DS Clock\\dsclocklog.txt",
"type": "ASCII text, with CRLF line terminators",
"sha256": "f8734143174cb20daa945b700b1bc299a3529aea729543edc553eb1593eb88e1",
"urls": [],
"crc32": "0DD8EB1D",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2576\/files\/f8734143174cb20d_dsclocklog.txt",
"ssdeep": null,
"size": 2925,
"sha512": "14d5ae85d86a10b1e0b2d713c9e510be5625b6fbdda6b5dc2b4f8b3a75c2fed2911fc3870547e56e125e8179fba604def9f4f1fe894768a1d1807cba2ca6115e",
"pids": [
2700
],
"md5": "a9855ff53199eed60e63e4ab2c2e0708"
},
{
"yara": [],
"sha1": "a75a92422818c2aeedd6478031a91352bf9521f5",
"name": "1211db132dc51979_goog-downloadwhite-proto.metadata",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-downloadwhite-proto.metadata",
"type": "data",
"sha256": "1211db132dc519792e8fcd0d7142f04ed1e342133c5bac414efae7a6ccf3d1a3",
"urls": [],
"crc32": "45AB169C",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2576\/files\/1211db132dc51979_goog-downloadwhite-proto.metadata",
"ssdeep": null,
"size": 65,
"sha512": "7283aaa795c081d80c00dadd7331800558352dae07f9c27cc2c89e9540969da2450749726e76f7feb88afc621b240289af91b727ced0b697791fdeadf66357f9",
"pids": [],
"md5": "831cbf3edba160742da613fa2ea71a06"
},
{
"yara": [
{
"meta": {
"description": "(no description)"
},
"name": "LnkHeader",
"offsets": {
"guid": [
[
4,
0
]
],
"signature": [
[
0,
1
]
]
},
"strings": [
"ARQCAAAAAADAAAAAAAAARg==",
"TAAAAA=="
]
}
],
"sha1": "e49f506c4b543d538ca6342cdad9830aae34146c",
"name": "9a9f9e14cb94ce23_uninstall ds clock.lnk",
"filepath": "C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\DS Clock\\Uninstall DS Clock.lnk",
"type": "MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Mon Sep 16 21:53:20 2019, mtime=Mon Sep 16 21:53:20 2019, atime=Mon Sep 16 21:53:09 2019, length=1227792, window=hide",
"sha256": "9a9f9e14cb94ce2341d841ffd0e5c968750e729d22616a5bea27587e41d78127",
"urls": [],
"crc32": "10544378",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2576\/files\/9a9f9e14cb94ce23_uninstall ds clock.lnk",
"ssdeep": null,
"size": 1025,
"sha512": "f6302df703ba16a33bc6346c400ef95ee18b3bda881778bc9aca6ee4eec4089b5e7f3778e5ad4f372d8465823ce05958efe6f23ab1683a91030d2ff03a545d1a",
"pids": [
2828
],
"md5": "9632b400774f7403b4057421704f796e"
},
{
"yara": [
{
"meta": {
"description": "Possibly employs anti-virtualization techniques",
"author": "nex"
},
"name": "vmdetect",
"offsets": {
"virtualbox8": [
[
7369,
0
]
]
},
"strings": [
"VkJPWCBIQVJERElTSw=="
]
}
],
"sha1": "c58dc3bda5804d8a3131ed55cef37d6f55073262",
"name": "350c0125cc0c6c9d_1529094432250.8d1c7fee-79f4-470a-abe5-30f64452b184.main.jsonlz4",
"filepath": "C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\archived\\2018-06\\1529094432250.8d1c7fee-79f4-470a-abe5-30f64452b184.main.jsonlz4",
"type": "data",
"sha256": "350c0125cc0c6c9d32154d48bce17a4f42777d7464b249a21d463a1ba915c0d0",
"urls": [
"https:\/\/hg.m1IS.org\/"
],
"crc32": "9E791777",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2576\/files\/350c0125cc0c6c9d_1529094432250.8d1c7fee-79f4-470a-abe5-30f64452b184.main.jsonlz4",
"ssdeep": null,
"size": 9189,
"sha512": "1f655348df8ace85d011b06e14275e647bfd62b9e27bcffa38aee21c0f98cabcfa20e8af8196158417cc5b60f9e1daa3952e54dc4557bc9e7b45bcbcdbd1e7e4",
"pids": [],
"md5": "e059a50fed105f4dd5bc63c5b7d32f1c"
},
{
"yara": [
{
"meta": {
"description": "(no description)"
},
"name": "LnkHeader",
"offsets": {
"guid": [
[
4,
0
]
],
"signature": [
[
0,
1
]
]
},
"strings": [
"ARQCAAAAAADAAAAAAAAARg==",
"TAAAAA=="
]
}
],
"sha1": "4a427bf643d98c68c246e33d599a3f6cbda02976",
"name": "4b66d25abb165433_ds clock.lnk",
"filepath": "C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\DS Clock\\DS Clock.lnk",
"type": "MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Mon Sep 16 21:53:20 2019, mtime=Mon Sep 16 21:53:20 2019, atime=Tue Apr 2 22:53:06 2019, length=1381904, window=hide",
"sha256": "4b66d25abb165433838fa6212598abdd36700b4b41b9cf2a2ec3b3f2b386ee8f",
"urls": [],
"crc32": "B6B22512",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2576\/files\/4b66d25abb165433_ds clock.lnk",
"ssdeep": null,
"size": 1018,
"sha512": "05dd63a47c8292dfac617254aa1846607f68c139184a62b688cbb7b779a18eef709282e692b36f8e0711c9a9c47c9002c1a87022bed0e1db51ad6afe1da39777",
"pids": [
2828
],
"md5": "dd471e158ecc1656df66fb917970e8a1"
},
{
"yara": [],
"sha1": "7ca1b5994684a7fe37a61bc350a1fa8a89bf91da",
"name": "34395085da32c8b4_test-trackwhite-simple.sbstore",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-trackwhite-simple.sbstore",
"type": "data",
"sha256": "34395085da32c8b4efe9959e3b0d756b43ffed17694d66f39b966cd331bd9a94",
"urls": [],
"crc32": "321EA964",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2576\/files\/34395085da32c8b4_test-trackwhite-simple.sbstore",
"ssdeep": null,
"size": 232,
"sha512": "55b09573c235876d0cb4e6c20070cd1954cf1eb94f513a94985896237a350e48fcd47c88d5ec9632ab9d0aed4a59c250e69f59a59ed88f2a0aeb6734302744a9",
"pids": [
264
],
"md5": "65e942614eee70680464ac4be75019fc"
},
{
"yara": [],
"sha1": "b0f151a5292d4b796668b242bf896fdbb5a24b67",
"name": "042a22b8681d7546_test-unwanted-simple.sbstore",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-unwanted-simple.sbstore",
"type": "data",
"sha256": "042a22b8681d754671d2018ba109b31a53ee3728d48c6379043f8e3394e7fbad",
"urls": [],
"crc32": "7D90B6A7",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2576\/files\/042a22b8681d7546_test-unwanted-simple.sbstore",
"ssdeep": null,
"size": 232,
"sha512": "c09f56e91b41d01375c458a6ccc3fc0cedc18696aec5d7a2520c51905f4d9bc660f3ad28e69d64b3814aeb3279afc686794c986f0fa6212463f3aac850d40019",
"pids": [
264
],
"md5": "a5695cc64d77967232b0c1344c6e72b3"
},
{
"yara": [],
"sha1": "c6e21fbe0de63be2ebb05ab23f33169cbe0a8268",
"name": "ae56eb123bf832d9_d1b90b03f8d7a2ba6ba1e9251f8101decdb2cbec",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D1B90B03F8D7A2BA6BA1E9251F8101DECDB2CBEC",
"type": "data",
"sha256": "ae56eb123bf832d99062c3235fbc59c815c08fe71c8b2f995a01276fc90d613b",
"urls": [
"https:\/\/search.services.mozilla.com\/1\/firefox\/60.0.2\/release\/sv-SE\/SE\/default\/default"
],
"crc32": "D6400E87",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2576\/files\/ae56eb123bf832d9_d1b90b03f8d7a2ba6ba1e9251f8101decdb2cbec",
"ssdeep": null,
"size": 7316,
"sha512": "01ee3d0dc6ee477f8508554d2b51fe662ee2cb0fc372db10bbf49e1479c90ad798ce452ee10d714f9fb62210add855ce15f50cd58ff5687ed735f7c0ef2ef265",
"pids": [
264
],
"md5": "ed5d0c1791fba62e4cdd50c59f5a9d35"
},
{
"yara": [],
"sha1": "65131d440720f555a9ebbf35fee8bfb2de85667c",
"name": "87452a713478e427_1657114595AmcateirvtiSty.sqlite-shm",
"filepath": "C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\1657114595AmcateirvtiSty.sqlite-shm",
"type": "data",
"sha256": "87452a713478e427950897739e6805d2f009c9ddb47e731a8239a254cab718e4",
"urls": [],
"crc32": "FC2DECCA",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2576\/files\/87452a713478e427_1657114595AmcateirvtiSty.sqlite-shm",
"ssdeep": null,
"size": 32768,
"sha512": "2d5aa717c138dcd47ef1ec3b48334fd0ae0345a325c7bbccea9b6787d21f861467304255dba3a7c21e0fe0e1a40e3e231a3098fa2c241a06280b4ebd702f8925",
"pids": [],
"md5": "02d6075fcd27fcab7d69f431923b684a"
},
{
"yara": [],
"sha1": "6b12dea23326c2b1495aa2da7c85af5429001942",
"name": "b9a52db03f6a9bed_prefs.js",
"filepath": "c:\\users\\cuck\\appdata\\roaming\\mozilla\\firefox\\profiles\\74r5sasm.default\\prefs.js",
"type": "ASCII text, with very long lines, with CRLF line terminators",
"sha256": "b9a52db03f6a9bed242a4b0885a096a2391ab188ecd86367b62a47a0681b9ffb",
"urls": [],
"crc32": "E5CE2BA4",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2576\/files\/b9a52db03f6a9bed_prefs.js",
"ssdeep": null,
"size": 7067,
"sha512": "89e46408a23fc5fca9a57b032363cf1ca4767f9f45f7bddc52b9eba299491a0d6d74fa5b3059a35cbb8f44288c3b64a3ea08ca7610c247f07592fd8929613c8d",
"pids": [
264
],
"md5": "d5c7b71045c3be81ef0b5a7433645476"
},
{
"yara": [],
"sha1": "2e54ec7433bf47913212c55180cf9903ddbb9a9a",
"name": "94f503e2263bdd85_libcurl.dll",
"filepath": "c:\\program files (x86)\\ds clock\\libcurl.dll",
"type": "PE32 executable (DLL) (GUI) Intel 80386, for MS Windows",
"sha256": "94f503e2263bdd852a6a88ade9fb4b006312760d9a7bddb69f9b2692313082d5",
"urls": [
"https:\/\/curl.haxx.se\/docs\/http-cookies.html"
],
"crc32": "C0942259",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2576\/files\/94f503e2263bdd85_libcurl.dll",
"ssdeep": null,
"size": 362496,
"sha512": "60e1c7d56132b55ae434875893324f497cbf8c3b84244dec030e8b64ae0ce5e3aa31eb6c4d9255a21f8dda32c8b7b08129677fcafc334c9a5455f5f09fd506e4",
"pids": [
2828
],
"md5": "ff51047587a4f042e074d61d7596d96e"
},
{
"yara": [
{
"meta": {
"description": "Possibly employs anti-virtualization techniques",
"author": "nex"
},
"name": "vmdetect",
"offsets": {
"virtualbox8": [
[
7273,
0
]
]
},
"strings": [
"VkJPWCBIQVJERElTSw=="
]
}
],
"sha1": "b4b9b8ca434f7d51ae9e8aec470a902e417ed78d",
"name": "e69d33b80ec86971_1529094127657.3ee56f54-bdce-46eb-a6d1-98f68cca4570.main.jsonlz4",
"filepath": "C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\archived\\2018-06\\1529094127657.3ee56f54-bdce-46eb-a6d1-98f68cca4570.main.jsonlz4",
"type": "data",
"sha256": "e69d33b80ec86971f1edb06235092908f8dad36054892215b699b63d49d2464a",
"urls": [
"https:\/\/hg."
],
"crc32": "DF4B4513",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2576\/files\/e69d33b80ec86971_1529094127657.3ee56f54-bdce-46eb-a6d1-98f68cca4570.main.jsonlz4",
"ssdeep": null,
"size": 9018,
"sha512": "6f4ee7f535ee5502a7398f3afd855707396c89ed2fc8a72fd00170d4636d728ad02eaace5a911d68bd0d59f9ef538eceeaf8bc3d59ad0adb243fff35dd81a27b",
"pids": [],
"md5": "fb19106d26ec51508211677b194283ab"
},
{
"yara": [],
"sha1": "ab180c81b0a62cd6f72337d2f0e80b26f521073f",
"name": "9331b6f6ca348673_license.txt",
"filepath": "c:\\program files (x86)\\ds clock\\license.txt",
"type": "ISO-8859 text, with very long lines, with CRLF line terminators",
"sha256": "9331b6f6ca34867374908658af4480efdd19b87993dca6b990bb15994a54a1a6",
"urls": [],
"crc32": "996B4E4D",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2576\/files\/9331b6f6ca348673_license.txt",
"ssdeep": null,
"size": 7029,
"sha512": "62c71ae98f844756c62f8bbaaacf024583a13198ae2ea375d6d3ce0deeed7682425c91ac69dc093790e2e00ac73b3ace5563d75a954920ef788f39648622cc50",
"pids": [
2828
],
"md5": "14c7e58291e4468c77fd27807fb293b1"
},
{
"yara": [],
"sha1": "021a3d1192a3c634bcbf7b43b4cec35debb4d710",
"name": "15047d5c4483a57a_unins000.dat",
"filepath": "C:\\Program Files (x86)\\DS Clock\\unins000.dat",
"type": "data",
"sha256": "15047d5c4483a57ac701553e956c4ef2a013f360543c9a20a6890a768f920b53",
"urls": [],
"crc32": "66565FEF",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2576\/files\/15047d5c4483a57a_unins000.dat",
"ssdeep": null,
"size": 11778,
"sha512": "10a16a886c2bbb861c1f7ff5c2f9bd6363a16141fe7014a5d7e95a9eab6321e99a8ad176f3f7722e957080f651b69c5640f0390ca26c62d1a6a74f6028dcde96",
"pids": [
2828
],
"md5": "4b634918e53b5bad456fd99f96a8ad8c"
},
{
"yara": [],
"sha1": "aa253b477ce2bf9d886d07694cd5ddb7c7fe9eec",
"name": "4f36e6be09cd12e8_unins000.msg",
"filepath": "C:\\Program Files (x86)\\DS Clock\\unins000.msg",
"type": "data",
"sha256": "4f36e6be09cd12e825c2a12ab33544744e7256c9094d7149258ea926705e8ffd",
"urls": [],
"crc32": "440D838A",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2576\/files\/4f36e6be09cd12e8_unins000.msg",
"ssdeep": null,
"size": 22709,
"sha512": "c46eb9dd3d03a993fdc4f65ae2751ecfdcb1fb6e1fb69a119105fd40290ce5ec4427b04f813eed47415390689943d05b5432d4571b1aca0ce37ee52391790d18",
"pids": [
2828
],
"md5": "79173da528082489a43f39cf200a7647"
},
{
"yara": [],
"sha1": "f81f7ede77baeb51d397df96e337677e4957db7b",
"name": "576a0d2c3ad8d66b_base-track-digest256.sbstore",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\base-track-digest256.sbstore",
"type": "data",
"sha256": "576a0d2c3ad8d66bb202439b18f9fd563f92d9ddd9582a3c4cce0ecafd4f0908",
"urls": [],
"crc32": "B6F39532",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2576\/files\/576a0d2c3ad8d66b_base-track-digest256.sbstore",
"ssdeep": null,
"size": 64888,
"sha512": "2ae3b849c601b9614fa26c77fd63b9c022a5871e0a4322929dd3589f14f5aa4e4a368c41fc2bf732cd861b1db9542d889172812c2cd2242006562fc24e78f7e7",
"pids": [],
"md5": "cd82f4495eafe523b9b6b938c828611b"
},
{
"yara": [
{
"meta": {
"description": "Possibly employs anti-virtualization techniques",
"author": "nex"
},
"name": "vmdetect",
"offsets": {
"virtualbox8": [
[
15282,
0
],
[
15334,
0
],
[
15386,
0
]
]
},
"strings": [
"VkJPWCBIQVJERElTSw=="
]
}
],
"sha1": "40ef7f1f45f47a82c72bf519707acd9e6cd632f6",
"name": "3b1ac79577d273f7_aborted-session-ping",
"filepath": "c:\\users\\cuck\\appdata\\roaming\\mozilla\\firefox\\profiles\\74r5sasm.default\\datareporting\\aborted-session-ping",
"type": "ASCII text, with very long lines, with no line terminators",
"sha256": "3b1ac79577d273f788b26317460e81cc878b5f49945e5087b9b04e6083f52424",
"urls": [
"https:\/\/www.google.com\/search?q=",
"https:\/\/hg.mozilla.org\/releases\/mozilla-release\/rev\/a0b222c551f586904f51228c49149d9b6b7e2a81"
],
"crc32": "EDADF320",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2576\/files\/3b1ac79577d273f7_aborted-session-ping",
"ssdeep": null,
"size": 20392,
"sha512": "6762a1c9929e9aedddc1e5a862e693f848bfb34d4da49e7d2d036758a0d683f8b9fc4b197f82182636e834028f8af97e35b1738f2efbe0a3744c8f07725b75cb",
"pids": [
264
],
"md5": "612f854cf3e409031b8c66b72f6508f2"
},
{
"yara": [],
"sha1": "624efe55215dd0438b6f74dfde0a04c6419ab431",
"name": "8789357cbd1a0d1e_readme.txt",
"filepath": "c:\\program files (x86)\\ds clock\\readme.txt",
"type": "ISO-8859 text, with CRLF line terminators",
"sha256": "8789357cbd1a0d1e4640de5736e34a5ebb7b0cd4946dccfb160521b2865067a1",
"urls": [
"http:\/\/www.dualitysoft.com\/support.html"
],
"crc32": "AC8206C0",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2576\/files\/8789357cbd1a0d1e_readme.txt",
"ssdeep": null,
"size": 3430,
"sha512": "98c0435ea9c5017759ad0cf87c1811ae866442bce48e8efc8073eb2de3531991909bb86a80b8e47381bb13cc978b16bd3f2d360619cd341aeb49ebcc3db6165f",
"pids": [
2828
],
"md5": "bc3c157b86bda49009e3e55b96cacb8f"
},
{
"yara": [],
"sha1": "6bc966fcd804b7bfa66e5981a7b5cae051619489",
"name": "e082e9f4c1033a3a_goog-malware-proto.pset",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-malware-proto.pset",
"type": "data",
"sha256": "e082e9f4c1033a3af4564416904e244d4892f53d05ade940f091ed50a3dcb236",
"urls": [],
"crc32": "B62CA6D9",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2576\/files\/e082e9f4c1033a3a_goog-malware-proto.pset",
"ssdeep": null,
"size": 647406,
"sha512": "5cfaa13c4c3295c99f5d940b87432182559bc0dcf8cfd9fee960904e9beec75338215929c17ccac0f7efb90a8de265046018f7a51b90cec680989e9e08a0d2d6",
"pids": [],
"md5": "90e45e83128819fa0f3306e6d691702b"
},
{
"yara": [],
"sha1": "afa2d2eeea0e26a4f5efef68f0adac65e62b0d82",
"name": "7460518255f4c024_dbghelp.dll",
"filepath": "c:\\program files (x86)\\ds clock\\dbghelp.dll",
"type": "PE32 executable (DLL) (console) Intel 80386, for MS Windows",
"sha256": "7460518255f4c024b81f171ef7f5c0671b0a2b1d64f509cac848c6c8da7ba241",
"urls": [
"http:\/\/www.microsoft.com\/pki\/certs\/MicRooCerAut_2010-06-23.crt0",
"http:\/\/www.microsoft.com\/pki\/certs\/MicCodSigPCA_2010-07-06.crt0",
"http:\/\/www.microsoft.com\/windows0",
"http:\/\/www.microsoft.com\/pki\/certs\/MicCodSigPCA_08-31-2010.crt0",
"http:\/\/www.microsoft.com\/pki\/certs\/MicrosoftTimeStampPCA.crt0",
"http:\/\/www.microsoft.com\/pki\/certs\/MicTimStaPCA_2010-07-01.crt0",
"http:\/\/www.microsoft.com\/pki\/certs\/MicrosoftRootCert.crt0",
"http:\/\/www.microsoft.com\/PKI\/docs\/CPS\/default.htm0"
],
"crc32": "2D18CAF7",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2576\/files\/7460518255f4c024_dbghelp.dll",
"ssdeep": null,
"size": 1138120,
"sha512": "a181407fa616e54349f828cd8dce1ccf0032f8793dfe5dde307b96e99cf17755562703bead341aa1b92978c68a7893df4857b2b487fad4e897fa42970434d53b",
"pids": [
2828
],
"md5": "2ae2b6ddbc7417c5f9ceaaf12739c8ea"
},
{
"yara": [],
"sha1": "c8f6956fa86f4e9cf71599b735e28860245ae4b5",
"name": "66d1c00c04d86e31_except-flashsubdoc-digest256.sbstore",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\except-flashsubdoc-digest256.sbstore",
"type": "data",
"sha256": "66d1c00c04d86e313e9a02775cdf906b1be8d4cd6bef423a1b9e21cc4e9f50c1",
"urls": [],
"crc32": "4BD3414C",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2576\/files\/66d1c00c04d86e31_except-flashsubdoc-digest256.sbstore",
"ssdeep": null,
"size": 304,
"sha512": "582d7f28f41e6a7a5f882d15ec1f48d0be57dc63e1a0d6e6a8bbd442a3ac27e38e0c3fdb3e1c30f416c41649391afde61f8079844b61a4995e0ab34d6cc8e745",
"pids": [],
"md5": "ba0009932844173bc8f9af264229df24"
},
{
"yara": [],
"sha1": "019cd56ba687d39d12d4b13991c9a42ea6ba03da",
"name": "388a796580234efc__setup64.tmp",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\is-FCNCD.tmp\\_isetup\\_setup64.tmp",
"type": "PE32+ executable (console) x86-64, for MS Windows",
"sha256": "388a796580234efc95f3b1c70ad4cb44bfddc7ba0f9203bf4902b9929b136f95",
"urls": [],
"crc32": "2CDCC338",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2576\/files\/388a796580234efc__setup64.tmp",
"ssdeep": null,
"size": 6144,
"sha512": "17257f15d843e88bb78adcfb48184b8ce22109cc2c99e709432728a392afae7b808ed32289ba397207172de990a354f15c2459b6797317da8ea18b040c85787e",
"pids": [
2828
],
"md5": "e4211d6d009757c078a9fac7ff4f03d4"
},
{
"yara": [],
"sha1": "190f3bc536c9489c707ae31da32bf86947ea5d78",
"name": "2b124d4026850a3c_block-flash-digest256.sbstore",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\block-flash-digest256.sbstore",
"type": "data",
"sha256": "2b124d4026850a3cffd28dbacb58aec28f7dcd4d40bc14e52bbe96d60ce4e749",
"urls": [],
"crc32": "B946F265",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2576\/files\/2b124d4026850a3c_block-flash-digest256.sbstore",
"ssdeep": null,
"size": 7648,
"sha512": "0af17bd91464f26072f42bacfbb6ba72e68fa07b9d5801a92b14624cc51ebd00ab127272cecd8df6fe650fe07bf170fd6422d70c2e8cd8f9ad94bc11548446bd",
"pids": [],
"md5": "0e8fe60ccd7e9b4c32589a5743a95302"
},
{
"yara": [],
"sha1": "b300347f2bad9a321a6380f85b283cc219f283f1",
"name": "88b1acfea84e0d05_c377d2bfb91b3167f78e37ed202a391e174323b2399b75fac291322d3865c60a.tmp",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\is-6QC0S.tmp\\c377d2bfb91b3167f78e37ed202a391e174323b2399b75fac291322d3865c60a.tmp",
"type": "PE32 executable (GUI) Intel 80386, for MS Windows",
"sha256": "88b1acfea84e0d058c5698ec51fa70802413950fde53e27eb6d12e51211d3208",
"urls": [
"http:\/\/crl3.digicert.com\/DigiCertAssuredIDRootCA.crl0:",
"http:\/\/ocsp.digicert.com0C",
"http:\/\/ocsp.digicert.com0A",
"http:\/\/crl4.digicert.com\/DigiCertAssuredIDRootCA.crl0",
"http:\/\/ocsp.digicert.com0N",
"http:\/\/cacerts.digicert.com\/DigiCertAssuredIDCA-1.crt0",
"http:\/\/crl4.digicert.com\/DigiCertAssuredIDRootCA.crl0:",
"http:\/\/crl4.digicert.com\/DigiCertAssuredIDCA-1.crl0w",
"http:\/\/crl3.digicert.com\/sha2-assured-cs-g1.crl05",
"http:\/\/crl3.digicert.com\/DigiCertAssuredIDRootCA.crl0O",
"http:\/\/cacerts.digicert.com\/DigiCertAssuredIDRootCA.crt0",
"http:\/\/crl4.digicert.com\/sha2-assured-cs-g1.crl0L",
"http:\/\/cacerts.digicert.com\/DigiCertSHA2AssuredIDCodeSigningCA.crt0",
"https:\/\/www.digicert.com\/CPS0",
"http:\/\/www.digicert.com\/ssl-cps-repository.htm0",
"http:\/\/crl3.digicert.com\/DigiCertAssuredIDCA-1.crl08"
],
"crc32": "5213130B",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2576\/files\/88b1acfea84e0d05_c377d2bfb91b3167f78e37ed202a391e174323b2399b75fac291322d3865c60a.tmp",
"ssdeep": null,
"size": 1227792,
"sha512": "f68e8735509dd7a0e71368776e6437463a99ce163af7ff467fc2e8f16fcfe2541b649f900c4d6c0598f83b8099bdb5d9a3d5bb55a7517a01cee8427807c5d25b",
"pids": [
2676
],
"md5": "58222ea2824901b326a54b2703bc87b3"
},
{
"yara": [],
"sha1": "4df430b4d63605e41855dbcb3837a189d4cc7604",
"name": "c0b3bc9b3dc507ab_except-flashallow-digest256.sbstore",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\except-flashallow-digest256.sbstore",
"type": "data",
"sha256": "c0b3bc9b3dc507ab654caf72d13c3aefa58c9b13b1e4d14dd8816712d80a7e54",
"urls": [],
"crc32": "04D7CD3E",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2576\/files\/c0b3bc9b3dc507ab_except-flashallow-digest256.sbstore",
"ssdeep": null,
"size": 232,
"sha512": "ae7688d501a1f59d4c247ed57ba0547f6376748af57f554ba1b6de0ef358ed5868721886baf94813979b3a9968ec330ce11c41767e4af42db413efc9556c2e22",
"pids": [],
"md5": "6f85bc4b2ecb49e26b0bd83a821065d0"
},
{
"yara": [],
"sha1": "bdecb51fed41f111cfb19c30e377aa165c0dd7e3",
"name": "8408968dae85e51e_mozstd-trackwhite-digest256.sbstore",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\mozstd-trackwhite-digest256.sbstore",
"type": "data",
"sha256": "8408968dae85e51ea6b0ca7123b0ddfd7425d3013ba311bb1cbe135fff0e5bda",
"urls": [],
"crc32": "D26AA5B7",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2576\/files\/8408968dae85e51e_mozstd-trackwhite-digest256.sbstore",
"ssdeep": null,
"size": 326032,
"sha512": "acda5c6344cc51e0921c116cb03395f8027f0e1077d5027ca4b6b33e2c1ab663c319eeab22d7ecf968702324bedc882f518bde7711cb140a059d7997580054cf",
"pids": [],
"md5": "bdaa2a3b4259ebf8dd87e5769b1bf3f4"
},
{
"yara": [],
"sha1": "68bb387fcea4ef3d3cd675998ba1f911bba59456",
"name": "f6184c504b8869d3_goog-phish-proto.pset",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-phish-proto.pset",
"type": "data",
"sha256": "f6184c504b8869d300d965005f0304d7773781087d8b5512b4602a5c56c8a424",
"urls": [],
"crc32": "A08274E8",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2576\/files\/f6184c504b8869d3_goog-phish-proto.pset",
"ssdeep": null,
"size": 3233838,
"sha512": "770a4d8df2b026c53bcbfa803a42c9878c7dafd5636d48c23c78e18e4aa2ce94cd1a9c9941eb87ccc2b55c437f1e85e13f70cc7d9afcb69e5cec37cf381d8669",
"pids": [],
"md5": "cc9b11e15e09c3ba23eb1a054cb61210"
},
{
"yara": [],
"sha1": "16af7ecb7aacb6efe068057b9eb47c42a298d343",
"name": "c7ca3fda74fc7467_goog-malware-proto.metadata",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-malware-proto.metadata",
"type": "data",
"sha256": "c7ca3fda74fc746751635905d18c7ddc55d1e79c011dd0312fa5b05ae964af1a",
"urls": [],
"crc32": "E2AA4C43",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2576\/files\/c7ca3fda74fc7467_goog-malware-proto.metadata",
"ssdeep": null,
"size": 67,
"sha512": "cfe487dcd2c9fd897c95d5131f7ace2eabfeaa73dcbaa9329a20641ffa27489e64b66602103e7fed36100d6cb20789507e2879b54df445c8f1055046535d371b",
"pids": [],
"md5": "e92e6238bb1f94e1b6ef729356867a68"
},
{
"yara": [],
"sha1": "90348457e50ce9221114fb9891fffc0eafcc7c8a",
"name": "945e1733e9668a78_goog-badbinurl-proto.pset",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-badbinurl-proto.pset",
"type": "data",
"sha256": "945e1733e9668a7882424218b924d71cc636472e7091039a924f37d20e72a3e6",
"urls": [],
"crc32": "13E58FF0",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2576\/files\/945e1733e9668a78_goog-badbinurl-proto.pset",
"ssdeep": null,
"size": 186536,
"sha512": "92053e43baf90dabd609ea6e8649c3d10bba35af2a11a0ab80b6e3137968f4a1a56fd8ec0e330990057becbec2a90e2f295da80afc51ecfba1ca3bc52e804620",
"pids": [],
"md5": "12971aeeaa03f0c87662d0a34e2e54e8"
},
{
"yara": [
{
"meta": {
"description": "Matched shellcode byte patterns",
"author": "nex"
},
"name": "shellcode",
"offsets": {
"shell2": [
[
209466,
0
]
]
},
"strings": [
"ZKEw"
]
}
],
"sha1": "b7dea002605e9c421b3472e504d4badc62df6a12",
"name": "c2790188e00356b9_goog-unwanted-proto.pset",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-unwanted-proto.pset",
"type": "data",
"sha256": "c2790188e00356b98e715badb4324008dda5aac6d369bb930beb5096bb6190fe",
"urls": [],
"crc32": "A3E41C74",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/2576\/files\/c2790188e00356b9_goog-unwanted-proto.pset",
"ssdeep": null,
"size": 331028,
"sha512": "46b7be548221188a9c1980cc1a868b0d8786e91652c729d9e10a4fe56e6618ed8af5a22f798fcdeab4752832ce7149a0005e1de66bc3dbecfc327a5736960e2e",
"pids": [],
"md5": "20fc99dc00383cc09c45d8798a2bf21a"
}
]Generic
[
{
"process_path": "C:\\Users\\cuck\\AppData\\Local\\Temp\\is-6QC0S.tmp\\c377d2bfb91b3167f78e37ed202a391e174323b2399b75fac291322d3865c60a.tmp",
"process_name": "c377d2bfb91b3167f78e37ed202a391e174323b2399b75fac291322d3865c60a.tmp",
"pid": 2828,
"summary": {
"file_created": [
"C:\\Users\\cuck\\AppData\\Roaming\\Duality Software\\DS Clock\\is-9I4U2.tmp",
"C:\\Program Files (x86)\\DS Clock\\unins000.dat",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\DS Clock\\DS Clock.lnk",
"C:\\Program Files (x86)\\DS Clock\\is-I9HQT.tmp",
"C:\\ProgramData\\Duality Software\\DS Clock\\Sounds\\is-3N6F3.tmp",
"C:\\Program Files (x86)\\DS Clock\\is-RSUF6.tmp",
"C:\\Program Files (x86)\\DS Clock\\is-5SKAC.tmp",
"C:\\Program Files (x86)\\DS Clock\\is-4P5KH.tmp",
"C:\\Program Files (x86)\\DS Clock\\is-GHV9C.tmp",
"C:\\ProgramData\\Duality Software\\DS Clock\\Sounds\\is-VGC0N.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\is-FCNCD.tmp\\_isetup\\_setup64.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\is-FCNCD.tmp\\dscsfw.dll",
"C:\\Program Files (x86)\\DS Clock\\is-T8B1Q.tmp",
"C:\\Program Files (x86)\\DS Clock\\unins000.msg",
"C:\\Program Files (x86)\\DS Clock\\is-F182O.tmp",
"C:\\Program Files (x86)\\DS Clock\\is-A8OII.tmp",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\DS Clock\\DS Clock Help.lnk",
"C:\\ProgramData\\Duality Software\\DS Clock\\is-P54GA.tmp",
"C:\\Program Files (x86)\\DS Clock\\is-OED12.tmp",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\DS Clock\\Uninstall DS Clock.lnk",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\Setup Log 2019-09-16 #001.txt",
"C:\\Program Files (x86)\\DS Clock\\is-EHKT0.tmp"
],
"file_recreated": [
"C:\\Program Files (x86)\\DS Clock\\unins000.dat",
"\\Device\\KsecDD"
],
"directory_created": [
"C:\\Users\\cuck\\AppData\\Local\\Temp\\is-FCNCD.tmp",
"C:\\ProgramData\\Duality Software\\DS Clock\\Sounds",
"C:\\ProgramData\\Duality Software\\DS Clock",
"C:\\Users\\cuck\\AppData\\Roaming\\Duality Software",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\DS Clock",
"C:\\Users\\cuck\\AppData\\Local\\Programs\\Common",
"C:\\Users\\cuck\\AppData\\Roaming\\Duality Software\\DS Clock",
"C:\\Users\\cuck",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Caches",
"C:\\ProgramData\\Duality Software",
"C:\\Program Files (x86)\\DS Clock",
"C:\\Users\\cuck\\AppData\\Local\\Programs",
"C:\\Users\\cuck\\AppData\\Local",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\is-FCNCD.tmp\\_isetup"
],
"dll_loaded": [
"C:\\Windows\\system32\\clbcatq.dll",
"C:\\Windows\\system32\\sfc.dll",
"netutils.dll",
"urlmon.dll",
"API-MS-Win-Security-LSALookup-L1-1-0.dll",
"srvcli.dll",
"apphelp.dll",
"LINKINFO.dll",
"C:\\Windows\\system32\\setupapi.dll",
"kernel32.dll",
"UxTheme.dll",
"C:\\Windows\\system32\\ole32.dll",
"dwmapi.dll",
"slc.dll",
"imm32.dll",
"C:\\Windows\\system32\\apphelp.dll",
"ntmarta.dll",
"C:\\Windows\\system32\\propsys.dll",
"PROPSYS.dll",
"C:\\Windows\\syswow64\\MSCTF.dll",
"C:\\Windows\\SysWOW64\\bcryptprimitives.dll",
"API-MS-Win-Core-LocalRegistry-L1-1-0.dll",
"OLEAUT32.DLL",
"comctl32",
"ole32.dll",
"C:\\Windows\\system32\\uxtheme.dll",
"USER32.dll",
"IMM32.dll",
"C:\\Windows\\system32\\cryptbase.dll",
"API-MS-Win-Security-SDDL-L1-1-0.dll",
"C:\\Windows\\system32\\dwmapi.dll",
"SHLWAPI.dll",
"C:\\Windows\\system32\\shlwapi.dll",
"C:\\Windows\\system32\\MSFTEDIT.DLL",
"C:\\Windows\\system32\\profapi.dll",
"C:\\Windows\\system32\\comres.dll",
"uxtheme.dll",
"C:\\Windows\\system32\\version.dll",
"profapi.dll",
"C:\\Windows\\system32\\shfolder.dll",
"SHELL32.dll",
"C:\\Windows\\system32\\oleacc.dll",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\is-FCNCD.tmp\\dscsfw.dll",
"comctl32.dll",
"C:\\Windows\\system32\\userenv.dll",
"C:\\Windows\\system32\\shell32.dll",
"VERSION.dll",
"C:\\Windows\\system32\\Rstrtmgr.dll",
"DEVRTL.dll",
"ADVAPI32.dll",
"SETUPAPI.dll",
"ntshrui.dll",
"C:\\Windows\\system32\\ntmarta.dll",
"OLEAUT32.dll"
],
"file_opened": [
"C:\\Windows\\System32\\imageres.dll",
"C:\\Windows\\AppPatch\\sysmain.sdb",
"C:\\",
"C:\\Windows\\SysWOW64\\",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Caches\\cversions.1.db",
"C:\\Windows\\SysWOW64\\en-US\\KERNELBASE.dll.mui",
"C:\\Windows\\System32",
"C:\\Windows\\System32\\netmsg.dll",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\is-6QC0S.tmp\\c377d2bfb91b3167f78e37ed202a391e174323b2399b75fac291322d3865c60a.tmp",
"C:\\Program Files (x86)\\DS Clock\\",
"C:\\Program Files (x86)\\DS Clock\\unins000.exe",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\c377d2bfb91b3167f78e37ed202a391e174323b2399b75fac291322d3865c60a.bin",
"C:\\Users\\cuck\\Desktop\\desktop.ini",
"C:\\Windows\\System32\\shell32.dll",
"C:\\Windows\\SysWOW64\\ieframe.dll",
"C:\\Windows\\win.ini",
"C:\\Program Files (x86)\\DS Clock\\dsclock.exe",
"C:\\Program Files (x86)",
"C:\\Program Files (x86)\\DS Clock",
"C:\\Program Files (x86)\\DS Clock\\dsclock.chm",
"C:\\Windows\\System32\\oleaccrc.dll",
"C:\\Windows\\Globalization\\Sorting\\sortdefault.nls",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000004.db",
"C:\\Program Files (x86)\\desktop.ini"
],
"command_line": [
"\"C:\\Program Files (x86)\\Mozilla Firefox\\firefox.exe\" -osint -url \"http:\/\/www.dualitysoft.com\/t\/dsc-install?src=dsc-install&version=4.0.1.0&os=6.1.7601&pi=x86&pa=x64\"",
"http:\/\/www.dualitysoft.com\/t\/dsc-install?src=dsc-install&version=4.0.1.0&os=6.1.7601&pi=x86&pa=x64",
"\"C:\\Program Files (x86)\\DS Clock\\dsclock.exe\"",
"\"C:\\Program Files (x86)\\DS Clock\\dsetime.exe\" -install"
],
"regkey_opened": [
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\PropertyBag",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\PropertyBag",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\PropertyBag",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_ALLOW_REVERSE_SOLIDUS_IN_USERINFO_KB932562",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\KnownFolderSettings",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{8613E14C-D0C0-4161-AC0F-1DD2563286BC}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\Desktop\\NameSpace\\{89D83576-6BD1-4c86-9454-BEB04E94C819}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\Desktop\\NameSpace\\{450D8FBA-AD25-11D0-98A8-0800361B1103}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\Clsid",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\PropertyBag",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{0000897b-83df-4b96-be07-0fb58b01c4a4}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\CTF\\TIP\\{0000897b-83df-4b96-be07-0fb58b01c4a4}\\LanguageProfile\\0x00000000\\{0001bea3-ed56-483d-a2e2-aeae25577436}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\PropertyBag",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}",
"HKEY_CURRENT_USER\\FirefoxURL-E7CF176E110C211B\\shell",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Keyboard Layouts\\04090409",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\DelegateFolders",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\KnownClasses",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Session Manager",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\PropertyBag",
"HKEY_LOCAL_MACHINE\\Software",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{C1EE01F2-B3B6-4A6A-9DDD-E988C088EC82}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\RestartManager",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\PropertyBag",
"HKEY_CLASSES_ROOT\\Directory",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{905E63B6-C1BF-494E-B29C-65B732D3D21A}\\PropertyBag",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\",
"HKEY_LOCAL_MACHINE\\Software\\Duality Software\\DS Clock",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\PropertyBag",
"HKEY_CLASSES_ROOT\\Drive\\shellex\\FolderExtensions",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\LSA\\AccessProviders",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-699399860-4089948139-3198924279-1001",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\DS Clock_is1",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\App Paths\\c377d2bfb91b3167f78e37ed202a391e174323b2399b75fac291322d3865c60a.tmp",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume",
"HKEY_CURRENT_USER\\Software\\CodeGear\\Locales",
"HKEY_CURRENT_USER\\FirefoxURL-E7CF176E110C211B\\shell\\open",
"HKEY_LOCAL_MACHINE\\Software\\Duality Software\\DS Clock\\Common",
"HKEY_CURRENT_USER\\Software\\Borland\\Locales",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\ShellEx\\IconHandler",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{3f5cc1b5-70f9-11e8-b07b-806e6f6e6963}\\",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\PropertyBag",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Shell Icons",
"HKEY_CURRENT_USER\\FirefoxURL-E7CF176E110C211B\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\msasn1",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{BCBD3057-CA5C-4622-B42D-BC56DB0AE516}\\PropertyBag",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{03B5835F-F03C-411B-9CE2-AA23E1171E36}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\ShellEx\\IconHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\(Default)",
"HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\Explorer",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\1\\Desktop\\NameSpace\\DelegateFolders",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\Desktop\\NameSpace\\{4336a54d-038b-4685-ab02-99bb52d3fb8b}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3D644C9B-1FB8-4F30-9B45-F670235F79C0}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\Compatibility\\c377d2bfb91b3167f78e37ed202a391e174323b2399b75fac291322d3865c60a.tmp",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\Desktop\\NameSpace\\{daf95313-e44d-46af-be1b-cbacea2c3065}",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\PropertyBag",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\Clsid",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ShellCompatibility\\Applications\\c377d2bfb91b3167f78e37ed202a391e174323b2399b75fac291322d3865c60a.tmp",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\Desktop\\NameSpace\\{04731B67-D933-450a-90E6-4ACD2E9408FE}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{208D2C60-3AEA-1069-A2D7-08002B30309D}\\ShellFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer",
"HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\Explorer",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{F25E9F57-2FC8-4EB3-A41A-CCE5F08541E6}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Blocked",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Shell\\Associations\\UrlAssociations\\http\\UserChoice",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\Desktop\\NameSpace\\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}",
"HKEY_CLASSES_ROOT\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}",
"HKEY_CURRENT_USER\\Software\\Microsoft\\CTF\\DirectSwitchHotkeys",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}",
"HKEY_CLASSES_ROOT\\CLSID\\{00BB2763-6A77-11D0-A535-00C04FD7D062}\\InProcServer32",
"HKEY_LOCAL_MACHINE\\System\\Setup",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\BrowseInPlace",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\Desktop\\NameSpace\\{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\DocObject",
"HKEY_LOCAL_MACHINE\\Software\\CodeGear\\Locales",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Shell\\Associations\\UrlAssociations\\Directory",
"HKEY_CURRENT_USER\\Software\\Policies",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{5CD7AEE2-2219-4A67-B85D-6C9CE15660CB}\\PropertyBag",
"HKEY_CLASSES_ROOT\\CLSID\\{03C036F1-A186-11D0-824A-00AA005B4383}\\InProcServer32",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\Desktop\\NameSpace\\{645FF040-5081-101B-9F08-00AA002F954E}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{DCBD6FA8-032F-11D3-B5B1-00C04FC324A1}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\DocObject",
"HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{3f5cc1b6-70f9-11e8-b07b-806e6f6e6963}\\",
"HKEY_CURRENT_USER\\Software\\Duality Software\\DS Clock\\Common",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\PropertyBag",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\PropertyBag",
"HKEY_CURRENT_USER\\Software\\Microsoft\\CTF\\LayoutIcon\\0409\\0000041d",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AutoComplete",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\CurVer",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\LanmanWorkstation\\Parameters",
"HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\1\\Desktop\\NameSpace",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\BrowseInPlace",
"HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AutoComplete",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\1",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\PropertyBag",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\PropertyBag",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\PropertyBag",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\DocObject",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\1\\KnownFolders",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Shell\\Associations\\UrlAssociations\\http",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Setup",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\Shell\\RegisteredApplications\\UrlAssociations\\Directory\\OpenWithProgids",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\Desktop\\NameSpace\\{59031a47-3f72-44a7-89c5-5595fe6b30ee}",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\IETld",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\PropertyBag",
"HKEY_CLASSES_ROOT\\Drive\\shellex\\FolderExtensions\\{fbeb8a05-beee-4442-804e-409d6c4515e9}",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\App Paths\\c377d2bfb91b3167f78e37ed202a391e174323b2399b75fac291322d3865c60a.tmp",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{208D2C60-3AEA-1069-A2D7-08002B30309D}\\ShellFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\PropertyBag",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AutoComplete",
"HKEY_CLASSES_ROOT\\Folder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{AE6BE008-07FB-400D-8BEB-337A64F7051F}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\PropertyBag",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{E429B25A-E5D3-4D1F-9BE3-0C608477E3A1}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\Desktop\\NameSpace\\{031E4825-7B94-4dc3-B131-E946B44C8DD5}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_USE_IETLDLIST_FOR_DOMAIN_DETERMINATION",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Blocked",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{F89E9E58-BD2F-4008-9AC2-0F816C09F4EE}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{BCBD3057-CA5C-4622-B42D-BC56DB0AE516}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\Shell\\RegisteredApplications\\UrlAssociations\\http\\OpenWithProgids",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\PropertyBag",
"HKEY_LOCAL_MACHINE\\Software\\Duality Software\\DS Clock\\Install",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\Clsid",
"HKEY_CURRENT_USER\\Keyboard Layout\\Toggle",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\Desktop\\NameSpace\\{26EE0668-A00A-44D7-9371-BEB064C98683}",
"HKEY_CLASSES_ROOT\\CLSID\\{208D2C60-3AEA-1069-A2D7-08002B30309D}\\ShellFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\PropertyBag",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{531FDEBF-9B4C-4A43-A2AA-960E8FCDC732}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}",
"HKEY_LOCAL_MACHINE\\Software\\Policies",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\Desktop\\NameSpace\\{ED228FDF-9EA8-4870-83b1-96b02CFE0D52}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\LDAP",
"HKEY_CLASSES_ROOT\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\InProcServer32",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ShellCompatibility\\Objects\\{871C5380-42A0-1069-A2EA-08002B30309D}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\FontSubstitutes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{5CD7AEE2-2219-4A67-B85D-6C9CE15660CB}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AutoComplete",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\Desktop\\NameSpace\\{11016101-E366-4D22-BC06-4ADA335C892B}",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\DS Clock_is1",
"HKEY_CURRENT_USER\\Software\\Duality Software\\DS Clock",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\Desktop\\NameSpace\\{9343812e-1c37-4a49-a12e-4b2d810d956b}",
"HKEY_CURRENT_USER\\Software",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder",
"HKEY_CURRENT_USER\\FirefoxURL-E7CF176E110C211B\\CurVer",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\Desktop\\NameSpace\\{e345f35f-9397-435c-8f95-4e922c26259e}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\PropertyBag",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\DelegateFolders",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\PropertyBag",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}\\PropertyBag",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\ShellEx\\IconHandler",
"HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl",
"HKEY_CURRENT_USER\\Control Panel\\Desktop",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\MS Sans Serif",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\PropertyBag",
"HKEY_CLASSES_ROOT\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{07EB03D6-B001-41DF-9192-BF9B841EE71F}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\crypt32",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE",
"HKEY_CLASSES_ROOT\\FirefoxURL-E7CF176E110C211B",
"HKEY_CURRENT_USER\\Software\\Microsoft\\RestartManager\\Session0000",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\\PropertyBag",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\PropertyBag",
"HKEY_CURRENT_USER\\Software\\Borland\\Delphi\\Locales",
"HKEY_CLASSES_ROOT\\AllFilesystemObjects",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3D644C9B-1FB8-4F30-9B45-F670235F79C0}\\PropertyBag",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{78CB5B0E-26ED-4FCC-854C-77E8F3D1AA80}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\Desktop\\NameSpace\\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\Desktop\\NameSpace\\{BD7A2E7B-21CB-41b2-A086-B309680C6B7E}",
"HKEY_LOCAL_MACHINE\\software\\microsoft\\windows\\currentversion\\setup\\PnpLockdownFiles",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontSubstitutes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{3697C5FA-60DD-4B56-92D4-74A569205C16}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\PropertyBag",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AutoComplete\\Client\\",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Cached",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Keyboard Layouts\\041D0409",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{905E63B6-C1BF-494E-B29C-65B732D3D21A}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{A028AE76-01B1-46C2-99C4-ACD9858AE02F}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\AutoComplete",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{81D4E9C9-1D3B-41BC-9E6C-4B40BF79E35E}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\BrowseInPlace",
"HKEY_LOCAL_MACHINE\\Software\\Duality Software",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\PropertyBag",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Rpc\\SecurityService",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\PropertyBag",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}"
],
"file_moved": [
[
"C:\\Program Files (x86)\\DS Clock\\is-4P5KH.tmp",
"C:\\Program Files (x86)\\DS Clock\\dsclock.chm"
],
[
"C:\\Program Files (x86)\\DS Clock\\is-RSUF6.tmp",
"C:\\Program Files (x86)\\DS Clock\\unins000.exe"
],
[
"C:\\Program Files (x86)\\DS Clock\\is-T8B1Q.tmp",
"C:\\Program Files (x86)\\DS Clock\\dsetime.exe"
],
[
"C:\\Program Files (x86)\\DS Clock\\is-5SKAC.tmp",
"C:\\Program Files (x86)\\DS Clock\\dsclock.exe"
],
[
"C:\\ProgramData\\Duality Software\\DS Clock\\is-P54GA.tmp",
"C:\\ProgramData\\Duality Software\\DS Clock\\dsetime.log"
],
[
"C:\\ProgramData\\Duality Software\\DS Clock\\Sounds\\is-VGC0N.tmp",
"C:\\ProgramData\\Duality Software\\DS Clock\\Sounds\\Chimes.wav"
],
[
"C:\\Program Files (x86)\\DS Clock\\is-EHKT0.tmp",
"C:\\Program Files (x86)\\DS Clock\\libcurl.dll"
],
[
"C:\\Program Files (x86)\\DS Clock\\is-GHV9C.tmp",
"C:\\Program Files (x86)\\DS Clock\\timesvrs.dat"
],
[
"C:\\Program Files (x86)\\DS Clock\\is-OED12.tmp",
"C:\\Program Files (x86)\\DS Clock\\readme.txt"
],
[
"C:\\Program Files (x86)\\DS Clock\\is-I9HQT.tmp",
"C:\\Program Files (x86)\\DS Clock\\dbghelp.dll"
],
[
"C:\\Users\\cuck\\AppData\\Roaming\\Duality Software\\DS Clock\\is-9I4U2.tmp",
"C:\\Users\\cuck\\AppData\\Roaming\\Duality Software\\DS Clock\\synclog.txt"
],
[
"C:\\Program Files (x86)\\DS Clock\\is-A8OII.tmp",
"C:\\Program Files (x86)\\DS Clock\\dsound.dll"
],
[
"C:\\Program Files (x86)\\DS Clock\\is-F182O.tmp",
"C:\\Program Files (x86)\\DS Clock\\license.txt"
],
[
"C:\\ProgramData\\Duality Software\\DS Clock\\Sounds\\is-3N6F3.tmp",
"C:\\ProgramData\\Duality Software\\DS Clock\\Sounds\\Cuckoo.wav"
]
],
"file_written": [
"C:\\Program Files (x86)\\DS Clock\\is-GHV9C.tmp",
"C:\\Program Files (x86)\\DS Clock\\is-A8OII.tmp",
"C:\\ProgramData\\Duality Software\\DS Clock\\Sounds\\is-VGC0N.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\is-FCNCD.tmp\\_isetup\\_setup64.tmp",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\DS Clock\\DS Clock Help.lnk",
"C:\\Program Files (x86)\\DS Clock\\is-OED12.tmp",
"C:\\Program Files (x86)\\DS Clock\\is-RSUF6.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\is-FCNCD.tmp\\dscsfw.dll",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\DS Clock\\Uninstall DS Clock.lnk",
"C:\\Program Files (x86)\\DS Clock\\is-I9HQT.tmp",
"C:\\Program Files (x86)\\DS Clock\\unins000.dat",
"C:\\Program Files (x86)\\DS Clock\\is-5SKAC.tmp",
"C:\\Program Files (x86)\\DS Clock\\is-4P5KH.tmp",
"C:\\Program Files (x86)\\DS Clock\\is-T8B1Q.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\Setup Log 2019-09-16 #001.txt",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\DS Clock\\DS Clock.lnk",
"C:\\Program Files (x86)\\DS Clock\\is-F182O.tmp",
"C:\\Program Files (x86)\\DS Clock\\unins000.msg",
"C:\\Program Files (x86)\\DS Clock\\is-EHKT0.tmp",
"C:\\ProgramData\\Duality Software\\DS Clock\\Sounds\\is-3N6F3.tmp"
],
"regkey_deleted": [
"HKEY_CURRENT_USER\\Software\\Microsoft\\RestartManager\\Session0000\\SessionHash",
"HKEY_CURRENT_USER\\Software\\Microsoft\\RestartManager\\Session0000\\RegFilesHash",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\DS Clock_is1",
"HKEY_CURRENT_USER\\Software\\Microsoft\\RestartManager\\Session0000\\Sequence",
"HKEY_CURRENT_USER\\Software\\Microsoft\\RestartManager\\Session0000",
"HKEY_CURRENT_USER\\Software\\Microsoft\\RestartManager\\Session0000\\Owner",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\DS Clock_is1",
"HKEY_CURRENT_USER\\Software\\Microsoft\\RestartManager\\Session0000\\RegFiles0000"
],
"file_deleted": [
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\DS Clock\\DS Clock Help.lnk",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\is-FCNCD.tmp\\_isetup\\_setup64.tmp",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\DS Clock\\DS Clock Help.pif",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\DS Clock\\DS Clock.url",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\DS Clock\\Uninstall DS Clock.lnk",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\DS Clock\\Uninstall DS Clock.pif",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\is-FCNCD.tmp\\dscsfw.dll",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\DS Clock\\DS Clock.pif",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\DS Clock\\DS Clock Help.url",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\DS Clock\\DS Clock.lnk",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\DS Clock\\Uninstall DS Clock.url"
],
"directory_removed": [
"C:\\Users\\cuck\\AppData\\Local\\Temp\\is-FCNCD.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\is-FCNCD.tmp\\_isetup"
],
"file_exists": [
"C:\\ProgramData\\Duality Software\\DS Clock",
"C:\\",
"C:\\Program Files (x86)\\DS Clock\\readme.txt",
"C:\\Users\\cuck\\AppData\\Roaming\\Duality Software\\DS Clock\\is-9I4U2.tmp",
"C:\\Program Files (x86)\\DS Clock\\libcurl.dll",
"C:\\Users\\cuck\\AppData\\Local\\Temp",
"C:\\Program Files (x86)\\DS Clock\\is-I9HQT.tmp",
"C:\\Program Files (x86)\\DS Clock\\timesvrs.dat",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\DS Clock\\Uninstall DS Clock",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\DS Clock\\DS Clock Help",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\DS Clock\\Uninstall DS Clock.url",
"C:\\ProgramData",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\is-FCNCD.tmp",
"C:\\Program Files (x86)\\DS Clock\\dsound.dll",
"C:\\Program Files (x86)\\DS Clock\\is-T8B1Q.tmp",
"C:\\Users\\cuck\\AppData\\Roaming\\Duality Software",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\DS Clock\\DS Clock Help.url",
"C:\\Program Files (x86)\\DS Clock\\is-F182O.tmp",
"C:\\Program Files (x86)\\DS Clock\\is-RSUF6.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\is-FCNCD.tmp\\_isetup",
"C:\\Program Files (x86)\\DS Clock\\unins000.exe",
"C:\\ProgramData\\Duality Software\\DS Clock\\Sounds\\Cuckoo.wav",
"C:\\Users\\cuck\\AppData\\Roaming",
"C:\\Program Files (x86)\\DS Clock\\is-5SKAC.tmp",
"C:\\Program Files (x86)\\DS Clock\\is-4P5KH.tmp",
"C:\\Users\\cuck\\AppData\\Roaming\\Duality Software\\DS Clock",
"C:\\Program Files (x86)\\DS Clock\\dsetime.exe",
"C:\\Program Files (x86)\\DS Clock\\is-GHV9C.tmp",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\DS Clock",
"C:\\ProgramData\\Duality Software\\DS Clock\\Sounds\\is-VGC0N.tmp",
"C:\\Windows\\SysWOW64\\ieframe.dll",
"C:\\ProgramData\\Duality Software",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\is-FCNCD.tmp\\dscsfw.dll",
"C:\\Program Files (x86)\\DS Clock\\dsclock.exe",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\DS Clock\\DS Clock.url",
"C:\\Users\\cuck",
"C:\\Program Files (x86)",
"C:\\Program Files (x86)\\DS Clock",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\DS Clock\\DS Clock.lnk",
"C:\\Users\\cuck\\AppData\\Local",
"C:\\Users\\cuck\\AppData\\Local\\Programs",
"C:\\Program Files (x86)\\DS Clock\\dsclock.chm",
"C:\\ProgramData\\Duality Software\\DS Clock\\Sounds\\is-3N6F3.tmp",
"C:\\Program Files (x86)\\DS Clock\\is-A8OII.tmp",
"C:\\ProgramData\\Duality Software\\DS Clock\\Sounds",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\DS Clock\\DS Clock Help.lnk",
"C:\\ProgramData\\Duality Software\\DS Clock\\is-P54GA.tmp",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\DS Clock\\DS Clock",
"C:\\Program Files (x86)\\DS Clock\\is-OED12.tmp",
"C:\\ProgramData\\Duality Software\\DS Clock\\dsetime.log",
"C:\\Program Files (x86)\\DS Clock\\license.txt",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs",
"C:\\Program Files (x86)\\DS Clock\\dbghelp.dll",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\DS Clock\\Uninstall DS Clock.lnk",
"C:\\ProgramData\\Duality Software\\DS Clock\\Sounds\\Chimes.wav",
"C:\\Users\\cuck\\AppData\\Roaming\\Duality Software\\DS Clock\\synclog.txt",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\Setup Log 2019-09-16 #001.txt",
"C:\\Program Files (x86)\\DS Clock\\is-EHKT0.tmp"
],
"mutex": [
"Local\\RstrMgr-3887CAB8-533F-4C85-B0DC-3E5639F8D511-Session0000",
"Local\\RstrMgr3887CAB8-533F-4C85-B0DC-3E5639F8D511"
],
"file_failed": [
"C:\\Windows\\winsxs\\FileMaps\\program_files_x86_ds_clock_bfd91d9ded885059.cdf-ms",
"C:\\Program Files (x86)\\DS Clock\\dbghelp.dll",
"C:\\Windows\\winsxs\\FileMaps\\programdata_duality_software_ds_clock_84b4576ef31d254e.cdf-ms",
"C:\\Program Files (x86)\\DS Clock\\libcurl.dll",
"C:\\Program Files (x86)\\DS Clock\\dsclock.exe",
"C:\\Program Files (x86)\\DS Clock\\dsound.dll",
"C:\\Program Files (x86)\\DS Clock",
"C:\\Windows\\winsxs\\FileMaps\\programdata_duality_software_ds_clock_sounds_80afbfe0df556ad6.cdf-ms",
"C:\\Windows\\winsxs\\FileMaps\\users_cuck_appdata_roaming_duality_software_ds_clock_ff4b2c8d31d081dc.cdf-ms",
"C:\\Program Files (x86)\\DS Clock\\dsetime.exe",
"C:\\Program Files (x86)\\DS Clock\\dsclock.chm"
],
"guid": [
"{ea1afb91-9e28-4b86-90e9-9e9f8a5eefaf}",
"{6f237df9-9ddb-47ad-b218-400d54c286ad}",
"{eac04bc0-3791-11d2-bb95-0060977b464c}",
"{5e078e03-8265-4bbe-9487-d242edbef910}",
"{00bb2763-6a77-11d0-a535-00c04fd7d062}",
"{871c5380-42a0-1069-a2ea-08002b30309d}",
"{00000000-0000-0000-c000-000000000046}",
"{56fdf344-fd6d-11d0-958a-006097c9a090}",
"{e2b3c97f-6ae1-41ac-817a-f6f92166d7dd}",
"{98325047-c671-4174-8d81-defcd3f03186}",
"{000214e6-0000-0000-c000-000000000046}",
"{465a756d-45ad-4305-85fd-d3321650f3b7}",
"{807c1e6c-1d00-453f-b920-b61bb7cdd997}",
"{00021401-0000-0000-c000-000000000046}",
"{5762f2a7-4658-4c7a-a4ac-bdabfe154e0d}",
"{af230d27-baba-4e42-aced-f524f22cfce2}",
"{03c036f1-a186-11d0-824a-00aa005b4383}",
"{00bb2765-6a77-11d0-a535-00c04fd7d062}",
"{2c5bc43e-3369-4c33-ab0c-be9469677af4}",
"{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}"
],
"file_read": [
"C:\\Users\\cuck\\Desktop\\desktop.ini",
"C:\\Windows\\SysWOW64\\ieframe.dll",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\is-6QC0S.tmp\\c377d2bfb91b3167f78e37ed202a391e174323b2399b75fac291322d3865c60a.tmp",
"C:\\Windows\\win.ini",
"C:\\Program Files (x86)\\desktop.ini",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\c377d2bfb91b3167f78e37ed202a391e174323b2399b75fac291322d3865c60a.bin"
],
"regkey_read": [
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder\\HideFolderVerbs",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\LocalizedName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\InProcServer32\\LoadWithoutCOM",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\Desktop\\NameSpace\\{daf95313-e44d-46af-be1b-cbacea2c3065}\\SuppressionPolicy",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\PnpLockdownFiles\\%SystemDrive%\\Program Files (x86)\\DS Clock\\dsound.dll",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{905E63B6-C1BF-494E-B29C-65B732D3D21A}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-699399860-4089948139-3198924279-1001\\ProfileImagePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoSetFolders",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{BCBD3057-CA5C-4622-B42D-BC56DB0AE516}\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\StreamResourceType",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows\\ScrollDelay",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\Roamable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{208D2C60-3AEA-1069-A2D7-08002B30309D}\\ShellFolder\\WantsFORDISPLAY",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontSubstitutes\\Times New Roman TUR,162",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{905E63B6-C1BF-494E-B29C-65B732D3D21A}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3D644C9B-1FB8-4F30-9B45-F670235F79C0}\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\PreCreate",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Favorites",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontSubstitutes\\Tahoma Armenian",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontSubstitutes\\Tms Rmn",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\DisableImprovedZoneCheck",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\Description",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{BCBD3057-CA5C-4622-B42D-BC56DB0AE516}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\Stream",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\LocalizedName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\PublishExpandedPath",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\AccListViewV6",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\HideIcons",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{5CD7AEE2-2219-4A67-B85D-6C9CE15660CB}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{905E63B6-C1BF-494E-B29C-65B732D3D21A}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\PnpLockdownFiles\\%SystemDrive%\\Program Files (x86)\\DS Clock\\unins000.exe",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontSubstitutes\\Courier New CE,238",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\AutoCheckSelect",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\Stream",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\LocalRedirectOnly",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Stream",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3D644C9B-1FB8-4F30-9B45-F670235F79C0}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{208D2C60-3AEA-1069-A2D7-08002B30309D}\\ShellFolder\\QueryForOverlay",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder\\WantsFORPARSING",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder\\MapNetDriveVerbs",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\\LocalRedirectOnly",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{208D2C60-3AEA-1069-A2D7-08002B30309D}\\ShellFolder\\QueryForInfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\LocalRedirectOnly",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\Desktop\\NameSpace\\{59031a47-3f72-44a7-89c5-5595fe6b30ee}\\SuppressionPolicy",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\IsShortcut",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\WantsAliasedNotifications",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\LocalizedName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Rpc\\SecurityService\\DefaultAuthLevel",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\LocalizedName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\PnpLockdownFiles\\%SystemDrive%\\Program Files (x86)\\DS Clock\\dsclock.exe",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\CommonFilesDir",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\DocObject",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}\\Security",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{208D2C60-3AEA-1069-A2D7-08002B30309D}\\ShellFolder\\WantsParseDisplayName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\PreCreate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{5CD7AEE2-2219-4A67-B85D-6C9CE15660CB}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Roamable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\Stream",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\Desktop\\NameSpace\\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}\\SuppressionPolicy",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{5CD7AEE2-2219-4A67-B85D-6C9CE15660CB}\\Security",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\PnpLockdownFiles\\%SystemDrive%\\Program Files (x86)\\DS Clock\\dbghelp.dll",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\DontPrettyPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\AllowFileCLSIDJunctions",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\PreCreate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\Roamable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\\Security",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\PublishExpandedPath",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\WebView",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\PreCreate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\CommonFilesDir",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\RegisteredOrganization",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\WaitToKillServiceTimeout",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\PreCreate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\Stream",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3D644C9B-1FB8-4F30-9B45-F670235F79C0}\\Roamable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\Security",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\IETld\\IETldVersionLow",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}\\Attributes",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontSubstitutes\\MS Shell Dlg 2",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\LanmanWorkstation\\Parameters\\RpcCacheTimeout",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\Description",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\ParentFolder",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\MapNetDrvBtn",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\LocalRedirectOnly",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows\\DragMinDist",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\ParentFolder",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Personal",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\StreamResourceType",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{3f5cc1b5-70f9-11e8-b07b-806e6f6e6963}\\Data",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3D644C9B-1FB8-4F30-9B45-F670235F79C0}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontSubstitutes\\Fixed Miriam Transparent",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{5CD7AEE2-2219-4A67-B85D-6C9CE15660CB}\\LocalizedName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Security",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{905E63B6-C1BF-494E-B29C-65B732D3D21A}\\LocalRedirectOnly",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\IETld\\IETldDllVersionLow",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3D644C9B-1FB8-4F30-9B45-F670235F79C0}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\en",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\DevicePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\Roamable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\PreCreate",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\ShowTypeOverlay",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{905E63B6-C1BF-494E-B29C-65B732D3D21A}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\RelativePath",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\HideFileExt",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontSubstitutes\\Arabic Transparent,0",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{5CD7AEE2-2219-4A67-B85D-6C9CE15660CB}\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{905E63B6-C1BF-494E-B29C-65B732D3D21A}\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum\\{871C5380-42A0-1069-A2EA-08002B30309D}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{00BB2763-6A77-11D0-A535-00C04FD7D062}\\InProcServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{208D2C60-3AEA-1069-A2D7-08002B30309D}\\ShellFolder\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\PreCreate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{905E63B6-C1BF-494E-B29C-65B732D3D21A}\\Security",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{905E63B6-C1BF-494E-B29C-65B732D3D21A}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\RelativePath",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\IETld\\IETldDllVersionHigh",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\Icon",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\Description",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\SeparateProcess",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\Description",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\ProfilesDirectory",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\Description",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontSubstitutes\\FangSong_GB2312",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\PreCreate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\Security",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{BCBD3057-CA5C-4622-B42D-BC56DB0AE516}\\Description",
"HKEY_CURRENT_USER\\Control Panel\\Desktop\\SmoothScroll",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontSubstitutes\\Arabic Transparent Bold",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\StreamResource",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\ListviewShadow",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoWebView",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\My Pictures",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\Roamable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontSubstitutes\\Arabic Transparent",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\LocalizedName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum\\{208D2C60-3AEA-1069-A2D7-08002B30309D}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{5CD7AEE2-2219-4A67-B85D-6C9CE15660CB}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\StreamResource",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{5CD7AEE2-2219-4A67-B85D-6C9CE15660CB}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\PreCreate",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\ListviewAlphaSelect",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{0000897b-83df-4b96-be07-0fb58b01c4a4}\\LanguageProfile\\0x00000000\\{0001bea3-ed56-483d-a2e2-aeae25577436}\\Enable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\LocalizedName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{BCBD3057-CA5C-4622-B42D-BC56DB0AE516}\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\Security",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3D644C9B-1FB8-4F30-9B45-F670235F79C0}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\Roamable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\Name",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{5CD7AEE2-2219-4A67-B85D-6C9CE15660CB}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{BCBD3057-CA5C-4622-B42D-BC56DB0AE516}\\Roamable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{905E63B6-C1BF-494E-B29C-65B732D3D21A}\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\InitFolderHandler",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\ShowInfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\Description",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{BCBD3057-CA5C-4622-B42D-BC56DB0AE516}\\LocalizedName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\Roamable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\SourcePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\RestrictedAttributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\LocalRedirectOnly",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\PreCreate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\Description",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\LDAP\\UseOldHostResolutionOrder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\CreateUriCacheSize",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\NeverShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3D644C9B-1FB8-4F30-9B45-F670235F79C0}\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{905E63B6-C1BF-494E-B29C-65B732D3D21A}\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\Desktop\\NameSpace\\{89D83576-6BD1-4c86-9454-BEB04E94C819}\\SuppressionPolicy",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\LocalizedName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\EnablePunycode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\Security",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{5CD7AEE2-2219-4A67-B85D-6C9CE15660CB}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\Stream",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3D644C9B-1FB8-4F30-9B45-F670235F79C0}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\Roamable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontSubstitutes\\Times New Roman Baltic,186",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{5CD7AEE2-2219-4A67-B85D-6C9CE15660CB}\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\LocalRedirectOnly",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\LocalRedirectOnly",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\Roamable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\NoFileFolderJunction",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{BCBD3057-CA5C-4622-B42D-BC56DB0AE516}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{208D2C60-3AEA-1069-A2D7-08002B30309D}\\ShellFolder\\NoFileFolderJunction",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SQMClient\\Windows\\DisabledSessions\\GlobalSession",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\User Shell Folders\\CommonVideo",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\Description",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\Desktop\\NameSpace\\{031E4825-7B94-4dc3-B131-E946B44C8DD5}\\SuppressionPolicy",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\Security",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\\Roamable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\PublishExpandedPath",
"HKEY_CURRENT_USER\\Software\\Microsoft\\RestartManager\\Session0000\\RRCount",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\PreCreate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\Name",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\en",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoCommonGroups",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\LocalizedName",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\IETld\\IETldVersionHigh",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\PinToNameSpaceTree",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{BCBD3057-CA5C-4622-B42D-BC56DB0AE516}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SQMClient\\Windows\\DisabledSessions\\MachineThrottling",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}\\PreCreate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\Attributes",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\My Music",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\LocalRedirectOnly",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\\RelativePath",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\My Video",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3D644C9B-1FB8-4F30-9B45-F670235F79C0}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\Stream",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\Security",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\WantsFORPARSING",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\User Shell Folders\\CommonMusic",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\Security",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\BrowseInPlace",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\LocalRedirectOnly",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE\\*",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{BCBD3057-CA5C-4622-B42D-BC56DB0AE516}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\Roamable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{208D2C60-3AEA-1069-A2D7-08002B30309D}\\ShellFolder\\UseDropHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\Description",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\Stream",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\LocalRedirectOnly",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Desktop",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontSubstitutes\\Arial TUR,162",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows\\ScrollInterval",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\Description",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontSubstitutes\\David Transparent",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\Roamable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\ParsingName",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\ShowCompColor",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\PreCreate",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Startup",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\Security",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontSubstitutes\\Courier New Baltic,186",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\PnpLockdownFiles\\%SystemDrive%\\Program Files (x86)\\DS Clock\\license.txt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{5CD7AEE2-2219-4A67-B85D-6C9CE15660CB}\\LocalRedirectOnly",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\Attributes",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{374DE290-123F-4565-9164-39C4925E467B}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\LocalizedName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\LocalRedirectOnly",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\LocalRedirectOnly",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\IsShortcut",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{BCBD3057-CA5C-4622-B42D-BC56DB0AE516}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{208D2C60-3AEA-1069-A2D7-08002B30309D}\\ShellFolder\\CallForAttributes",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\AccessProviders\\MartaExtension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoPropertiesMyComputer",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\User Shell Folders\\Common Desktop",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\AutoComplete\\Client\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder\\RestrictedAttributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\Security",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShellState",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontSubstitutes\\Courier New TUR,162",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\LocalizedName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\LocalizedName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder\\WantsUniversalDelegate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontSubstitutes\\Times",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{905E63B6-C1BF-494E-B29C-65B732D3D21A}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\Stream",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\Desktop\\NameSpace\\{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}\\SuppressionPolicy",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\Description",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\LocalizedName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\Stream",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{208D2C60-3AEA-1069-A2D7-08002B30309D}\\ShellFolder\\HasNavigationEnum",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\NeverShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\LocalizedName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\PreCreate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\PreCreate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\Roamable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Drive\\shellex\\FolderExtensions\\{fbeb8a05-beee-4442-804e-409d6c4515e9}\\DriveMask",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\LanguagePack\\SurrogateFallback\\Plane2",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\Security",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{208D2C60-3AEA-1069-A2D7-08002B30309D}\\ShellFolder\\HideFolderVerbs",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\Security",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{3f5cc1b6-70f9-11e8-b07b-806e6f6e6963}\\Generation",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder\\CallForAttributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\Security",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\Description",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontSubstitutes\\Helvetica",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\LocalizedName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\Security",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\LocalizedName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\Desktop\\NameSpace\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\SuppressionPolicy",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\PreCreate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\Stream",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\PreCreate",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\crypt32\\DebugHeapFlags",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoPropertiesRecycleBin",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\Name",
"HKEY_CURRENT_USER\\FirefoxURL-E7CF176E110C211B\\NoStaticDefaultVerb",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\LocalRedirectOnly",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontSubstitutes\\KaiTi_GB2312",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontSubstitutes\\Times New Roman CYR,204",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\LocalRedirectOnly",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\Stream",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\Desktop\\NameSpace\\{450D8FBA-AD25-11D0-98A8-0800361B1103}\\SuppressionPolicy",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\Stream",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontSubstitutes\\Times New Roman CE,238",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\ProgramFilesDir",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{5CD7AEE2-2219-4A67-B85D-6C9CE15660CB}\\Stream",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{56784854-C6CB-462B-8169-88E350ACB882}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder\\UseDropHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\Stream",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Security",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\PreCreate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\RelativePath",
"HKEY_CURRENT_USER\\Software\\Microsoft\\RestartManager\\Session0000\\ESCount",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\LocalRedirectOnly",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Filter",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder\\WantsParseDisplayName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\WantsFORDISPLAY",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\CTF\\EnableAnchorContext",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\RelativePath",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{3f5cc1b5-70f9-11e8-b07b-806e6f6e6963}\\Generation",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\Desktop\\NameSpace\\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\\SuppressionPolicy",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\Stream",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\Roamable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\LocalizedName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\PreCreate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{5CD7AEE2-2219-4A67-B85D-6C9CE15660CB}\\Description",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\LocalizedName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoInternetIcon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\Desktop\\NameSpace\\{ED228FDF-9EA8-4870-83b1-96b02CFE0D52}\\SuppressionPolicy",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{208D2C60-3AEA-1069-A2D7-08002B30309D}\\ShellFolder\\HideInWebView",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\Roamable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DontShowSuperHidden",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\LocalRedirectOnly",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3D644C9B-1FB8-4F30-9B45-F670235F79C0}\\Description",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\Security",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\Attributes",
"HKEY_CURRENT_USER\\Software\\Microsoft\\RestartManager\\Session0000\\RegFiles0001",
"HKEY_CURRENT_USER\\Software\\Microsoft\\RestartManager\\Session0000\\RegFiles0000",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\Stream",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\User Shell Folders\\{3D644C9B-1FB8-4F30-9B45-F670235F79C0}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\MapNetDriveVerbs",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3D644C9B-1FB8-4F30-9B45-F670235F79C0}\\LocalRedirectOnly",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\QueryForInfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\Roamable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3D644C9B-1FB8-4F30-9B45-F670235F79C0}\\Security",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\Security",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\Description",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\PreCreate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\Enabled",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\Desktop\\NameSpace\\{9343812e-1c37-4a49-a12e-4b2d810d956b}\\SuppressionPolicy",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows\\ScrollInset",
"HKEY_CURRENT_USER\\Keyboard Layout\\Toggle\\Layout Hotkey",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Roamable",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Local AppData",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{5CD7AEE2-2219-4A67-B85D-6C9CE15660CB}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontSubstitutes\\Rod Transparent",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{5CD7AEE2-2219-4A67-B85D-6C9CE15660CB}\\Category",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{3f5cc1b6-70f9-11e8-b07b-806e6f6e6963}\\Data",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\Stream",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\UseDropHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\StreamResourceType",
"HKEY_CURRENT_USER\\Software\\Microsoft\\RestartManager\\Session0000\\RegProcs0000",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\Security",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SQMClient\\Windows\\DisabledProcesses\\A97E3BAA",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\PreCreate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{905E63B6-C1BF-494E-B29C-65B732D3D21A}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\LocalizedName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{208D2C60-3AEA-1069-A2D7-08002B30309D}\\ShellFolder\\MapNetDriveVerbs",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\Desktop\\NameSpace\\{11016101-E366-4D22-BC06-4ADA335C892B}\\SuppressionPolicy",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\Attributes",
"HKEY_LOCAL_MACHINE\\SYSTEM\\Setup\\SystemSetupInProgress",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{BCBD3057-CA5C-4622-B42D-BC56DB0AE516}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontSubstitutes\\Arial CYR,204",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\PreCreate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}\\LocalizedName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\Roamable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\HideFolderVerbs",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoNetCrawling",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\CreateUriCacheSize",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\Stream",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{BCBD3057-CA5C-4622-B42D-BC56DB0AE516}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\Description",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\InProcServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{BCBD3057-CA5C-4622-B42D-BC56DB0AE516}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\Description",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\RegisteredOwner",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\PreCreate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Description",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\CreateUriCacheSize",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\HideInWebView",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{905E63B6-C1BF-494E-B29C-65B732D3D21A}\\Stream",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\StreamResourceType",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{BCBD3057-CA5C-4622-B42D-BC56DB0AE516}\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{BCBD3057-CA5C-4622-B42D-BC56DB0AE516}\\Security",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontSubstitutes\\Times New Roman Greek,161",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\Security",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\CallForAttributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\LocalRedirectOnly",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3D644C9B-1FB8-4F30-9B45-F670235F79C0}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\TurnOffSPIAnimations",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3D644C9B-1FB8-4F30-9B45-F670235F79C0}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder\\NoFileFolderJunction",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\Stream",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder\\QueryForInfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Name",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\UseDoubleClickTimer",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Shell\\Associations\\UrlAssociations\\http\\UserChoice\\Progid",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\Name",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\EnableBalloonTips",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows\\DragDelay",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\LocalRedirectOnly",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\Security",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\PreCreate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder\\HideOnDesktopPerUser",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{BCBD3057-CA5C-4622-B42D-BC56DB0AE516}\\LocalRedirectOnly",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{905E63B6-C1BF-494E-B29C-65B732D3D21A}\\PreCreate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\PnpLockdownFiles\\%SystemDrive%\\ProgramData\\Duality Software\\DS Clock\\Sounds\\Chimes.wav",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3D644C9B-1FB8-4F30-9B45-F670235F79C0}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\Icon",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\en-US",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder\\PinToNameSpaceTree",
"HKEY_CURRENT_USER\\FirefoxURL-E7CF176E110C211B\\shell\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\\Description",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder\\WantsFORDISPLAY",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{5CD7AEE2-2219-4A67-B85D-6C9CE15660CB}\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\PreCreate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{208D2C60-3AEA-1069-A2D7-08002B30309D}\\ShellFolder\\PinToNameSpaceTree",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\HasNavigationEnum",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\User Shell Folders\\CommonPictures",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\PnpLockdownFiles\\%SystemDrive%\\ProgramData\\Duality Software\\DS Clock\\dsetime.log",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\LocalizedName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\Roamable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\DocObject",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3D644C9B-1FB8-4F30-9B45-F670235F79C0}\\Stream",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\LocalizedName",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\ShowSuperHidden",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\AppData",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\Roamable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\LocalizedName",
"HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\EnablePunycode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontSubstitutes\\Arabic Transparent Bold,0",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\LocalizedName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\Roamable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\StreamResourceType",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Shell Folders\\Cache",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{905E63B6-C1BF-494E-B29C-65B732D3D21A}\\LocalizedName",
"HKEY_CURRENT_USER\\Keyboard Layout\\Toggle\\Language Hotkey",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\PreCreate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\AutoComplete\\Always Use Tab",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\LocalizedName",
"HKEY_CURRENT_USER\\Keyboard Layout\\Toggle\\Hotkey",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\LocalizedName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{5CD7AEE2-2219-4A67-B85D-6C9CE15660CB}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontSubstitutes\\Miriam Transparent",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\LocalRedirectOnly",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Stream",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\Stream",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\LDAP\\UseHostnameAsAlias",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\StreamResourceType",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\NoNetCrawling",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\Stream",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontSubstitutes\\Arial Greek,161",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\\LocalizedName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{208D2C60-3AEA-1069-A2D7-08002B30309D}\\ShellFolder\\WantsFORPARSING",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}\\Roamable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\Description",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\Description",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}\\LocalizedName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3D644C9B-1FB8-4F30-9B45-F670235F79C0}\\LocalizedName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{03C036F1-A186-11D0-824A-00AA005B4383}\\InProcServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\Security",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\LocalRedirectOnly",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\Description",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontSubstitutes\\Courier New Greek,161",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\Roamable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\InitFolderHandler",
"HKEY_CURRENT_USER\\FirefoxURL-E7CF176E110C211B\\shell\\open\\NeverDefault",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\WantsUniversalDelegate",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\SESSION MANAGER\\PendingFileRenameOperations",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontSubstitutes\\Arial Baltic,186",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\QueryForOverlay",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}\\Stream",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\ClassicShell",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder\\WantsAliasedNotifications",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\\PreCreate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\Description",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\\Stream",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{905E63B6-C1BF-494E-B29C-65B732D3D21A}\\Roamable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\PnpLockdownFiles\\%SystemDrive%\\Program Files (x86)\\DS Clock\\readme.txt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\WantsParseDisplayName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontSubstitutes\\Segoe UI",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\EnablePunycode",
"HKEY_CURRENT_USER\\Software\\Microsoft\\RestartManager\\Session0000\\Sequence",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontSubstitutes\\Courier New CYR,204",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\Stream",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontSubstitutes\\MS Shell Dlg",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\InfoTip",
"HKEY_CURRENT_USER\\Software\\Microsoft\\RestartManager\\Session0000\\RegFilesHash",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\BrowseInPlace",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{5CD7AEE2-2219-4A67-B85D-6C9CE15660CB}\\RelativePath",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\IconsOnly",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{BCBD3057-CA5C-4622-B42D-BC56DB0AE516}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\Security",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\Security",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{905E63B6-C1BF-494E-B29C-65B732D3D21A}\\Description",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\Roamable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\LocalRedirectOnly",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\AutoComplete\\AutoSuggest",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\SESSION MANAGER\\PendingFileRenameOperations2",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{208D2C60-3AEA-1069-A2D7-08002B30309D}\\ShellFolder\\RestrictedAttributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{BCBD3057-CA5C-4622-B42D-BC56DB0AE516}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\Public",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE\\c377d2bfb91b3167f78e37ed202a391e174323b2399b75fac291322d3865c60a.tmp",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\LDAP\\LdapClientIntegrity",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ProgramFilesDir",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B6EBFB86-6907-413C-9AF7-4FC2ABF07CC5}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\LocalRedirectOnly",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\SeparateProcess",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\Stream",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SQMClient\\Windows\\CEIPEnable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\LocalizedName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\PnpLockdownFiles\\%SystemDrive%\\Users\\cuck\\AppData\\Roaming\\Duality Software\\DS Clock\\synclog.txt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\PnpLockdownFiles\\%SystemDrive%\\Program Files (x86)\\DS Clock\\timesvrs.dat",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\DocObject",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\LocalRedirectOnly",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\Description",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\Stream",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\Desktop\\NameSpace\\{e345f35f-9397-435c-8f95-4e922c26259e}\\SuppressionPolicy",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\Stream",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\Desktop\\NameSpace\\{BD7A2E7B-21CB-41b2-A086-B309680C6B7E}\\SuppressionPolicy",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\User Shell Folders\\Common Startup",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoControlPanel",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DFDF76A2-C82A-4D63-906A-5644AC457385}\\Description",
"HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\CreateUriCacheSize",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\Desktop\\NameSpace\\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\\SuppressionPolicy",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{905E63B6-C1BF-494E-B29C-65B732D3D21A}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\LocalRedirectOnly",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\Description",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{B97D20BB-F46A-4C97-BA10-5E3608430854}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{BCBD3057-CA5C-4622-B42D-BC56DB0AE516}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE92C1C7-837F-4F69-A3BB-86E631204A23}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3D644C9B-1FB8-4F30-9B45-F670235F79C0}\\PreCreate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\Roamable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\Desktop\\NameSpace\\{26EE0668-A00A-44D7-9371-BEB064C98683}\\SuppressionPolicy",
"HKEY_CURRENT_USER\\Software\\Microsoft\\RestartManager\\Session0000\\RegSvcs0000",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3D644C9B-1FB8-4F30-9B45-F670235F79C0}\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\LocalizedName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{5CD7AEE2-2219-4A67-B85D-6C9CE15660CB}\\PreCreate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder\\QueryForOverlay",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\PreCreate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{0762D272-C50A-4BB0-A382-697DCD729B80}\\Roamable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\Security",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\User Shell Folders\\Common Documents",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{BCBD3057-CA5C-4622-B42D-BC56DB0AE516}\\PreCreate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{208D2C60-3AEA-1069-A2D7-08002B30309D}\\ShellFolder\\HideOnDesktopPerUser",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{DE974D24-D9C6-4D3E-BF91-F4455120B917}\\Roamable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\LocalRedirectOnly",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Security_HKLM_only",
"HKEY_CURRENT_USER\\Software\\Microsoft\\RestartManager\\Session0000\\JSCount",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\AlwaysShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\Security",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3D644C9B-1FB8-4F30-9B45-F670235F79C0}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontSubstitutes\\Arial CE,238",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}\\Description",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F7F1ED05-9F6D-47A2-AAAE-29D317C6F066}\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\Description",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\Roamable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{208D2C60-3AEA-1069-A2D7-08002B30309D}\\ShellFolder\\WantsAliasedNotifications",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\Description",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{BCBD3057-CA5C-4622-B42D-BC56DB0AE516}\\Stream",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\EnablePunycode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3214FAB5-9757-4298-BB61-92A9DEAA44FF}\\LocalRedirectOnly",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\PnpLockdownFiles\\%SystemDrive%\\Program Files (x86)\\DS Clock\\dsetime.exe",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\PnpLockdownFiles\\%SystemDrive%\\Program Files (x86)\\DS Clock\\libcurl.dll",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\LocalRedirectOnly",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\Stream",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\PreCreate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{5CD7AEE2-2219-4A67-B85D-6C9CE15660CB}\\Roamable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{905E63B6-C1BF-494E-B29C-65B732D3D21A}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1777F761-68AD-4D8A-87BD-30B759FA33DD}\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\GRE_Initialize\\DisableMetaFiles",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}\\Security",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\Security",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{208D2C60-3AEA-1069-A2D7-08002B30309D}\\ShellFolder\\WantsUniversalDelegate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\Desktop\\NameSpace\\{645FF040-5081-101B-9F08-00AA002F954E}\\SuppressionPolicy",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Hidden",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{905E63B6-C1BF-494E-B29C-65B732D3D21A}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\PnpLockdownFiles\\%SystemDrive%\\ProgramData\\Duality Software\\DS Clock\\Sounds\\Cuckoo.wav",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}\\LocalRedirectOnly",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{33E28130-4E1E-4676-835A-98395C3BC3BB}\\Description",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\HideOnDesktopPerUser",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\NeverShowExt",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Cached\\{871C5380-42A0-1069-A2EA-08002B30309D} {000214E6-0000-0000-C000-000000000046} 0xFFFF",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\IsShortcut",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder\\HideInWebView",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontSubstitutes\\Helv",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{5CD7AEE2-2219-4A67-B85D-6C9CE15660CB}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoSimpleStartMenu",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Description",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{2400183A-6185-49FB-A2D8-4A392A602BA3}\\LocalRedirectOnly",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\PnpLockdownFiles\\%SystemDrive%\\Program Files (x86)\\DS Clock\\dsclock.chm",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{56784854-C6CB-462B-8169-88E350ACB882}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{374DE290-123F-4565-9164-39C4925E467B}\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\BrowseInPlace",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder\\HasNavigationEnum",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{ED4824AF-DCE4-45A8-81E2-FC7965083634}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{4BD8D571-6D19-48D3-BE97-422220080E43}\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}\\Roamable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{18989B1D-99B5-455B-841C-AB7C74E4DDFC}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{FDD39AD0-238F-46AF-ADB4-6C85480369C7}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\en-US"
],
"directory_enumerated": [
"C:\\Users\\cuck\\AppData\\Local\\Temp\\is-FCNCD.tmp\\*",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\is-6QC0S.tmp\\c377d2bfb91b3167f78e37ed202a391e174323b2399b75fac291322d3865c60a.tmp",
"C:\\Windows\\SysWOW64\\ieframe.dll",
"C:\\Windows\\SysWOW64\\*.*",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\is-FCNCD.tmp\\_isetup\\*",
"C:\\Program Files (x86)\\DS Clock\\unins???.*",
"C:\\Windows",
"C:\\Windows\\SysWOW64"
],
"regkey_written": [
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\DS Clock_is1\\QuietUninstallString",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\DS Clock_is1\\MinorVersion",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\DS Clock_is1\\Inno Setup: Language",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\DS Clock_is1\\InstallDate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\DS Clock_is1\\InstallLocation",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\DS Clock_is1\\EstimatedSize",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\DS Clock_is1\\URLUpdateInfo",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Duality Software\\DS Clock\\Install\\Stamp",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\DS Clock_is1\\HelpLink",
"HKEY_CURRENT_USER\\Software\\Microsoft\\RestartManager\\Session0000\\Sequence",
"HKEY_CURRENT_USER\\Software\\Duality Software\\DS Clock\\Common\\AU",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\DS Clock_is1\\NoModify",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\DS Clock_is1\\UninstallString",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\DS Clock_is1\\Inno Setup: Setup Version",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\DS Clock_is1\\VersionMajor",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\DS Clock_is1\\MajorVersion",
"HKEY_CURRENT_USER\\Software\\Microsoft\\RestartManager\\Session0000\\RegFilesHash",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Duality Software\\DS Clock\\Install\\Path",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\DS Clock_is1\\Inno Setup: User",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\DS Clock_is1\\URLInfoAbout",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\DS Clock_is1\\VersionMinor",
"HKEY_CURRENT_USER\\Software\\Microsoft\\RestartManager\\Session0000\\Owner",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\DS Clock_is1\\DisplayName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\DS Clock_is1\\Inno Setup: Icon Group",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\DS Clock_is1\\DisplayVersion",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\DS Clock_is1\\NoRepair",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\DS Clock_is1\\DisplayIcon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\DS Clock_is1\\Inno Setup: App Path",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\DS Clock_is1\\Publisher",
"HKEY_CURRENT_USER\\Software\\Microsoft\\RestartManager\\Session0000\\SessionHash",
"HKEY_CURRENT_USER\\Software\\Microsoft\\RestartManager\\Session0000\\RegFiles0000"
]
},
"first_seen": 1568681589.9062,
"ppid": 2676
},
{
"process_path": "C:\\Program Files (x86)\\Mozilla Firefox\\firefox.exe",
"process_name": "firefox.exe",
"pid": 264,
"summary": {
"file_opened": [
"",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\1E6CC88205509B4729347C79C048D6FEE47BA702",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4A7B3B12544D1B7ECC140DBCC7F13159E5C2811A",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\116C29D749EF02BBC3455756D834442785F9A388",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\406A03EE0E91037465ACB2B4F4105250A54F282B",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\C7BCCD2D2CA294B38AE834D818CF5D5C0C7A65BE",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\1657114595AmcateirvtiSty.sqlite",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\F17F04878A68505AE5481A71D8B733C5FFC6F285",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\InstallTime20180605171542",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\80C4BD9CF4D3178043F25467076DC8E0EDCA7FA2",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\25BA5C2B3FD98507850409FC3A4FD981B4B57A95",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\0C2824F70ADF87E5071FE4771AF36357A5500643",
"C:\\Program Files (x86)\\Mozilla Firefox\\defaults\\pref\\channel-prefs.js",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\mozplugin-block-digest256.pset",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\sessionCheckpoints.json",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\53DAE4B1D7BFF6744CCAF7207DE631267F9883DC",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\12C5797F729FEAC529B8B47C188D14EB02D8CB76",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-phish-proto.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\B7DB036074231ACC212F58CA5B8AF0545A418060",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-downloadwhite-proto.metadata",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\A698B6CF98F43F9B0EE1C1DAF3F2CB9BFF09A47C",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\464DAA9FB3675E2054BC44273AFC184FA46471CB",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\7B303216787123E2E98A2B9594CDF8211C77C0EA",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-harmful-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\14C9FC10F03F11BB6CBD75EA217AB33E64DCC1D8",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\7129FF815464CD6B0D2D26BA6F4172DEB37EEEAD",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\addons.json",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\SiteSecurityServiceState.txt",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\03C2D63D520038594126B6B542E92CB503EF60B6",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\9548F9611999ED8CA357720E12017816424CFB6F",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\B871BCA40A90227E35C39797525C79C94A1D99BE",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-downloadwhite-proto.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\except-flashsubdoc-digest256.pset",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-utility-l1-1-0.dll",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\5910B209536948818F465D83D2569E7CE0895207",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\content-prefs.sqlite",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\89ACBB962943FAF1EF2F1C7CA72502C77A714625",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-phish-proto.metadata",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\BD75785200C0E1E894D78880C72AC03D1B02A575",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\89DBE1DF558BB8439E2062ECC3272086F2E3FF1F",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-malware-proto.metadata",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\6052DF2D478CD99FDE4D4B2D810BB2BA580793EC",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D6BFEAEE7117A9C7FDE6A10EAB400F894E4195A8",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\2FD2E2A71F89E3A92F68CB796207228217259289",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-math-l1-1-0.dll",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\BF13DDDC114B55CF8532A4CD90403A99233AEC0E",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4E7F371E5CFBFD3AFD85C29D7EEFFFE842B3C777",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\A41FBA22DC5012AD425DF960BDD5033BAB7C7CB6",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\allow-flashallow-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\scriptCache-current.bin",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\permissions.sqlite",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\handlers.json",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\B028362E3889BEAC998CED49FD74BA83B106FF93",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\698AC159A6BCBA0D13FE6F10F1A38E498F826F33",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\46E3AF25E304979396708B69DA68563169275511",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\allow-flashallow-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\onboarding@mozilla.org.xpi",
"C:\\Program Files (x86)\\Mozilla Firefox\\gmp-clearkey\\0.1\\manifest.json",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\17AFA6B228D2D87514B84B53E61306EC9F76A8AE",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\179F6D8969C48967D77229126C8892C5E40DBC29",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D5E6BECED2D69F7DA21EFD7B80D6C386F459CAF3",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default",
"C:\\Program Files (x86)\\Mozilla Firefox\\firefox.exe",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\53A3BB8B513161BF46CD7ED76BE06E8E633BE492",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cookies.sqlite",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\92B5C9352DD00CE3BC97E4D5F624D41C2B3E8A45",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-phish-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-harmful-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\2B0BB856207559EBA5FC5511DF6FF5F51DFB5146",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\E771454BB360CA5F7AA169E5416B493549BC2F59",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4FA5EE242D6F5B358CE45D291E80054726F198AC",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\addonStartup.json.lz4",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\EE34617993BEF52E93EC1819B22D42B99366214A",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\F18D85F52EBBBA2AB081EF739ED0D6E8A76D497C",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\blocklist.xml",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\96ABC2EA8266E6EA2ABE62F8766B67BC8CA527BD",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\AlternateServices.txt",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-multibyte-l1-1-0.dll",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-badbinurl-proto.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D1B90B03F8D7A2BA6BA1E9251F8101DECDB2CBEC",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\base-track-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\08F6935A08DB711CA491DE732807CFAEAB3E4D3B",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\64E75C732D9C3F23724ACEF48E9B6C566BC6D9BE",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\followonsearch@mozilla.com.xpi",
"C:\\Windows\\System32\\wshqos.dll",
"C:\\",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-track-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\22C4B7AADA22F61015D43F2AC3959E959BFA7C92",
"C:\\Program Files (x86)\\Mozilla Firefox\\fonts\\EmojiOneMozilla.ttf",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\B25B8C1B43CF7FBFAE6666322FAC0E83376388E2",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\24AB539CB6640E15DB1604220F3951544785212C",
"C:\\Program Files (x86)\\Mozilla Firefox\\lgpllibs.dll",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\505DF13F4DA2C53FEB1945E0598B23F47FDBDCC7",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\BA91797ACB41F0E0E1E95742571EEE322A6A70F0",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\webext.sc.lz4",
"C:\\Program Files (x86)\\Mozilla Firefox\\mozglue.dll",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\CCB2BB2D87699CA64DCF0C60BDECD1E30D1D6A11",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\773ADD9F62EEAF7F2246C8AD56A9F1B7BAA7B703",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\2E3648501A7ACB740BAFCE7FC3EAF3D4DC4E995D",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\9BA38CD17924C08AD334BFB3903E3E7CD5627B1B",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\2DDBF58F5F7BF1E52CD38B42B90ABC8A4B082461",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-block-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\mozplugin-block-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\E7EAFD1748127CEAA48DCDD05E7998E3CAA95B8C",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\C4FA0268E64A0AD9E2040B07A1F10F120BD4EB0C",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\EAF97F7535E2FBDA3D23E536591F7BBFE203FAC1",
"\\Device\\NamedPipe\\",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D5D7B247774E63182A9E2C82B62424AAB64C79A8",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\745D8B14DE6A12F1FAB4E03C1DDDB18AADB91107",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\6E1FED29EBE0BFDE3E498E4192938BE957FF9246",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\xulstore.json",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\A9004750076EB06EEC33AA7B9CC6D2557CD44CF4",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-malware-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\0CB83587A5F8FCB502CB86AC361A93E2B36E861C",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\A3031C2052A395A7FE246EFE1783C6205B841295",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\2F8B15C93D75669CC70EBF85BF71871359837EAF",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-unwanted-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\1679441B8AA7B4D31717C773CC4E86A25B37532B",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\C9BC79B1EF4DD1EF133FEDF6433E235214534AB1",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\search.json.mozlz4",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\10506E8A46D6B713DA6BAF52F85CF29652AB094C",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\19AE0F43DA3528C6C3423A49A8C88E2268C93A9F",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\A9970A5D52CA09C13D9BD1531BCA7CF8B73E283E",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\A2FD2AEC52AD764EF05C6E7CE3A4CE4B752EA5F0",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\719CE0C009C49A27AA9874570F196BC7E8FB4270",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\except-flashsubdoc-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\block-flash-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\6301F538B782708AB243E2D7E05058C93BB83863",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\DF08D94982E136FE7C4F2C94421F9E48C2C74A77",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\C664ABAE6A070392F60C7BFF721450AA0CF7DBA0",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\B10EA6E071F884F477118DC8A00E82FC8DE58639",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\key4.db",
"C:\\Program Files (x86)\\Mozilla Firefox\\omni.ja",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cert9.db",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-badbinurl-proto.metadata",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\E8F333B9BE75EC8017017DAE4ACE9DCC6677A983",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-block-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\1E1444ABF82EF1DC8EE0944028E4CDA455D636F3",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\05582FF5C196A4485F189490FEC9ECEA0890DA32",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\589D8E1EA927649272150213A47BD1143DECB82A",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\ED89A8241905354BB4530DC06257CEF53C1580A2",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-phish-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\BFF1B70350A6A2E0FDC6CD336ADB9119D951BACD",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-string-l1-1-0.dll",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-trackwhite-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\66F684AF9CC570C6247262B47C769C601C2A338B",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\639DC9A240AA5E77CE1A930EDDD634BE796CBFA8",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\containers.json",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\prefs.js",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D1A8E6A06938A84BEC26B6A4F8D583FB4A3E4875",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\1D7A050D55E3C4EE69402F8D55391DE5B50ADDB9",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\pkcs11.txt",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\6C9B846926C287B15F67D64CE91F1CFA7D812660",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\except-flashallow-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\C57B57965CBA09581E320B5AA0337D210F8F93D2",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-phish-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-harmful-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\0CDAD0FEE8D457A239E21FCEAC3C12851FD524BB",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\32D3D40B1A49D72C523AF9C518AFE673224DF48F",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\times.json",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\E2E836DA4479746F0312710A7F9EE78D7DFD4750",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-trackwhite-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\2E51A9404F7D0D33DB132CAF4A9C7B8FA64549AA",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-unwanted-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\120B4106EC203FC932984367D86BBE11C2B9B93C",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\2361C75DF0C4148925BB777DAFEA1BF4F9552B47",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\favicons.sqlite-wal",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\3A472858AE5D0DD4813DF4EFC9F1037A487B1A64",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-block-simple.sbstore",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-locale-l1-1-0.dll",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\65C9C9A27B78717F1015DE362F028E04C3945DEC",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4E83181E964BD40E1FE4C41BAFED645D4BA363B1",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\25D9FE4CEA5B58770648CDAF3242ACDE286A6CBF",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\extensions\\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4AFCE23AA61A96885DF21D2DE2FFB502C41EBD3C",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\3561288849sdhlie.sqlite",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\1FD79E550E990A5DE8BC811C9BBECF380A66A9DF",
"C:\\Program Files (x86)\\Mozilla Firefox\\nss3.dll",
"C:\\Windows\\Fonts\\times.ttf",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-malware-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\361B548BA913570AB336F9E5FA9152F01E567AB9",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\mozstd-trackwhite-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\9843E084E02CC996A82AAAF091B968B2F443AA96",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\base-track-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\webappsstore.sqlite-wal",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\63F48F4F7F1BC3195F5AB831F9794F3DBA2D30E1",
"C:\\Windows\\Fonts\\segoeuii.ttf",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\favicons.sqlite",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4945586D32183A203E85FAFFD463A7684FD62668",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\7F2254AA2A8BC4A627A43E0A537084540A1E884B",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\aushelper@mozilla.org.xpi",
"C:\\Program Files (x86)\\Mozilla Firefox\\chrome.manifest",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\950506BC89C1114E4E75E993855000430CECD9D9",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-track-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\1F3A3A34BAF218785600EB46E9182918B9928898",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4824C8FFDEE786A5D8721AF47836EA89F72B9E63",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-phish-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\startupCache.4.little",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\compatibility.ini",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\235A8ED310BFD65966E1EE36D0FD4BE498C8B73C",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\thumbnails\\f8f5d529d35334f2fb264d19f656224e.png",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\.metadata-v2",
"\\\\?\\PIPE\\samr",
"C:\\Windows\\System32\\spool\\drivers\\color\\sRGB Color Space Profile.icm",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\7ADD52E257AB16553D632B8F4B6830030878A19E",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-time-l1-1-0.dll",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\5E4954707B44E5A4B4ACF5F22B52219A1DCA477F",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\AA109EF5680522CB655C98111C00F5A6B7B092B2",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\1AB027184D2B00AF60C1FC40EDE4333DEACDB184",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\B597DA2E9B2D181DF7F2FB8D2BAEC133C8DBA0A3",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\C03DE41C9476F437402F1B6C64B0E4AB01A863E0",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\crashes\\store.json.mozlz4",
"C:\\Program Files (x86)\\Mozilla Firefox\\dependentlibs.list",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\webappsstore.sqlite",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\TRRBlacklist.txt",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\FF55B8192FB0DF5264A1A67E55A281598969EDD1",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-trackwhite-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-malware-proto.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\block-flashsubdoc-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\BA3014356B4F6ECADF1B5288B6841EB407783B99",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\75E50D054B90189E74DAB0C86F5E8680BE580C29",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\session-state.json",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\34D9B2F464DD8C129F58DFEE470B079556A7A3F9",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\167493A5CFB1A41265EC1B95DA06580C32BCF814",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\activity-stream.tippytop.json",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\68B1EB9E09D4BD74CA7A9C1BB118BE821BD39E93",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\DC933A410E769DFD115C892EAF014A6E15ED59CE",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D172C03F361E7325D8F391F992106A828306767D",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\911B0C61350C012E383F7D0845A33B4D64F1AD2A",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D381FB47D731C2651FB103E2F7BC18AF380F7B1F",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\0FEBD8BDBFAC8B82791945DC7E04F675419B2F42",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\block-flash-digest256.pset",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-runtime-l1-1-0.dll",
"C:\\Users\\cuck\\AppData\\LocalLow\\Mozilla\\Temp-{30125161-3c7f-4c5a-bdb3-beadc01f5994}",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\7A140995F2B1632A4366B29F84525E129CE8019A",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-block-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\13AD07F4960A54F2D183ACF9E94C5128138B1927",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\scriptCache-child-current.bin",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\8C98F893C7DC5F2C401AD1482A81572B54197408",
"C:\\Program Files (x86)\\Mozilla Firefox\\VCRUNTIME140.dll",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\10822A86FA4EA4E601152426CBC79395A1336DF4",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\481A82674A6B66F0DE510C9A714F8CD8C49CECDC",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\5DE23E815D1A97B1F4BEA115D8FEE9A592A6F071",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\B3F357E619352C003E94A8CF5A48F89305F38330",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\6D0B804EDDF9F0A04ED44C3E1673404FC2EF042D",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4EC268BEC38CFB516EF780E0EBE4E401AF241132",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\796EA7DED8F33BFD4F2F0CD98C76865D063E1FE1",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D8779A474EF9F188508C00F92B9CE49A7892A0AD",
"C:\\Program Files (x86)\\Mozilla Firefox\\xul.dll",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\87526A8EBFB030E474085D20EF15DC8C63814072",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\screenshots@mozilla.org.xpi",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\AC09BBF6FF451E6C03BF3FB18C85B1A52662C4FC",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\0EDDF8C091E2FED62E44BEDDDC1723F5BF38FE4F",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D7152E928865BCA4A03E2E2EA4F70459D0A65CA9",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\except-flash-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-track-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\profiles.ini",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\3105ECE5A1F29E3F4D2F5EDF3C6DC5FE4443FD4A",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-harmful-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\93B95B92B63A5C2327A8048A4BF57824C56B8CF1",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-track-simple.pset",
"C:\\Windows\\Fonts\\segoeui.ttf",
"C:\\PROGRAM FILES (X86)\\MOZILLA FIREFOX\\fonts\\EMOJIONEMOZILLA.TTF",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\9B1007AC2F741C4FD7099C41A741D0FD35957BB8",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\places.sqlite-wal",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4966EE335F8967FC706E89E6D02E8524E946F1B9",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\except-flashallow-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\196BCA845E91608F7B4CA6127A60D20AF55413AC",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\F8AC72083E334F70A553AE68455FBDF0E65C5221",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\E59C4C731883450D84A0BAE7FDD94546BBC8DE04",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\SecurityPreloadState.txt",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D3AEF13BE0B76F1272C2F5536D4AF952DE6D2579",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-unwanted-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\8366CD083751DA973B30F80B11D910A45A6D920D",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\webcompat@mozilla.org.xpi",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\6509930F4539DB79DA356F2C5D01976D46756302",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\8322BC5E83D3D80175E749D29197F9800286F253",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\2732BCC97E7EB9EC9DE3E8EA8F56D7971CBDCD22",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\except-flash-digest256.pset",
"C:\\Windows\\System32\\wship6.dll",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\E910D1FCE8BF27F5536B88567A4DC32624377CC3",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\B2D65EE14ED1EB19E1A3B4C871D8C24A13F52918",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\firefox@getpocket.com.xpi",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\7A8D3A9360CC37F0AD80962D4AEA72B6D0F0B2B3",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-trackwhite-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\AC5E012C1887C7B691A8EA00C4E754025E25C235",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-malware-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\F2BD0701B9399ABF52C338C39C42391FD12832D2",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\01B2BB0FC84221A3593CA7991D57E56AC2CAE656",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\F10983A15DD515D828BE4E816299B9E87852132A",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\EFE71EF03AD3DD79AAEBAA0A3F9596521CBA2FFE",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-filesystem-l1-1-0.dll",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\B43D30F6F6BD7155ECCE1FFC98748C5FE69D8051",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-heap-l1-1-0.dll",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-unwanted-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\71E6B979E60B9BE891481CC4F4A274E2DECFFCD7",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\EA9C51236A8D1BE9B123FE65F49772A97F2EAAEC",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\EFC872FB5405AFC377348FFCDD26E62BBB612D81",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\499B8F86D3D7ACD12153BFF4E7D9C21E20E57862",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4DE8480C465A21C0F01AA2B6F4E13E551F78BBB1",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\AFE5FBBD40656A0DF79CF1E5D0A1DF072C6B9AE9",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\chrome.manifest",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\8763F97414AC5D93807FCCBC67DBAAAEE2972A52",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\F6C3C960F259CC3B54FF1DAD70E2F2E9E5020CA6",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D88DC229735F2EE8DFE494C6D1F37FA7BB2227CE",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\F85DD1E57E8C61DF501ABFFCE74943A8035E83A6",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\state.json",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\shield-preference-experiments.json",
"C:\\Program Files (x86)\\Mozilla Firefox\\msvcp140.dll",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\archived",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\sessionstore.jsonlz4",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\omni.ja",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\006309EAFFD4653F45B69F09BF6F930B6C5B394C",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\63FFF734326AB3EF836515DFE9353A5E12B66B71",
"C:\\Windows\\System32\\ExplorerFrame.dll",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\54EF37D18C4E81EE554527CBAE4A41871ECA817A",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\extensions.json",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\CA53C817FAB68ABF181745737562B15E8CCB7039",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-environment-l1-1-0.dll",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\2918063365piupsah.sqlite",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-unwanted-proto.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\E600EF8778C4BFEC40D87FF56E5C46E3377094F0",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\16114BA75206B6FA4C51ADC8A73DB4C6635F6AF9",
"C:\\Program Files (x86)\\Mozilla Firefox",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\2F0CC71C57B06F9DEA5A4A190CC4CF489D97C1F4",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\mozstd-trackwhite-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\9B10ECC55593004CB6F9763CF9201C09433055FD",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\79AEB0050B19F23A061AD4C2045261954485EF33",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-malware-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\88A3A91F296EB21A832CB76FA4FDB06CCDE147B9",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\5014D54D3346C39B07AF70090657B2AD092771C7",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D56D07CBF04B0388B53B943F61C75FC6620FA0A9",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\crashes\\events",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\25FCAA86CF448D2943B56A5788C3C21E5EA8DBC4",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\urlCache-current.bin",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\events",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\places.sqlite",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-unwanted-proto.metadata",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage.sqlite",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\BB03D28C0A5842A9006EBFBFCDEC58959BE6B505",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\activity-stream@mozilla.org.xpi",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\53B7A8254D12E292946E4514B3D598C1E6539AE8",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-stdio-l1-1-0.dll",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-convert-l1-1-0.dll",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\24C085D72E4DC34C183B0875733BBC71612D9696",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\formautofill@mozilla.org.xpi",
"C:\\Windows\\System32\\KBDUS.DLL",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\723D2D7D52AD8AD9A4B8D12D69CBCD97CB4FFC65",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\448A2AB129B26377E2408BBC44A6B4E984B0F25D",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\FDC043D6190638980733E805CC7517F27A931511",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\70F12FE0F788181112B9AEE541D1E9E7E0FAEDE3",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\block-flashsubdoc-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\F456E8433011E699C016D5F1A2CD66D7F02F61A1",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\thumbnails\\ad5a4453bea49203135688a7b8db842d.png",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\ABA24AAB8A9EA0E34C3E86EFD7EE2992CE614003"
],
"regkey_opened": [
"HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows NT\\DnsClient",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Mozilla\\Firefox\\32to64DidMigrate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\MMDevices\\Audio\\Render\\{c8ce7349-e519-42ea-bfb7-698f1844ee25}",
"HKEY_CURRENT_USER\\Software\\Synaptics\\SynTPEnh\\UltraNavPS2",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{8613E14C-D0C0-4161-AC0F-1DD2563286BC}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions",
"HKEY_CURRENT_USER\\Software\\Lenovo\\TrackPoint",
"HKEY_CLASSES_ROOT\\FirefoxHTML-E7CF176E110C211B",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{0000897b-83df-4b96-be07-0fb58b01c4a4}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Class\\{4d36e968-e325-11ce-bfc1-08002be10318}\\0000",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\KnownClasses",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.html",
"HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows NT\\Rpc",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\000000000008",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\KnownFolderSettings",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{C1EE01F2-B3B6-4A6A-9DDD-E988C088EC82}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\000000000001",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\000000000002",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\000000000003",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\000000000004",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\000000000005",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\000000000006",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\000000000007",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\LSA\\AccessProviders",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-699399860-4089948139-3198924279-1001",
"HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.html\\UserChoice",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Shell\\Associations\\UrlAssociations\\http",
"HKEY_CURRENT_USER\\Software\\Elantech\\MainOption",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Tracing\\firefox_RASMANCS",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\msasn1",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion",
"HKEY_LOCAL_MACHINE\\Software\\Mozilla\\Firefox\\TaskBarIDs",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{03B5835F-F03C-411B-9CE2-AA23E1171E36}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\System\\Setup",
"HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ICM\\RegisteredProfiles",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\000000000010",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Avalon.Graphics\\DISPLAY1",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\DnsCache\\Parameters",
"HKEY_CURRENT_USER\\Software\\Policies\\Mozilla\\Firefox",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{F25E9F57-2FC8-4EB3-A41A-CCE5F08541E6}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Websense\\Agent",
"HKEY_CURRENT_USER\\Software\\Synaptics\\SynTPEnh\\UltraNavUSB",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\Interface\\{423EC01E-2E35-11D2-B604-00104B703EFD}\\ProxyStubClsid32",
"HKEY_CURRENT_USER\\Software\\Microsoft\\CTF\\DirectSwitchHotkeys",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Windows",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{618736E0-3C3D-11CF-810C-00AA00389B71}\\ProxyStubClsid32",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Mozilla\\Firefox\\TaskBarIDs",
"HKEY_CURRENT_USER\\SOFTWARE\\Mozilla\\Firefox\\32to64DidMigrate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{DCBD6FA8-032F-11D3-B5B1-00C04FC324A1}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}",
"HKEY_CURRENT_USER\\Software\\Lenovo\\UltraNav",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts",
"HKEY_CURRENT_USER\\Software\\Microsoft\\CTF\\LayoutIcon\\0409\\0000041d",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\PropertyBag",
"HKEY_CURRENT_USER\\SOFTWARE\\Policies",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\WinSock2\\Parameters",
"HKEY_CURRENT_USER\\Software\\Mozilla\\Firefox",
"HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\System\\DNSClient",
"HKEY_LOCAL_MACHINE\\HARDWARE\\DESCRIPTION\\System\\CentralProcessor\\0",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{3697C5FA-60DD-4B56-92D4-74A569205C16}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\1",
"HKEY_LOCAL_MACHINE\\Software\\MozillaPlugins",
"HKEY_CURRENT_USER\\Software\\Classes\\.pdf",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\PropertyBag",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Video\\{6FABAC3A-B3E4-4C2F-82E9-AA53D01C5093}\\0000",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\1\\KnownFolders",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Mozilla\\MaintenanceService",
"HKEY_CURRENT_USER\\Interface\\{423EC01E-2E35-11D2-B604-00104B703EFD}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Setup",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\MMDevices\\Audio\\Render\\",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Avalon.Graphics",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies",
"HKEY_CLASSES_ROOT\\FirefoxHTML-E7CF176E110C211B\\shell\\open\\command",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\000000000009",
"HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\DWM",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{AE6BE008-07FB-400D-8BEB-337A64F7051F}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\PropertyBag",
"HKEY_CURRENT_USER\\Software\\Alps\\Apoint\\TrackPoint",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{E429B25A-E5D3-4D1F-9BE3-0C608477E3A1}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\MMDevices\\Audio\\Render\\{c8ce7349-e519-42ea-bfb7-698f1844ee25}\\Properties",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\Interface\\{1C1C45EE-4395-11D2-B60B-00104B703EFD}\\ProxyStubClsid32",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.pdf",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\application\/pdf",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Class\\{4D36E96E-E325-11CE-BFC1-08002BE10318}\\0000",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{F89E9E58-BD2F-4008-9AC2-0F816C09F4EE}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_CURRENT_USER\\Interface\\{1C1C45EE-4395-11D2-B60B-00104B703EFD}",
"HKEY_CURRENT_USER\\Keyboard Layout\\Toggle",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\00000005",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{531FDEBF-9B4C-4A43-A2AA-960E8FCDC732}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\",
"HKEY_LOCAL_MACHINE\\Software\\Synaptics\\SynTP\\Install",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\LDAP",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\MMDevices\\Audio\\Render\\{6fcf1fb3-47c2-4dea-98cf-b6fd0420a46f}",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Shell\\Associations\\UrlAssociations\\http\\UserChoice",
"HKEY_CURRENT_USER\\Software\\MozillaPlugins",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{78CB5B0E-26ED-4FCC-854C-77E8F3D1AA80}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Mozilla\\Firefox\\Extensions",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ICM\\RegisteredProfiles",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders",
"HKEY_CURRENT_USER\\SOFTWARE\\Mozilla\\Firefox\\Extensions",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Websense\\Agent",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\PropertyBag",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Mozilla\\Firefox",
"HKEY_LOCAL_MACHINE\\SOFTWARE",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{03022430-ABC4-11D0-BDE2-00AA001A1953}\\InProcServer32",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.html\\(Default)",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{07EB03D6-B001-41DF-9192-BF9B841EE71F}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\crypt32",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\ClusSvc",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\OLEAUT",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontSubstitutes",
"HKEY_LOCAL_MACHINE\\Software\\Alps\\Apoint",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\Tcpip\\Parameters",
"HKEY_LOCAL_MACHINE\\Software\\Cisco Systems\\VPN Client",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{A028AE76-01B1-46C2-99C4-ACD9858AE02F}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ICM",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{81D4E9C9-1D3B-41BC-9E6C-4B40BF79E35E}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_CURRENT_USER\\Software\\Elantech",
"HKEY_CLASSES_ROOT\\FirefoxURL-E7CF176E110C211B\\shell\\open\\command"
],
"guid": [
"{a95664d2-9614-4f35-a746-de8db63617e6}",
"{c43dc798-95d1-4bea-9030-bb99e2983a1a}",
"{17072f7b-9abe-4a74-a261-1eb76b55107a}",
"{0000015b-0000-0000-c000-000000000046}",
"{44aca674-e8fc-11d0-a07c-00c04fb68820}",
"{8bc3f05e-d86b-11d0-a075-00c04fb68820}",
"{529a9e6b-6587-4f23-ab9e-9c7d683e3c50}",
"{591209c7-767b-42b2-9fba-44ee4615f2c7}",
"{4e530b0a-e611-4c77-a3ac-9031d022281b}",
"{4590f811-1d3a-11d0-891f-00aa004b2e24}",
"{6332debf-87b5-4670-90c0-5e57b408a49e}",
"{674b6698-ee92-11d0-ad71-00c04fd8fdff}",
"{d5f569d0-593b-101a-b569-08002b2dbf7a}",
"{dc12a687-737f-11cf-884d-00aa004b2e24}",
"{bcde0395-e52f-467c-8e3d-c4579291692e}",
"{77f10cf0-3db5-4966-b520-b7c54fd35ed6}",
"{56fdf344-fd6d-11d0-958a-006097c9a090}",
"{28b4d88b-e072-49e6-804d-26edbe21a7b9}",
"{e77cc89b-7401-4c04-8ced-149db35add04}",
"{0000034b-0000-0000-c000-000000000046}",
"{f309ad18-d86a-11d0-a075-00c04fb68820}",
"{aa80e801-2021-11d2-93e0-0060b067b86e}",
"{722a338c-6e8e-4e72-ac27-1417fb0c81c2}",
"{7c857801-7381-11cf-884d-00aa004b2e24}"
],
"connects_ip": [
"127.0.0.1"
],
"file_copied": [
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\block-flashsubdoc-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\block-flashsubdoc-digest256.pset"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-track-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-track-simple.pset"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-malware-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-malware-simple.pset"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\except-flashallow-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\except-flashallow-digest256.sbstore"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-phish-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-phish-simple.sbstore"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-harmful-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-harmful-simple.pset"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-trackwhite-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-trackwhite-simple.pset"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\allow-flashallow-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\allow-flashallow-digest256.pset"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-block-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-block-simple.pset"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-badbinurl-proto.metadata",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-badbinurl-proto.metadata"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-harmful-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-harmful-simple.sbstore"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\block-flash-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\block-flash-digest256.pset"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\except-flashallow-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\except-flashallow-digest256.pset"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\except-flash-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\except-flash-digest256.pset"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-downloadwhite-proto.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-downloadwhite-proto.pset"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-malware-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-malware-simple.sbstore"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-phish-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-phish-simple.pset"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-malware-proto.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-malware-proto.pset"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-unwanted-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-unwanted-simple.sbstore"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\mozstd-trackwhite-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\mozstd-trackwhite-digest256.pset"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\mozplugin-block-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\mozplugin-block-digest256.pset"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-malware-proto.metadata",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-malware-proto.metadata"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-trackwhite-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-trackwhite-simple.sbstore"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\allow-flashallow-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\allow-flashallow-digest256.sbstore"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\mozplugin-block-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\mozplugin-block-digest256.sbstore"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-badbinurl-proto.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-badbinurl-proto.pset"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-block-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-block-simple.sbstore"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-unwanted-proto.metadata",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-unwanted-proto.metadata"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\mozstd-trackwhite-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\mozstd-trackwhite-digest256.sbstore"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-track-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-track-simple.sbstore"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\block-flashsubdoc-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\block-flashsubdoc-digest256.sbstore"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-downloadwhite-proto.metadata",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-downloadwhite-proto.metadata"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-unwanted-proto.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-unwanted-proto.pset"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\except-flashsubdoc-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\except-flashsubdoc-digest256.pset"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\base-track-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\base-track-digest256.pset"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\base-track-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\base-track-digest256.sbstore"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\except-flashsubdoc-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\except-flashsubdoc-digest256.sbstore"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-unwanted-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-unwanted-simple.pset"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-phish-proto.metadata",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-phish-proto.metadata"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\except-flash-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\except-flash-digest256.sbstore"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\block-flash-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\block-flash-digest256.sbstore"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-phish-proto.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-phish-proto.pset"
]
],
"command_line": [
"\"C:\\Program Files (x86)\\Mozilla Firefox\\firefox.exe\" -contentproc --channel=\"264.6.977687142\\849956440\" -childID 2 -isForBrowser -boolPrefs 299:0| -stringPrefs 285:38;{30125161-3c7f-4c5a-bdb3-beadc01f5994}| -schedulerPrefs 0001,2 -greomni \"C:\\Program Files (x86)\\Mozilla Firefox\\omni.ja\" -appomni \"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\omni.ja\" -appdir \"C:\\Program Files (x86)\\Mozilla Firefox\\browser\" 264 \"\\\\.\\pipe\\gecko-crash-server-pipe.264\" 2188 tab",
"\"C:\\Program Files (x86)\\Mozilla Firefox\\firefox.exe\" -contentproc --channel=\"264.0.1889308942\\1280955394\" -childID 1 -isForBrowser -boolPrefs 299:0| -stringPrefs 285:38;{30125161-3c7f-4c5a-bdb3-beadc01f5994}| -schedulerPrefs 0001,2 -greomni \"C:\\Program Files (x86)\\Mozilla Firefox\\omni.ja\" -appomni \"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\omni.ja\" -appdir \"C:\\Program Files (x86)\\Mozilla Firefox\\browser\" 264 \"\\\\.\\pipe\\gecko-crash-server-pipe.264\" 1536 tab"
],
"mutex": [
"Global\\MozillaUpdateMutex-AWkbzLFmEHPmIFtactC8kpT7UdM=",
"Local\\FirefoxStartupMutex"
],
"wmi_query": [
"SELECT * FROM Win32_BIOS"
],
"file_read": [
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\9843E084E02CC996A82AAAF091B968B2F443AA96",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\1E6CC88205509B4729347C79C048D6FEE47BA702",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4A7B3B12544D1B7ECC140DBCC7F13159E5C2811A",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\116C29D749EF02BBC3455756D834442785F9A388",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\C03DE41C9476F437402F1B6C64B0E4AB01A863E0",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\base-track-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\8366CD083751DA973B30F80B11D910A45A6D920D",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\BB03D28C0A5842A9006EBFBFCDEC58959BE6B505",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\1657114595AmcateirvtiSty.sqlite",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\F17F04878A68505AE5481A71D8B733C5FFC6F285",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\B3F357E619352C003E94A8CF5A48F89305F38330",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\BF13DDDC114B55CF8532A4CD90403A99233AEC0E",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D7152E928865BCA4A03E2E2EA4F70459D0A65CA9",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\5DE23E815D1A97B1F4BEA115D8FEE9A592A6F071",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\80C4BD9CF4D3178043F25467076DC8E0EDCA7FA2",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\63F48F4F7F1BC3195F5AB831F9794F3DBA2D30E1",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\22C4B7AADA22F61015D43F2AC3959E959BFA7C92",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\25BA5C2B3FD98507850409FC3A4FD981B4B57A95",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-unwanted-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\FF55B8192FB0DF5264A1A67E55A281598969EDD1",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\favicons.sqlite",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-convert-l1-1-0.dll",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-trackwhite-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4945586D32183A203E85FAFFD463A7684FD62668",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4E7F371E5CFBFD3AFD85C29D7EEFFFE842B3C777",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\24AB539CB6640E15DB1604220F3951544785212C",
"C:\\Program Files (x86)\\Mozilla Firefox\\lgpllibs.dll",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\0C2824F70ADF87E5071FE4771AF36357A5500643",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\7F2254AA2A8BC4A627A43E0A537084540A1E884B",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D88DC229735F2EE8DFE494C6D1F37FA7BB2227CE",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\EE34617993BEF52E93EC1819B22D42B99366214A",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\BA91797ACB41F0E0E1E95742571EEE322A6A70F0",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\webext.sc.lz4",
"C:\\Program Files (x86)\\Mozilla Firefox\\defaults\\pref\\channel-prefs.js",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\BD75785200C0E1E894D78880C72AC03D1B02A575",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\9B1007AC2F741C4FD7099C41A741D0FD35957BB8",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\F85DD1E57E8C61DF501ABFFCE74943A8035E83A6",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\mozplugin-block-digest256.pset",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\sessionCheckpoints.json",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\CCB2BB2D87699CA64DCF0C60BDECD1E30D1D6A11",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\406A03EE0E91037465ACB2B4F4105250A54F282B",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\EFC872FB5405AFC377348FFCDD26E62BBB612D81",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\12C5797F729FEAC529B8B47C188D14EB02D8CB76",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\F8AC72083E334F70A553AE68455FBDF0E65C5221",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\6509930F4539DB79DA356F2C5D01976D46756302",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-trackwhite-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-phish-proto.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-track-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\C7BCCD2D2CA294B38AE834D818CF5D5C0C7A65BE",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\except-flash-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\B7DB036074231ACC212F58CA5B8AF0545A418060",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\773ADD9F62EEAF7F2246C8AD56A9F1B7BAA7B703",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\2E3648501A7ACB740BAFCE7FC3EAF3D4DC4E995D",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-downloadwhite-proto.metadata",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\A698B6CF98F43F9B0EE1C1DAF3F2CB9BFF09A47C",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\9BA38CD17924C08AD334BFB3903E3E7CD5627B1B",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\2DDBF58F5F7BF1E52CD38B42B90ABC8A4B082461",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-block-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\mozplugin-block-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\E7EAFD1748127CEAA48DCDD05E7998E3CAA95B8C",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D1A8E6A06938A84BEC26B6A4F8D583FB4A3E4875",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\464DAA9FB3675E2054BC44273AFC184FA46471CB",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\1F3A3A34BAF218785600EB46E9182918B9928898",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\10822A86FA4EA4E601152426CBC79395A1336DF4",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\B2D65EE14ED1EB19E1A3B4C871D8C24A13F52918",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4824C8FFDEE786A5D8721AF47836EA89F72B9E63",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\A41FBA22DC5012AD425DF960BDD5033BAB7C7CB6",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\7B303216787123E2E98A2B9594CDF8211C77C0EA",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\9B10ECC55593004CB6F9763CF9201C09433055FD",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D5D7B247774E63182A9E2C82B62424AAB64C79A8",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-phish-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-harmful-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\745D8B14DE6A12F1FAB4E03C1DDDB18AADB91107",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\14C9FC10F03F11BB6CBD75EA217AB33E64DCC1D8",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\87526A8EBFB030E474085D20EF15DC8C63814072",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\7129FF815464CD6B0D2D26BA6F4172DEB37EEEAD",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\7A8D3A9360CC37F0AD80962D4AEA72B6D0F0B2B3",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\compatibility.ini",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\BFF1B70350A6A2E0FDC6CD336ADB9119D951BACD",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\235A8ED310BFD65966E1EE36D0FD4BE498C8B73C",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\addons.json",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\SiteSecurityServiceState.txt",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\B597DA2E9B2D181DF7F2FB8D2BAEC133C8DBA0A3",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\thumbnails\\f8f5d529d35334f2fb264d19f656224e.png",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\xulstore.json",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\A9004750076EB06EEC33AA7B9CC6D2557CD44CF4",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\.metadata-v2",
"\\\\?\\PIPE\\samr",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\CA53C817FAB68ABF181745737562B15E8CCB7039",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\0CB83587A5F8FCB502CB86AC361A93E2B36E861C",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4966EE335F8967FC706E89E6D02E8524E946F1B9",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-time-l1-1-0.dll",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\5E4954707B44E5A4B4ACF5F22B52219A1DCA477F",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\2F8B15C93D75669CC70EBF85BF71871359837EAF",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-unwanted-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\AA109EF5680522CB655C98111C00F5A6B7B092B2",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\1679441B8AA7B4D31717C773CC4E86A25B37532B",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-harmful-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\9548F9611999ED8CA357720E12017816424CFB6F",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\B871BCA40A90227E35C39797525C79C94A1D99BE",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\1AB027184D2B00AF60C1FC40EDE4333DEACDB184",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-downloadwhite-proto.pset",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\search.json.mozlz4",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\65C9C9A27B78717F1015DE362F028E04C3945DEC",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\except-flashsubdoc-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\54EF37D18C4E81EE554527CBAE4A41871ECA817A",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\C57B57965CBA09581E320B5AA0337D210F8F93D2",
"C:\\Program Files (x86)\\Mozilla Firefox\\dependentlibs.list",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\webappsstore.sqlite",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\AC5E012C1887C7B691A8EA00C4E754025E25C235",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\96ABC2EA8266E6EA2ABE62F8766B67BC8CA527BD",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\19AE0F43DA3528C6C3423A49A8C88E2268C93A9F",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\7A140995F2B1632A4366B29F84525E129CE8019A",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-utility-l1-1-0.dll",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-trackwhite-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\5910B209536948818F465D83D2569E7CE0895207",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\content-prefs.sqlite",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-malware-proto.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\block-flashsubdoc-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\89ACBB962943FAF1EF2F1C7CA72502C77A714625",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\2732BCC97E7EB9EC9DE3E8EA8F56D7971CBDCD22",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-phish-proto.metadata",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-malware-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\950506BC89C1114E4E75E993855000430CECD9D9",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\719CE0C009C49A27AA9874570F196BC7E8FB4270",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\F2BD0701B9399ABF52C338C39C42391FD12832D2",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\796EA7DED8F33BFD4F2F0CD98C76865D063E1FE1",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\B25B8C1B43CF7FBFAE6666322FAC0E83376388E2",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\34D9B2F464DD8C129F58DFEE470B079556A7A3F9",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\except-flashsubdoc-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\A9970A5D52CA09C13D9BD1531BCA7CF8B73E283E",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\167493A5CFB1A41265EC1B95DA06580C32BCF814",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\block-flash-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\E59C4C731883450D84A0BAE7FDD94546BBC8DE04",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\01B2BB0FC84221A3593CA7991D57E56AC2CAE656",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\F10983A15DD515D828BE4E816299B9E87852132A",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-malware-proto.metadata",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\EFE71EF03AD3DD79AAEBAA0A3F9596521CBA2FFE",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\6052DF2D478CD99FDE4D4B2D810BB2BA580793EC",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\DF08D94982E136FE7C4F2C94421F9E48C2C74A77",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-filesystem-l1-1-0.dll",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D6BFEAEE7117A9C7FDE6A10EAB400F894E4195A8",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\2FD2E2A71F89E3A92F68CB796207228217259289",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-heap-l1-1-0.dll",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\C4FA0268E64A0AD9E2040B07A1F10F120BD4EB0C",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\911B0C61350C012E383F7D0845A33B4D64F1AD2A",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-unwanted-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\activity-stream.tippytop.json",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\71E6B979E60B9BE891481CC4F4A274E2DECFFCD7",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\7ADD52E257AB16553D632B8F4B6830030878A19E",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\10506E8A46D6B713DA6BAF52F85CF29652AB094C",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\B10EA6E071F884F477118DC8A00E82FC8DE58639",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\32D3D40B1A49D72C523AF9C518AFE673224DF48F",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\key4.db",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\499B8F86D3D7ACD12153BFF4E7D9C21E20E57862",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\F6C3C960F259CC3B54FF1DAD70E2F2E9E5020CA6",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D381FB47D731C2651FB103E2F7BC18AF380F7B1F",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4DE8480C465A21C0F01AA2B6F4E13E551F78BBB1",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\AFE5FBBD40656A0DF79CF1E5D0A1DF072C6B9AE9",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\8763F97414AC5D93807FCCBC67DBAAAEE2972A52",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cert9.db",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\0FEBD8BDBFAC8B82791945DC7E04F675419B2F42",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\block-flash-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-badbinurl-proto.metadata",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\03C2D63D520038594126B6B542E92CB503EF60B6",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\505DF13F4DA2C53FEB1945E0598B23F47FDBDCC7",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\E8F333B9BE75EC8017017DAE4ACE9DCC6677A983",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\EA9C51236A8D1BE9B123FE65F49772A97F2EAAEC",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\state.json",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-runtime-l1-1-0.dll",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-block-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\shield-preference-experiments.json",
"C:\\Program Files (x86)\\Mozilla Firefox\\msvcp140.dll",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\1E1444ABF82EF1DC8EE0944028E4CDA455D636F3",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\05582FF5C196A4485F189490FEC9ECEA0890DA32",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\6301F538B782708AB243E2D7E05058C93BB83863",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-block-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\63FFF734326AB3EF836515DFE9353A5E12B66B71",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\sessionstore.jsonlz4",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\448A2AB129B26377E2408BBC44A6B4E984B0F25D",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\13AD07F4960A54F2D183ACF9E94C5128138B1927",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\589D8E1EA927649272150213A47BD1143DECB82A",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-malware-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\allow-flashallow-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\006309EAFFD4653F45B69F09BF6F930B6C5B394C",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\permissions.sqlite",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\E771454BB360CA5F7AA169E5416B493549BC2F59",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\ED89A8241905354BB4530DC06257CEF53C1580A2",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\handlers.json",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\B028362E3889BEAC998CED49FD74BA83B106FF93",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-phish-simple.pset",
"C:\\Program Files (x86)\\Mozilla Firefox\\VCRUNTIME140.dll",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D3AEF13BE0B76F1272C2F5536D4AF952DE6D2579",
"C:\\Windows\\System32\\ExplorerFrame.dll",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\68B1EB9E09D4BD74CA7A9C1BB118BE821BD39E93",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\698AC159A6BCBA0D13FE6F10F1A38E498F826F33",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\0CDAD0FEE8D457A239E21FCEAC3C12851FD524BB",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\extensions.json",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-unwanted-proto.metadata",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-trackwhite-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D8779A474EF9F188508C00F92B9CE49A7892A0AD",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\481A82674A6B66F0DE510C9A714F8CD8C49CECDC",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\66F684AF9CC570C6247262B47C769C601C2A338B",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\46E3AF25E304979396708B69DA68563169275511",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\allow-flashallow-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\53DAE4B1D7BFF6744CCAF7207DE631267F9883DC",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\2918063365piupsah.sqlite",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\containers.json",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-unwanted-proto.pset",
"C:\\Program Files (x86)\\Mozilla Firefox\\gmp-clearkey\\0.1\\manifest.json",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\InstallTime20180605171542",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\prefs.js",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\17AFA6B228D2D87514B84B53E61306EC9F76A8AE",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\A3031C2052A395A7FE246EFE1783C6205B841295",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\179F6D8969C48967D77229126C8892C5E40DBC29",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\E600EF8778C4BFEC40D87FF56E5C46E3377094F0",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D56D07CBF04B0388B53B943F61C75FC6620FA0A9",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\C664ABAE6A070392F60C7BFF721450AA0CF7DBA0",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\A2FD2AEC52AD764EF05C6E7CE3A4CE4B752EA5F0",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\16114BA75206B6FA4C51ADC8A73DB4C6635F6AF9",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4EC268BEC38CFB516EF780E0EBE4E401AF241132",
"C:\\Windows\\System32\\spool\\drivers\\color\\sRGB Color Space Profile.icm",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\2F0CC71C57B06F9DEA5A4A190CC4CF489D97C1F4",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\08F6935A08DB711CA491DE732807CFAEAB3E4D3B",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D5E6BECED2D69F7DA21EFD7B80D6C386F459CAF3",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\mozstd-trackwhite-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\53A3BB8B513161BF46CD7ED76BE06E8E633BE492",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\B43D30F6F6BD7155ECCE1FFC98748C5FE69D8051",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cookies.sqlite",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\1D7A050D55E3C4EE69402F8D55391DE5B50ADDB9",
"C:\\Program Files (x86)\\Mozilla Firefox\\mozglue.dll",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\pkcs11.txt",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\92B5C9352DD00CE3BC97E4D5F624D41C2B3E8A45",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\6C9B846926C287B15F67D64CE91F1CFA7D812660",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\79AEB0050B19F23A061AD4C2045261954485EF33",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\E910D1FCE8BF27F5536B88567A4DC32624377CC3",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\except-flashallow-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-phish-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\88A3A91F296EB21A832CB76FA4FDB06CCDE147B9",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\BA3014356B4F6ECADF1B5288B6841EB407783B99",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\5014D54D3346C39B07AF70090657B2AD092771C7",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-phish-simple.pset",
"C:\\Program Files (x86)\\Mozilla Firefox\\xul.dll",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\2B0BB856207559EBA5FC5511DF6FF5F51DFB5146",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\639DC9A240AA5E77CE1A930EDDD634BE796CBFA8",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\6D0B804EDDF9F0A04ED44C3E1673404FC2EF042D",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-harmful-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4FA5EE242D6F5B358CE45D291E80054726F198AC",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\C9BC79B1EF4DD1EF133FEDF6433E235214534AB1",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\25FCAA86CF448D2943B56A5788C3C21E5EA8DBC4",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\times.json",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\E2E836DA4479746F0312710A7F9EE78D7DFD4750",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\8C98F893C7DC5F2C401AD1482A81572B54197408",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\AC09BBF6FF451E6C03BF3FB18C85B1A52662C4FC",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\profiles.ini",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\0EDDF8C091E2FED62E44BEDDDC1723F5BF38FE4F",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\places.sqlite",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\EAF97F7535E2FBDA3D23E536591F7BBFE203FAC1",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-string-l1-1-0.dll",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage.sqlite",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\addonStartup.json.lz4",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\2E51A9404F7D0D33DB132CAF4A9C7B8FA64549AA",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\75E50D054B90189E74DAB0C86F5E8680BE580C29",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-unwanted-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-track-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\except-flash-digest256.sbstore",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-math-l1-1-0.dll",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\DC933A410E769DFD115C892EAF014A6E15ED59CE",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\session-state.json",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-track-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\2361C75DF0C4148925BB777DAFEA1BF4F9552B47",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\53B7A8254D12E292946E4514B3D598C1E6539AE8",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\3A472858AE5D0DD4813DF4EFC9F1037A487B1A64",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\F18D85F52EBBBA2AB081EF739ED0D6E8A76D497C",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-stdio-l1-1-0.dll",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-block-simple.sbstore",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-locale-l1-1-0.dll",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\blocklist.xml",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\8322BC5E83D3D80175E749D29197F9800286F253",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\70F12FE0F788181112B9AEE541D1E9E7E0FAEDE3",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\3105ECE5A1F29E3F4D2F5EDF3C6DC5FE4443FD4A",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4E83181E964BD40E1FE4C41BAFED645D4BA363B1",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\FDC043D6190638980733E805CC7517F27A931511",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-harmful-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\93B95B92B63A5C2327A8048A4BF57824C56B8CF1",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\25D9FE4CEA5B58770648CDAF3242ACDE286A6CBF",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-track-simple.pset",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-multibyte-l1-1-0.dll",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\6E1FED29EBE0BFDE3E498E4192938BE957FF9246",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-badbinurl-proto.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\723D2D7D52AD8AD9A4B8D12D69CBCD97CB4FFC65",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\crashes\\store.json.mozlz4",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4AFCE23AA61A96885DF21D2DE2FFB502C41EBD3C",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-environment-l1-1-0.dll",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D1B90B03F8D7A2BA6BA1E9251F8101DECDB2CBEC",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\3561288849sdhlie.sqlite",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\89DBE1DF558BB8439E2062ECC3272086F2E3FF1F",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D172C03F361E7325D8F391F992106A828306767D",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\base-track-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\1FD79E550E990A5DE8BC811C9BBECF380A66A9DF",
"C:\\Program Files (x86)\\Mozilla Firefox\\nss3.dll",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-malware-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\64E75C732D9C3F23724ACEF48E9B6C566BC6D9BE",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-malware-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\120B4106EC203FC932984367D86BBE11C2B9B93C",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\thumbnails\\ad5a4453bea49203135688a7b8db842d.png",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\24C085D72E4DC34C183B0875733BBC71612D9696",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\block-flashsubdoc-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\except-flashallow-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\F456E8433011E699C016D5F1A2CD66D7F02F61A1",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\196BCA845E91608F7B4CA6127A60D20AF55413AC",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\361B548BA913570AB336F9E5FA9152F01E567AB9",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\mozstd-trackwhite-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\ABA24AAB8A9EA0E34C3E86EFD7EE2992CE614003"
],
"regkey_read": [
"HKEY_CURRENT_USER\\Keyboard Layout\\Toggle\\Language Hotkey",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\PublishExpandedPath",
"HKEY_CURRENT_USER\\Keyboard Layout\\Toggle\\Hotkey",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Mozilla\\Firefox\\TaskBarIDs\\C:\\Program Files (x86)\\Mozilla Firefox",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Serial_Access_Num",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Stream",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Tracing\\firefox_RASMANCS\\ConsoleTracingMask",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\LDAP\\UseHostnameAsAlias",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-699399860-4089948139-3198924279-1001\\ProfileImagePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\Stream",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.html\\UserChoice\\Progid",
"HKEY_LOCAL_MACHINE\\SYSTEM\\Setup\\SystemSetupInProgress",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\GRE_Initialize\\DisableMetaFiles",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Keyboard Layout\\d0010409",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\Interface\\{618736E0-3C3D-11CF-810C-00AA00389B71}\\ProxyStubClsid32\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Description",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\000000000002\\PackedCatalogItem",
"HKEY_CURRENT_USER\\FirefoxURL-E7CF176E110C211B\\shell\\open\\command\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Tracing\\firefox_RASMANCS\\EnableFileTracing",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Mozilla\\Firefox\\32to64DidMigrate\\Never",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\SourcePath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\000000000010\\PackedCatalogItem",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Num_Catalog_Entries",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\LocalRedirectOnly",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\PreCreate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Attributes",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Video\\{6FABAC3A-B3E4-4C2F-82E9-AA53D01C5093}\\0000\\HardwareInformation.MemorySize",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Tcpip\\Parameters\\Domain",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\DisableImprovedZoneCheck",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows NT\\CurrentVersion\\Windows\\LoadAppInit_DLLs",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\PreCreate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Tracing\\firefox_RASAPI32\\EnableConsoleTracing",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\DWM\\AccentColor",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\Stream",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\Security",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Tracing\\firefox_RASMANCS\\FileDirectory",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\Roamable",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Current_Protocol_Catalog",
"HKEY_LOCAL_MACHINE\\HARDWARE\\DESCRIPTION\\System\\CentralProcessor\\0\\Identifier",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\000000000003\\PackedCatalogItem",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Name",
"HKEY_LOCAL_MACHINE\\HARDWARE\\DESCRIPTION\\System\\CentralProcessor\\0\\VendorIdentifier",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Tracing\\firefox_RASMANCS\\FileTracingMask",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Next_Catalog_Entry_ID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ICM\\RegisteredProfiles\\camp",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\InstallDate",
"HKEY_CURRENT_USER\\.pdf\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\000000000008\\PackedCatalogItem",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Tracing\\firefox_RASMANCS\\MaxFileSize",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Video\\{6FABAC3A-B3E4-4C2F-82E9-AA53D01C5093}\\0000\\HardwareInformation.qwMemorySize",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\LocalRedirectOnly",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Language\\InstallLanguageFallback",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Tracing\\firefox_RASAPI32\\ConsoleTracingMask",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\crypt32\\DebugHeapFlags",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\000000000001\\PackedCatalogItem",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\ParentFolder",
"HKEY_CURRENT_USER\\Keyboard Layout\\Toggle\\Layout Hotkey",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\FolderTypeID",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Local AppData",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\PreCreate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\HARDWARE\\DESCRIPTION\\System\\CentralProcessor\\0\\~Mhz",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\EMPTY",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\Stream",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\Security",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\FolderTypeID",
"HKEY_CURRENT_USER\\Control Panel\\Desktop\\MuiCached\\MachinePreferredUILanguages",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\LDAP\\LdapClientIntegrity",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\LocalizedName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Security_HKLM_only",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\MMDevices\\Audio\\Render\\{c8ce7349-e519-42ea-bfb7-698f1844ee25}\\Properties\\{f3e80bef-1723-4ff2-bcc4-7f83dc5e46d4},3",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\MUI\\UILanguages\\en-US\\Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\Roamable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Video\\{6FABAC3A-B3E4-4C2F-82E9-AA53D01C5093}\\0000\\InstalledDisplayDrivers",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{03022430-ABC4-11D0-BDE2-00AA001A1953}\\InProcServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\DevicePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\Interface\\{423EC01E-2E35-11D2-B604-00104B703EFD}\\ProxyStubClsid32\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\PreCreate",
"HKEY_CURRENT_USER\\Control Panel\\Desktop\\PreferredUILanguages",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\MUI\\UILanguages\\en-US\\AlternateCodePage",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\Interface\\{1C1C45EE-4395-11D2-B60B-00104B703EFD}\\ProxyStubClsid32\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\000000000009\\PackedCatalogItem",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Tracing\\firefox_RASAPI32\\MaxFileSize",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\Description",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\MMDevices\\Audio\\Render\\{c8ce7349-e519-42ea-bfb7-698f1844ee25}\\Properties\\{5a9125b7-f367-4924-ace2-0803a4a3a471},0",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\Icon",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Tcpip\\Parameters\\Hostname",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\LocalizedName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\LocalRedirectOnly",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Tracing\\firefox_RASMANCS\\EnableConsoleTracing",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ICM\\RegisteredProfiles\\rip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Tracing\\firefox_RASAPI32\\FileDirectory",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\MMDevices\\Audio\\Render\\{6fcf1fb3-47c2-4dea-98cf-b6fd0420a46f}\\DeviceState",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\en-US",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\AccessProviders\\MartaExtension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\HARDWARE\\DESCRIPTION\\System\\CentralProcessor\\0\\Update Signature",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\000000000004\\PackedCatalogItem",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\Security",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\LocalizedName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\MMDevices\\Audio\\Render\\{6fcf1fb3-47c2-4dea-98cf-b6fd0420a46f}\\Protocol",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Security",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Shell\\Associations\\UrlAssociations\\http\\UserChoice\\Progid",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\LocalRedirectOnly",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Roamable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\InitFolderHandler",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows NT\\CurrentVersion\\Windows\\AppInit_DLLs",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Tracing\\firefox_RASAPI32\\FileTracingMask",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\CTF\\EnableAnchorContext",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E96E-E325-11CE-BFC1-08002BE10318}\\0000\\ProfileEnumMode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\Description",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Mozilla\\Firefox\\32to64DidMigrate\\C:\\Program Files (x86)\\Mozilla Firefox",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\MMDevices\\Audio\\Render\\{c8ce7349-e519-42ea-bfb7-698f1844ee25}\\Role:1",
"HKEY_CURRENT_USER\\Keyboard Layout\\Preload\\1",
"HKEY_CURRENT_USER\\FirefoxHTML-E7CF176E110C211B\\shell\\open\\command\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\000000000007\\PackedCatalogItem",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Mozilla\\MaintenanceService\\Attempted",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\en-US",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ICM\\RegisteredProfiles\\sRGB",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\Description",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\LocalizedName",
"HKEY_CURRENT_USER\\FirefoxHTML-E7CF176E110C211B\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E968-E325-11CE-BFC1-08002BE10318}\\0000\\DriverVersion",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E968-E325-11CE-BFC1-08002BE10318}\\0000\\DriverDate",
"HKEY_LOCAL_MACHINE\\HARDWARE\\DESCRIPTION\\System\\CentralProcessor\\0\\Update Revision",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\LDAP\\UseOldHostResolutionOrder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Tracing\\firefox_RASAPI32\\EnableFileTracing",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Mozilla\\MaintenanceService\\Installed",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SQMClient\\Windows\\CEIPEnable",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E96E-E325-11CE-BFC1-08002BE10318}\\0000\\ICMProfile",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\AppData",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\StreamResource",
"HKEY_CURRENT_USER\\Control Panel\\International\\Geo\\Nation",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\000000000006\\PackedCatalogItem",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\Name",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\000000000005\\PackedCatalogItem",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ICM\\RegisteredProfiles\\ri",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\MMDevices\\Audio\\Render\\{c8ce7349-e519-42ea-bfb7-698f1844ee25}\\Protocol",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\Roamable",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\WinSock_Registry_Version",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\MMDevices\\Audio\\Render\\{c8ce7349-e519-42ea-bfb7-698f1844ee25}\\DeviceState",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\ParentFolder"
],
"file_created": [
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cookies.sqlite-wal",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\3561288849sdhlie.sqlite-wal",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\addons.json.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-phish-simple-1.sbstore",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\webappsstore.sqlite-wal",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\session-state.json.tmp",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cookies.sqlite-shm",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\aborted-session-ping.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-block-simple-1.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\.startup-incomplete",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\prefs-1.js",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\urlCache-new.bin",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-unwanted-simple-1.sbstore",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\3561288849sdhlie.sqlite-shm",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\favicons.sqlite-wal",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-harmful-simple-1.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-trackwhite-simple-1.sbstore",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\2918063365piupsah.sqlite-wal",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\places.sqlite-shm",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\1657114595AmcateirvtiSty.sqlite-shm",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\favicons.sqlite-shm",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\1657114595AmcateirvtiSty.sqlite-wal",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-track-simple-1.sbstore",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\sessionCheckpoints.json.tmp",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\crashes\\store.json.mozlz4.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-malware-simple-1.sbstore",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\places.sqlite-wal",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\webappsstore.sqlite-shm",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\scriptCache-child-new.bin",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\xulstore.json.tmp",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\2918063365piupsah.sqlite-shm",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\scriptCache-new.bin"
],
"dll_loaded": [
"dbghelp.dll",
"C:\\Windows\\System32\\mswsock.dll",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-locale-l1-1-0.dll",
"kernel32",
"C:\\Windows\\syswow64\\MSCTF.dll",
"WINTRUST.dll",
"WINSTA.dll",
"C:\\Program Files (x86)\\Mozilla Firefox\\xul.dll",
"gdi32.dll",
"DNSAPI.dll",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-time-l1-1-0.dll",
"kernel32.dll",
"API-MS-Win-Security-SDDL-L1-1-0.dll",
"netutils.dll",
"SAMLIB.dll",
"C:\\Windows\\system32\\ole32.dll",
"AUDIOSES.DLL",
"dwmapi.dll",
"ntdll.dll",
"C:\\Windows\\system32\\napinsp.dll",
"dwrite.dll",
"ntmarta.dll",
"setupapi.dll",
"API-MS-WIN-Service-Management-L1-1-0.dll",
"C:\\Program Files (x86)\\Mozilla Firefox\\lgpllibs.dll",
"API-MS-Win-Core-LocalRegistry-L1-1-0.dll",
"xul.dll",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-utility-l1-1-0.dll",
"C:\\Program Files (x86)\\Mozilla Firefox\\MSVCP140.dll",
"cryptbase.dll",
"C:\\PROGRA~2\\MOZILL~1\\nssckbi.dll",
"RASMAN.DLL",
"mscms.dll",
"C:\\Program Files (x86)\\Mozilla Firefox\\freebl3.dll",
"ole32.dll",
"C:\\Program Files (x86)\\Mozilla Firefox\\VCRUNTIME140.dll",
"ws2_32.dll",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-stdio-l1-1-0.dll",
"USER32.dll",
"C:\\Program Files (x86)\\Mozilla Firefox\\mozglue.dll",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-convert-l1-1-0.dll",
"C:\\Windows\\system32\\IMM32.DLL",
"API-MS-WIN-Service-winsvc-L1-1-0.dll",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-string-l1-1-0.dll",
"rtutils.dll",
"Iphlpapi.dll",
"kbdus.dll",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-environment-l1-1-0.dll",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-multibyte-l1-1-0.dll",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-runtime-l1-1-0.dll",
"C:\\Windows\\system32\\pnrpnsp.dll",
"samcli.dll",
"RPCRT4.dll",
"C:\\Windows\\System32\\winrnr.dll",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-filesystem-l1-1-0.dll",
"WININET.dll",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-heap-l1-1-0.dll",
"C:\\Windows\\system32\\NLAapi.dll",
"C:\\Program Files (x86)\\Mozilla Firefox\\nss3.dll",
"CRYPTSP.dll",
"CFGMGR32.dll",
"Gdi32.dll",
"Dnsapi.dll",
"Kernel32",
"Kernel32.dll",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-math-l1-1-0.dll",
"C:\\Program Files (x86)\\Mozilla Firefox\\firefox.exe",
"OLEAUT32.DLL",
"ADVAPI32.dll",
"rpcrt4.dll",
"C:\\Program Files (x86)\\Mozilla Firefox\\softokn3.dll",
"WS2_32.dll",
"C:\\Windows\\system32\\dxgi.dll",
"user32.dll"
],
"file_moved": [
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\urlCache.bin",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\urlCache-current.bin"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-trackwhite-simple-1.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-trackwhite-simple.sbstore"
],
[
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\session-state.json.tmp",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\session-state.json"
],
[
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\addons.json.tmp",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\addons.json"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\urlCache-new.bin",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\urlCache.bin"
],
[
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\sessionCheckpoints.json.tmp",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\sessionCheckpoints.json"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\scriptCache-child.bin",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\scriptCache-child-current.bin"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-harmful-simple-1.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-harmful-simple.sbstore"
],
[
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\aborted-session-ping.tmp",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\aborted-session-ping"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-block-simple-1.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-block-simple.sbstore"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-backup",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing"
],
[
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\prefs-1.js",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\prefs.js"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-phish-simple-1.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-phish-simple.sbstore"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-backup"
],
[
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\crashes\\store.json.mozlz4.tmp",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\crashes\\store.json.mozlz4"
],
[
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\xulstore.json.tmp",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\xulstore.json"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\scriptCache-child-new.bin",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\scriptCache-child.bin"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-unwanted-simple-1.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-unwanted-simple.sbstore"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-malware-simple-1.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-malware-simple.sbstore"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\scriptCache-new.bin",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\scriptCache.bin"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-track-simple-1.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-track-simple.sbstore"
]
],
"file_written": [
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cookies.sqlite-wal",
"\\\\?\\PIPE\\samr",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\addons.json.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-phish-simple-1.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-phish-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-harmful-simple.pset",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\session-state.json.tmp",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\aborted-session-ping.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-block-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-block-simple-1.sbstore",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\prefs-1.js",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-malware-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-unwanted-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\urlCache-new.bin",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-unwanted-simple-1.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-harmful-simple-1.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-trackwhite-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-trackwhite-simple-1.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-track-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D1B90B03F8D7A2BA6BA1E9251F8101DECDB2CBEC",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-track-simple-1.sbstore",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\sessionCheckpoints.json.tmp",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\crashes\\store.json.mozlz4.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-malware-simple-1.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\scriptCache-child-new.bin",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\xulstore.json.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\scriptCache-new.bin"
],
"file_recreated": [
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-block-simple-1.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-harmful-simple-1.sbstore",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\prefs-1.js",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-malware-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-trackwhite-simple-1.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-phish-simple-1.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-track-simple-1.sbstore",
"\\??\\MountPointManager",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-phish-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-unwanted-simple.pset",
"\\??\\C:",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-malware-simple-1.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-harmful-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-trackwhite-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-unwanted-simple-1.sbstore",
"\\??\\Nsi",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\parent.lock",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-track-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-block-simple.pset"
],
"directory_created": [
"C:\\Users\\cuck\\AppData\\LocalLow\\Mozilla",
"C:\\Users\\cuck\\AppData\\LocalLow",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting",
"C:\\Users\\cuck\\AppData",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default",
"C:\\Users\\cuck\\AppData\\LocalLow\\Mozilla\\Temp-{30125161-3c7f-4c5a-bdb3-beadc01f5994}",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\crashes\\events",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\crashes",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\events",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\bookmarkbackups",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\gmp",
"C:\\Users",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\gmp\\WINNT_x86-msvc",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox",
"C:\\Users\\cuck\\AppData\\Roaming",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Pending Pings",
"C:\\Users\\cuck\\AppData\\Local",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla",
"C:\\Users\\cuck",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating"
],
"file_failed": [
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\bs_Cyrl.res",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\ur.res",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\user.js",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\my.res",
"C:\\Windows\\System32\\twinapi.appcore.dll",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\mt.res",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\en_US_POSIX.res",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\prefs.js",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\to.res",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\be.res",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\it.res",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\sl.res",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\km.res",
"C:\\Windows\\SysWOW64\\icudt60l\\cnvalias.icu",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\hy.res",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\vi.res",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\en.res",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-unwanted-proto.sbstore",
"C:\\Windows\\System32\\DataExchange.dll",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\wae.res",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\sv.res",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\ga.res",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\fa_AF.res",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\haw.res",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\fil.res",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\kl.res",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\ug.res",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\ln.res",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\cy.res",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\postSigningData",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\aborted-session-ping",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\sw.res",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\as.res",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\cs.res",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\mr.res",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-phish-proto.sbstore",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\ucadata.icu",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-phish-simple.sbstore",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\ja.res",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\ms.res",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\lo.res",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\bs.res",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\zu.res",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\sk.res",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\kn.res",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\ta.res",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\hsb.res",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\eo.res",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\pt.res",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\ShutdownDuration.json",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\dsb.res",
"C:\\Program Files (x86)\\Mozilla Firefox\\distribution\\policies.json",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\pl.res",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\se.res",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\sq.res",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-trackwhite-simple.sbstore",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\fr.res",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-malware-simple.sbstore",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\si.res",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-downloadwhite-proto.sbstore",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\chr.res",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\ka.res",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\dz.res",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\sr.res",
"C:\\Windows\\SysWOW64\\icudt60l\\uts46.nrm",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\ca.res",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\tr.res",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\az.res",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\pending-deletion-ping",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\te.res",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\yo.res",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\root.res",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\is.res",
"C:\\Windows\\SysWOW64\\icudt60l\\likelySubtags.res",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\af.res",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\logins.json",
"C:\\Windows\\System32\\twinapi.dll",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\smn.res",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\am.res",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\fo.res",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\ru.res",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-block-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\he.res",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\mn.res",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\ps.res",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\uk.res",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\fi.res",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\kok.res",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\uz.res",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\ar.res",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-unwanted-simple.sbstore",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\id.res",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cert_override.txt",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\nl.res",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\pa.res",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\hr.res",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\bo.res",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-badbinurl-proto.sbstore",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\fr_CA.res",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\lt.res",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\gu.res",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\updates\\0\\update.version",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\el.res",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\sv_SE.res",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\ig.res",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\da.res",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\om.res",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\fa.res",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\lb.res",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\hi.res",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\or.res",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\bn.res",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\de.res",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\yi.res",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing",
"C:\\Windows\\SysWOW64\\icudt60l.dat",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\th.res",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\kk.res",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\ee.res",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\ro.res",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\nb.res",
"C:\\Windows\\SysWOW64\\icudt60l\\res_index.res",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\ko.res",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\zh.res",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\et.res",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\wo.res",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-track-simple.sbstore",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\sr_Latn.res",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\nn.res",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\ml.res",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\lv.res",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\de_AT.res",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\hu.res",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\gl.res",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-harmful-simple.sbstore",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\res_index.res",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\lkt.res",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\zh_Hant.res",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\es.res",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-malware-proto.sbstore",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\ky.res",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\ne.res",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\en_US.res",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\experiments.json",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\ha.res",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\bg.res",
"C:\\Windows\\SysWOW64\\icudt60l\\coll\\mk.res",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\downloads.json"
],
"resolves_host": [
"aus5.mozilla.org",
"tiles.services.mozilla.com",
"www.dualitysoft.com",
"search.services.mozilla.com",
"ciscobinary.openh264.org",
"shavar.services.mozilla.com",
"detectportal.firefox.com",
"safebrowsing.googleapis.com",
"redirector.gvt1.com",
"services.addons.mozilla.org",
"versioncheck-bg.addons.mozilla.org"
],
"file_deleted": [
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-downloadwhite-proto.metadata",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cookies.sqlite-wal",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\3561288849sdhlie.sqlite-wal",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\mozstd-trackwhite-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-downloadwhite-proto.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-unwanted-proto.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\except-flash-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-phish-simple.pset",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\xulstore.json",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-block-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-badbinurl-proto.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-unwanted-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\except-flashsubdoc-digest256.pset",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cookies.sqlite-shm",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\healthreport.sqlite-wal",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-unwanted-proto.metadata",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-block-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-harmful-simple.pset",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\session-state.json",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\2918063365piupsah.sqlite-wal",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\mozstd-trackwhite-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-unwanted-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\allow-flashallow-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\.startup-incomplete",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-trackwhite-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-malware-proto.metadata",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\3561288849sdhlie.sqlite-shm",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\block-flash-digest256.pset",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\archived\\2018-06\\1529094432250.8d1c7fee-79f4-470a-abe5-30f64452b184.main.jsonlz4",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-malware-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\sessionCheckpoints.json",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\archived\\2018-06\\1529094127628.b6c0f8ae-6867-461f-8b4e-0e5ad121f572.new-profile.jsonlz4",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\except-flashsubdoc-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-track-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-trackwhite-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-phish-proto.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-harmful-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\except-flashallow-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-track-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\except-flashallow-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\block-flash-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-phish-proto.metadata",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\mozplugin-block-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-malware-proto.pset",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\archived\\2018-06\\1529094127657.3ee56f54-bdce-46eb-a6d1-98f68cca4570.main.jsonlz4",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-badbinurl-proto.metadata",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\1657114595AmcateirvtiSty.sqlite-shm",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\base-track-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\except-flash-digest256.pset",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\1657114595AmcateirvtiSty.sqlite-wal",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\allow-flashallow-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\archived\\2018-06\\1529094538341.9c7aca19-57fd-4e4f-b088-84d9d1e147b1.main.jsonlz4",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\mozplugin-block-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-malware-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-phish-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\block-flashsubdoc-digest256.pset",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\healthreport.sqlite",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\archived\\2018-06\\1529094127660.769b1bb0-a4dd-45df-94dc-162afa98b7dc.first-shutdown.jsonlz4",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\block-flashsubdoc-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\base-track-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\2918063365piupsah.sqlite-shm",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\addons.json",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\healthreport.sqlite-shm"
],
"directory_removed": [
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\archived\\2018-06",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4"
],
"file_exists": [
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\1E6CC88205509B4729347C79C048D6FEE47BA702",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cookies.sqlite-wal",
"C:\\Windows\\SysWOW64",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\406A03EE0E91037465ACB2B4F4105250A54F282B",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\C7BCCD2D2CA294B38AE834D818CF5D5C0C7A65BE",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\1657114595AmcateirvtiSty.sqlite",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\F17F04878A68505AE5481A71D8B733C5FFC6F285",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4A7B3B12544D1B7ECC140DBCC7F13159E5C2811A",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\onboarding@mozilla.org.xpi\\install.rdf",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\5DE23E815D1A97B1F4BEA115D8FEE9A592A6F071",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\80C4BD9CF4D3178043F25467076DC8E0EDCA7FA2",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\plugins",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\25BA5C2B3FD98507850409FC3A4FD981B4B57A95",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\116C29D749EF02BBC3455756D834442785F9A388",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\chrome\\userContent.css",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\0C2824F70ADF87E5071FE4771AF36357A5500643",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\mozplugin-block-digest256.pset",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\sessionCheckpoints.json",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\53DAE4B1D7BFF6744CCAF7207DE631267F9883DC",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\12C5797F729FEAC529B8B47C188D14EB02D8CB76",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-phish-proto.pset",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\webcompat@mozilla.org.xpi\\manifest.json",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\B7DB036074231ACC212F58CA5B8AF0545A418060",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-downloadwhite-proto.metadata",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\A698B6CF98F43F9B0EE1C1DAF3F2CB9BFF09A47C",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\1657114595AmcateirvtiSty.sqlite-shm",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\464DAA9FB3675E2054BC44273AFC184FA46471CB",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-track-simple-1.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-harmful-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\14C9FC10F03F11BB6CBD75EA217AB33E64DCC1D8",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\7129FF815464CD6B0D2D26BA6F4172DEB37EEEAD",
"C:\\Program Files (x86)\\Mozilla Firefox\\gmp-clearkey\\0.1\\clearkey.info",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\addons.json",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\03C2D63D520038594126B6B542E92CB503EF60B6",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4EC268BEC38CFB516EF780E0EBE4E401AF241132",
"C:\\Program Files (x86)\\Mozilla Firefox\\*",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\9548F9611999ED8CA357720E12017816424CFB6F",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\B871BCA40A90227E35C39797525C79C94A1D99BE",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-downloadwhite-proto.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\except-flashsubdoc-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\mozstd-trackwhite-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\allow-flashallow-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\5910B209536948818F465D83D2569E7CE0895207",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\content-prefs.sqlite",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4",
"C:\\Program Files (x86)\\Mozilla Firefox\\dictionaries",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-phish-proto.metadata",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\key4.db-wal",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\Cache",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\BD75785200C0E1E894D78880C72AC03D1B02A575",
"C:\\Program Files (x86)\\Mozilla Firefox\\distribution\\searchplugins",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\except-flashallow-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\89DBE1DF558BB8439E2062ECC3272086F2E3FF1F",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-malware-proto.metadata",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\6052DF2D478CD99FDE4D4B2D810BB2BA580793EC",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\2918063365piupsah.files",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\2FD2E2A71F89E3A92F68CB796207228217259289",
"C:\\Windows\\System32\\spool\\drivers\\color\\Photo.gmmp",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\F456E8433011E699C016D5F1A2CD66D7F02F61A1",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\scriptCache-child-new.bin",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\scriptCache-new.bin",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\BF13DDDC114B55CF8532A4CD90403A99233AEC0E",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\3561288849sdhlie.sqlite-wal",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4E7F371E5CFBFD3AFD85C29D7EEFFFE842B3C777",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-phish-simple-1.sbstore",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\A41FBA22DC5012AD425DF960BDD5033BAB7C7CB6",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage.sqlite-wal",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\plugins",
"C:\\Users\\cuck\\AppData\\LocalLow",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\prefs-1.js",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\allow-flashallow-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\scriptCache-current.bin",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\extensions\\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi\\manifest.json",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\mozplugin-block-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\B028362E3889BEAC998CED49FD74BA83B106FF93",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\aushelper@mozilla.org.xpi\\install.rdf",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\698AC159A6BCBA0D13FE6F10F1A38E498F826F33",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\extensions\\staged",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-trackwhite-simple-1.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\46E3AF25E304979396708B69DA68563169275511",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\chrome\\custom-strings.txt",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\serviceworker.txt",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\onboarding@mozilla.org.xpi",
"C:\\Program Files (x86)\\Mozilla Firefox\\gmp-clearkey\\0.1\\manifest.json",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\17AFA6B228D2D87514B84B53E61306EC9F76A8AE",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\179F6D8969C48967D77229126C8892C5E40DBC29",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\content-prefs.sqlite-wal",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\1657114595AmcateirvtiSty.sqlite-journal",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D5E6BECED2D69F7DA21EFD7B80D6C386F459CAF3",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default",
"C:\\Program Files (x86)\\Mozilla Firefox\\firefox.exe",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\53A3BB8B513161BF46CD7ED76BE06E8E633BE492",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cookies.sqlite",
"C:\\Program Files (x86)\\Mozilla Firefox\\dictionaries\\sv.aff",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\92B5C9352DD00CE3BC97E4D5F624D41C2B3E8A45",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-phish-simple.sbstore",
"C:\\Users\\cuck\\AppData",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\2918063365piupsah.sqlite-journal",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-harmful-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\2B0BB856207559EBA5FC5511DF6FF5F51DFB5146",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\extensions",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\E771454BB360CA5F7AA169E5416B493549BC2F59",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4FA5EE242D6F5B358CE45D291E80054726F198AC",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\OfflineCache",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\places.sqlite-journal",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\scriptCache.bin",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\B10EA6E071F884F477118DC8A00E82FC8DE58639",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\favicons.sqlite-journal",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\EE34617993BEF52E93EC1819B22D42B99366214A",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\3561288849sdhlie.sqlite-shm",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\B43D30F6F6BD7155ECCE1FFC98748C5FE69D8051",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\AC09BBF6FF451E6C03BF3FB18C85B1A52662C4FC",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\F18D85F52EBBBA2AB081EF739ED0D6E8A76D497C",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\defaults\\preferences",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\except-flashsubdoc-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\Cache",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\96ABC2EA8266E6EA2ABE62F8766B67BC8CA527BD",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\FDC043D6190638980733E805CC7517F27A931511",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\block-flash-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-badbinurl-proto.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D1B90B03F8D7A2BA6BA1E9251F8101DECDB2CBEC",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\base-track-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\08F6935A08DB711CA491DE732807CFAEAB3E4D3B",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\2918063365piupsah.sqlite-shm",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\.metadata",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\webappsstore.sqlite-shm",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\followonsearch@mozilla.com.xpi",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\9843E084E02CC996A82AAAF091B968B2F443AA96",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cert9.db",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\Cache.Trash10639",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D7152E928865BCA4A03E2E2EA4F70459D0A65CA9",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\22C4B7AADA22F61015D43F2AC3959E959BFA7C92",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\index.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\FF55B8192FB0DF5264A1A67E55A281598969EDD1",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\B25B8C1B43CF7FBFAE6666322FAC0E83376388E2",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\minidumps",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D88DC229735F2EE8DFE494C6D1F37FA7BB2227CE",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\BA91797ACB41F0E0E1E95742571EEE322A6A70F0",
"C:\\Windows\\System32\\spool\\drivers\\color\\D65.camp",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\formautofill@mozilla.org.xpi\\install.rdf",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\CCB2BB2D87699CA64DCF0C60BDECD1E30D1D6A11",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\773ADD9F62EEAF7F2246C8AD56A9F1B7BAA7B703",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\2E3648501A7ACB740BAFCE7FC3EAF3D4DC4E995D",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\9BA38CD17924C08AD334BFB3903E3E7CD5627B1B",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\2DDBF58F5F7BF1E52CD38B42B90ABC8A4B082461",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-block-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\mozplugin-block-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\E7EAFD1748127CEAA48DCDD05E7998E3CAA95B8C",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\C4FA0268E64A0AD9E2040B07A1F10F120BD4EB0C",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\EAF97F7535E2FBDA3D23E536591F7BBFE203FAC1",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Extensions\\*",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D5D7B247774E63182A9E2C82B62424AAB64C79A8",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\745D8B14DE6A12F1FAB4E03C1DDDB18AADB91107",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-malware-simple-1.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\aushelper@mozilla.org.xpi\\manifest.json",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\7B303216787123E2E98A2B9594CDF8211C77C0EA",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\6E1FED29EBE0BFDE3E498E4192938BE957FF9246",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\xulstore.json",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\A9004750076EB06EEC33AA7B9CC6D2557CD44CF4",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-malware-simple.pset",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\0CB83587A5F8FCB502CB86AC361A93E2B36E861C",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\A3031C2052A395A7FE246EFE1783C6205B841295",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-badbinurl-proto.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\2F8B15C93D75669CC70EBF85BF71871359837EAF",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-unwanted-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\1679441B8AA7B4D31717C773CC4E86A25B37532B",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\C9BC79B1EF4DD1EF133FEDF6433E235214534AB1",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-block-simple-1.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\54EF37D18C4E81EE554527CBAE4A41871ECA817A",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\10506E8A46D6B713DA6BAF52F85CF29652AB094C",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\19AE0F43DA3528C6C3423A49A8C88E2268C93A9F",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\A9970A5D52CA09C13D9BD1531BCA7CF8B73E283E",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\A2FD2AEC52AD764EF05C6E7CE3A4CE4B752EA5F0",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cert9.db-wal",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\719CE0C009C49A27AA9874570F196BC7E8FB4270",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\except-flashsubdoc-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\block-flash-digest256.sbstore",
"C:\\Program Files (x86)",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\mozplugin-block-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\6301F538B782708AB243E2D7E05058C93BB83863",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\parent.lock",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\DF08D94982E136FE7C4F2C94421F9E48C2C74A77",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\crashreporter-override.ini",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\C664ABAE6A070392F60C7BFF721450AA0CF7DBA0",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\allow-flashallow-digest256.sbstore",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\activity-stream@mozilla.org.xpi\\install.rdf",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\key4.db",
"C:\\Program Files (x86)\\Mozilla Firefox\\omni.ja",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\webappsstore.sqlite-journal",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-downloadwhite-proto.metadata",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-badbinurl-proto.metadata",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\E8F333B9BE75EC8017017DAE4ACE9DCC6677A983",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\plugins",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-block-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\d3d11layers.guard",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\1E1444ABF82EF1DC8EE0944028E4CDA455D636F3",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\05582FF5C196A4485F189490FEC9ECEA0890DA32",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\2918063365piupsah.sqlite-wal",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\589D8E1EA927649272150213A47BD1143DECB82A",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-to_delete",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-malware-proto.metadata",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-phish-simple.pset",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\3561288849sdhlie.files",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\BFF1B70350A6A2E0FDC6CD336ADB9119D951BACD",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\content-prefs.sqlite-journal",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-trackwhite-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-phish-proto.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\66F684AF9CC570C6247262B47C769C601C2A338B",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\63FFF734326AB3EF836515DFE9353A5E12B66B71",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\1FD79E550E990A5DE8BC811C9BBECF380A66A9DF",
"C:\\Users\\cuck",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\prefs.js",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\followonsearch@mozilla.com.xpi\\manifest.json",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\5E4954707B44E5A4B4ACF5F22B52219A1DCA477F",
"C:\\Program Files (x86)\\Mozilla Firefox\\fonts",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\extensions",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\dictionaries",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-backup",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\1657114595AmcateirvtiSty.files",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\1D7A050D55E3C4EE69402F8D55391DE5B50ADDB9",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\.purgecaches",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\except-flashallow-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\except-flash-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\C57B57965CBA09581E320B5AA0337D210F8F93D2",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-phish-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\64E75C732D9C3F23724ACEF48E9B6C566BC6D9BE",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-harmful-simple.pset",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\chrome",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\32D3D40B1A49D72C523AF9C518AFE673224DF48F",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\E2E836DA4479746F0312710A7F9EE78D7DFD4750",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\onboarding@mozilla.org.xpi\\manifest.json",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\2E51A9404F7D0D33DB132CAF4A9C7B8FA64549AA",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-unwanted-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\urlCache-new.bin",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\120B4106EC203FC932984367D86BBE11C2B9B93C",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\2361C75DF0C4148925BB777DAFEA1BF4F9552B47",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\favicons.sqlite-wal",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\3A472858AE5D0DD4813DF4EFC9F1037A487B1A64",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-block-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\CA53C817FAB68ABF181745737562B15E8CCB7039",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\C03DE41C9476F437402F1B6C64B0E4AB01A863E0",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4E83181E964BD40E1FE4C41BAFED645D4BA363B1",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\25D9FE4CEA5B58770648CDAF3242ACDE286A6CBF",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\places.sqlite-shm",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\extensions\\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\urlCache.bin",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4AFCE23AA61A96885DF21D2DE2FFB502C41EBD3C",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\3561288849sdhlie.sqlite",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\SystemExtensionsDev",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-malware-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cert9.db-journal",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\361B548BA913570AB336F9E5FA9152F01E567AB9",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\mozstd-trackwhite-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\base-track-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\webappsstore.sqlite-wal",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\63F48F4F7F1BC3195F5AB831F9794F3DBA2D30E1",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\chrome\\userChrome.css",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\extensions\\*",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\favicons.sqlite",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4945586D32183A203E85FAFFD463A7684FD62668",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\7F2254AA2A8BC4A627A43E0A537084540A1E884B",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\aushelper@mozilla.org.xpi",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\950506BC89C1114E4E75E993855000430CECD9D9",
"C:\\Users\\cuck\\AppData\\Roaming",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-track-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D1A8E6A06938A84BEC26B6A4F8D583FB4A3E4875",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\1F3A3A34BAF218785600EB46E9182918B9928898",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4824C8FFDEE786A5D8721AF47836EA89F72B9E63",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-phish-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\89ACBB962943FAF1EF2F1C7CA72502C77A714625",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\3561288849sdhlie.sqlite-journal",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\startupCache.4.little",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\235A8ED310BFD65966E1EE36D0FD4BE498C8B73C",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\.metadata-v2",
"C:\\Program Files (x86)\\Mozilla Firefox",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\firefox@getpocket.com.xpi\\install.rdf",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\7ADD52E257AB16553D632B8F4B6830030878A19E",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\CB29EDE1FD7262A61FFAB793A382D515CAC77D01",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\AA109EF5680522CB655C98111C00F5A6B7B092B2",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\1AB027184D2B00AF60C1FC40EDE4333DEACDB184",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\B597DA2E9B2D181DF7F2FB8D2BAEC133C8DBA0A3",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\65C9C9A27B78717F1015DE362F028E04C3945DEC",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\webappsstore.sqlite",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D3AEF13BE0B76F1272C2F5536D4AF952DE6D2579",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\43CB3924B4D48AD39D6282AE7C1F2C500B3D6732",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-unwanted-simple-1.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-trackwhite-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-malware-proto.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\block-flashsubdoc-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\BA3014356B4F6ECADF1B5288B6841EB407783B99",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\75E50D054B90189E74DAB0C86F5E8680BE580C29",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-downloadwhite-proto.pset",
"C:\\Users\\cuck\\AppData\\LocalLow\\Mozilla\\Temp-{30125161-3c7f-4c5a-bdb3-beadc01f5994}\\*",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\34D9B2F464DD8C129F58DFEE470B079556A7A3F9",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\167493A5CFB1A41265EC1B95DA06580C32BCF814",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\webcompat@mozilla.org.xpi\\install.rdf",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\68B1EB9E09D4BD74CA7A9C1BB118BE821BD39E93",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\DC933A410E769DFD115C892EAF014A6E15ED59CE",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D172C03F361E7325D8F391F992106A828306767D",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cookies.sqlite-journal",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\block-flashsubdoc-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D381FB47D731C2651FB103E2F7BC18AF380F7B1F",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\6C9B846926C287B15F67D64CE91F1CFA7D812660",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\0FEBD8BDBFAC8B82791945DC7E04F675419B2F42",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\block-flash-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-unwanted-proto.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\24AB539CB6640E15DB1604220F3951544785212C",
"C:\\Users\\cuck\\AppData\\LocalLow\\Mozilla\\Temp-{30125161-3c7f-4c5a-bdb3-beadc01f5994}",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\7A140995F2B1632A4366B29F84525E129CE8019A",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-block-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\13AD07F4960A54F2D183ACF9E94C5128138B1927",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\8C98F893C7DC5F2C401AD1482A81572B54197408",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\updates\\0\\update.status",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\permissions.sqlite-wal",
"C:\\Users",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\FE9B4B8E239A016792D26E2E2AB299E00D2EC8CA",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\10822A86FA4EA4E601152426CBC79395A1336DF4",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D6BFEAEE7117A9C7FDE6A10EAB400F894E4195A8",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\481A82674A6B66F0DE510C9A714F8CD8C49CECDC",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Extensions\\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\InstallTime20180605171542",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\B3F357E619352C003E94A8CF5A48F89305F38330",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\favicons.sqlite-shm",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D56D07CBF04B0388B53B943F61C75FC6620FA0A9",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\scriptCache-child.bin",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\1657114595AmcateirvtiSty.files\\journals",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\796EA7DED8F33BFD4F2F0CD98C76865D063E1FE1",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\mozstd-trackwhite-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D8779A474EF9F188508C00F92B9CE49A7892A0AD",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\allow-flashallow-digest256.sbstore",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\87526A8EBFB030E474085D20EF15DC8C63814072",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage.sqlite-journal",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\except-flashsubdoc-digest256.pset",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\screenshots@mozilla.org.xpi",
"C:\\Windows\\System32",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\0EDDF8C091E2FED62E44BEDDDC1723F5BF38FE4F",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-track-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\except-flash-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\session-state.json",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-track-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\except-flashallow-digest256.pset",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\formautofill@mozilla.org.xpi\\manifest.json",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\3105ECE5A1F29E3F4D2F5EDF3C6DC5FE4443FD4A",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-harmful-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\93B95B92B63A5C2327A8048A4BF57824C56B8CF1",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\index.log",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-track-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\9B1007AC2F741C4FD7099C41A741D0FD35957BB8",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\block-flashsubdoc-digest256.pset",
"C:\\Program Files (x86)\\Mozilla Firefox\\distribution\\extensions",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\places.sqlite-wal",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4966EE335F8967FC706E89E6D02E8524E946F1B9",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\except-flashallow-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\196BCA845E91608F7B4CA6127A60D20AF55413AC",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\chrome\\icons\\default\\main-window.ico",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\F8AC72083E334F70A553AE68455FBDF0E65C5221",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\E59C4C731883450D84A0BAE7FDD94546BBC8DE04",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cookies.sqlite-shm",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\chrome\\*",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\activity-stream@mozilla.org.xpi\\manifest.json",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-unwanted-simple.pset",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Extensions",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\.startup-incomplete",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-trackwhite-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\pluginreg.dat",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\screenshots@mozilla.org.xpi\\install.rdf",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\8366CD083751DA973B30F80B11D910A45A6D920D",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\webcompat@mozilla.org.xpi",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\6509930F4539DB79DA356F2C5D01976D46756302",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\8322BC5E83D3D80175E749D29197F9800286F253",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\2732BCC97E7EB9EC9DE3E8EA8F56D7971CBDCD22",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\except-flash-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-badbinurl-proto.metadata",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\base-track-digest256.pset",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\aborted-session-ping",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\E910D1FCE8BF27F5536B88567A4DC32624377CC3",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\B2D65EE14ED1EB19E1A3B4C871D8C24A13F52918",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\SystemExtensionsDev\\*",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\followonsearch@mozilla.com.xpi\\install.rdf",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\chrome\\icons\\default\\default.ico",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\firefox@getpocket.com.xpi",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\7A8D3A9360CC37F0AD80962D4AEA72B6D0F0B2B3",
"C:\\Users\\cuck\\AppData\\LocalLow\\Mozilla",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\280DEB31796CE454CD8D9594397E4D89E8E5D64F",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\screenshots@mozilla.org.xpi\\manifest.json",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\chrome",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-trackwhite-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\block-flash-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\AC5E012C1887C7B691A8EA00C4E754025E25C235",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\extensions\\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi\\install.rdf",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-malware-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\index",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\F2BD0701B9399ABF52C338C39C42391FD12832D2",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\01B2BB0FC84221A3593CA7991D57E56AC2CAE656",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\F10983A15DD515D828BE4E816299B9E87852132A",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\EFE71EF03AD3DD79AAEBAA0A3F9596521CBA2FFE",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\persdict.dat",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-unwanted-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\71E6B979E60B9BE891481CC4F4A274E2DECFFCD7",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\profiles.ini",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\EA9C51236A8D1BE9B123FE65F49772A97F2EAAEC",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\EFC872FB5405AFC377348FFCDD26E62BBB612D81",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\499B8F86D3D7ACD12153BFF4E7D9C21E20E57862",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\permissions.sqlite-journal",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4DE8480C465A21C0F01AA2B6F4E13E551F78BBB1",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\AFE5FBBD40656A0DF79CF1E5D0A1DF072C6B9AE9",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\8763F97414AC5D93807FCCBC67DBAAAEE2972A52",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\F6C3C960F259CC3B54FF1DAD70E2F2E9E5020CA6",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\505DF13F4DA2C53FEB1945E0598B23F47FDBDCC7",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\F85DD1E57E8C61DF501ABFFCE74943A8035E83A6",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\E9B5F1423155DB2E35FD739FC2008DB01C93DE1E",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\permissions.sqlite",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\firefox@getpocket.com.xpi\\manifest.json",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\omni.ja",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\2918063365piupsah.files\\journals",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\006309EAFFD4653F45B69F09BF6F930B6C5B394C",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\ED89A8241905354BB4530DC06257CEF53C1580A2",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\639DC9A240AA5E77CE1A930EDDD634BE796CBFA8",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\0CDAD0FEE8D457A239E21FCEAC3C12851FD524BB",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\extensions.json",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-harmful-simple-1.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\911B0C61350C012E383F7D0845A33B4D64F1AD2A",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\2918063365piupsah.sqlite",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-unwanted-proto.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-unwanted-proto.metadata",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\E600EF8778C4BFEC40D87FF56E5C46E3377094F0",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\16114BA75206B6FA4C51ADC8A73DB4C6635F6AF9",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\LastCrash",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\2F0CC71C57B06F9DEA5A4A190CC4CF489D97C1F4",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\mozstd-trackwhite-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\9B10ECC55593004CB6F9763CF9201C09433055FD",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\79AEB0050B19F23A061AD4C2045261954485EF33",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\88A3A91F296EB21A832CB76FA4FDB06CCDE147B9",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\key4.db-journal",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\5014D54D3346C39B07AF70090657B2AD092771C7",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\6D0B804EDDF9F0A04ED44C3E1673404FC2EF042D",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\25FCAA86CF448D2943B56A5788C3C21E5EA8DBC4",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\places.sqlite",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-unwanted-proto.metadata",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage.sqlite",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\BB03D28C0A5842A9006EBFBFCDEC58959BE6B505",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\activity-stream@mozilla.org.xpi",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\53B7A8254D12E292946E4514B3D598C1E6539AE8",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\doomed",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\archived\\2018-06",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\70F12FE0F788181112B9AEE541D1E9E7E0FAEDE3",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\formautofill@mozilla.org.xpi",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\block-flashsubdoc-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-phish-proto.metadata",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-malware-proto.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\723D2D7D52AD8AD9A4B8D12D69CBCD97CB4FFC65",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\448A2AB129B26377E2408BBC44A6B4E984B0F25D",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\except-flash-digest256.pset",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\1657114595AmcateirvtiSty.sqlite-wal",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-malware-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\24C085D72E4DC34C183B0875733BBC71612D9696",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\base-track-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\3561288849sdhlie.files\\journals",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\ABA24AAB8A9EA0E34C3E86EFD7EE2992CE614003"
],
"directory_enumerated": [
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\*",
"C:\\Users\\cuck\\AppData\\LocalLow\\Mozilla",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\*",
"C:\\Users\\cuck\\AppData\\LocalLow",
"C:\\Users\\cuck\\AppData",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Extensions\\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\\*",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\extensions\\*",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\archived\\*",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\extensions\\*",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\events\\*",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\saved-telemetry-pings\\*",
"C:\\Program Files (x86)\\Mozilla Firefox\\fonts\\*",
"C:\\Users\\cuck\\AppData\\Roaming",
"C:\\Users",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\archived\\2018-06\\*",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\*",
"C:\\Program Files (x86)\\Mozilla Firefox\\defaults\\pref\\*",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\*",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\*",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\doomed\\*",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Pending Pings\\*",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\*",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\crashes\\events\\*",
"C:\\Users\\cuck",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\*",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\bookmarkbackups\\*",
"C:\\Program Files (x86)\\Mozilla Firefox\\firefox.exe",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\*",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\*",
"C:\\Program Files (x86)\\Mozilla Firefox\\dictionaries\\*"
]
},
"first_seen": 1568681608.5465,
"ppid": 2828
},
{
"process_path": "C:\\Program Files (x86)\\DS Clock\\dsetime.exe",
"process_name": "dsetime.exe",
"pid": 2572,
"summary": {
"file_opened": [
"C:\\Windows\\Globalization\\Sorting\\sortdefault.nls"
],
"file_recreated": [
"C:\\ProgramData\\Duality Software\\DS Clock\\dsetime.log"
],
"directory_created": [
"C:\\ProgramData\\Duality Software\\DS Clock",
"C:\\ProgramData\\Duality Software"
],
"dll_loaded": [
"ADVAPI32.DLL",
"kernel32.dll"
],
"regkey_read": [
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\GRE_Initialize\\DisableMetaFiles",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\en-US",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\en-US"
]
},
"first_seen": 1568681604.8746,
"ppid": 2828
},
{
"process_path": "C:\\Program Files (x86)\\DS Clock\\dsclock.exe",
"process_name": "dsclock.exe",
"pid": 2700,
"summary": {
"file_created": [
"C:\\Users\\cuck\\AppData\\Roaming\\Duality Software\\DS Clock\\dsclocklog.txt"
],
"regkey_written": [
"HKEY_CURRENT_USER\\Software\\Duality Software\\DS Clock\\TimeSync\\SVR",
"HKEY_CURRENT_USER\\Software\\Duality Software\\DS Clock\\TimeSync\\W2F",
"HKEY_CURRENT_USER\\Software\\Duality Software\\DS Clock\\TimeSync\\MSO",
"HKEY_CURRENT_USER\\Software\\Duality Software\\DS Clock\\TimeSync\\NOD",
"HKEY_CURRENT_USER\\Software\\Duality Software\\DS Clock\\Common\\H2",
"HKEY_CURRENT_USER\\Software\\Duality Software\\DS Clock\\Common\\H0",
"HKEY_CURRENT_USER\\Software\\Duality Software\\DS Clock\\TimeSync\\FST",
"HKEY_CURRENT_USER\\Software\\Duality Software\\DS Clock\\TimeSync\\AHR",
"HKEY_CURRENT_USER\\Software\\Duality Software\\DS Clock\\Common\\CF",
"HKEY_CURRENT_USER\\Software\\Duality Software\\DS Clock\\Common\\AU",
"HKEY_CURRENT_USER\\Software\\Duality Software\\DS Clock\\Common\\Stamp",
"HKEY_CURRENT_USER\\Software\\Duality Software\\DS Clock\\Common\\CC",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Run\\DS Clock",
"HKEY_CURRENT_USER\\Software\\Duality Software\\DS Clock\\TimeSync\\ATA"
],
"dll_loaded": [
"UxTheme.dll",
"OLEAUT32.DLL",
"API-MS-Win-Security-LSALookup-L1-1-0.dll",
"C:\\Windows\\syswow64\\MSCTF.dll",
"IMM32.dll",
"dwmapi.dll",
"kernel32.dll",
"RASAPI32.dll",
"OLEAUT32.dll",
"C:\\Windows\\system32\\ole32.dll",
"ADVAPI32.dll",
"comctl32",
"comctl32.dll",
"C:\\Windows\\WinSxS\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\\gdiplus.dll",
"Comctl32.dll"
],
"file_opened": [
"C:\\Program Files (x86)\\DS Clock\\timesvrs.dat",
"C:\\",
"C:\\Windows\\Globalization\\Sorting\\sortdefault.nls"
],
"regkey_opened": [
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{8613E14C-D0C0-4161-AC0F-1DD2563286BC}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_CURRENT_USER\\Software\\Duality Software\\DS Clock",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Network",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Comdlg32",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{0000897b-83df-4b96-be07-0fb58b01c4a4}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\CTF\\TIP\\{0000897b-83df-4b96-be07-0fb58b01c4a4}\\LanguageProfile\\0x00000000\\{0001bea3-ed56-483d-a2e2-aeae25577436}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer",
"HKEY_CURRENT_USER\\Software\\Duality Software\\DS Clock\\Common",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{F25E9F57-2FC8-4EB3-A41A-CCE5F08541E6}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{07EB03D6-B001-41DF-9192-BF9B841EE71F}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_CURRENT_USER\\Keyboard Layout\\Toggle",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Run",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{AE6BE008-07FB-400D-8BEB-337A64F7051F}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Duality Software\\DS Clock\\Install",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{C1EE01F2-B3B6-4A6A-9DDD-E988C088EC82}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Clients\\Mail\\Microsoft Outlook",
"HKEY_CURRENT_USER\\Software\\Microsoft\\CTF\\DirectSwitchHotkeys",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\Compatibility\\dsclock.exe",
"HKEY_CURRENT_USER\\Software\\Duality Software",
"HKEY_CURRENT_USER\\Software\\Microsoft\\CTF\\LayoutIcon\\0409\\0000041d",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{F89E9E58-BD2F-4008-9AC2-0F816C09F4EE}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{DCBD6FA8-032F-11D3-B5B1-00C04FC324A1}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_CLASSES_ROOT\\Software\\Microsoft\\Windows\\Shell\\Associations\\UrlAssociations\\mailto\\UserChoice\\shell\\open\\command",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{3697C5FA-60DD-4B56-92D4-74A569205C16}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{531FDEBF-9B4C-4A43-A2AA-960E8FCDC732}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_CURRENT_USER\\Software\\Duality Software\\DS Clock\\TimeSync",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{A028AE76-01B1-46C2-99C4-ACD9858AE02F}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{81D4E9C9-1D3B-41BC-9E6C-4B40BF79E35E}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{03B5835F-F03C-411B-9CE2-AA23E1171E36}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\KnownClasses",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\FontSubstitutes",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Rpc\\SecurityService",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{E429B25A-E5D3-4D1F-9BE3-0C608477E3A1}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Shell\\Associations\\UrlAssociations\\mailto\\UserChoice",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{78CB5B0E-26ED-4FCC-854C-77E8F3D1AA80}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_CURRENT_USER\\software"
],
"file_written": [
"C:\\Users\\cuck\\AppData\\Roaming\\Duality Software\\DS Clock\\dsclocklog.txt"
],
"file_exists": [
"C:\\Users\\cuck\\AppData\\Roaming\\Duality Software\\DS Clock\\dsclocklog.txt"
],
"mutex": [
"m_dsclock32",
"RasPbFile"
],
"guid": [
"{e2b3c97f-6ae1-41ac-817a-f6f92166d7dd}",
"{98325047-c671-4174-8d81-defcd3f03186}"
],
"file_read": [
"C:\\Program Files (x86)\\DS Clock\\timesvrs.dat"
],
"regkey_read": [
"HKEY_CURRENT_USER\\Keyboard Layout\\Toggle\\Language Hotkey",
"HKEY_CURRENT_USER\\Software\\Duality Software\\DS Clock\\TimeSync\\SVR",
"HKEY_CURRENT_USER\\Software\\Duality Software\\DS Clock\\Common\\RTL",
"HKEY_CURRENT_USER\\Software\\Duality Software\\DS Clock\\Common\\MS",
"HKEY_CURRENT_USER\\Software\\Duality Software\\DS Clock\\Common\\CR",
"HKEY_CURRENT_USER\\Software\\Duality Software\\DS Clock\\Common\\SE",
"HKEY_CURRENT_USER\\Software\\Duality Software\\DS Clock\\Common\\FWOY",
"HKEY_CURRENT_USER\\Software\\Duality Software\\DS Clock\\Common\\CTA",
"HKEY_CURRENT_USER\\Software\\Duality Software\\DS Clock\\Common\\OT",
"HKEY_CURRENT_USER\\Software\\Duality Software\\DS Clock\\Common\\Stamp",
"HKEY_CURRENT_USER\\Software\\Duality Software\\DS Clock\\Common\\TPS",
"HKEY_CURRENT_USER\\Software\\Duality Software\\DS Clock\\Common\\CH1",
"HKEY_CURRENT_USER\\Software\\Duality Software\\DS Clock\\Common\\CH0",
"HKEY_CURRENT_USER\\Software\\Duality Software\\DS Clock\\Common\\FSW",
"HKEY_CURRENT_USER\\Software\\Duality Software\\DS Clock\\TimeSync\\NOR",
"HKEY_CURRENT_USER\\Software\\Duality Software\\DS Clock\\Common\\TT",
"HKEY_CURRENT_USER\\Software\\Duality Software\\DS Clock\\TimeSync\\MSO",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Duality Software\\DS Clock\\Install\\Stamp",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\en-US",
"HKEY_CURRENT_USER\\Software\\Duality Software\\DS Clock\\TimeSync\\W2F",
"HKEY_CURRENT_USER\\Software\\Duality Software\\DS Clock\\Common\\TR",
"HKEY_CURRENT_USER\\Software\\Duality Software\\DS Clock\\Common\\CT",
"HKEY_CURRENT_USER\\Software\\Duality Software\\DS Clock\\Common\\H4",
"HKEY_CURRENT_USER\\Software\\Duality Software\\DS Clock\\Common\\AT",
"HKEY_CURRENT_USER\\Software\\Duality Software\\DS Clock\\Common\\H2",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontSubstitutes\\MS Shell Dlg 2",
"HKEY_CURRENT_USER\\Software\\Duality Software\\DS Clock\\Common\\H0",
"HKEY_CURRENT_USER\\Software\\Duality Software\\DS Clock\\TimeSync\\FST",
"HKEY_CURRENT_USER\\Software\\Duality Software\\DS Clock\\Common\\CO",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\Pacific Standard Time\\Dynamic DST\\2019",
"HKEY_CURRENT_USER\\Software\\Duality Software\\DS Clock\\Common\\FTZ",
"HKEY_CURRENT_USER\\Software\\Duality Software\\DS Clock\\Common\\XY",
"HKEY_CURRENT_USER\\Keyboard Layout\\Toggle\\Hotkey",
"HKEY_CURRENT_USER\\Software\\Duality Software\\DS Clock\\Common\\CF",
"HKEY_CURRENT_USER\\Software\\Duality Software\\DS Clock\\Common\\AL",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Duality Software\\DS Clock\\Install\\Path",
"HKEY_CURRENT_USER\\Software\\Duality Software\\DS Clock\\Common\\CC",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Rpc\\SecurityService\\DefaultAuthLevel",
"HKEY_CURRENT_USER\\Software\\Duality Software\\DS Clock\\Common\\COA",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows NT\\CurrentVersion\\ProductName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\Pacific Standard Time\\Dynamic DST\\FirstEntry",
"HKEY_CURRENT_USER\\Software\\Duality Software\\DS Clock\\Common\\FN",
"HKEY_CURRENT_USER\\Software\\Duality Software\\DS Clock\\Common\\LW",
"HKEY_CURRENT_USER\\Software\\Duality Software\\DS Clock\\TimeSync\\NOD",
"HKEY_CURRENT_USER\\Software\\Duality Software\\DS Clock\\Common\\SFS",
"HKEY_CURRENT_USER\\Software\\Duality Software\\DS Clock\\Common\\ATF",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Rpc\\Extensions\\NdrOleExtDLL",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\TurnOffSPIAnimations",
"HKEY_CURRENT_USER\\Software\\Duality Software\\DS Clock\\Common\\FTZTM",
"HKEY_CURRENT_USER\\Software\\Duality Software\\DS Clock\\Common\\PS",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\en-US",
"HKEY_CURRENT_USER\\Software\\Duality Software\\DS Clock\\Common\\GPSTT",
"HKEY_CURRENT_USER\\Software\\Duality Software\\DS Clock\\Common\\SSA",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\Pacific Standard Time\\Dynamic DST\\LastEntry",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{0000897b-83df-4b96-be07-0fb58b01c4a4}\\LanguageProfile\\0x00000000\\{0001bea3-ed56-483d-a2e2-aeae25577436}\\Enable",
"HKEY_CURRENT_USER\\Software\\Duality Software\\DS Clock\\Common\\FDOW",
"HKEY_CURRENT_USER\\Software\\Duality Software\\DS Clock\\TimeSync\\ATA",
"HKEY_CURRENT_USER\\Software\\Duality Software\\DS Clock\\Common\\FT",
"HKEY_CURRENT_USER\\Software\\Duality Software\\DS Clock\\Common\\CB",
"HKEY_CURRENT_USER\\Software\\Duality Software\\DS Clock\\Common\\3D",
"HKEY_CURRENT_USER\\Software\\Duality Software\\DS Clock\\Common\\LR",
"HKEY_CURRENT_USER\\Software\\Duality Software\\DS Clock\\Common\\GPST",
"HKEY_CURRENT_USER\\Software\\Duality Software\\DS Clock\\TimeSync\\AHR",
"HKEY_CURRENT_USER\\Software\\Duality Software\\DS Clock\\Common\\UO",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\CTF\\EnableAnchorContext",
"HKEY_CURRENT_USER\\Software\\Duality Software\\DS Clock\\Common\\DR",
"HKEY_CURRENT_USER\\Software\\Duality Software\\DS Clock\\Common\\MAPI",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Time Zones\\Pacific Standard Time\\Dynamic DST\\2007",
"HKEY_CURRENT_USER\\Software\\Duality Software\\DS Clock\\Common\\CFQ",
"HKEY_CURRENT_USER\\Keyboard Layout\\Toggle\\Layout Hotkey",
"HKEY_CURRENT_USER\\Software\\Duality Software\\DS Clock\\Common\\PST"
],
"directory_created": [
"C:\\Users\\cuck\\AppData\\Roaming\\Duality Software\\DS Clock",
"C:\\Users\\cuck\\AppData\\Roaming\\Duality Software",
"C:\\ProgramData\\Duality Software\\DS Clock",
"C:\\Users\\cuck\\AppData\\Roaming",
"C:\\ProgramData\\Duality Software"
]
},
"first_seen": 1568681608.5621,
"ppid": 2828
},
{
"process_path": "C:\\Windows\\System32\\lsass.exe",
"process_name": "lsass.exe",
"pid": 476,
"summary": {},
"first_seen": 1568681589.375,
"ppid": 376
},
{
"process_path": "C:\\Users\\cuck\\AppData\\Local\\Temp\\c377d2bfb91b3167f78e37ed202a391e174323b2399b75fac291322d3865c60a.bin",
"process_name": "c377d2bfb91b3167f78e37ed202a391e174323b2399b75fac291322d3865c60a.bin",
"pid": 2676,
"summary": {
"file_created": [
"C:\\Users\\cuck\\AppData\\Local\\Temp\\is-6QC0S.tmp\\c377d2bfb91b3167f78e37ed202a391e174323b2399b75fac291322d3865c60a.tmp"
],
"directory_created": [
"C:\\Users\\cuck\\AppData\\Local\\Temp\\is-6QC0S.tmp"
],
"dll_loaded": [
"C:\\Windows\\system32\\cryptbase.dll",
"C:\\Windows\\system32\\apphelp.dll",
"C:\\Windows\\system32\\userenv.dll",
"C:\\Windows\\system32\\dwmapi.dll",
"dwmapi.dll",
"C:\\Windows\\system32\\propsys.dll",
"C:\\Windows\\system32\\clbcatq.dll",
"comctl32.dll",
"C:\\Windows\\system32\\profapi.dll",
"kernel32.dll",
"C:\\Windows\\system32\\setupapi.dll",
"C:\\Windows\\system32\\shell32.dll",
"API-MS-Win-Core-LocalRegistry-L1-1-0.dll",
"UxTheme.dll",
"C:\\Windows\\system32\\version.dll",
"ADVAPI32.dll",
"C:\\Windows\\system32\\oleacc.dll",
"C:\\Windows\\system32\\comres.dll",
"C:\\Windows\\system32\\ntmarta.dll",
"C:\\Windows\\system32\\uxtheme.dll"
],
"file_opened": [
"C:\\Windows\\System32\\oleaccrc.dll",
"C:\\Windows\\SysWOW64\\en-US\\KERNELBASE.dll.mui",
"C:\\Windows\\System32\\netmsg.dll",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\c377d2bfb91b3167f78e37ed202a391e174323b2399b75fac291322d3865c60a.bin",
"C:\\Windows\\Globalization\\Sorting\\sortdefault.nls"
],
"regkey_opened": [
"HKEY_LOCAL_MACHINE\\Software\\CodeGear\\Locales",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\LDAP",
"HKEY_CURRENT_USER\\Software\\CodeGear\\Locales",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Setup",
"HKEY_CURRENT_USER\\Software\\Borland\\Locales",
"HKEY_CURRENT_USER\\Software\\Borland\\Delphi\\Locales"
],
"file_written": [
"C:\\Users\\cuck\\AppData\\Local\\Temp\\is-6QC0S.tmp\\c377d2bfb91b3167f78e37ed202a391e174323b2399b75fac291322d3865c60a.tmp"
],
"file_deleted": [
"C:\\Users\\cuck\\AppData\\Local\\Temp\\is-6QC0S.tmp\\c377d2bfb91b3167f78e37ed202a391e174323b2399b75fac291322d3865c60a.tmp"
],
"directory_removed": [
"C:\\Users\\cuck\\AppData\\Local\\Temp\\is-6QC0S.tmp"
],
"file_exists": [
"C:\\Users\\cuck\\AppData\\Local\\Temp\\is-6QC0S.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Temp"
],
"command_line": [
"\"C:\\Users\\cuck\\AppData\\Local\\Temp\\is-6QC0S.tmp\\c377d2bfb91b3167f78e37ed202a391e174323b2399b75fac291322d3865c60a.tmp\" \/SL5=\"$1902E6,1924549,147456,C:\\Users\\cuck\\AppData\\Local\\Temp\\c377d2bfb91b3167f78e37ed202a391e174323b2399b75fac291322d3865c60a.bin\" "
],
"file_read": [
"C:\\Users\\cuck\\AppData\\Local\\Temp\\c377d2bfb91b3167f78e37ed202a391e174323b2399b75fac291322d3865c60a.bin"
],
"regkey_read": [
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\SourcePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\DevicePath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\en-US",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\LDAP\\UseOldHostResolutionOrder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\GRE_Initialize\\DisableMetaFiles",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\en-US",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\LDAP\\UseHostnameAsAlias",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\LDAP\\LdapClientIntegrity"
]
},
"first_seen": 1568681589.625,
"ppid": 2724
},
{
"process_path": "C:\\Windows\\explorer.exe",
"process_name": "explorer.exe",
"pid": 1788,
"summary": {
"regkey_written": [
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StartPage\\NewShortcuts\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\DS Clock\\DS Clock.lnk",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Shell\\Bags\\1\\Desktop\\GroupByKey:FMTID",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Shell\\BagMRU\\NodeSlots",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Shell\\Bags\\1\\Desktop\\IconSize",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Shell\\Bags\\1\\Desktop\\FFlags",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Shell\\BagMRU\\MRUListEx",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Shell\\Bags\\1\\Desktop\\Sort",
"HKEY_CURRENT_USER\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\TrayNotify\\IconStreams",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Shell\\Bags\\1\\Desktop\\ColInfo",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\HRZR_PGYFRFFVBA",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StartPage2\\ProgramsCache",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StartPage\\NewShortcuts\\C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\DS Clock\\DS Clock.lnk",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Shell\\Bags\\1\\Desktop\\GroupByDirection",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{7P5N40RS-N0SO-4OSP-874N-P0S2R0O9SN8R}\\QF Pybpx\\qfpybpx.rkr",
"HKEY_CURRENT_USER\\Local Settings\\MuiCache\\2\\52C64B7E\\LanguageList",
"HKEY_CURRENT_USER\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\TrayNotify\\LastAdvertisement",
"HKEY_CURRENT_USER\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\TrayNotify\\PastIconsStream",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Shell\\Bags\\1\\Desktop\\GroupView",
"HKEY_CURRENT_USER\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\TrayNotify\\UserStartTime",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StuckRects2\\Settings",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Shell\\Bags\\1\\Desktop\\GroupByKey:PID",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Action Center\\Checks\\{01979c6a-42fa-414c-b8aa-eee2c8202018}.check.100\\CheckSetting",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Shell\\Bags\\1\\Desktop\\LogicalViewMode",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Shell\\Bags\\1\\Desktop\\Mode",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\\pzq.rkr",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Streams\\Desktop\\TaskbarWinXP",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\R7PS176R110P211O"
],
"dll_loaded": [
"C:\\Windows\\system32\\xmllite.dll"
],
"file_opened": [
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories",
"C:\\ProgramData",
"C:\\",
"C:\\Users\\cuck\\AppData",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\desktop.ini",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Tablet PC",
"C:\\Users\\cuck\\",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\DS Clock\\DS Clock Help.lnk",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Tablet PC\\Desktop.ini",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Games",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\desktop.ini",
"C:\\Windows\\AppPatch\\sysmain.sdb",
"C:\\Users",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Desktop.ini",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup",
"C:\\Users\\",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\desktop.ini",
"C:\\Program Files (x86)\\DS Clock\\",
"C:\\Users\\Public\\desktop.ini",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\",
"C:\\Users\\Public",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\desktop.ini",
"C:\\ProgramData\\Microsoft",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows",
"C:\\Users\\cuck\\Desktop\\desktop.ini",
"C:\\Program Files (x86)\\",
"C:\\Users\\cuck\\AppData\\Roaming",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Windows PowerShell\\desktop.ini",
"C:\\Users\\desktop.ini",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Internet Explorer",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\Desktop.ini",
"C:\\Users\\cuck",
"C:\\Users\\cuck\\AppData\\Local\\",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu",
"C:\\ProgramData\\Microsoft\\Windows",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\DS Clock\\DS Clock.lnk",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\DS Clock",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\Desktop.ini",
"C:\\Program Files (x86)\\Mozilla Firefox\\",
"C:\\Program Files (x86)\\DS Clock\\dsclock.exe",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Python 2.7",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\desktop.ini",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Games\\desktop.ini",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Windows PowerShell",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\desktop.ini",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Desktop.ini",
"C:\\Program Files (x86)\\desktop.ini",
"C:\\Users\\cuck\\AppData\\",
"C:\\Users\\Public\\Desktop\\desktop.ini"
],
"regkey_opened": [
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\F05C8358C56DAD54BB81D0A11DD52F41",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\8D0CBB37A94C46943A90AC5008CF1CC9",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\0F4DC93AAA8AD1D448BC4E6A207F4FE0",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\895805CC90C04694887EF6BD140A622D",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\BE0BD5097A638224EB0DAAE870267F03",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\B06071FE021ECB04E8B3BF1E39AD5BB3",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\CDBF699A8F2EAC2438564C3D50E9E638",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\5B5C8B2FB95B57147954C18085D53ACE",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\040E2A370D6DB2F45AE45A0032BC2179",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\3D197E722531D614AB40C182904D9A31",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\0EF52818FCE3E7B488427C1F8266654E",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\669C9DC1419C0F240B35B36B99AAB50C",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\1E82F31DC0D05AA4CB291B7BAA23FC8E",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\FBEAAA6C37E8AF24B87AAEA0047433BD",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\103857F24A2EDA54A800A41FA570861F",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\D3541DFF9B79C584284E8981624C04CB",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\F356843B045CC0A4BA0D83C1D85AAAFD",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\A7E9995902A24964C9C5D461E1C86F19",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\87C48B95924E3294FBC1766C9225DD0C",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\E85E64F0A7FC58E47A87E5AB98A6F2DD",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\958C4A0DE6C8D5C428C6E9D875BC33B6",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\4486F7CE8F022FB4EB0154C5226C27A0",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\B1D5EA6004F809D48B117CE563261011",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\33AB3CD4D27277545B5A93CD4ECB96B4",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\5E429E5BC27530F4786481EC687D9EC9",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\7FE547D6F0D72534A80F89C4AB727618",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\AE5A0040C41ACA642AF6DB16F4D2F638",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\0411990C889EE9B47BB0B5D356564877",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\2FA90A429E82313489DAA2E2C2F0872C",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\75B368B60C908BA4E87C31F66B02F3F0",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\5B04950B5EC5C924B8F428B5484A2720",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\89DF671CDA74E9D4EB10275B10D5CF3F",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\CB2182A03B6B11341A1F09A021991CE1",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\62293D511DB84E5489074C5AFA18E882",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\9D22CD4619F5DBC499A083AAD70FE7B3",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\FF9FDEA72CD9DDC47A6DAB85F9F76B81",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\7BF7ABF4D25C03F4582D4BC3082FB208",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\E40FDF839772BEB41AC977860DBB4853",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\CE5B971A0DBB8FD4F83AE0DADC348104",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\CF65AB832507EDB4BB357F9D8E0431BD",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\63B1AF366905AF641BA514CCBAE803C4",
"HKEY_LOCAL_MACHINE\\Software\\Classes\\Installer\\Products\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\8691BCC36FF121849A90B085BFAF5E5E",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\F591EF48DE97A00428A5BC1AFFFAA868",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\Managed\\S-1-5-21-699399860-4089948139-3198924279-1001\\Installer\\Products\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\285499F23409ED14FB4A01230F5DFA91",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\9BA984AD4F03E284382FFBB7A68BEE27",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\4FE19F224928A59468049F045950CB08",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\84C584688CFC74A4E9D36E5EE2E02FA7",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\9F5ED6B416EF0A1448D94799D0FF20BA",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\7FEB01D34D0F67E4F9CD810B432C1B91",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\4514EC211C8947C4B9BA24F353AFFD50",
"HKEY_LOCAL_MACHINE\\Software\\Classes\\Installer\\Features\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\4FE462B32EFD81040A184ED17E00452B",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\7814D91294731FF4DBBB840810BEB3BB",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\67C12EF40671B7342A2F990919031A57",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\B4BBDDC88CEE4DD439E8BB261CE222A8",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\296744B7EBFEB2741A47781AE6E32269",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\92F9143E715DEF045A539256438E41FB",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\8020CF43278B2644190F51544810251E",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Installer\\Features\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\B690B72A999998C47B5F93C94A8D43B2",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\30FAECE2400494D4FB69207288EB5B73",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\16AC40BE991DF1643B2800729063B2F9",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Installer\\Products\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\7C0477DE66D1A6749864FCE02A6DCB6C",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\D5FD8239A83FE564F97379EA15CE8CB6",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\04C56B5D827A9194FA2CBFD014EAD0DA",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\4626147D107665540A84D43A5908E74D",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\A558E619ABC4CE5479C1DA5070EFBF81",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\18D84E9490A485948A17A1F02CDAA62A",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\315C767EFC72D8445B1D2D16F72653F0",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\11E2BA15171FE704B98E7505E58D7749",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\8D38A6F5FC8262149A9FAAE8C621EE3F",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\8ECC347096FA78C4E8291F449F71E16E",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\FE056816E41FD2F4CACD03E7A2CA2E6E",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\89BBBC8A0D32B014696C4BA3C20CDD34",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\9DD74C0626DC33C479C1929714AB5295",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\95E2C34402A93A14FA8CB3420B85375C",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\53F08364FFD17F14B8FD7CA7F52FAE76",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\C1EF68F348457B246A0AD0C18B3079AF",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\E116C831A95AB5B4787CE3086FE83631",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\863CA21BBA4DFCE489FDF96EAB898616",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\A0256FF64030E0746A4AA95D3FFD0BE4",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\1A0857155A8EF604FA5D1648CF382DC7",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\8D04063BE69797D4D8505462827A0D19",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\FFFA6DF7EA9EDFC45A1F02FE6DF8F067",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\73964AA699D5B5140ADC41ED3F7DB38A",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\9753E3A35E3BDFB468DF95B5D19C8A04",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Action Center\\Checks\\{01979c6a-42fa-414c-b8aa-eee2c8202018}.check.100",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\Managed\\S-1-5-21-699399860-4089948139-3198924279-1001\\Installer\\Features\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\D725CB8E57307E64EB574E04214D8B5F",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\1C1ED53B8F25FD248955C15232E46886",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StuckRects2",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\18F5DB38C45303843B06B1B5025E4820",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\AD21E12039BB3BC47B1938BC4ABDFEE2",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\034A8F8E06031EF46BCB4C10469098E5",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\C4040CC509FB0DC4886F590DDF6B6132",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\84BBAC70FB00B6046881B55CB3122F0F",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\F21868A51A175874BB819DCA5FAA40A3",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\0A191B45599EEB74CA305184EA3C2A94",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\3C68656E520593A45925ADFB41F821B5",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\90860AAA7BD3DE34EB32330DD29CAD62",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\002F6EFFA8A0A40498F3035BD153685A",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StartPage\\NewShortcuts",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\F41A458014D57E54E8DBD0B0CBC361A2",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\9E40FDB6330EBA242A4BD5F4FDD0B803",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\5E3DAE67887931944BCD7171908FA775",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\965742E8F65116F4BB2CB01341464FA7",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\717591555BCB1604BA9777E8A55D0E41",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\335F6F64CD461D9469519574D34757EB",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\17E23EF6C775D324DB90E0E2B7D1CA72",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\0FD387D006FD9734FA65B249F36DE42A",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\95EE473833000D6409127D1B85882AC9",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\EEF8AA9EB45B5DB4BBE46B8634C910CD",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Products\\586A8930D8DF3B6489614C37910BFCF5\\Features",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\7636A94AA21EDBB48B6AFFB17E5907B8"
],
"regkey_deleted": [
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Shell\\Bags\\1\\Desktop\\GroupCollapseState",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Shell\\Bags\\1\\Desktop\\ItemOrder",
"HKEY_CURRENT_USER\\System\\CurrentControlSet\\Control\\Network\\ShowWirelessConnectingOnStart",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Shell\\Bags\\1\\Desktop\\ItemPos800x600x96(1)"
],
"file_exists": [
"C:\\ProgramData",
"C:\\Users\\cuck\\Desktop",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\DS Clock\\DS Clock.lnk",
"C:\\cuckoo_2636.ini",
"C:\\Python27\\pythonw.exe",
"C:\\cuckoo_2828.ini",
"C:\\cuckoo_2700.ini",
"C:\\cuckoo_2256.ini",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\is-6QC0S.tmp\\c377d2bfb91b3167f78e37ed202a391e174323b2399b75fac291322d3865c60a.tmp",
"C:\\Python27\\python.exe",
"C:\\cuckoo_1788.ini",
"C:\\cuckoo_2572.ini",
"C:\\Program Files (x86)\\DS Clock\\dsclock.exe",
"C:\\Program Files (x86)",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu",
"C:\\Program Files (x86)\\DS Clock",
"C:\\Program Files (x86)\\DS Clock\\dsclock.chm",
"C:\\cuckoo_264.ini",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\DS Clock\\DS Clock Help.lnk",
"C:\\Users\\Public\\Desktop",
"C:\\Program Files (x86)\\Mozilla Firefox\\firefox.exe"
],
"mutex": [
"Local\\Shell.CMruPidlList"
],
"file_failed": [
"C:\\cuckoo_264.ini",
"C:\\ProgramData\\Microsoft\\desktop.ini",
"C:\\cuckoo_1788.ini",
"C:\\cuckoo_2572.ini",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\desktop.ini",
"C:\\cuckoo_2828.ini",
"C:\\cuckoo_2700.ini"
],
"guid": [
"{9b63616c-36b2-46bc-959f-c1593952d19b}",
"{1a1f4206-0688-4e7f-be03-d82ec69df9a5}",
"{c08956a2-1cd3-11d1-b1c5-00805fc1270e}",
"{42aedc87-2188-41fd-b9a3-0c966feabec1}",
"{a47979d2-c419-11d9-a5b4-001185ad2b89}",
"{00000000-0000-0000-c000-000000000046}",
"{46a6eeff-908e-4dc6-92a6-64be9177b41c}",
"{7007acc7-3202-11d1-aad2-00805fc1270e}",
"{d0074ffd-570f-4a9b-8d69-199fdba5723b}",
"{2fb499a3-cfce-480f-a5f3-2453db7a2b7a}",
"{ba126ad1-2166-11d1-b1d0-00805fc1270e}",
"{faedcf69-31fe-11d1-aad2-00805fc1270e}",
"{660b90c8-73a9-4b58-8cae-355b7f55341b}",
"{ba126ae5-2166-11d1-b1d0-00805fc1270e}",
"{76765b11-3f95-4af2-ac9d-ea55d8994f1a}",
"{000214e6-0000-0000-c000-000000000046}"
],
"file_read": [
"C:\\Program Files (x86)\\DS Clock\\dsclock.exe",
"C:\\Users\\cuck\\Desktop\\desktop.ini",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Games\\desktop.ini",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Desktop.ini",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\desktop.ini",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Windows PowerShell\\desktop.ini",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\desktop.ini",
"C:\\Users\\desktop.ini",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\DS Clock\\DS Clock.lnk",
"C:\\Users\\Public\\desktop.ini",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\desktop.ini",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Accessibility\\Desktop.ini",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\DS Clock\\DS Clock Help.lnk",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\desktop.ini",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\desktop.ini",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\desktop.ini",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\Tablet PC\\Desktop.ini",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Desktop.ini",
"C:\\Program Files (x86)\\desktop.ini",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\Desktop.ini",
"C:\\Users\\Public\\Desktop\\desktop.ini"
],
"regkey_read": [
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\0A191B45599EEB74CA305184EA3C2A94\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\67C12EF40671B7342A2F990919031A57\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\90860AAA7BD3DE34EB32330DD29CAD62\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\\rhqprqvg.rkr",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Npprffbevrf\\Erzbgr Qrfxgbc Pbaarpgvba.yax",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\Zvpebfbsg.VagreargRkcybere.Qrsnhyg",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\CF65AB832507EDB4BB357F9D8E0431BD\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2227A280-3AEA-1069-A2DE-08002B30309D}\\ShellFolder\\PinToNameSpaceTree",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\E85E64F0A7FC58E47A87E5AB98A6F2DD\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Shell\\BagMRU Size",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\8D04063BE69797D4D8505462827A0D19\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{9113A02D-00A3-46B9-BC5F-9C04DADDD5D7}\\ShellFolder\\HideOnDesktopPerUser",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Npprffbevrf\\Gnoyrg CP\\FuncrPbyyrpgbe.yax",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Favorites",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\NoFileFolderJunction",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Nqzvavfgengvir Gbbyf\\Jvaqbjf Sverjnyy jvgu Nqinaprq Frphevgl.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{35786D3C-B075-49B9-88DD-029876E11C01}\\ShellFolder\\RestrictedAttributes",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Znvagranapr\\Erzbgr Nffvfgnapr.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{35786D3C-B075-49B9-88DD-029876E11C01}\\ShellFolder\\WantsParseDisplayName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{9113A02D-00A3-46B9-BC5F-9C04DADDD5D7}\\ShellFolder\\WantsUniversalDelegate",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\\zntavsl.rkr",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{7007ACC7-3202-11D1-AAD2-00805FC1270E}\\ShellFolder\\Attributes",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\Zvpebfbsg.NhgbTrarengrq.{NN198O3P-PQ8P-7QR1-98Q1-O460S637193O}",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\\JvaqbjfNalgvzrHctenqrHV.rkr",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{6Q809377-6NS0-444O-8957-N3773S02200R}\\QIQ Znxre\\QIQZnxre.rkr",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2227A280-3AEA-1069-A2DE-08002B30309D}\\ShellFolder\\NoFileFolderJunction",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\863CA21BBA4DFCE489FDF96EAB898616\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\1E82F31DC0D05AA4CB291B7BAA23FC8E\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\B4BBDDC88CEE4DD439E8BB261CE222A8\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\ClearRecentDocsOnExit",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\0411990C889EE9B47BB0B5D356564877\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{35786D3C-B075-49B9-88DD-029876E11C01}\\ShellFolder\\NoFileFolderJunction",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{B155BDF8-02F0-451E-9A26-AE317CFD7779}\\ShellFolder\\MapNetDriveVerbs",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\RestrictedAttributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\D3541DFF9B79C584284E8981624C04CB\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{B155BDF8-02F0-451E-9A26-AE317CFD7779}\\ShellFolder\\QueryForInfoTip",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Npprffbevrf\\Zngu Vachg Cnary.yax",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Npprffbevrf\\Jvaqbjf CbjreFuryy\\Jvaqbjf CbjreFuryy VFR.yax",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Taskband\\FavoritesChanges",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{9113A02D-00A3-46B9-BC5F-9C04DADDD5D7}\\ShellFolder\\UseDropHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\285499F23409ED14FB4A01230F5DFA91\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{B155BDF8-02F0-451E-9A26-AE317CFD7779}\\ShellFolder\\WantsParseDisplayName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\7BF7ABF4D25C03F4582D4BC3082FB208\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\A7E9995902A24964C9C5D461E1C86F19\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\8691BCC36FF121849A90B085BFAF5E5E\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Npprffbevrf\\Jvaqbjf CbjreFuryy\\Jvaqbjf CbjreFuryy (k86).yax",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StartPage2\\FavoritesChanges",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{7007ACC7-3202-11D1-AAD2-00805FC1270E}\\ShellFolder\\HideInWebView",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\FE056816E41FD2F4CACD03E7A2CA2E6E\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{35786D3C-B075-49B9-88DD-029876E11C01}\\ShellFolder\\MapNetDriveVerbs",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\Zvpebfbsg.Jvaqbjf.TrggvatFgnegrq",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{7007ACC7-3202-11D1-AAD2-00805FC1270E}\\ShellFolder\\WantsAliasedNotifications",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\\FavccvatGbby.rkr",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_LargeMFUIcons",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Npprffbevrf\\Flap Pragre.yax",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Npprffbevrf\\Flfgrz Gbbyf\\qsethv.yax",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Npprffbevrf\\ArgjbexCebwrpgvba.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\103857F24A2EDA54A800A41FA570861F\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\Zvpebfbsg.NhgbTrarengrq.{P1P6S8NP-40N3-0S5P-146S-65N9QP70OOO4}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace\\DelegateFolders\\{9113A02D-00A3-46B9-BC5F-9C04DADDD5D7}\\SuppressionPolicy",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\AE5A0040C41ACA642AF6DB16F4D2F638\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\\freivprf.zfp",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Taskband\\FavoritesRemovedChanges",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StartPage\\StartMenu_Balloon_Time",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\95E2C34402A93A14FA8CB3420B85375C\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\7FEB01D34D0F67E4F9CD810B432C1B91\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace\\DelegateFolders\\{b155bdf8-02f0-451e-9a26-ae317cfd7779}\\SuppressionPolicy",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{B155BDF8-02F0-451E-9A26-AE317CFD7779}\\ShellFolder\\NoFileFolderJunction",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\FF9FDEA72CD9DDC47A6DAB85F9F76B81\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{9113A02D-00A3-46B9-BC5F-9C04DADDD5D7}\\ShellFolder\\CallForAttributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2227A280-3AEA-1069-A2DE-08002B30309D}\\LocalizedString",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Npprffbevrf\\Pnyphyngbe.yax",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Npprffbevrf\\Flfgrz Gbbyf\\Qvfx Pyrnahc.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\296744B7EBFEB2741A47781AE6E32269\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\Zvpebfbsg.Jvaqbjf.FgvpxlAbgrf",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2227A280-3AEA-1069-A2DE-08002B30309D}\\ShellFolder\\HideOnDesktopPerUser",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\Zvpebfbsg.Jvaqbjf.ZrqvnCynlre32",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{N77S5Q77-2R2O-44P3-N6N2-NON601054N51}\\Npprffbevrf\\Jvaqbjf Rkcybere.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{9113A02D-00A3-46B9-BC5F-9C04DADDD5D7}\\ShellFolder\\PinToNameSpaceTree",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.chm\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{9113A02D-00A3-46B9-BC5F-9C04DADDD5D7}\\ShellFolder\\WantsParseDisplayName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\62293D511DB84E5489074C5AFA18E882\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{7007ACC7-3202-11D1-AAD2-00805FC1270E}\\System.ItemNameDisplay",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\7636A94AA21EDBB48B6AFFB17E5907B8\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{9R3995NO-1S9P-4S13-O827-48O24O6P7174}\\GnfxOne\\Jvaqbjf Rkcybere.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\8ECC347096FA78C4E8291F449F71E16E\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{Q65231O0-O2S1-4857-N4PR-N8R7P6RN7Q27}\\JvaqbjfCbjreFuryy\\i1.0\\CbjreFuryy_VFR.rkr",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Nqzvavfgengvir Gbbyf\\Jvaqbjf CbjreFuryy Zbqhyrf.yax",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\Zvpebfbsg.NhgbTrarengrq.{OQ3S924R-55SO-N1ON-9QR6-O50S9S2460NP}",
"HKEY_CURRENT_USER\\Local Settings\\MuiCache\\2\\52C64B7E\\@C:\\Windows\\system32\\netshell.dll,-1200",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\5E429E5BC27530F4786481EC687D9EC9\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\9BA984AD4F03E284382FFBB7A68BEE27\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\89DF671CDA74E9D4EB10275B10D5CF3F\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\MapNetDriveVerbs",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{35786D3C-B075-49B9-88DD-029876E11C01}\\ShellFolder\\WantsFORDISPLAY",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Npprffbevrf\\Gnoyrg CP\\Jvaqbjf Wbheany.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{B155BDF8-02F0-451E-9A26-AE317CFD7779}\\ShellFolder\\HasNavigationEnum",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\\pnyp.rkr",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Npprffbevrf\\Jvaqbjf CbjreFuryy\\Jvaqbjf CbjreFuryy VFR (k86).yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Features\\586A8930D8DF3B6489614C37910BFCF5\\TclTk",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Znvagranapr\\Perngr Erpbirel Qvfp.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\895805CC90C04694887EF6BD140A622D\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\\zfen.rkr",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\chm.file\\IsShortcut",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{B155BDF8-02F0-451E-9A26-AE317CFD7779}\\ShellFolder\\CallForAttributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{B155BDF8-02F0-451E-9A26-AE317CFD7779}\\ShellFolder\\Attributes",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{9R3995NO-1S9P-4S13-O827-48O24O6P7174}\\GnfxOne\\Jvaqbjf Zrqvn Cynlre.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\89BBBC8A0D32B014696C4BA3C20CDD34\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Jvaqbjf Nalgvzr Hctenqr.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\4626147D107665540A84D43A5908E74D\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Products\\586A8930D8DF3B6489614C37910BFCF5\\Features\\DefaultFeature",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Fvqrone.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{35786D3C-B075-49B9-88DD-029876E11C01}\\ShellFolder\\WantsUniversalDelegate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_MinMFU",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{N77S5Q77-2R2O-44P3-N6N2-NON601054N51}\\Npprffbevrf\\Flfgrz Gbbyf\\Cevingr Punenpgre Rqvgbe.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\4486F7CE8F022FB4EB0154C5226C27A0\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\UseDropHandler",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{N77S5Q77-2R2O-44P3-N6N2-NON601054N51}\\Vagrearg Rkcybere.yax",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\\qsethv.rkr",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\F05C8358C56DAD54BB81D0A11DD52F41\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{ED228FDF-9EA8-4870-83B1-96B02CFE0D52}\\SortOrderIndex",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{9113A02D-00A3-46B9-BC5F-9C04DADDD5D7}\\ShellFolder\\WantsFORPARSING",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\\zboflap.rkr",
"HKEY_CURRENT_USER\\Local Settings\\MuiCache\\2\\52C64B7E\\@C:\\Windows\\system32\\SNTSearch.dll,-505",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{B155BDF8-02F0-451E-9A26-AE317CFD7779}\\ShellFolder\\PinToNameSpaceTree",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\9DD74C0626DC33C479C1929714AB5295\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_TrackProgs",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\\FbhaqErpbeqre.rkr",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\002F6EFFA8A0A40498F3035BD153685A\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{7P5N40RS-N0SO-4OSP-874N-P0S2R0O9SN8R}\\QF Pybpx\\qfpybpx.rkr",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\WantsParseDisplayName",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\\efgehv.rkr",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{7007ACC7-3202-11D1-AAD2-00805FC1270E}\\InProcServer32\\(Default)",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{6Q809377-6NS0-444O-8957-N3773S02200R}\\Pbzzba Svyrf\\Zvpebfbsg Funerq\\Vax\\zvc.rkr",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{35786D3C-B075-49B9-88DD-029876E11C01}\\ShellFolder\\HasNavigationEnum",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\717591555BCB1604BA9777E8A55D0E41\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Nqzvavfgengvir Gbbyf\\vFPFV Vavgvngbe.yax",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\\bqopnq32.rkr",
"HKEY_CURRENT_USER\\Local Settings\\MuiCache\\2\\52C64B7E\\@C:\\Windows\\system32\\displayswitch.exe,-320",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_MinMFU",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\9753E3A35E3BDFB468DF95B5D19C8A04\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\R7PS176R110P211O",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{7007ACC7-3202-11D1-AAD2-00805FC1270E}\\ShellFolder\\RestrictedAttributes",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\Zvpebfbsg.NhgbTrarengrq.{Q4N262QQ-PR44-Q105-S36O-9Q77N8PO65N4}",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\\zfcnvag.rkr",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Installer\\Features\\586A8930D8DF3B6489614C37910BFCF5\\DefaultFeature",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{B155BDF8-02F0-451E-9A26-AE317CFD7779}\\ShellFolder\\UseDropHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{35786D3C-B075-49B9-88DD-029876E11C01}\\ShellFolder\\QueryForOverlay",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\4FE462B32EFD81040A184ED17E00452B\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\WantsFORDISPLAY",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Npprffbevrf\\Flfgrz Gbbyf\\Erfbhepr Zbavgbe.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2227A280-3AEA-1069-A2DE-08002B30309D}\\ShellFolder\\WantsParseDisplayName",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\KCF Ivrjre.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\QueryForInfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2227A280-3AEA-1069-A2DE-08002B30309D}\\ShellFolder\\WantsFORDISPLAY",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{9R3995NO-1S9P-4S13-O827-48O24O6P7174}\\GnfxOne\\Vagrearg Rkcybere.yax",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Programs",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Jvaqbjf Zrqvn Cynlre.yax",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Npprffbevrf\\Jbeqcnq.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\4514EC211C8947C4B9BA24F353AFFD50\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{35786D3C-B075-49B9-88DD-029876E11C01}\\ShellFolder\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2227A280-3AEA-1069-A2DE-08002B30309D}\\ShellFolder\\UseDropHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\8020CF43278B2644190F51544810251E\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Zrqvn Pragre.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\A0256FF64030E0746A4AA95D3FFD0BE4\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\C4040CC509FB0DC4886F590DDF6B6132\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{7007ACC7-3202-11D1-AAD2-00805FC1270E}\\ShellFolder\\WantsFORPARSING",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{B155BDF8-02F0-451E-9A26-AE317CFD7779}\\ShellFolder\\WantsFORPARSING",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\\JvaqbjfCbjreFuryy\\i1.0\\cbjrefuryy.rkr",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{9113A02D-00A3-46B9-BC5F-9C04DADDD5D7}\\ShellFolder\\HideInWebView",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\0EF52818FCE3E7B488427C1F8266654E\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\7C0477DE66D1A6749864FCE02A6DCB6C\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace\\DelegateFolders\\{35786D3C-B075-49b9-88DD-029876E11C01}\\SuppressionPolicy",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\0F4DC93AAA8AD1D448BC4E6A207F4FE0\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\\erpqvfp.rkr",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\P:\\Clguba27\\clguba.rkr",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{00021401-0000-0000-C000-000000000046}\\EnableShareDenyNone",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\D725CB8E57307E64EB574E04214D8B5F\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Npprffbevrf\\Flfgrz Gbbyf\\Punenpgre Znc.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{B155BDF8-02F0-451E-9A26-AE317CFD7779}\\ShellFolder\\HideInWebView",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Desktop",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2227A280-3AEA-1069-A2DE-08002B30309D}\\ShellFolder\\QueryForInfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\CE5B971A0DBB8FD4F83AE0DADC348104\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2227A280-3AEA-1069-A2DE-08002B30309D}\\ShellFolder\\WantsFORPARSING",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{35786D3C-B075-49B9-88DD-029876E11C01}\\ShellFolder\\HideFolderVerbs",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ProgramFilesDir (x86)",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\Zvpebfbsg.VagreargRkcybere.64Ovg",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.chm\\PerceivedType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{7007ACC7-3202-11D1-AAD2-00805FC1270E}\\ShellFolder\\MapNetDriveVerbs",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Nqzvavfgengvir Gbbyf\\Rirag Ivrjre.yax",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Npprffbevrf\\Gnoyrg CP\\GnoGvc.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{B155BDF8-02F0-451E-9A26-AE317CFD7779}\\ShellFolder\\HideFolderVerbs",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2227A280-3AEA-1069-A2DE-08002B30309D}\\ShellFolder\\WantsAliasedNotifications",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StartPage2\\FavoritesRemovedChanges",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\HasNavigationEnum",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{9R3995NO-1S9P-4S13-O827-48O24O6P7174}\\GnfxOne\\Sversbk.yax",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Nqzvavfgengvir Gbbyf\\Qngn Fbheprf (BQOP).yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\315C767EFC72D8445B1D2D16F72653F0\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\Zvpebfbsg.NhgbTrarengrq.{7SR8Q22N-SO1Q-N8OR-01R3-6P8693961R6R}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\3D197E722531D614AB40C182904D9A31\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{6Q809377-6NS0-444O-8957-N3773S02200R}\\Pbzzba Svyrf\\Zvpebfbsg Funerq\\Vax\\FuncrPbyyrpgbe.rkr",
"HKEY_CURRENT_USER\\Local Settings\\MuiCache\\2\\52C64B7E\\@C:\\Windows\\system32\\mstsc.exe,-4000",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2227A280-3AEA-1069-A2DE-08002B30309D}\\ShellFolder\\CallForAttributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\958C4A0DE6C8D5C428C6E9D875BC33B6\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\84C584688CFC74A4E9D36E5EE2E02FA7\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Npprffbevrf\\qvfcynlfjvgpu.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace\\DelegateFolders\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MyComputer\\NameSpace\\DelegateFolders\\SuppressionPolicy",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{S38OS404-1Q43-42S2-9305-67QR0O28SP23}\\rkcybere.rkr",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2227A280-3AEA-1069-A2DE-08002B30309D}\\System.ItemNameDisplay",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\1A0857155A8EF604FA5D1648CF382DC7\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{9113A02D-00A3-46B9-BC5F-9C04DADDD5D7}\\ShellFolder\\WantsFORDISPLAY",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Shell\\BagMRU\\NodeSlots",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{B155BDF8-02F0-451E-9A26-AE317CFD7779}\\ShellFolder\\RestrictedAttributes",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Sversbk.yax",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Nqzvavfgengvir Gbbyf\\Pbzcbarag Freivprf.yax",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\\JS.zfp",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\17E23EF6C775D324DB90E0E2B7D1CA72\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{6Q809377-6NS0-444O-8957-N3773S02200R}\\Pbzzba Svyrf\\Zvpebfbsg Funerq\\Vax\\GnoGvc.rkr",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{7007ACC7-3202-11D1-AAD2-00805FC1270E}\\ShellFolder\\HideOnDesktopPerUser",
"HKEY_CURRENT_USER\\Local Settings\\MuiCache\\2\\52C64B7E\\@C:\\Windows\\system32\\FXSRESM.dll,-114",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\WantsFORPARSING",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_NotifyNewApps",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Shell\\BagMRU\\NodeSlot",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\63B1AF366905AF641BA514CCBAE803C4\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\B06071FE021ECB04E8B3BF1E39AD5BB3\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Nqzvavfgengvir Gbbyf\\Gnfx Fpurqhyre.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\84BBAC70FB00B6046881B55CB3122F0F\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\QueryForOverlay",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum\\{35786D3C-B075-49B9-88DD-029876E11C01}",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{N77S5Q77-2R2O-44P3-N6N2-NON601054N51}\\Vagrearg Rkcybere (64-ovg).yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{35786D3C-B075-49B9-88DD-029876E11C01}\\ShellFolder\\WantsFORPARSING",
"HKEY_CURRENT_USER\\Local Settings\\MuiCache\\2\\52C64B7E\\@C:\\Windows\\system32\\prnfldr.dll,-8036",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum\\{B155BDF8-02F0-451E-9A26-AE317CFD7779}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\chm.file\\NeverShowExt",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Npprffbevrf\\Fgvpxl Abgrf.yax",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\\JSF.rkr",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\040E2A370D6DB2F45AE45A0032BC2179\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{35786D3C-B075-49B9-88DD-029876E11C01}\\ShellFolder\\HideOnDesktopPerUser",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\5B04950B5EC5C924B8F428B5484A2720\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\\pzq.rkr",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StartPage\\FavoritesRemovedChanges",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\E40FDF839772BEB41AC977860DBB4853\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Npprffbevrf\\Cnvag.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\WantsAliasedNotifications",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Npprffbevrf\\Npprffvovyvgl\\Fcrrpu Erpbtavgvba.yax",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\\ArgCebw.rkr",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2227A280-3AEA-1069-A2DE-08002B30309D}\\ShellFolder\\QueryForOverlay",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{7007ACC7-3202-11D1-AAD2-00805FC1270E}\\ShellFolder\\HideFolderVerbs",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\FBEAAA6C37E8AF24B87AAEA0047433BD\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{N77S5Q77-2R2O-44P3-N6N2-NON601054N51}\\Npprffbevrf\\Abgrcnq.yax",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Clguba 2.7\\Clguba (pbzznaq yvar).yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{B155BDF8-02F0-451E-9A26-AE317CFD7779}\\ShellFolder\\WantsFORDISPLAY",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Nqzvavfgengvir Gbbyf\\Cresbeznapr Zbavgbe.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{9113A02D-00A3-46B9-BC5F-9C04DADDD5D7}\\ShellFolder\\QueryForInfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\53F08364FFD17F14B8FD7CA7F52FAE76\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\chm.file\\DocObject",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\\cevagznantrzrag.zfp",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\HideOnDesktopPerUser",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\Zvpebfbsg.Jvaqbjf.ErzbgrQrfxgbc",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Npprffbevrf\\Fbhaq Erpbeqre.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{7007ACC7-3202-11D1-AAD2-00805FC1270E}\\ShellFolder\\QueryForOverlay",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\\bfx.rkr",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_TrackProgs",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\{28636AA6-953D-11D2-B5D6-00C04FD918D0} 6",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{7007ACC7-3202-11D1-AAD2-00805FC1270E}\\InProcServer32\\LoadWithoutCOM",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Npprffbevrf\\Flfgrz Gbbyf\\Jvaqbjf Rnfl Genafsre Ercbegf.yax",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_LargeMFUIcons",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{7007ACC7-3202-11D1-AAD2-00805FC1270E}\\{B725F130-47EF-101A-A5F1-02608C9EEBAC} 10",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\9F5ED6B416EF0A1448D94799D0FF20BA\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Nqzvavfgengvir Gbbyf\\Flfgrz Pbasvthengvba.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\04C56B5D827A9194FA2CBFD014EAD0DA\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Start Menu",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2227A280-3AEA-1069-A2DE-08002B30309D}\\ShellFolder\\WantsUniversalDelegate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{B155BDF8-02F0-451E-9A26-AE317CFD7779}\\ShellFolder\\QueryForOverlay",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Npprffbevrf\\Flfgrz Gbbyf\\Flfgrz Erfgber.yax",
"HKEY_CURRENT_USER\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\TrayNotify\\PromotedIconCache",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\\abgrcnq.rkr",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\\qvfcynlfjvgpu.rkr",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\9D22CD4619F5DBC499A083AAD70FE7B3\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\034A8F8E06031EF46BCB4C10469098E5\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{7007ACC7-3202-11D1-AAD2-00805FC1270E}\\ShellFolder\\WantsUniversalDelegate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\Attributes",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Npprffbevrf\\Favccvat Gbby.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{7007ACC7-3202-11D1-AAD2-00805FC1270E}\\ShellFolder\\WantsFORDISPLAY",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\Zvpebfbsg.NhgbTrarengrq.{P804OON7-SN5S-POS7-8O55-2096R5S972PO}",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\\zvtjvm\\cbfgzvt.rkr",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\PinToNameSpaceTree",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\chm.file\\AlwaysShowExt",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Nqzvavfgengvir Gbbyf\\Cevag Znantrzrag.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum\\{2227A280-3AEA-1069-A2DE-08002B30309D}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{9113A02D-00A3-46B9-BC5F-9C04DADDD5D7}\\ShellFolder\\MapNetDriveVerbs",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\F356843B045CC0A4BA0D83C1D85AAAFD\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\System.NamespaceCLSID",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{N77S5Q77-2R2O-44P3-N6N2-NON601054N51}\\Npprffbevrf\\Npprffvovyvgl\\Zntavsl.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\C1EF68F348457B246A0AD0C18B3079AF\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{6Q809377-6NS0-444O-8957-N3773S02200R}\\Jvaqbjf Wbheany\\Wbheany.rkr",
"HKEY_CURRENT_USER\\Local Settings\\MuiCache\\2\\52C64B7E\\@C:\\Windows\\system32\\SnippingTool.exe,-15051",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Jvaqbjf Snk naq Fpna.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\F591EF48DE97A00428A5BC1AFFFAA868\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum\\{9113A02D-00A3-46B9-BC5F-9C04DADDD5D7}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\4FE19F224928A59468049F045950CB08\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\669C9DC1419C0F240B35B36B99AAB50C\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\\kcfepuij.rkr",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\2FA90A429E82313489DAA2E2C2F0872C\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{N77S5Q77-2R2O-44P3-N6N2-NON601054N51}\\Npprffbevrf\\Pbzznaq Cebzcg.yax",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\\aneengbe.rkr",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\Zvpebfbsg.NhgbTrarengrq.{8NN47365-O2O3-1961-69RO-S866R376O12S}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\87C48B95924E3294FBC1766C9225DD0C\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\92F9143E715DEF045A539256438E41FB\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Clguba 2.7\\Zbqhyr Qbpf.yax",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\Zvpebfbsg.Jvaqbjf.ZrqvnPragre",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\AppData",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Npprffbevrf\\Flfgrz Gbbyf\\Gnfx Fpurqhyre.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\B1D5EA6004F809D48B117CE563261011\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{9E3995AB-1F9C-4F13-B827-48B24B6C7174}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{35786D3C-B075-49B9-88DD-029876E11C01}\\ShellFolder\\UseDropHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{35786D3C-B075-49B9-88DD-029876E11C01}\\ShellFolder\\HideInWebView",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{9113A02D-00A3-46B9-BC5F-9C04DADDD5D7}\\ShellFolder\\QueryForOverlay",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\335F6F64CD461D9469519574D34757EB\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{Q65231O0-O2S1-4857-N4PR-N8R7P6RN7Q27}\\JvaqbjfCbjreFuryy\\i1.0\\cbjrefuryy.rkr",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{35786D3C-B075-49B9-88DD-029876E11C01}\\ShellFolder\\PinToNameSpaceTree",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\WantsUniversalDelegate",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\\zfvasb32.rkr",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\F41A458014D57E54E8DBD0B0CBC361A2\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{B155BDF8-02F0-451E-9A26-AE317CFD7779}\\ShellFolder\\WantsUniversalDelegate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum\\{7007ACC7-3202-11D1-AAD2-00805FC1270E}",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\\ZqFpurq.rkr",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{9113A02D-00A3-46B9-BC5F-9C04DADDD5D7}\\ShellFolder\\Attributes",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\Zvpebfbsg.NhgbTrarengrq.{8NOQ94SO-R7Q6-84N6-N997-P918RQQR0NR5}",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Nqzvavfgengvir Gbbyf\\Frphevgl Pbasvthengvba Znantrzrag.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2227A280-3AEA-1069-A2DE-08002B30309D}\\ShellFolder\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{7007ACC7-3202-11D1-AAD2-00805FC1270E}\\ShellFolder\\HasNavigationEnum",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\7814D91294731FF4DBBB840810BEB3BB\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_CURRENT_USER\\Local Settings\\MuiCache\\2\\52C64B7E\\@C:\\Windows\\system32\\OobeFldr.dll,-33056",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\7FE547D6F0D72534A80F89C4AB727618\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\Zvpebfbsg.NhgbTrarengrq.{QNN168QR-4306-P8OP-8P11-O596240OQQRQ}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\33AB3CD4D27277545B5A93CD4ECB96B4\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{7007ACC7-3202-11D1-AAD2-00805FC1270E}\\ShellFolder\\WantsParseDisplayName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2227A280-3AEA-1069-A2DE-08002B30309D}\\ShellFolder\\RestrictedAttributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Drive\\shellex\\FolderExtensions\\{fbeb8a05-beee-4442-804e-409d6c4515e9}\\DriveMask",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\B690B72A999998C47B5F93C94A8D43B2\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\\puneznc.rkr",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{7007ACC7-3202-11D1-AAD2-00805FC1270E}\\ShellFolder\\PinToNameSpaceTree",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{7007ACC7-3202-11D1-AAD2-00805FC1270E}\\SortOrderIndex",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{7007ACC7-3202-11D1-AAD2-00805FC1270E}\\ShellFolder\\UseDropHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{B155BDF8-02F0-451E-9A26-AE317CFD7779}\\ShellFolder\\HideOnDesktopPerUser",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\8D0CBB37A94C46943A90AC5008CF1CC9\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\5E3DAE67887931944BCD7171908FA775\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{21EC2020-3AEA-1069-A2DD-08002B30309D}\\SortOrderIndex",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\D5FD8239A83FE564F97379EA15CE8CB6\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\\JvaqbjfCbjreFuryy\\i1.0\\CbjreFuryy_VFR.rkr",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{N77S5Q77-2R2O-44P3-N6N2-NON601054N51}\\Npprffbevrf\\Npprffvovyvgl\\Aneengbe.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2227A280-3AEA-1069-A2DE-08002B30309D}\\ShellFolder\\HideFolderVerbs",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\chm.file\\BrowseInPlace",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Shell Folders\\Cache",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{6Q809377-6NS0-444O-8957-N3773S02200R}\\Jvaqbjf AG\\Npprffbevrf\\jbeqcnq.rkr",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\0FD387D006FD9734FA65B249F36DE42A\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ProgramFilesDir",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\Zvpebfbsg.NhgbTrarengrq.{OO044OSQ-25O7-2SNN-22N8-6371N93R0456}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\E116C831A95AB5B4787CE3086FE83631\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\HideInWebView",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\FFFA6DF7EA9EDFC45A1F02FE6DF8F067\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\8D38A6F5FC8262149A9FAAE8C621EE3F\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\A558E619ABC4CE5479C1DA5070EFBF81\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{7007ACC7-3202-11D1-AAD2-00805FC1270E}\\LocalizedString",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\95EE473833000D6409127D1B85882AC9\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Products\\586A8930D8DF3B6489614C37910BFCF5\\Features\\TclTk",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Npprffbevrf\\Zbovyvgl Pragre.yax",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\Zvpebfbsg.NhgbTrarengrq.{53123611-QN37-S8QN-SNP9-03R76QO9Q64Q}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2227A280-3AEA-1069-A2DE-08002B30309D}\\{B725F130-47EF-101A-A5F1-02608C9EEBAC} 10",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\965742E8F65116F4BB2CB01341464FA7\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\73964AA699D5B5140ADC41ED3F7DB38A\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\\pyrnazte.rkr",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{9113A02D-00A3-46B9-BC5F-9C04DADDD5D7}\\ShellFolder\\HasNavigationEnum",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StartPage\\StartMenu_Balloon_Time",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Start_NotifyNewApps",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Npprffbevrf\\Jvaqbjf CbjreFuryy\\Jvaqbjf CbjreFuryy.yax",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{N77S5Q77-2R2O-44P3-N6N2-NON601054N51}\\Npprffbevrf\\Npprffvovyvgl\\Ba-Fperra Xrlobneq.yax",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\Zvpebfbsg.NhgbTrarengrq.{15067OP1-P5N8-425R-37P6-SN0O891674S9}",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Nqzvavfgengvir Gbbyf\\freivprf.yax",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\QF Pybpx\\QF Pybpx.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{9113A02D-00A3-46B9-BC5F-9C04DADDD5D7}\\ShellFolder\\RestrictedAttributes",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Nqzvavfgengvir Gbbyf\\Pbzchgre Znantrzrag.yax",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Npprffbevrf\\Jrypbzr Pragre.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\EEF8AA9EB45B5DB4BBE46B8634C910CD\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2227A280-3AEA-1069-A2DE-08002B30309D}\\ShellFolder\\MapNetDriveVerbs",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Npprffbevrf\\Flfgrz Gbbyf\\Jvaqbjf Rnfl Genafsre.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\AD21E12039BB3BC47B1938BC4ABDFEE2\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{9113A02D-00A3-46B9-BC5F-9C04DADDD5D7}\\ShellFolder\\NoFileFolderJunction",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\18F5DB38C45303843B06B1B5025E4820\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{9113A02D-00A3-46B9-BC5F-9C04DADDD5D7}\\ShellFolder\\HideFolderVerbs",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\BE0BD5097A638224EB0DAAE870267F03\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Clguba 2.7\\VQYR (Clguba THV).yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Common Start Menu",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{35786D3C-B075-49B9-88DD-029876E11C01}\\ShellFolder\\CallForAttributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{B155BDF8-02F0-451E-9A26-AE317CFD7779}\\ShellFolder\\WantsAliasedNotifications",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\CDBF699A8F2EAC2438564C3D50E9E638\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Common Desktop",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{7007ACC7-3202-11D1-AAD2-00805FC1270E}\\ShellFolder\\CallForAttributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{35786D3C-B075-49B9-88DD-029876E11C01}\\ShellFolder\\WantsAliasedNotifications",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Nqzvavfgengvir Gbbyf\\Zrzbel Qvntabfgvpf Gbby.yax",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\\vfpfvpcy.rkr",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2227A280-3AEA-1069-A2DE-08002B30309D}\\ShellFolder\\HasNavigationEnum",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Common Programs",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\9E40FDB6330EBA242A4BD5F4FDD0B803\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Shell\\BagMRU\\MRUListEx",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Npprffbevrf\\Flfgrz Gbbyf\\Flfgrz Vasbezngvba.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{9113A02D-00A3-46B9-BC5F-9C04DADDD5D7}\\ShellFolder\\WantsAliasedNotifications",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\HideFolderVerbs",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\16AC40BE991DF1643B2800729063B2F9\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\1C1ED53B8F25FD248955C15232E46886\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\\zvtjvm\\zvtjvm.rkr",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\30FAECE2400494D4FB69207288EB5B73\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\\zfpbasvt.rkr",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}\\Count\\{0139Q44R-6NSR-49S2-8690-3QNSPNR6SSO8}\\Jvaqbjf QIQ Znxre.yax",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\CB2182A03B6B11341A1F09A021991CE1\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\CallForAttributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\F21868A51A175874BB819DCA5FAA40A3\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\MUI\\StringCacheSettings\\StringCacheGeneration",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{7007ACC7-3202-11D1-AAD2-00805FC1270E}\\ShellFolder\\QueryForInfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.chm\\Content Type",
"HKEY_CURRENT_USER\\Local Settings\\MuiCache\\2\\52C64B7E\\@C:\\Windows\\system32\\XpsRchVw.exe,-102",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\5B5C8B2FB95B57147954C18085D53ACE\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\18D84E9490A485948A17A1F02CDAA62A\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\11E2BA15171FE704B98E7505E58D7749\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\3C68656E520593A45925ADFB41F821B5\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2227A280-3AEA-1069-A2DE-08002B30309D}\\ShellFolder\\HideInWebView",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{7007ACC7-3202-11D1-AAD2-00805FC1270E}\\ShellFolder\\NoFileFolderJunction",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{35786D3C-B075-49B9-88DD-029876E11C01}\\ShellFolder\\QueryForInfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\75B368B60C908BA4E87C31F66B02F3F0\\586A8930D8DF3B6489614C37910BFCF5",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\UserAssist\\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\\Count\\{1NP14R77-02R7-4R5Q-O744-2RO1NR5198O7}\\pbzrkc.zfp"
]
},
"first_seen": 1568681590.1406,
"ppid": 1740
}
]Signatures
[
{
"markcount": 5,
"families": [],
"description": "Queries for the computername",
"severity": 1,
"marks": [
{
"call": {
"category": "misc",
"status": 1,
"stacktrace": [],
"api": "GetComputerNameW",
"return_value": 1,
"arguments": {
"computer_name": "CUCKPC"
},
"time": 1568681600.0782,
"tid": 2856,
"flags": {}
},
"pid": 2828,
"type": "call",
"cid": 3915
},
{
"call": {
"category": "misc",
"status": 1,
"stacktrace": [],
"api": "GetComputerNameW",
"return_value": 1,
"arguments": {
"computer_name": "CUCKPC"
},
"time": 1568681601.2192,
"tid": 2856,
"flags": {}
},
"pid": 2828,
"type": "call",
"cid": 5337
},
{
"call": {
"category": "misc",
"status": 1,
"stacktrace": [],
"api": "GetComputerNameW",
"return_value": 1,
"arguments": {
"computer_name": "CUCKPC"
},
"time": 1568681602.6102,
"tid": 2856,
"flags": {}
},
"pid": 2828,
"type": "call",
"cid": 6530
},
{
"call": {
"category": "misc",
"status": 1,
"stacktrace": [],
"api": "GetComputerNameW",
"return_value": 1,
"arguments": {
"computer_name": "CUCKPC"
},
"time": 1568681603.2973,
"tid": 2856,
"flags": {}
},
"pid": 2828,
"type": "call",
"cid": 6745
},
{
"call": {
"category": "misc",
"status": 1,
"stacktrace": [],
"api": "GetComputerNameW",
"return_value": 1,
"arguments": {
"computer_name": "CUCKPC"
},
"time": 1568681608.7341,
"tid": 3048,
"flags": {}
},
"pid": 2700,
"type": "call",
"cid": 273
}
],
"references": [],
"name": "antivm_queries_computername"
},
{
"markcount": 131,
"families": [],
"description": "Checks if process is being debugged by a debugger",
"severity": 1,
"marks": [
{
"call": {
"category": "system",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741772,
"api": "IsDebuggerPresent",
"return_value": 0,
"arguments": {},
"time": 1568681589.813,
"tid": 1512,
"flags": {}
},
"pid": 2676,
"type": "call",
"cid": 430
},
{
"call": {
"category": "system",
"status": 0,
"stacktrace": [],
"last_error": 127,
"nt_status": -1073741511,
"api": "IsDebuggerPresent",
"return_value": 0,
"arguments": {},
"time": 1568681609.5305,
"tid": 2796,
"flags": {}
},
"pid": 264,
"type": "call",
"cid": 1312
},
{
"call": {
"category": "system",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741811,
"api": "IsDebuggerPresent",
"return_value": 0,
"arguments": {},
"time": 1568681609.8125,
"tid": 528,
"flags": {}
},
"pid": 264,
"type": "call",
"cid": 1792
},
{
"call": {
"category": "system",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741811,
"api": "IsDebuggerPresent",
"return_value": 0,
"arguments": {},
"time": 1568681609.8125,
"tid": 528,
"flags": {}
},
"pid": 264,
"type": "call",
"cid": 1793
},
{
"call": {
"category": "system",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741811,
"api": "IsDebuggerPresent",
"return_value": 0,
"arguments": {},
"time": 1568681609.8595,
"tid": 2580,
"flags": {}
},
"pid": 264,
"type": "call",
"cid": 1998
},
{
"call": {
"category": "system",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741811,
"api": "IsDebuggerPresent",
"return_value": 0,
"arguments": {},
"time": 1568681609.8595,
"tid": 2580,
"flags": {}
},
"pid": 264,
"type": "call",
"cid": 2005
},
{
"call": {
"category": "system",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741811,
"api": "IsDebuggerPresent",
"return_value": 0,
"arguments": {},
"time": 1568681609.8595,
"tid": 2688,
"flags": {}
},
"pid": 264,
"type": "call",
"cid": 2006
},
{
"call": {
"category": "system",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741811,
"api": "IsDebuggerPresent",
"return_value": 0,
"arguments": {},
"time": 1568681609.8595,
"tid": 3000,
"flags": {}
},
"pid": 264,
"type": "call",
"cid": 2059
},
{
"call": {
"category": "system",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741811,
"api": "IsDebuggerPresent",
"return_value": 0,
"arguments": {},
"time": 1568681609.9215,
"tid": 2280,
"flags": {}
},
"pid": 264,
"type": "call",
"cid": 2578
},
{
"call": {
"category": "system",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741811,
"api": "IsDebuggerPresent",
"return_value": 0,
"arguments": {},
"time": 1568681609.9215,
"tid": 2812,
"flags": {}
},
"pid": 264,
"type": "call",
"cid": 2579
},
{
"call": {
"category": "system",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741811,
"api": "IsDebuggerPresent",
"return_value": 0,
"arguments": {},
"time": 1568681609.9685,
"tid": 304,
"flags": {}
},
"pid": 264,
"type": "call",
"cid": 2838
},
{
"call": {
"category": "system",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741811,
"api": "IsDebuggerPresent",
"return_value": 0,
"arguments": {},
"time": 1568681609.9845,
"tid": 304,
"flags": {}
},
"pid": 264,
"type": "call",
"cid": 3067
},
{
"call": {
"category": "system",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741811,
"api": "IsDebuggerPresent",
"return_value": 0,
"arguments": {},
"time": 1568681609.9995,
"tid": 2372,
"flags": {}
},
"pid": 264,
"type": "call",
"cid": 3179
},
{
"call": {
"category": "system",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741811,
"api": "IsDebuggerPresent",
"return_value": 0,
"arguments": {},
"time": 1568681610.0155,
"tid": 2652,
"flags": {}
},
"pid": 264,
"type": "call",
"cid": 3237
},
{
"call": {
"category": "system",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741811,
"api": "IsDebuggerPresent",
"return_value": 0,
"arguments": {},
"time": 1568681610.0155,
"tid": 312,
"flags": {}
},
"pid": 264,
"type": "call",
"cid": 3258
},
{
"call": {
"category": "system",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741811,
"api": "IsDebuggerPresent",
"return_value": 0,
"arguments": {},
"time": 1568681610.2495,
"tid": 2312,
"flags": {}
},
"pid": 264,
"type": "call",
"cid": 4930
},
{
"call": {
"category": "system",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741811,
"api": "IsDebuggerPresent",
"return_value": 0,
"arguments": {},
"time": 1568681610.2965,
"tid": 2668,
"flags": {}
},
"pid": 264,
"type": "call",
"cid": 5243
},
{
"call": {
"category": "system",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741811,
"api": "IsDebuggerPresent",
"return_value": 0,
"arguments": {},
"time": 1568681610.3275,
"tid": 1232,
"flags": {}
},
"pid": 264,
"type": "call",
"cid": 5296
},
{
"call": {
"category": "system",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741811,
"api": "IsDebuggerPresent",
"return_value": 0,
"arguments": {},
"time": 1568681610.3275,
"tid": 1232,
"flags": {}
},
"pid": 264,
"type": "call",
"cid": 5297
},
{
"call": {
"category": "system",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741811,
"api": "IsDebuggerPresent",
"return_value": 0,
"arguments": {},
"time": 1568681610.3275,
"tid": 2680,
"flags": {}
},
"pid": 264,
"type": "call",
"cid": 5303
},
{
"call": {
"category": "system",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741811,
"api": "IsDebuggerPresent",
"return_value": 0,
"arguments": {},
"time": 1568681610.3275,
"tid": 2680,
"flags": {}
},
"pid": 264,
"type": "call",
"cid": 5304
},
{
"call": {
"category": "system",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741811,
"api": "IsDebuggerPresent",
"return_value": 0,
"arguments": {},
"time": 1568681610.3275,
"tid": 1560,
"flags": {}
},
"pid": 264,
"type": "call",
"cid": 5312
},
{
"call": {
"category": "system",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741811,
"api": "IsDebuggerPresent",
"return_value": 0,
"arguments": {},
"time": 1568681610.3275,
"tid": 1560,
"flags": {}
},
"pid": 264,
"type": "call",
"cid": 5313
},
{
"call": {
"category": "system",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741811,
"api": "IsDebuggerPresent",
"return_value": 0,
"arguments": {},
"time": 1568681610.3595,
"tid": 3004,
"flags": {}
},
"pid": 264,
"type": "call",
"cid": 5490
},
{
"call": {
"category": "system",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741811,
"api": "IsDebuggerPresent",
"return_value": 0,
"arguments": {},
"time": 1568681610.3595,
"tid": 1092,
"flags": {}
},
"pid": 264,
"type": "call",
"cid": 5495
},
{
"call": {
"category": "system",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741811,
"api": "IsDebuggerPresent",
"return_value": 0,
"arguments": {},
"time": 1568681610.4375,
"tid": 2448,
"flags": {}
},
"pid": 264,
"type": "call",
"cid": 5817
},
{
"call": {
"category": "system",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741811,
"api": "IsDebuggerPresent",
"return_value": 0,
"arguments": {},
"time": 1568681610.5155,
"tid": 1624,
"flags": {}
},
"pid": 264,
"type": "call",
"cid": 6411
},
{
"call": {
"category": "system",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741811,
"api": "IsDebuggerPresent",
"return_value": 0,
"arguments": {},
"time": 1568681610.5155,
"tid": 1564,
"flags": {}
},
"pid": 264,
"type": "call",
"cid": 6511
},
{
"call": {
"category": "system",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741811,
"api": "IsDebuggerPresent",
"return_value": 0,
"arguments": {},
"time": 1568681610.5305,
"tid": 2892,
"flags": {}
},
"pid": 264,
"type": "call",
"cid": 6537
},
{
"call": {
"category": "system",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741811,
"api": "IsDebuggerPresent",
"return_value": 0,
"arguments": {},
"time": 1568681610.5305,
"tid": 2308,
"flags": {}
},
"pid": 264,
"type": "call",
"cid": 6569
},
{
"call": {
"category": "system",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741811,
"api": "IsDebuggerPresent",
"return_value": 0,
"arguments": {},
"time": 1568681610.5775,
"tid": 1664,
"flags": {}
},
"pid": 264,
"type": "call",
"cid": 6967
},
{
"call": {
"category": "system",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741811,
"api": "IsDebuggerPresent",
"return_value": 0,
"arguments": {},
"time": 1568681610.5935,
"tid": 2504,
"flags": {}
},
"pid": 264,
"type": "call",
"cid": 7063
},
{
"call": {
"category": "system",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741811,
"api": "IsDebuggerPresent",
"return_value": 0,
"arguments": {},
"time": 1568681610.5935,
"tid": 2924,
"flags": {}
},
"pid": 264,
"type": "call",
"cid": 7154
},
{
"call": {
"category": "system",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741811,
"api": "IsDebuggerPresent",
"return_value": 0,
"arguments": {},
"time": 1568681610.6095,
"tid": 1268,
"flags": {}
},
"pid": 264,
"type": "call",
"cid": 7176
},
{
"call": {
"category": "system",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741811,
"api": "IsDebuggerPresent",
"return_value": 0,
"arguments": {},
"time": 1568681610.6095,
"tid": 2356,
"flags": {}
},
"pid": 264,
"type": "call",
"cid": 7224
},
{
"call": {
"category": "system",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741811,
"api": "IsDebuggerPresent",
"return_value": 0,
"arguments": {},
"time": 1568681610.6875,
"tid": 2588,
"flags": {}
},
"pid": 264,
"type": "call",
"cid": 7614
},
{
"call": {
"category": "system",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741811,
"api": "IsDebuggerPresent",
"return_value": 0,
"arguments": {},
"time": 1568681610.6875,
"tid": 2500,
"flags": {}
},
"pid": 264,
"type": "call",
"cid": 7626
},
{
"call": {
"category": "system",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741811,
"api": "IsDebuggerPresent",
"return_value": 0,
"arguments": {},
"time": 1568681610.6875,
"tid": 2872,
"flags": {}
},
"pid": 264,
"type": "call",
"cid": 7641
},
{
"call": {
"category": "system",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741811,
"api": "IsDebuggerPresent",
"return_value": 0,
"arguments": {},
"time": 1568681610.6875,
"tid": 2096,
"flags": {}
},
"pid": 264,
"type": "call",
"cid": 7665
},
{
"call": {
"category": "system",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741811,
"api": "IsDebuggerPresent",
"return_value": 0,
"arguments": {},
"time": 1568681610.7025,
"tid": 2472,
"flags": {}
},
"pid": 264,
"type": "call",
"cid": 7707
},
{
"call": {
"category": "system",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741811,
"api": "IsDebuggerPresent",
"return_value": 0,
"arguments": {},
"time": 1568681610.9215,
"tid": 2280,
"flags": {}
},
"pid": 264,
"type": "call",
"cid": 8598
},
{
"call": {
"category": "system",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741811,
"api": "IsDebuggerPresent",
"return_value": 0,
"arguments": {},
"time": 1568681611.9215,
"tid": 2280,
"flags": {}
},
"pid": 264,
"type": "call",
"cid": 8887
},
{
"call": {
"category": "system",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741811,
"api": "IsDebuggerPresent",
"return_value": 0,
"arguments": {},
"time": 1568681612.2185,
"tid": 1468,
"flags": {}
},
"pid": 264,
"type": "call",
"cid": 9082
},
{
"call": {
"category": "system",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741811,
"api": "IsDebuggerPresent",
"return_value": 0,
"arguments": {},
"time": 1568681612.2185,
"tid": 1468,
"flags": {}
},
"pid": 264,
"type": "call",
"cid": 9083
},
{
"call": {
"category": "system",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741811,
"api": "IsDebuggerPresent",
"return_value": 0,
"arguments": {},
"time": 1568681612.2185,
"tid": 1636,
"flags": {}
},
"pid": 264,
"type": "call",
"cid": 9116
},
{
"call": {
"category": "system",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741811,
"api": "IsDebuggerPresent",
"return_value": 0,
"arguments": {},
"time": 1568681612.3595,
"tid": 2184,
"flags": {}
},
"pid": 264,
"type": "call",
"cid": 10390
},
{
"call": {
"category": "system",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741811,
"api": "IsDebuggerPresent",
"return_value": 0,
"arguments": {},
"time": 1568681612.3905,
"tid": 1556,
"flags": {}
},
"pid": 264,
"type": "call",
"cid": 10672
},
{
"call": {
"category": "system",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741811,
"api": "IsDebuggerPresent",
"return_value": 0,
"arguments": {},
"time": 1568681612.3905,
"tid": 684,
"flags": {}
},
"pid": 264,
"type": "call",
"cid": 10686
},
{
"call": {
"category": "system",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741811,
"api": "IsDebuggerPresent",
"return_value": 0,
"arguments": {},
"time": 1568681612.3905,
"tid": 2440,
"flags": {}
},
"pid": 264,
"type": "call",
"cid": 10704
},
{
"call": {
"category": "system",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741811,
"api": "IsDebuggerPresent",
"return_value": 0,
"arguments": {},
"time": 1568681612.4055,
"tid": 2844,
"flags": {}
},
"pid": 264,
"type": "call",
"cid": 10721
}
],
"references": [],
"name": "checks_debugger"
},
{
"markcount": 1,
"families": [],
"description": "Collects information to fingerprint the system (MachineGuid, DigitalProductId, SystemBiosDate)",
"severity": 1,
"marks": [
{
"category": "registry",
"ioc": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\InstallDate",
"type": "ioc",
"description": null
}
],
"references": [],
"name": "recon_fingerprint"
},
{
"markcount": 1,
"families": [],
"description": "Tries to locate where the browsers are installed",
"severity": 1,
"marks": [
{
"category": "file",
"ioc": "C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\aushelper@mozilla.org.xpi\\install.rdf",
"type": "ioc",
"description": null
}
],
"references": [],
"name": "locates_browser"
},
{
"markcount": 1,
"families": [],
"description": "Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available",
"severity": 1,
"marks": [
{
"call": {
"category": "system",
"status": 1,
"stacktrace": [],
"api": "GlobalMemoryStatusEx",
"return_value": 1,
"arguments": {},
"time": 1568681608.7341,
"tid": 3048,
"flags": {}
},
"pid": 2700,
"type": "call",
"cid": 257
}
],
"references": [],
"name": "antivm_memory_available"
},
{
"markcount": 1,
"families": [],
"description": "The executable contains unknown PE section names indicative of a packer (could be a false positive)",
"severity": 1,
"marks": [
{
"category": "section",
"ioc": ".itext",
"type": "ioc",
"description": null
}
],
"references": [],
"name": "pe_features"
},
{
"markcount": 3,
"families": [],
"description": "Starts servers listening",
"severity": 2,
"marks": [
{
"call": {
"category": "network",
"status": 1,
"stacktrace": [],
"api": "bind",
"return_value": 0,
"arguments": {
"ip_address": "127.0.0.1",
"socket": 692,
"port": 0
},
"time": 1568681609.9215,
"tid": 3000,
"flags": {}
},
"pid": 264,
"type": "call",
"cid": 2575
},
{
"call": {
"category": "network",
"status": 1,
"stacktrace": [],
"api": "listen",
"return_value": 0,
"arguments": {
"socket": 692,
"backlog": 5
},
"time": 1568681609.9375,
"tid": 3000,
"flags": {}
},
"pid": 264,
"type": "call",
"cid": 2670
},
{
"call": {
"category": "network",
"status": 1,
"stacktrace": [],
"api": "accept",
"return_value": 784,
"arguments": {
"ip_address": "127.0.0.1",
"socket": 692,
"port": 49214
},
"time": 1568681609.9375,
"tid": 3000,
"flags": {}
},
"pid": 264,
"type": "call",
"cid": 2676
}
],
"references": [],
"name": "network_bind"
},
{
"markcount": 27,
"families": [],
"description": "Allocates read-write-execute memory (usually to unpack itself)",
"severity": 2,
"marks": [
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2676,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 64,
"process_handle": "0xffffffff",
"base_address": "0x00400000"
},
"time": 1568681589.735,
"tid": 1512,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE"
}
},
"pid": 2676,
"type": "call",
"cid": 172
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2676,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 69632,
"protection": 64,
"process_handle": "0xffffffff",
"base_address": "0x00401000"
},
"time": 1568681589.735,
"tid": 1512,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE"
}
},
"pid": 2676,
"type": "call",
"cid": 174
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2676,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 77824,
"protection": 64,
"process_handle": "0xffffffff",
"base_address": "0x0041b000"
},
"time": 1568681589.735,
"tid": 1512,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE"
}
},
"pid": 2676,
"type": "call",
"cid": 176
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtAllocateVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2828,
"region_size": 4096,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"protection": 64,
"process_handle": "0xffffffff",
"allocation_type": 4096,
"base_address": "0x00680000"
},
"time": 1568681590.0162,
"tid": 2856,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE",
"allocation_type": "MEM_COMMIT"
}
},
"pid": 2828,
"type": "call",
"cid": 240
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 264,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 1,
"length": 4096,
"protection": 64,
"process_handle": "0xffffffff",
"base_address": "0x00390000"
},
"time": 1568681608.6245,
"tid": 2268,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE"
}
},
"pid": 264,
"type": "call",
"cid": 42
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 264,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 64,
"process_handle": "0xffffffff",
"base_address": "0x77bcc000"
},
"time": 1568681608.6245,
"tid": 2268,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE"
}
},
"pid": 264,
"type": "call",
"cid": 43
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 264,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 1,
"length": 4096,
"protection": 64,
"process_handle": "0xffffffff",
"base_address": "0x00450000"
},
"time": 1568681608.6405,
"tid": 2268,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE"
}
},
"pid": 264,
"type": "call",
"cid": 135
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 264,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 64,
"process_handle": "0xffffffff",
"base_address": "0x75bc3000"
},
"time": 1568681608.6405,
"tid": 2268,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE"
}
},
"pid": 264,
"type": "call",
"cid": 136
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 264,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 64,
"process_handle": "0xffffffff",
"base_address": "0x75bc8000"
},
"time": 1568681609.7655,
"tid": 2268,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE"
}
},
"pid": 264,
"type": "call",
"cid": 1485
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 264,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 64,
"process_handle": "0xffffffff",
"base_address": "0x75bc8000"
},
"time": 1568681609.7655,
"tid": 2268,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE"
}
},
"pid": 264,
"type": "call",
"cid": 1486
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 264,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 64,
"process_handle": "0xffffffff",
"base_address": "0x75bc8000"
},
"time": 1568681609.7655,
"tid": 2268,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE"
}
},
"pid": 264,
"type": "call",
"cid": 1487
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 264,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 1,
"length": 4096,
"protection": 64,
"process_handle": "0xffffffff",
"base_address": "0x00690000"
},
"time": 1568681609.7655,
"tid": 2268,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE"
}
},
"pid": 264,
"type": "call",
"cid": 1492
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 264,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 64,
"process_handle": "0xffffffff",
"base_address": "0x75bc8000"
},
"time": 1568681609.7655,
"tid": 2268,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE"
}
},
"pid": 264,
"type": "call",
"cid": 1493
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 264,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 64,
"process_handle": "0xffffffff",
"base_address": "0x75bc1000"
},
"time": 1568681609.8125,
"tid": 2268,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE"
}
},
"pid": 264,
"type": "call",
"cid": 1747
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 264,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 64,
"process_handle": "0xffffffff",
"base_address": "0x75bc1000"
},
"time": 1568681609.8125,
"tid": 2268,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE"
}
},
"pid": 264,
"type": "call",
"cid": 1748
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 264,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 64,
"process_handle": "0xffffffff",
"base_address": "0x75bc1000"
},
"time": 1568681609.8125,
"tid": 2268,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE"
}
},
"pid": 264,
"type": "call",
"cid": 1749
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 264,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 64,
"process_handle": "0xffffffff",
"base_address": "0x75bc1000"
},
"time": 1568681609.8125,
"tid": 2268,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE"
}
},
"pid": 264,
"type": "call",
"cid": 1761
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 264,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 64,
"process_handle": "0xffffffff",
"base_address": "0x75bc1000"
},
"time": 1568681609.8125,
"tid": 2268,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE"
}
},
"pid": 264,
"type": "call",
"cid": 1762
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 264,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 64,
"process_handle": "0xffffffff",
"base_address": "0x75bc1000"
},
"time": 1568681609.8125,
"tid": 2268,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE"
}
},
"pid": 264,
"type": "call",
"cid": 1763
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 264,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 64,
"process_handle": "0xffffffff",
"base_address": "0x7631a000"
},
"time": 1568681609.8125,
"tid": 2268,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE"
}
},
"pid": 264,
"type": "call",
"cid": 1785
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 264,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 64,
"process_handle": "0xffffffff",
"base_address": "0x7631a000"
},
"time": 1568681609.8125,
"tid": 2268,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE"
}
},
"pid": 264,
"type": "call",
"cid": 1786
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 264,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 64,
"process_handle": "0xffffffff",
"base_address": "0x763b1000"
},
"time": 1568681612.3125,
"tid": 2268,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE"
}
},
"pid": 264,
"type": "call",
"cid": 9946
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 264,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 64,
"process_handle": "0xffffffff",
"base_address": "0x763b1000"
},
"time": 1568681612.3125,
"tid": 2268,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE"
}
},
"pid": 264,
"type": "call",
"cid": 9947
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 264,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 64,
"process_handle": "0xffffffff",
"base_address": "0x763b1000"
},
"time": 1568681612.3125,
"tid": 2268,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE"
}
},
"pid": 264,
"type": "call",
"cid": 9948
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 264,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 1,
"length": 4096,
"protection": 64,
"process_handle": "0xffffffff",
"base_address": "0x0c7c0000"
},
"time": 1568681612.3275,
"tid": 2268,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE"
}
},
"pid": 264,
"type": "call",
"cid": 9953
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 264,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 64,
"process_handle": "0xffffffff",
"base_address": "0x763b1000"
},
"time": 1568681612.3275,
"tid": 2268,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE"
}
},
"pid": 264,
"type": "call",
"cid": 9954
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2700,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 64,
"process_handle": "0xffffffff",
"base_address": "0x75bc8000"
},
"time": 1568681608.6401,
"tid": 3048,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE"
}
},
"pid": 2700,
"type": "call",
"cid": 39
}
],
"references": [],
"name": "allocates_rwx"
},
{
"markcount": 2,
"families": [],
"description": "Queries the disk size which could be used to detect virtual machine with small fixed size or dynamic allocation",
"severity": 2,
"marks": [
{
"call": {
"category": "misc",
"status": 0,
"stacktrace": [],
"last_error": 3,
"nt_status": -1073741772,
"api": "GetDiskFreeSpaceExW",
"return_value": 0,
"arguments": {
"root_path": "C:\\Program Files (x86)\\DS Clock\\",
"free_bytes_available": 1976713768,
"total_number_of_free_bytes": 0,
"total_number_of_bytes": 7019368170720008
},
"time": 1568681596.8442,
"tid": 2856,
"flags": {}
},
"pid": 2828,
"type": "call",
"cid": 3578
},
{
"call": {
"category": "misc",
"status": 1,
"stacktrace": [],
"api": "GetDiskFreeSpaceExW",
"return_value": 1,
"arguments": {
"root_path": "C:\\Program Files (x86)\\",
"free_bytes_available": 23510020096,
"total_number_of_free_bytes": 0,
"total_number_of_bytes": 34252779520
},
"time": 1568681596.8442,
"tid": 2856,
"flags": {}
},
"pid": 2828,
"type": "call",
"cid": 3581
}
],
"references": [],
"name": "antivm_disk_size"
},
{
"markcount": 1,
"families": [],
"description": "Creates a service",
"severity": 2,
"marks": [
{
"call": {
"category": "services",
"status": 1,
"stacktrace": [],
"api": "CreateServiceW",
"return_value": 8097032,
"arguments": {
"service_start_name": "",
"start_type": 2,
"service_handle": "0x007b8d08",
"display_name": "DS Clock Synchronization Service www.dualitysoft.com",
"error_control": 0,
"service_name": "DSClockSyncTime",
"filepath": "C:\\Program Files (x86)\\DS Clock\\\"C:\\Program Files (x86)\\DS Clock\\dsetime.exe\"",
"filepath_r": "\"C:\\Program Files (x86)\\DS Clock\\dsetime.exe\"",
"service_manager_handle": "0x007b8da8",
"desired_access": 983551,
"service_type": 16,
"password": ""
},
"time": 1568681605.0306,
"tid": 2236,
"flags": {}
},
"pid": 2572,
"type": "call",
"cid": 52
}
],
"references": [],
"name": "creates_service"
},
{
"markcount": 3,
"families": [],
"description": "Creates a shortcut to an executable file",
"severity": 2,
"marks": [
{
"category": "file",
"ioc": "C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\DS Clock\\Uninstall DS Clock.lnk",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\DS Clock\\DS Clock.lnk",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\DS Clock\\DS Clock Help.lnk",
"type": "ioc",
"description": null
}
],
"references": [],
"name": "creates_shortcut"
},
{
"markcount": 2,
"families": [],
"description": "Drops an executable to the user AppData folder",
"severity": 2,
"marks": [
{
"category": "file",
"ioc": "C:\\Users\\cuck\\AppData\\Local\\Temp\\is-FCNCD.tmp\\dscsfw.dll",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\AppData\\Local\\Temp\\is-6QC0S.tmp\\c377d2bfb91b3167f78e37ed202a391e174323b2399b75fac291322d3865c60a.tmp",
"type": "ioc",
"description": null
}
],
"references": [],
"name": "exe_appdata"
},
{
"markcount": 1,
"families": [],
"description": "Executes one or more WMI queries",
"severity": 2,
"marks": [
{
"category": "wmi",
"ioc": "SELECT * FROM Win32_BIOS",
"type": "ioc",
"description": null
}
],
"references": [],
"name": "has_wmi"
},
{
"markcount": 1,
"families": [],
"description": "Potentially malicious URLs were found in the process memory dump",
"severity": 2,
"marks": [
{
"category": "url",
"ioc": "https:\/\/crash-reports.mozilla.com\/submit?id=",
"type": "ioc",
"description": null
}
],
"references": [],
"name": "memdump_urls"
},
{
"markcount": 4,
"families": [],
"description": "Queries for potentially installed applications",
"severity": 2,
"marks": [
{
"call": {
"category": "registry",
"status": 0,
"stacktrace": [],
"last_error": 5,
"nt_status": -1073741772,
"api": "RegOpenKeyExW",
"return_value": 2,
"arguments": {
"access": "0x00000001",
"base_handle": "0x80000001",
"key_handle": "0x00000000",
"regkey": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\DS Clock_is1",
"regkey_r": "Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\DS Clock_is1",
"options": 0
},
"time": 1568681590.7812,
"tid": 2856,
"flags": {}
},
"pid": 2828,
"type": "call",
"cid": 2976
},
{
"call": {
"category": "registry",
"status": 0,
"stacktrace": [],
"last_error": 5,
"nt_status": -1073741772,
"api": "RegOpenKeyExW",
"return_value": 2,
"arguments": {
"access": "0x00000001",
"base_handle": "0x80000002",
"key_handle": "0x00000000",
"regkey": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\DS Clock_is1",
"regkey_r": "Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\DS Clock_is1",
"options": 0
},
"time": 1568681590.7812,
"tid": 2856,
"flags": {}
},
"pid": 2828,
"type": "call",
"cid": 2977
},
{
"call": {
"category": "registry",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741772,
"api": "RegOpenKeyExW",
"return_value": 2,
"arguments": {
"access": "0x00000008",
"base_handle": "0x80000001",
"key_handle": "0x00000000",
"regkey": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\DS Clock_is1",
"regkey_r": "Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\DS Clock_is1",
"options": 0
},
"time": 1568681604.1883,
"tid": 2856,
"flags": {}
},
"pid": 2828,
"type": "call",
"cid": 7113
},
{
"call": {
"category": "registry",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741772,
"api": "RegOpenKeyExW",
"return_value": 2,
"arguments": {
"access": "0x00000008",
"base_handle": "0x80000002",
"key_handle": "0x00000000",
"regkey": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\DS Clock_is1",
"regkey_r": "Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\DS Clock_is1",
"options": 0
},
"time": 1568681604.1883,
"tid": 2856,
"flags": {}
},
"pid": 2828,
"type": "call",
"cid": 7115
}
],
"references": [],
"name": "queries_programs"
},
{
"markcount": 2,
"families": [],
"description": "Uses Windows utilities for basic Windows functionality",
"severity": 2,
"marks": [
{
"category": "cmdline",
"ioc": "\"C:\\Program Files (x86)\\Mozilla Firefox\\firefox.exe\" -contentproc --channel=\"264.6.977687142\\849956440\" -childID 2 -isForBrowser -boolPrefs 299:0| -stringPrefs 285:38;{30125161-3c7f-4c5a-bdb3-beadc01f5994}| -schedulerPrefs 0001,2 -greomni \"C:\\Program Files (x86)\\Mozilla Firefox\\omni.ja\" -appomni \"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\omni.ja\" -appdir \"C:\\Program Files (x86)\\Mozilla Firefox\\browser\" 264 \"\\\\.\\pipe\\gecko-crash-server-pipe.264\" 2188 tab",
"type": "ioc",
"description": null
},
{
"category": "cmdline",
"ioc": "\"C:\\Program Files (x86)\\Mozilla Firefox\\firefox.exe\" -contentproc --channel=\"264.0.1889308942\\1280955394\" -childID 1 -isForBrowser -boolPrefs 299:0| -stringPrefs 285:38;{30125161-3c7f-4c5a-bdb3-beadc01f5994}| -schedulerPrefs 0001,2 -greomni \"C:\\Program Files (x86)\\Mozilla Firefox\\omni.ja\" -appomni \"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\omni.ja\" -appdir \"C:\\Program Files (x86)\\Mozilla Firefox\\browser\" 264 \"\\\\.\\pipe\\gecko-crash-server-pipe.264\" 1536 tab",
"type": "ioc",
"description": null
}
],
"references": [
"http:\/\/blog.jpcert.or.jp\/2016\/01\/windows-commands-abused-by-attackers.html"
],
"name": "uses_windows_utilities"
},
{
"markcount": 1,
"families": [],
"description": "Executes one or more WMI queries which can be used to identify virtual machines",
"severity": 2,
"marks": [
{
"category": "wmi",
"ioc": "SELECT * FROM Win32_BIOS",
"type": "ioc",
"description": null
}
],
"references": [],
"name": "wmi_antivm"
},
{
"markcount": 2,
"families": [],
"description": "Allocates execute permission to another process indicative of possible code injection",
"severity": 3,
"marks": [
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtAllocateVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2256,
"region_size": 4096,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"protection": 64,
"process_handle": "0x000003e4",
"allocation_type": 4096,
"base_address": "0x002bb000"
},
"time": 1568681610.8275,
"tid": 528,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE",
"allocation_type": "MEM_COMMIT"
}
},
"pid": 264,
"type": "call",
"cid": 8453
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtAllocateVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2636,
"region_size": 4096,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"protection": 64,
"process_handle": "0x000009c4",
"allocation_type": 4096,
"base_address": "0x004f9000"
},
"time": 1568681615.1245,
"tid": 528,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE",
"allocation_type": "MEM_COMMIT"
}
},
"pid": 264,
"type": "call",
"cid": 19974
}
],
"references": [],
"name": "allocates_execute_remote_process"
},
{
"markcount": 2,
"families": [],
"description": "Installs itself for autorun at Windows startup",
"severity": 3,
"marks": [
{
"service_name": "DSClockSyncTime",
"type": "generic",
"service_path": "C:\\Program Files (x86)\\DS Clock\\\"C:\\Program Files (x86)\\DS Clock\\dsetime.exe\""
},
{
"type": "generic",
"reg_key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Run\\DS Clock",
"reg_value": "\"C:\\Program Files (x86)\\DS Clock\\DSClock.exe\""
}
],
"references": [],
"name": "persistence_autorun"
},
{
"markcount": 2,
"families": [],
"description": "Creates or sets a registry key to a long series of bytes, possibly to store a binary or malware config",
"severity": 3,
"marks": [
{
"call": {
"category": "registry",
"status": 1,
"stacktrace": [],
"api": "NtSetValueKey",
"return_value": 0,
"arguments": {
"index": 0,
"key_handle": "0x0000000000000f84",
"value": "\u0014\u0000\u0000\u0000\u0005\u0000\u0000\u0000\u0001\u0000\u0001\u0000\u0010\u0000\u0000\u0000\u0014\u0000\u0000\u0000IL \u0006\u0010\u0000$\u0000\u0018\u0000\u0010\u0000\u0010\u0000\u00ff\u00ff\u00ff\u00ff!\u0010\u00ff\u00ff\u00ff\u00ff\u00ff\u00ff\u00ff\u00ffBM6\u0000\u0000\u0000\u0000\u0000\u0000\u00006\u0000\u0000\u0000(\u0000\u0000\u0000\u0010\u0000\u0000\u0000@\u0002\u0000\u0000\u0001\u0000 \u0000\u0000\u0000\u0000\u0000\u0000\u0090\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000",
"reg_type": 3,
"regkey": "HKEY_CURRENT_USER\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\TrayNotify\\PastIconsStream"
},
"time": 1568681170.4089,
"tid": 1828,
"flags": {
"reg_type": "REG_BINARY"
}
},
"pid": 1788,
"type": "call",
"cid": 2753
},
{
"call": {
"category": "registry",
"status": 1,
"stacktrace": [],
"api": "NtSetValueKey",
"return_value": 0,
"arguments": {
"index": 0,
"key_handle": "0x00000000000001e0",
"value": "\u0014\u0000\u0000\u0000\u0007\u0000\u0000\u0000\u0001\u0000\u0001\u0000\u0004\u0000\u0000\u0000\u0014\u0000\u0000\u0000{\u0000S\u00003\u00008\u0000O\u0000S\u00004\u00000\u00004\u0000-\u00001\u0000Q\u00004\u00003\u0000-\u00004\u00002\u0000S\u00002\u0000-\u00009\u00003\u00000\u00005\u0000-\u00006\u00007\u0000Q\u0000R\u00000\u0000O\u00002\u00008\u0000S\u0000P\u00002\u00003\u0000}\u0000\\\u0000r\u0000k\u0000c\u0000y\u0000b\u0000e\u0000r\u0000e\u0000.\u0000r\u0000k\u0000r\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000{\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0002\u0000\u0000\u0000\u00e3\u0007\t\u0000F\u0000b\u0000y\u0000i\u0000r\u0000 \u0000C\u0000P\u0000 \u0000v\u0000f\u0000f\u0000h\u0000r\u0000f\u0000:\u0000 \u00001\u0000 \u0000z\u0000r\u0000f\u0000f\u0000n\u0000t\u0000r\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u000e\u0000\u0000\u0000v\u00ae x\u00e3#)B\u0082\u00c1\u00e4\u001c\u00b6}[\u009c\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u00b3\u0086;4\u00e6\u00ee\u00d4\u0001\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\r !\u008f\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000{\u0000S\u00003\u00008\u0000O\u0000S\u00004\u00000\u00004\u0000-\u00001\u0000Q\u00004\u00003\u0000-\u00004\u00002\u0000S\u00002\u0000-\u00009\u00003\u00000\u00005\u0000-\u00006\u00007\u0000Q\u0000R\u00000\u0000O\u00002\u00008\u0000S\u0000P\u00002\u00003\u0000}\u0000\\\u0000r\u0000k\u0000c\u0000y\u0000b\u0000e\u0000r\u0000e\u0000.\u0000r\u0000k\u0000r\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000d\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0002\u0000\u0000\u0000\u00e3\u0007\t\u0000F\u0000c\u0000r\u0000n\u0000x\u0000r\u0000e\u0000f\u0000:\u0000 \u00006\u00007\u0000%\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u000f\u0000\u0000\u0000s\u00ae x\u00e3#)B\u0082\u00c1\u00e4\u001c\u00b6}[\u009c\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0086\u00e2\u009e\u00956\u0005\u00d4\u0001\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\r !\u008f\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0002\u0000\u0000\u0000{\u0000S\u00003\u00008\u0000O\u0000S\u00004\u00000\u00004\u0000-\u00001\u0000Q\u00004\u00003\u0000-\u00004\u00002\u0000S\u00002\u0000-\u00009\u00003\u00000\u00005\u0000-\u00006\u00007\u0000Q\u0000R\u00000\u0000O\u00002\u00008\u0000S\u0000P\u00002\u00003\u0000}\u0000\\\u0000r\u0000k\u0000c\u0000y\u0000b\u0000e\u0000r\u0000e\u0000.\u0000r\u0000k\u0000r\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000}\u00c0\u0000\u0000\u0000\u0000\u0000\u0000\u0001\u0000\u0000\u0000\u00e3\u0007\t\u0000H\u0000a\u0000v\u0000q\u0000r\u0000a\u0000g\u0000v\u0000s\u0000v\u0000r\u0000q\u0000 \u0000a\u0000r\u0000g\u0000j\u0000b\u0000e\u0000x\u0000 \u0000A\u0000b\u0000 \u0000V\u0000a\u0000g\u0000r\u0000e\u0000a\u0000r\u0000g\u0000 \u0000n\u0000p\u0000p\u0000r\u0000f\u0000f\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000",
"reg_type": 3,
"regkey": "HKEY_CURRENT_USER\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\TrayNotify\\IconStreams"
},
"time": 1568681170.4089,
"tid": 1828,
"flags": {
"reg_type": "REG_BINARY"
}
},
"pid": 1788,
"type": "call",
"cid": 2755
}
],
"references": [],
"name": "creates_largekey"
},
{
"markcount": 60,
"families": [],
"description": "Manipulates memory of a non-child process indicative of process injection",
"severity": 3,
"marks": [
{
"category": "Process injection",
"ioc": "Process 264 manipulating memory of non-child process 2256",
"type": "ioc",
"description": null
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtAllocateVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2256,
"region_size": 327680,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"protection": 1,
"process_handle": "0x000003e4",
"allocation_type": 8192,
"base_address": "0x00120000"
},
"time": 1568681610.8275,
"tid": 528,
"flags": {
"protection": "PAGE_NOACCESS",
"allocation_type": "MEM_RESERVE"
}
},
"pid": 264,
"type": "call",
"cid": 8451
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtAllocateVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2256,
"region_size": 65536,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"protection": 1,
"process_handle": "0x000003e4",
"allocation_type": 8192,
"base_address": "0x002b0000"
},
"time": 1568681610.8275,
"tid": 528,
"flags": {
"protection": "PAGE_NOACCESS",
"allocation_type": "MEM_RESERVE"
}
},
"pid": 264,
"type": "call",
"cid": 8452
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtAllocateVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2256,
"region_size": 4096,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"protection": 64,
"process_handle": "0x000003e4",
"allocation_type": 4096,
"base_address": "0x002bb000"
},
"time": 1568681610.8275,
"tid": 528,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE",
"allocation_type": "MEM_COMMIT"
}
},
"pid": 264,
"type": "call",
"cid": 8453
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2256,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 8,
"process_handle": "0x000003e4",
"base_address": "0x77bb0000"
},
"time": 1568681610.8275,
"tid": 528,
"flags": {
"protection": "PAGE_WRITECOPY"
}
},
"pid": 264,
"type": "call",
"cid": 8458
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2256,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 32,
"process_handle": "0x000003e4",
"base_address": "0x77bb0000"
},
"time": 1568681610.8275,
"tid": 528,
"flags": {
"protection": "PAGE_EXECUTE_READ"
}
},
"pid": 264,
"type": "call",
"cid": 8460
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2256,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 8,
"process_handle": "0x000003e4",
"base_address": "0x77baf000"
},
"time": 1568681610.8275,
"tid": 528,
"flags": {
"protection": "PAGE_WRITECOPY"
}
},
"pid": 264,
"type": "call",
"cid": 8463
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2256,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 32,
"process_handle": "0x000003e4",
"base_address": "0x77baf000"
},
"time": 1568681610.8275,
"tid": 528,
"flags": {
"protection": "PAGE_EXECUTE_READ"
}
},
"pid": 264,
"type": "call",
"cid": 8465
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2256,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 8,
"process_handle": "0x000003e4",
"base_address": "0x77baf000"
},
"time": 1568681610.8275,
"tid": 528,
"flags": {
"protection": "PAGE_WRITECOPY"
}
},
"pid": 264,
"type": "call",
"cid": 8468
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2256,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 32,
"process_handle": "0x000003e4",
"base_address": "0x77baf000"
},
"time": 1568681610.8275,
"tid": 528,
"flags": {
"protection": "PAGE_EXECUTE_READ"
}
},
"pid": 264,
"type": "call",
"cid": 8470
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2256,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 8,
"process_handle": "0x000003e4",
"base_address": "0x77bb1000"
},
"time": 1568681610.8275,
"tid": 528,
"flags": {
"protection": "PAGE_WRITECOPY"
}
},
"pid": 264,
"type": "call",
"cid": 8473
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2256,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 32,
"process_handle": "0x000003e4",
"base_address": "0x77bb1000"
},
"time": 1568681610.8275,
"tid": 528,
"flags": {
"protection": "PAGE_EXECUTE_READ"
}
},
"pid": 264,
"type": "call",
"cid": 8475
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2256,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 8,
"process_handle": "0x000003e4",
"base_address": "0x77baf000"
},
"time": 1568681610.8275,
"tid": 528,
"flags": {
"protection": "PAGE_WRITECOPY"
}
},
"pid": 264,
"type": "call",
"cid": 8478
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2256,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 32,
"process_handle": "0x000003e4",
"base_address": "0x77baf000"
},
"time": 1568681610.8275,
"tid": 528,
"flags": {
"protection": "PAGE_EXECUTE_READ"
}
},
"pid": 264,
"type": "call",
"cid": 8480
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2256,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 8,
"process_handle": "0x000003e4",
"base_address": "0x77bb1000"
},
"time": 1568681610.8435,
"tid": 528,
"flags": {
"protection": "PAGE_WRITECOPY"
}
},
"pid": 264,
"type": "call",
"cid": 8483
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2256,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 32,
"process_handle": "0x000003e4",
"base_address": "0x77bb1000"
},
"time": 1568681610.8435,
"tid": 528,
"flags": {
"protection": "PAGE_EXECUTE_READ"
}
},
"pid": 264,
"type": "call",
"cid": 8485
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2256,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 8,
"process_handle": "0x000003e4",
"base_address": "0x77baf000"
},
"time": 1568681610.8435,
"tid": 528,
"flags": {
"protection": "PAGE_WRITECOPY"
}
},
"pid": 264,
"type": "call",
"cid": 8488
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2256,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 32,
"process_handle": "0x000003e4",
"base_address": "0x77baf000"
},
"time": 1568681610.8435,
"tid": 528,
"flags": {
"protection": "PAGE_EXECUTE_READ"
}
},
"pid": 264,
"type": "call",
"cid": 8490
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2256,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 8,
"process_handle": "0x000003e4",
"base_address": "0x77bb1000"
},
"time": 1568681610.8435,
"tid": 528,
"flags": {
"protection": "PAGE_WRITECOPY"
}
},
"pid": 264,
"type": "call",
"cid": 8493
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2256,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 32,
"process_handle": "0x000003e4",
"base_address": "0x77bb1000"
},
"time": 1568681610.8435,
"tid": 528,
"flags": {
"protection": "PAGE_EXECUTE_READ"
}
},
"pid": 264,
"type": "call",
"cid": 8495
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2256,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 8,
"process_handle": "0x000003e4",
"base_address": "0x77baf000"
},
"time": 1568681610.8435,
"tid": 528,
"flags": {
"protection": "PAGE_WRITECOPY"
}
},
"pid": 264,
"type": "call",
"cid": 8498
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2256,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 32,
"process_handle": "0x000003e4",
"base_address": "0x77baf000"
},
"time": 1568681610.8435,
"tid": 528,
"flags": {
"protection": "PAGE_EXECUTE_READ"
}
},
"pid": 264,
"type": "call",
"cid": 8500
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2256,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 8,
"process_handle": "0x000003e4",
"base_address": "0x77baf000"
},
"time": 1568681610.8435,
"tid": 528,
"flags": {
"protection": "PAGE_WRITECOPY"
}
},
"pid": 264,
"type": "call",
"cid": 8503
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2256,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 32,
"process_handle": "0x000003e4",
"base_address": "0x77baf000"
},
"time": 1568681610.8435,
"tid": 528,
"flags": {
"protection": "PAGE_EXECUTE_READ"
}
},
"pid": 264,
"type": "call",
"cid": 8505
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2256,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 8,
"process_handle": "0x000003e4",
"base_address": "0x77baf000"
},
"time": 1568681610.8435,
"tid": 528,
"flags": {
"protection": "PAGE_WRITECOPY"
}
},
"pid": 264,
"type": "call",
"cid": 8508
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2256,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 32,
"process_handle": "0x000003e4",
"base_address": "0x77baf000"
},
"time": 1568681610.8435,
"tid": 528,
"flags": {
"protection": "PAGE_EXECUTE_READ"
}
},
"pid": 264,
"type": "call",
"cid": 8510
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2256,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 8,
"process_handle": "0x000003e4",
"base_address": "0x77baf000"
},
"time": 1568681610.8435,
"tid": 528,
"flags": {
"protection": "PAGE_WRITECOPY"
}
},
"pid": 264,
"type": "call",
"cid": 8513
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2256,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 32,
"process_handle": "0x000003e4",
"base_address": "0x77baf000"
},
"time": 1568681610.8435,
"tid": 528,
"flags": {
"protection": "PAGE_EXECUTE_READ"
}
},
"pid": 264,
"type": "call",
"cid": 8515
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2256,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 32,
"process_handle": "0x000003e4",
"base_address": "0x002bb000"
},
"time": 1568681610.8435,
"tid": 528,
"flags": {
"protection": "PAGE_EXECUTE_READ"
}
},
"pid": 264,
"type": "call",
"cid": 8518
},
{
"category": "Process injection",
"ioc": "Process 264 manipulating memory of non-child process 2636",
"type": "ioc",
"description": null
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtAllocateVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2636,
"region_size": 983040,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"protection": 1,
"process_handle": "0x000009c4",
"allocation_type": 8192,
"base_address": "0x00120000"
},
"time": 1568681615.1245,
"tid": 528,
"flags": {
"protection": "PAGE_NOACCESS",
"allocation_type": "MEM_RESERVE"
}
},
"pid": 264,
"type": "call",
"cid": 19970
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtAllocateVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2636,
"region_size": 65536,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"protection": 1,
"process_handle": "0x000009c4",
"allocation_type": 8192,
"base_address": "0x00250000"
},
"time": 1568681615.1245,
"tid": 528,
"flags": {
"protection": "PAGE_NOACCESS",
"allocation_type": "MEM_RESERVE"
}
},
"pid": 264,
"type": "call",
"cid": 19971
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtAllocateVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2636,
"region_size": 1638400,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"protection": 1,
"process_handle": "0x000009c4",
"allocation_type": 8192,
"base_address": "0x00360000"
},
"time": 1568681615.1245,
"tid": 528,
"flags": {
"protection": "PAGE_NOACCESS",
"allocation_type": "MEM_RESERVE"
}
},
"pid": 264,
"type": "call",
"cid": 19972
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtAllocateVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2636,
"region_size": 65536,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"protection": 1,
"process_handle": "0x000009c4",
"allocation_type": 8192,
"base_address": "0x004f0000"
},
"time": 1568681615.1245,
"tid": 528,
"flags": {
"protection": "PAGE_NOACCESS",
"allocation_type": "MEM_RESERVE"
}
},
"pid": 264,
"type": "call",
"cid": 19973
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtAllocateVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2636,
"region_size": 4096,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"protection": 64,
"process_handle": "0x000009c4",
"allocation_type": 4096,
"base_address": "0x004f9000"
},
"time": 1568681615.1245,
"tid": 528,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE",
"allocation_type": "MEM_COMMIT"
}
},
"pid": 264,
"type": "call",
"cid": 19974
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2636,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 8,
"process_handle": "0x000009c4",
"base_address": "0x77bb0000"
},
"time": 1568681615.1245,
"tid": 528,
"flags": {
"protection": "PAGE_WRITECOPY"
}
},
"pid": 264,
"type": "call",
"cid": 19979
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2636,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 32,
"process_handle": "0x000009c4",
"base_address": "0x77bb0000"
},
"time": 1568681615.1245,
"tid": 528,
"flags": {
"protection": "PAGE_EXECUTE_READ"
}
},
"pid": 264,
"type": "call",
"cid": 19981
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2636,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 8,
"process_handle": "0x000009c4",
"base_address": "0x77baf000"
},
"time": 1568681615.1245,
"tid": 528,
"flags": {
"protection": "PAGE_WRITECOPY"
}
},
"pid": 264,
"type": "call",
"cid": 19984
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2636,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 32,
"process_handle": "0x000009c4",
"base_address": "0x77baf000"
},
"time": 1568681615.1245,
"tid": 528,
"flags": {
"protection": "PAGE_EXECUTE_READ"
}
},
"pid": 264,
"type": "call",
"cid": 19986
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2636,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 8,
"process_handle": "0x000009c4",
"base_address": "0x77baf000"
},
"time": 1568681615.1245,
"tid": 528,
"flags": {
"protection": "PAGE_WRITECOPY"
}
},
"pid": 264,
"type": "call",
"cid": 19989
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2636,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 32,
"process_handle": "0x000009c4",
"base_address": "0x77baf000"
},
"time": 1568681615.1245,
"tid": 528,
"flags": {
"protection": "PAGE_EXECUTE_READ"
}
},
"pid": 264,
"type": "call",
"cid": 19991
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2636,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 8,
"process_handle": "0x000009c4",
"base_address": "0x77bb1000"
},
"time": 1568681615.1245,
"tid": 528,
"flags": {
"protection": "PAGE_WRITECOPY"
}
},
"pid": 264,
"type": "call",
"cid": 19994
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2636,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 32,
"process_handle": "0x000009c4",
"base_address": "0x77bb1000"
},
"time": 1568681615.1245,
"tid": 528,
"flags": {
"protection": "PAGE_EXECUTE_READ"
}
},
"pid": 264,
"type": "call",
"cid": 19996
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2636,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 8,
"process_handle": "0x000009c4",
"base_address": "0x77baf000"
},
"time": 1568681615.1245,
"tid": 528,
"flags": {
"protection": "PAGE_WRITECOPY"
}
},
"pid": 264,
"type": "call",
"cid": 19999
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2636,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 32,
"process_handle": "0x000009c4",
"base_address": "0x77baf000"
},
"time": 1568681615.1245,
"tid": 528,
"flags": {
"protection": "PAGE_EXECUTE_READ"
}
},
"pid": 264,
"type": "call",
"cid": 20001
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2636,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 8,
"process_handle": "0x000009c4",
"base_address": "0x77bb1000"
},
"time": 1568681615.1245,
"tid": 528,
"flags": {
"protection": "PAGE_WRITECOPY"
}
},
"pid": 264,
"type": "call",
"cid": 20004
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2636,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 32,
"process_handle": "0x000009c4",
"base_address": "0x77bb1000"
},
"time": 1568681615.1245,
"tid": 528,
"flags": {
"protection": "PAGE_EXECUTE_READ"
}
},
"pid": 264,
"type": "call",
"cid": 20006
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2636,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 8,
"process_handle": "0x000009c4",
"base_address": "0x77baf000"
},
"time": 1568681615.1245,
"tid": 528,
"flags": {
"protection": "PAGE_WRITECOPY"
}
},
"pid": 264,
"type": "call",
"cid": 20009
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2636,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 32,
"process_handle": "0x000009c4",
"base_address": "0x77baf000"
},
"time": 1568681615.1245,
"tid": 528,
"flags": {
"protection": "PAGE_EXECUTE_READ"
}
},
"pid": 264,
"type": "call",
"cid": 20011
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2636,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 8,
"process_handle": "0x000009c4",
"base_address": "0x77bb1000"
},
"time": 1568681615.1245,
"tid": 528,
"flags": {
"protection": "PAGE_WRITECOPY"
}
},
"pid": 264,
"type": "call",
"cid": 20014
}
],
"references": [
"www.endgame.com\/blog\/technical-blog\/ten-process-injection-techniques-technical-survey-common-and-trending-process"
],
"name": "injection_modifies_memory"
},
{
"markcount": 68,
"families": [],
"description": "Potential code injection by writing to the memory of another process",
"severity": 3,
"marks": [
{
"category": "Process injection",
"ioc": "Process 264 injected into non-child 2256",
"type": "ioc",
"description": null
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "WriteProcessMemory",
"return_value": 1,
"arguments": {
"process_identifier": 2256,
"buffer": "\u00b8R\u0000\u0000\u00003\u00c9\u008dT$\u0004d\u00ff\u0015\u00c0\u0000\u0000\u0000\u0083\u00c4\u0004\u00c2,\u0000\u0083\u00ec\bR\u008bT$\f\u0089T$\b\u00c7D$\f\u0010\u00b4+\u0000\u00c7D$\u0004\u00f0\u0013\u0004\u0000Z\u00c3",
"process_handle": "0x000003e4",
"base_address": "0x002bb410"
},
"time": 1568681610.8275,
"tid": 528,
"flags": {}
},
"pid": 264,
"type": "call",
"cid": 8457
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "WriteProcessMemory",
"return_value": 1,
"arguments": {
"process_identifier": 2256,
"buffer": "\u00b8R\u0000\u0000\u0000\u00ba(\u00b4+\u0000\u00ff\u00e2",
"process_handle": "0x000003e4",
"base_address": "0x77bb00a4"
},
"time": 1568681610.8275,
"tid": 528,
"flags": {}
},
"pid": 264,
"type": "call",
"cid": 8459
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "WriteProcessMemory",
"return_value": 1,
"arguments": {
"process_identifier": 2256,
"buffer": "\u00b80\u0000\u0000\u00003\u00c9\u008dT$\u0004d\u00ff\u0015\u00c0\u0000\u0000\u0000\u0083\u00c4\u0004\u00c2\u0018\u0000\u0083\u00ec\bR\u008bT$\f\u0089T$\b\u00c7D$\fP\u00b4+\u0000\u00c7D$\u0004\u00c0\u0015\u0004\u0000Z\u00c3",
"process_handle": "0x000003e4",
"base_address": "0x002bb450"
},
"time": 1568681610.8275,
"tid": 528,
"flags": {}
},
"pid": 264,
"type": "call",
"cid": 8462
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "WriteProcessMemory",
"return_value": 1,
"arguments": {
"process_identifier": 2256,
"buffer": "\u00b80\u0000\u0000\u0000\u00bah\u00b4+\u0000\u00ff\u00e2",
"process_handle": "0x000003e4",
"base_address": "0x77bafd54"
},
"time": 1568681610.8275,
"tid": 528,
"flags": {}
},
"pid": 264,
"type": "call",
"cid": 8464
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "WriteProcessMemory",
"return_value": 1,
"arguments": {
"process_identifier": 2256,
"buffer": "\u00b8:\u0000\u0000\u00003\u00c9\u008dT$\u0004d\u00ff\u0015\u00c0\u0000\u0000\u0000\u0083\u00c4\u0004\u00c2\b\u0000\u0083\u00ec\bR\u008bT$\f\u0089T$\b\u00c7D$\f\u0090\u00b4+\u0000\u00c7D$\u0004p\u0017\u0004\u0000Z\u00c3",
"process_handle": "0x000003e4",
"base_address": "0x002bb490"
},
"time": 1568681610.8275,
"tid": 528,
"flags": {}
},
"pid": 264,
"type": "call",
"cid": 8467
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "WriteProcessMemory",
"return_value": 1,
"arguments": {
"process_identifier": 2256,
"buffer": "\u00b8:\u0000\u0000\u0000\u00ba\u00a8\u00b4+\u0000\u00ff\u00e2",
"process_handle": "0x000003e4",
"base_address": "0x77bafe4c"
},
"time": 1568681610.8275,
"tid": 528,
"flags": {}
},
"pid": 264,
"type": "call",
"cid": 8469
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "WriteProcessMemory",
"return_value": 1,
"arguments": {
"process_identifier": 2256,
"buffer": "\u00b8\u0013\u0001\u0000\u00003\u00c9\u008dT$\u0004d\u00ff\u0015\u00c0\u0000\u0000\u0000\u0083\u00c4\u0004\u00c2\b\u0000\u0083\u00ec\bR\u008bT$\f\u0089T$\b\u00c7D$\f\u00d0\u00b4+\u0000\u00c7D$\u0004\u00c0\u0018\u0004\u0000Z\u00c3",
"process_handle": "0x000003e4",
"base_address": "0x002bb4d0"
},
"time": 1568681610.8275,
"tid": 528,
"flags": {}
},
"pid": 264,
"type": "call",
"cid": 8472
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "WriteProcessMemory",
"return_value": 1,
"arguments": {
"process_identifier": 2256,
"buffer": "\u00b8\u0013\u0001\u0000\u0000\u00ba\u00e8\u00b4+\u0000\u00ff\u00e2",
"process_handle": "0x000003e4",
"base_address": "0x77bb132c"
},
"time": 1568681610.8275,
"tid": 528,
"flags": {}
},
"pid": 264,
"type": "call",
"cid": 8474
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "WriteProcessMemory",
"return_value": 1,
"arguments": {
"process_identifier": 2256,
"buffer": "\u00b8$\u0000\u0000\u00003\u00c9\u008dT$\u0004d\u00ff\u0015\u00c0\u0000\u0000\u0000\u0083\u00c4\u0004\u00c2\u0014\u0000\u0083\u00ec\bR\u008bT$\f\u0089T$\b\u00c7D$\f\u0010\u00b5+\u0000\u00c7D$\u0004\u0010\u001a\u0004\u0000Z\u00c3",
"process_handle": "0x000003e4",
"base_address": "0x002bb510"
},
"time": 1568681610.8275,
"tid": 528,
"flags": {}
},
"pid": 264,
"type": "call",
"cid": 8477
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "WriteProcessMemory",
"return_value": 1,
"arguments": {
"process_identifier": 2256,
"buffer": "\u00b8$\u0000\u0000\u0000\u00ba(\u00b5+\u0000\u00ff\u00e2",
"process_handle": "0x000003e4",
"base_address": "0x77bafc28"
},
"time": 1568681610.8275,
"tid": 528,
"flags": {}
},
"pid": 264,
"type": "call",
"cid": 8479
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "WriteProcessMemory",
"return_value": 1,
"arguments": {
"process_identifier": 2256,
"buffer": "\u00b8\u00fe\u0000\u0000\u00003\u00c9\u008dT$\u0004d\u00ff\u0015\u00c0\u0000\u0000\u0000\u0083\u00c4\u0004\u00c2\u0010\u0000\u0083\u00ec\bR\u008bT$\f\u0089T$\b\u00c7D$\fP\u00b5+\u0000\u00c7D$\u0004p\u00c8\u0004\u0000Z\u00c3",
"process_handle": "0x000003e4",
"base_address": "0x002bb550"
},
"time": 1568681610.8435,
"tid": 528,
"flags": {}
},
"pid": 264,
"type": "call",
"cid": 8482
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "WriteProcessMemory",
"return_value": 1,
"arguments": {
"process_identifier": 2256,
"buffer": "\u00b8\u00fe\u0000\u0000\u0000\u00bah\u00b5+\u0000\u00ff\u00e2",
"process_handle": "0x000003e4",
"base_address": "0x77bb1128"
},
"time": 1568681610.8435,
"tid": 528,
"flags": {}
},
"pid": 264,
"type": "call",
"cid": 8484
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "WriteProcessMemory",
"return_value": 1,
"arguments": {
"process_identifier": 2256,
"buffer": "\u00b8#\u0000\u0000\u00003\u00c9\u008dT$\u0004d\u00ff\u0015\u00c0\u0000\u0000\u0000\u0083\u00c4\u0004\u00c2\u0010\u0000\u0083\u00ec\bR\u008bT$\f\u0089T$\b\u00c7D$\f\u0090\u00b5+\u0000\u00c7D$\u0004 \u00c5\u0004\u0000Z\u00c3",
"process_handle": "0x000003e4",
"base_address": "0x002bb590"
},
"time": 1568681610.8435,
"tid": 528,
"flags": {}
},
"pid": 264,
"type": "call",
"cid": 8487
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "WriteProcessMemory",
"return_value": 1,
"arguments": {
"process_identifier": 2256,
"buffer": "\u00b8#\u0000\u0000\u0000\u00ba\u00a8\u00b5+\u0000\u00ff\u00e2",
"process_handle": "0x000003e4",
"base_address": "0x77bafc10"
},
"time": 1568681610.8435,
"tid": 528,
"flags": {}
},
"pid": 264,
"type": "call",
"cid": 8489
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "WriteProcessMemory",
"return_value": 1,
"arguments": {
"process_identifier": 2256,
"buffer": "\u00b8\u00f9\u0000\u0000\u00003\u00c9\u008dT$\u0004d\u00ff\u0015\u00c0\u0000\u0000\u0000\u0083\u00c4\u0004\u00c2\f\u0000\u0083\u00ec\bR\u008bT$\f\u0089T$\b\u00c7D$\f\u00d0\u00b5+\u0000\u00c7D$\u0004`\u00c6\u0004\u0000Z\u00c3",
"process_handle": "0x000003e4",
"base_address": "0x002bb5d0"
},
"time": 1568681610.8435,
"tid": 528,
"flags": {}
},
"pid": 264,
"type": "call",
"cid": 8492
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "WriteProcessMemory",
"return_value": 1,
"arguments": {
"process_identifier": 2256,
"buffer": "\u00b8\u00f9\u0000\u0000\u0000\u00ba\u00e8\u00b5+\u0000\u00ff\u00e2",
"process_handle": "0x000003e4",
"base_address": "0x77bb10b0"
},
"time": 1568681610.8435,
"tid": 528,
"flags": {}
},
"pid": 264,
"type": "call",
"cid": 8494
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "WriteProcessMemory",
"return_value": 1,
"arguments": {
"process_identifier": 2256,
"buffer": "\u00b8\n\u0000\u0000\u00003\u00c9\u008dT$\u0004d\u00ff\u0015\u00c0\u0000\u0000\u0000\u0083\u00c4\u0004\u00c2\u0010\u0000\u0083\u00ec\bR\u008bT$\f\u0089T$\b\u00c7D$\f\u0010\u00b6+\u0000\u00c7D$\u0004\u00c0}\u0004\u0000Z\u00c3",
"process_handle": "0x000003e4",
"base_address": "0x002bb610"
},
"time": 1568681610.8435,
"tid": 528,
"flags": {}
},
"pid": 264,
"type": "call",
"cid": 8497
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "WriteProcessMemory",
"return_value": 1,
"arguments": {
"process_identifier": 2256,
"buffer": "\u00b8\n\u0000\u0000\u0000\u00ba(\u00b6+\u0000\u00ff\u00e2",
"process_handle": "0x000003e4",
"base_address": "0x77baf99c"
},
"time": 1568681610.8435,
"tid": 528,
"flags": {}
},
"pid": 264,
"type": "call",
"cid": 8499
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "WriteProcessMemory",
"return_value": 1,
"arguments": {
"process_identifier": 2256,
"buffer": "\u00b8!\u0000\u0000\u00003\u00c9\u008dT$\u0004d\u00ff\u0015\u00c0\u0000\u0000\u0000\u0083\u00c4\u0004\u00c2\u0010\u0000\u0083\u00ec\bR\u008bT$\f\u0089T$\b\u00c7D$\fP\u00b6+\u0000\u00c7D$\u0004@}\u0004\u0000Z\u00c3",
"process_handle": "0x000003e4",
"base_address": "0x002bb650"
},
"time": 1568681610.8435,
"tid": 528,
"flags": {}
},
"pid": 264,
"type": "call",
"cid": 8502
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "WriteProcessMemory",
"return_value": 1,
"arguments": {
"process_identifier": 2256,
"buffer": "\u00b8!\u0000\u0000\u0000\u00bah\u00b6+\u0000\u00ff\u00e2",
"process_handle": "0x000003e4",
"base_address": "0x77bafbe0"
},
"time": 1568681610.8435,
"tid": 528,
"flags": {}
},
"pid": 264,
"type": "call",
"cid": 8504
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "WriteProcessMemory",
"return_value": 1,
"arguments": {
"process_identifier": 2256,
"buffer": "\u00b8-\u0000\u0000\u00003\u00c9\u008dT$\u0004d\u00ff\u0015\u00c0\u0000\u0000\u0000\u0083\u00c4\u0004\u00c2\u0010\u0000\u0083\u00ec\bR\u008bT$\f\u0089T$\b\u00c7D$\f\u0090\u00b6+\u0000\u00c7D$\u0004`\u00c7\u0004\u0000Z\u00c3",
"process_handle": "0x000003e4",
"base_address": "0x002bb690"
},
"time": 1568681610.8435,
"tid": 528,
"flags": {}
},
"pid": 264,
"type": "call",
"cid": 8507
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "WriteProcessMemory",
"return_value": 1,
"arguments": {
"process_identifier": 2256,
"buffer": "\u00b8-\u0000\u0000\u0000\u00ba\u00a8\u00b6+\u0000\u00ff\u00e2",
"process_handle": "0x000003e4",
"base_address": "0x77bafd08"
},
"time": 1568681610.8435,
"tid": 528,
"flags": {}
},
"pid": 264,
"type": "call",
"cid": 8509
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "WriteProcessMemory",
"return_value": 1,
"arguments": {
"process_identifier": 2256,
"buffer": "\u00b8,\u0000\u0000\u00003\u00c9\u008dT$\u0004d\u00ff\u0015\u00c0\u0000\u0000\u0000\u0083\u00c4\u0004\u00c2\u0014\u0000\u0083\u00ec\bR\u008bT$\f\u0089T$\b\u00c7D$\f\u00d0\u00b6+\u0000\u00c7D$\u0004\u0080}\u0004\u0000Z\u00c3",
"process_handle": "0x000003e4",
"base_address": "0x002bb6d0"
},
"time": 1568681610.8435,
"tid": 528,
"flags": {}
},
"pid": 264,
"type": "call",
"cid": 8512
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "WriteProcessMemory",
"return_value": 1,
"arguments": {
"process_identifier": 2256,
"buffer": "\u00b8,\u0000\u0000\u0000\u00ba\u00e8\u00b6+\u0000\u00ff\u00e2",
"process_handle": "0x000003e4",
"base_address": "0x77bafcf0"
},
"time": 1568681610.8435,
"tid": 528,
"flags": {}
},
"pid": 264,
"type": "call",
"cid": 8514
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "WriteProcessMemory",
"return_value": 1,
"arguments": {
"process_identifier": 2256,
"buffer": "P\u0003\u0000\u0000\u0010\u0003\u0000\u0000@\u00e3M\u0012\f\u0000\u0000\u0000",
"process_handle": "0x000003e4",
"base_address": "0x002bb400"
},
"time": 1568681610.8435,
"tid": 528,
"flags": {}
},
"pid": 264,
"type": "call",
"cid": 8517
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "WriteProcessMemory",
"return_value": 1,
"arguments": {
"process_identifier": 2256,
"buffer": "\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0010\u00b6+\u0000P\u00b6+\u0000\u00d0\u00b6+\u0000P\u00b5+\u0000\u0090\u00b5+\u0000\u00d0\u00b5+\u0000\u0090\u00b6+\u0000\u0010\u00b4+\u0000P\u00b4+\u0000\u0090\u00b4+\u0000\u00d0\u00b4+\u0000\u0010\u00b5+\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000",
"process_handle": "0x000003e4",
"base_address": "0x0005cc90"
},
"time": 1568681610.8435,
"tid": 528,
"flags": {}
},
"pid": 264,
"type": "call",
"cid": 8522
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "WriteProcessMemory",
"return_value": 1,
"arguments": {
"process_identifier": 2256,
"buffer": "\u0000\u0000\u0000\u0000",
"process_handle": "0x000003e4",
"base_address": "0x0005cd34"
},
"time": 1568681610.8435,
"tid": 528,
"flags": {}
},
"pid": 264,
"type": "call",
"cid": 8526
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "WriteProcessMemory",
"return_value": 1,
"arguments": {
"process_identifier": 2256,
"buffer": "\u00b0\u00fa\u00baw\u00d0\u00f9\u00baw4\u00fe\u00bawH\u00fb\u00baw@\u00fc\u00baw(\u0000\u00bbw\u00c8\u00fa\u00baw\u00e8\u00f9\u00baw@\u0000\u00bbw\u00c8\u00fb\u00bawp\u00fc\u00baw&\u00e0\u00bbw\u00b5\u00e6\u00bbw\u00b7\u0084\u00bcwI\u0002\u00bdw\u00d1\u00e5\u00c3w\u008e\u009d\u00bdw\u0085\u00df\u00bbw|\u00c2\u00bew\u00e0\u00c4\u00c0w\u00f1V\u00c6w@#\u00bbw",
"process_handle": "0x000003e4",
"base_address": "0x0005cd80"
},
"time": 1568681610.8435,
"tid": 528,
"flags": {}
},
"pid": 264,
"type": "call",
"cid": 8531
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "WriteProcessMemory",
"return_value": 1,
"arguments": {
"process_identifier": 2256,
"buffer": "\u0004\u0000\u0000\u0000",
"process_handle": "0x000003e4",
"base_address": "0x0005c33c"
},
"time": 1568681610.8435,
"tid": 528,
"flags": {}
},
"pid": 264,
"type": "call",
"cid": 8539
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "WriteProcessMemory",
"return_value": 1,
"arguments": {
"process_identifier": 2256,
"buffer": "\u0000 \u0000\u0000",
"process_handle": "0x000003e4",
"base_address": "0x0005cde8"
},
"time": 1568681610.8435,
"tid": 528,
"flags": {}
},
"pid": 264,
"type": "call",
"cid": 8543
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "WriteProcessMemory",
"return_value": 1,
"arguments": {
"process_identifier": 2256,
"buffer": "\u0000\u00e0\u0000\u0000",
"process_handle": "0x000003e4",
"base_address": "0x0005cdd8"
},
"time": 1568681610.8435,
"tid": 528,
"flags": {}
},
"pid": 264,
"type": "call",
"cid": 8547
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "WriteProcessMemory",
"return_value": 1,
"arguments": {
"process_identifier": 2256,
"buffer": "\u0004\u0000\u0000\u0000",
"process_handle": "0x000003e4",
"base_address": "0x0005b078"
},
"time": 1568681610.8435,
"tid": 528,
"flags": {}
},
"pid": 264,
"type": "call",
"cid": 8568
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "WriteProcessMemory",
"return_value": 1,
"arguments": {
"process_identifier": 2256,
"buffer": "`\u0003\u0000\u0000\u0000\u0000\u0000\u0000",
"process_handle": "0x000003e4",
"base_address": "0x0005ce10"
},
"time": 1568681610.8435,
"tid": 528,
"flags": {}
},
"pid": 264,
"type": "call",
"cid": 8572
},
{
"category": "Process injection",
"ioc": "Process 264 injected into non-child 2636",
"type": "ioc",
"description": null
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "WriteProcessMemory",
"return_value": 1,
"arguments": {
"process_identifier": 2636,
"buffer": "\u00b8R\u0000\u0000\u00003\u00c9\u008dT$\u0004d\u00ff\u0015\u00c0\u0000\u0000\u0000\u0083\u00c4\u0004\u00c2,\u0000\u0083\u00ec\bR\u008bT$\f\u0089T$\b\u00c7D$\f\u0010\u0098O\u0000\u00c7D$\u0004\u00f0\u0013\u0004\u0000Z\u00c3",
"process_handle": "0x000009c4",
"base_address": "0x004f9810"
},
"time": 1568681615.1245,
"tid": 528,
"flags": {}
},
"pid": 264,
"type": "call",
"cid": 19978
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "WriteProcessMemory",
"return_value": 1,
"arguments": {
"process_identifier": 2636,
"buffer": "\u00b8R\u0000\u0000\u0000\u00ba(\u0098O\u0000\u00ff\u00e2",
"process_handle": "0x000009c4",
"base_address": "0x77bb00a4"
},
"time": 1568681615.1245,
"tid": 528,
"flags": {}
},
"pid": 264,
"type": "call",
"cid": 19980
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "WriteProcessMemory",
"return_value": 1,
"arguments": {
"process_identifier": 2636,
"buffer": "\u00b80\u0000\u0000\u00003\u00c9\u008dT$\u0004d\u00ff\u0015\u00c0\u0000\u0000\u0000\u0083\u00c4\u0004\u00c2\u0018\u0000\u0083\u00ec\bR\u008bT$\f\u0089T$\b\u00c7D$\fP\u0098O\u0000\u00c7D$\u0004\u00c0\u0015\u0004\u0000Z\u00c3",
"process_handle": "0x000009c4",
"base_address": "0x004f9850"
},
"time": 1568681615.1245,
"tid": 528,
"flags": {}
},
"pid": 264,
"type": "call",
"cid": 19983
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "WriteProcessMemory",
"return_value": 1,
"arguments": {
"process_identifier": 2636,
"buffer": "\u00b80\u0000\u0000\u0000\u00bah\u0098O\u0000\u00ff\u00e2",
"process_handle": "0x000009c4",
"base_address": "0x77bafd54"
},
"time": 1568681615.1245,
"tid": 528,
"flags": {}
},
"pid": 264,
"type": "call",
"cid": 19985
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "WriteProcessMemory",
"return_value": 1,
"arguments": {
"process_identifier": 2636,
"buffer": "\u00b8:\u0000\u0000\u00003\u00c9\u008dT$\u0004d\u00ff\u0015\u00c0\u0000\u0000\u0000\u0083\u00c4\u0004\u00c2\b\u0000\u0083\u00ec\bR\u008bT$\f\u0089T$\b\u00c7D$\f\u0090\u0098O\u0000\u00c7D$\u0004p\u0017\u0004\u0000Z\u00c3",
"process_handle": "0x000009c4",
"base_address": "0x004f9890"
},
"time": 1568681615.1245,
"tid": 528,
"flags": {}
},
"pid": 264,
"type": "call",
"cid": 19988
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "WriteProcessMemory",
"return_value": 1,
"arguments": {
"process_identifier": 2636,
"buffer": "\u00b8:\u0000\u0000\u0000\u00ba\u00a8\u0098O\u0000\u00ff\u00e2",
"process_handle": "0x000009c4",
"base_address": "0x77bafe4c"
},
"time": 1568681615.1245,
"tid": 528,
"flags": {}
},
"pid": 264,
"type": "call",
"cid": 19990
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "WriteProcessMemory",
"return_value": 1,
"arguments": {
"process_identifier": 2636,
"buffer": "\u00b8\u0013\u0001\u0000\u00003\u00c9\u008dT$\u0004d\u00ff\u0015\u00c0\u0000\u0000\u0000\u0083\u00c4\u0004\u00c2\b\u0000\u0083\u00ec\bR\u008bT$\f\u0089T$\b\u00c7D$\f\u00d0\u0098O\u0000\u00c7D$\u0004\u00c0\u0018\u0004\u0000Z\u00c3",
"process_handle": "0x000009c4",
"base_address": "0x004f98d0"
},
"time": 1568681615.1245,
"tid": 528,
"flags": {}
},
"pid": 264,
"type": "call",
"cid": 19993
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "WriteProcessMemory",
"return_value": 1,
"arguments": {
"process_identifier": 2636,
"buffer": "\u00b8\u0013\u0001\u0000\u0000\u00ba\u00e8\u0098O\u0000\u00ff\u00e2",
"process_handle": "0x000009c4",
"base_address": "0x77bb132c"
},
"time": 1568681615.1245,
"tid": 528,
"flags": {}
},
"pid": 264,
"type": "call",
"cid": 19995
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "WriteProcessMemory",
"return_value": 1,
"arguments": {
"process_identifier": 2636,
"buffer": "\u00b8$\u0000\u0000\u00003\u00c9\u008dT$\u0004d\u00ff\u0015\u00c0\u0000\u0000\u0000\u0083\u00c4\u0004\u00c2\u0014\u0000\u0083\u00ec\bR\u008bT$\f\u0089T$\b\u00c7D$\f\u0010\u0099O\u0000\u00c7D$\u0004\u0010\u001a\u0004\u0000Z\u00c3",
"process_handle": "0x000009c4",
"base_address": "0x004f9910"
},
"time": 1568681615.1245,
"tid": 528,
"flags": {}
},
"pid": 264,
"type": "call",
"cid": 19998
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "WriteProcessMemory",
"return_value": 1,
"arguments": {
"process_identifier": 2636,
"buffer": "\u00b8$\u0000\u0000\u0000\u00ba(\u0099O\u0000\u00ff\u00e2",
"process_handle": "0x000009c4",
"base_address": "0x77bafc28"
},
"time": 1568681615.1245,
"tid": 528,
"flags": {}
},
"pid": 264,
"type": "call",
"cid": 20000
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "WriteProcessMemory",
"return_value": 1,
"arguments": {
"process_identifier": 2636,
"buffer": "\u00b8\u00fe\u0000\u0000\u00003\u00c9\u008dT$\u0004d\u00ff\u0015\u00c0\u0000\u0000\u0000\u0083\u00c4\u0004\u00c2\u0010\u0000\u0083\u00ec\bR\u008bT$\f\u0089T$\b\u00c7D$\fP\u0099O\u0000\u00c7D$\u0004p\u00c8\u0004\u0000Z\u00c3",
"process_handle": "0x000009c4",
"base_address": "0x004f9950"
},
"time": 1568681615.1245,
"tid": 528,
"flags": {}
},
"pid": 264,
"type": "call",
"cid": 20003
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "WriteProcessMemory",
"return_value": 1,
"arguments": {
"process_identifier": 2636,
"buffer": "\u00b8\u00fe\u0000\u0000\u0000\u00bah\u0099O\u0000\u00ff\u00e2",
"process_handle": "0x000009c4",
"base_address": "0x77bb1128"
},
"time": 1568681615.1245,
"tid": 528,
"flags": {}
},
"pid": 264,
"type": "call",
"cid": 20005
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "WriteProcessMemory",
"return_value": 1,
"arguments": {
"process_identifier": 2636,
"buffer": "\u00b8#\u0000\u0000\u00003\u00c9\u008dT$\u0004d\u00ff\u0015\u00c0\u0000\u0000\u0000\u0083\u00c4\u0004\u00c2\u0010\u0000\u0083\u00ec\bR\u008bT$\f\u0089T$\b\u00c7D$\f\u0090\u0099O\u0000\u00c7D$\u0004 \u00c5\u0004\u0000Z\u00c3",
"process_handle": "0x000009c4",
"base_address": "0x004f9990"
},
"time": 1568681615.1245,
"tid": 528,
"flags": {}
},
"pid": 264,
"type": "call",
"cid": 20008
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "WriteProcessMemory",
"return_value": 1,
"arguments": {
"process_identifier": 2636,
"buffer": "\u00b8#\u0000\u0000\u0000\u00ba\u00a8\u0099O\u0000\u00ff\u00e2",
"process_handle": "0x000009c4",
"base_address": "0x77bafc10"
},
"time": 1568681615.1245,
"tid": 528,
"flags": {}
},
"pid": 264,
"type": "call",
"cid": 20010
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "WriteProcessMemory",
"return_value": 1,
"arguments": {
"process_identifier": 2636,
"buffer": "\u00b8\u00f9\u0000\u0000\u00003\u00c9\u008dT$\u0004d\u00ff\u0015\u00c0\u0000\u0000\u0000\u0083\u00c4\u0004\u00c2\f\u0000\u0083\u00ec\bR\u008bT$\f\u0089T$\b\u00c7D$\f\u00d0\u0099O\u0000\u00c7D$\u0004`\u00c6\u0004\u0000Z\u00c3",
"process_handle": "0x000009c4",
"base_address": "0x004f99d0"
},
"time": 1568681615.1245,
"tid": 528,
"flags": {}
},
"pid": 264,
"type": "call",
"cid": 20013
}
],
"references": [],
"name": "injection_write_memory"
},
{
"markcount": 1,
"families": [],
"description": "Harvests credentials from local email clients",
"severity": 3,
"marks": [
{
"category": "registry",
"ioc": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Clients\\Mail\\Microsoft Outlook",
"type": "ioc",
"description": null
}
],
"references": [],
"name": "infostealer_mail"
},
{
"markcount": 2,
"families": [],
"description": "One or more martian processes was created",
"severity": 3,
"marks": [
{
"parent_process": "firefox.exe",
"type": "generic",
"martian_process": "\"C:\\Program Files (x86)\\Mozilla Firefox\\firefox.exe\" -contentproc --channel=\"264.6.977687142\\849956440\" -childID 2 -isForBrowser -boolPrefs 299:0| -stringPrefs 285:38;{30125161-3c7f-4c5a-bdb3-beadc01f5994}| -schedulerPrefs 0001,2 -greomni \"C:\\Program Files (x86)\\Mozilla Firefox\\omni.ja\" -appomni \"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\omni.ja\" -appdir \"C:\\Program Files (x86)\\Mozilla Firefox\\browser\" 264 \"\\\\.\\pipe\\gecko-crash-server-pipe.264\" 2188 tab"
},
{
"parent_process": "firefox.exe",
"type": "generic",
"martian_process": "\"C:\\Program Files (x86)\\Mozilla Firefox\\firefox.exe\" -contentproc --channel=\"264.0.1889308942\\1280955394\" -childID 1 -isForBrowser -boolPrefs 299:0| -stringPrefs 285:38;{30125161-3c7f-4c5a-bdb3-beadc01f5994}| -schedulerPrefs 0001,2 -greomni \"C:\\Program Files (x86)\\Mozilla Firefox\\omni.ja\" -appomni \"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\omni.ja\" -appdir \"C:\\Program Files (x86)\\Mozilla Firefox\\browser\" 264 \"\\\\.\\pipe\\gecko-crash-server-pipe.264\" 1536 tab"
}
],
"references": [],
"name": "process_martian"
},
{
"markcount": 1,
"families": [],
"description": "Appends a known multi-family ransomware file extension to files that have been encrypted",
"severity": 3,
"marks": [
{
"category": "file",
"ioc": "C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\parent.lock",
"type": "ioc",
"description": null
}
],
"references": [],
"name": "ransomware_extensions"
},
{
"markcount": 4,
"families": [],
"description": "Resumed a suspended thread in a remote process potentially indicative of process injection",
"severity": 3,
"marks": [
{
"category": "Process injection",
"ioc": "Process 264 resumed a thread in remote process 2256",
"type": "ioc",
"description": null
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtResumeThread",
"return_value": 0,
"arguments": {
"thread_handle": "0x00000618",
"suspend_count": 1,
"process_identifier": 2256
},
"time": 1568681612.1875,
"tid": 528,
"flags": {}
},
"pid": 264,
"type": "call",
"cid": 8960
},
{
"category": "Process injection",
"ioc": "Process 264 resumed a thread in remote process 2636",
"type": "ioc",
"description": null
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtResumeThread",
"return_value": 0,
"arguments": {
"thread_handle": "0x00000a14",
"suspend_count": 1,
"process_identifier": 2636
},
"time": 1568681616.4055,
"tid": 528,
"flags": {}
},
"pid": 264,
"type": "call",
"cid": 20545
}
],
"references": [
"www.endgame.com\/blog\/technical-blog\/ten-process-injection-techniques-technical-survey-common-and-trending-process"
],
"name": "injection_resumethread"
},
{
"markcount": 183,
"families": [],
"description": "Executed a process and injected code into it, probably while unpacking",
"severity": 5,
"marks": [
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "CreateProcessInternalW",
"return_value": 1,
"arguments": {
"thread_identifier": 2856,
"thread_handle": "0x00000134",
"process_identifier": 2828,
"current_directory": "",
"filepath": "",
"track": 1,
"command_line": "\"C:\\Users\\cuck\\AppData\\Local\\Temp\\is-6QC0S.tmp\\c377d2bfb91b3167f78e37ed202a391e174323b2399b75fac291322d3865c60a.tmp\" \/SL5=\"$1902E6,1924549,147456,C:\\Users\\cuck\\AppData\\Local\\Temp\\c377d2bfb91b3167f78e37ed202a391e174323b2399b75fac291322d3865c60a.bin\" ",
"filepath_r": "",
"stack_pivoted": 0,
"creation_flags": 0,
"process_handle": "0x00000130",
"inherit_handles": 0
},
"time": 1568681589.828,
"tid": 1512,
"flags": {
"creation_flags": ""
}
},
"pid": 2676,
"type": "call",
"cid": 450
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtResumeThread",
"return_value": 0,
"arguments": {
"thread_handle": "0x00000230",
"suspend_count": 1,
"process_identifier": 2828
},
"time": 1568681600.0633,
"tid": 2856,
"flags": {}
},
"pid": 2828,
"type": "call",
"cid": 3862
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "CreateProcessInternalW",
"return_value": 1,
"arguments": {
"thread_identifier": 2236,
"thread_handle": "0x000002f0",
"process_identifier": 2572,
"current_directory": "C:\\Program Files (x86)\\DS Clock",
"filepath": "",
"track": 1,
"command_line": "\"C:\\Program Files (x86)\\DS Clock\\dsetime.exe\" -install",
"filepath_r": "",
"stack_pivoted": 0,
"creation_flags": 67108864,
"process_handle": "0x00000258",
"inherit_handles": 0
},
"time": 1568681604.6562,
"tid": 2856,
"flags": {
"creation_flags": "CREATE_DEFAULT_ERROR_MODE"
}
},
"pid": 2828,
"type": "call",
"cid": 7197
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "CreateProcessInternalW",
"return_value": 1,
"arguments": {
"thread_identifier": 2268,
"thread_handle": "0x00000370",
"process_identifier": 264,
"current_directory": "C:\\Windows\\system32",
"filepath": "C:\\Program Files (x86)\\Mozilla Firefox\\firefox.exe",
"track": 1,
"command_line": "\"C:\\Program Files (x86)\\Mozilla Firefox\\firefox.exe\" -osint -url \"http:\/\/www.dualitysoft.com\/t\/dsc-install?src=dsc-install&version=4.0.1.0&os=6.1.7601&pi=x86&pa=x64\"",
"filepath_r": "C:\\Program Files (x86)\\Mozilla Firefox\\firefox.exe",
"stack_pivoted": 0,
"creation_flags": 67634192,
"process_handle": "0x00000364",
"inherit_handles": 0
},
"time": 1568681608.4532,
"tid": 2964,
"flags": {
"creation_flags": "CREATE_DEFAULT_ERROR_MODE|CREATE_NEW_CONSOLE|CREATE_UNICODE_ENVIRONMENT|EXTENDED_STARTUPINFO_PRESENT"
}
},
"pid": 2828,
"type": "call",
"cid": 8031
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "CreateProcessInternalW",
"return_value": 1,
"arguments": {
"thread_identifier": 3048,
"thread_handle": "0x00000314",
"process_identifier": 2700,
"current_directory": "C:\\Program Files (x86)\\DS Clock",
"filepath": "",
"track": 1,
"command_line": "\"C:\\Program Files (x86)\\DS Clock\\dsclock.exe\"",
"filepath_r": "",
"stack_pivoted": 0,
"creation_flags": 67108864,
"process_handle": "0x00000348",
"inherit_handles": 0
},
"time": 1568681608.4852,
"tid": 2856,
"flags": {
"creation_flags": "CREATE_DEFAULT_ERROR_MODE"
}
},
"pid": 2828,
"type": "call",
"cid": 8099
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtResumeThread",
"return_value": 0,
"arguments": {
"thread_handle": "0x000000e0",
"suspend_count": 1,
"process_identifier": 2572
},
"time": 1568681605.1096,
"tid": 2236,
"flags": {}
},
"pid": 2572,
"type": "call",
"cid": 59
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtResumeThread",
"return_value": 0,
"arguments": {
"thread_handle": "0x00000204",
"suspend_count": 1,
"process_identifier": 264
},
"time": 1568681609.8595,
"tid": 2268,
"flags": {}
},
"pid": 264,
"type": "call",
"cid": 1997
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtResumeThread",
"return_value": 0,
"arguments": {
"thread_handle": "0x00000214",
"suspend_count": 1,
"process_identifier": 264
},
"time": 1568681609.8595,
"tid": 2268,
"flags": {}
},
"pid": 264,
"type": "call",
"cid": 2004
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtResumeThread",
"return_value": 0,
"arguments": {
"thread_handle": "0x00000224",
"suspend_count": 1,
"process_identifier": 264
},
"time": 1568681609.8595,
"tid": 2268,
"flags": {}
},
"pid": 264,
"type": "call",
"cid": 2009
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtResumeThread",
"return_value": 0,
"arguments": {
"thread_handle": "0x000002bc",
"suspend_count": 1,
"process_identifier": 264
},
"time": 1568681609.8745,
"tid": 2268,
"flags": {}
},
"pid": 264,
"type": "call",
"cid": 2162
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtResumeThread",
"return_value": 0,
"arguments": {
"thread_handle": "0x000002d0",
"suspend_count": 1,
"process_identifier": 264
},
"time": 1568681609.9055,
"tid": 2268,
"flags": {}
},
"pid": 264,
"type": "call",
"cid": 2549
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtResumeThread",
"return_value": 0,
"arguments": {
"thread_handle": "0x0000031c",
"suspend_count": 1,
"process_identifier": 264
},
"time": 1568681609.9525,
"tid": 2268,
"flags": {}
},
"pid": 264,
"type": "call",
"cid": 2819
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtResumeThread",
"return_value": 0,
"arguments": {
"thread_handle": "0x00000328",
"suspend_count": 1,
"process_identifier": 264
},
"time": 1568681609.9525,
"tid": 2268,
"flags": {}
},
"pid": 264,
"type": "call",
"cid": 2828
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtResumeThread",
"return_value": 0,
"arguments": {
"thread_handle": "0x00000334",
"suspend_count": 1,
"process_identifier": 264
},
"time": 1568681609.9685,
"tid": 2268,
"flags": {}
},
"pid": 264,
"type": "call",
"cid": 2848
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtResumeThread",
"return_value": 0,
"arguments": {
"thread_handle": "0x0000033c",
"suspend_count": 1,
"process_identifier": 264
},
"time": 1568681609.9685,
"tid": 2268,
"flags": {}
},
"pid": 264,
"type": "call",
"cid": 2850
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtResumeThread",
"return_value": 0,
"arguments": {
"thread_handle": "0x00000350",
"suspend_count": 1,
"process_identifier": 264
},
"time": 1568681609.9845,
"tid": 2268,
"flags": {}
},
"pid": 264,
"type": "call",
"cid": 3076
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtResumeThread",
"return_value": 0,
"arguments": {
"thread_handle": "0x00000368",
"suspend_count": 1,
"process_identifier": 264
},
"time": 1568681609.9995,
"tid": 2268,
"flags": {}
},
"pid": 264,
"type": "call",
"cid": 3183
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtResumeThread",
"return_value": 0,
"arguments": {
"thread_handle": "0x00000358",
"suspend_count": 1,
"process_identifier": 264
},
"time": 1568681610.0155,
"tid": 2268,
"flags": {}
},
"pid": 264,
"type": "call",
"cid": 3250
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtResumeThread",
"return_value": 0,
"arguments": {
"thread_handle": "0x000003b4",
"suspend_count": 1,
"process_identifier": 264
},
"time": 1568681610.2025,
"tid": 2268,
"flags": {}
},
"pid": 264,
"type": "call",
"cid": 4478
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtResumeThread",
"return_value": 0,
"arguments": {
"thread_handle": "0x00000498",
"suspend_count": 1,
"process_identifier": 264
},
"time": 1568681610.3595,
"tid": 2268,
"flags": {}
},
"pid": 264,
"type": "call",
"cid": 5479
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtResumeThread",
"return_value": 0,
"arguments": {
"thread_handle": "0x000004a8",
"suspend_count": 1,
"process_identifier": 264
},
"time": 1568681610.3595,
"tid": 2268,
"flags": {}
},
"pid": 264,
"type": "call",
"cid": 5494
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtResumeThread",
"return_value": 0,
"arguments": {
"thread_handle": "0x000004d8",
"suspend_count": 1,
"process_identifier": 264
},
"time": 1568681610.4375,
"tid": 2268,
"flags": {}
},
"pid": 264,
"type": "call",
"cid": 5816
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtResumeThread",
"return_value": 0,
"arguments": {
"thread_handle": "0x0000055c",
"suspend_count": 1,
"process_identifier": 264
},
"time": 1568681610.5155,
"tid": 2268,
"flags": {}
},
"pid": 264,
"type": "call",
"cid": 6392
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtResumeThread",
"return_value": 0,
"arguments": {
"thread_handle": "0x00000564",
"suspend_count": 1,
"process_identifier": 264
},
"time": 1568681610.5155,
"tid": 2268,
"flags": {}
},
"pid": 264,
"type": "call",
"cid": 6510
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtResumeThread",
"return_value": 0,
"arguments": {
"thread_handle": "0x00000574",
"suspend_count": 1,
"process_identifier": 264
},
"time": 1568681610.5305,
"tid": 2268,
"flags": {}
},
"pid": 264,
"type": "call",
"cid": 6535
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtResumeThread",
"return_value": 0,
"arguments": {
"thread_handle": "0x00000584",
"suspend_count": 1,
"process_identifier": 264
},
"time": 1568681610.5305,
"tid": 2268,
"flags": {}
},
"pid": 264,
"type": "call",
"cid": 6554
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtResumeThread",
"return_value": 0,
"arguments": {
"thread_handle": "0x00000598",
"suspend_count": 1,
"process_identifier": 264
},
"time": 1568681610.5775,
"tid": 2268,
"flags": {}
},
"pid": 264,
"type": "call",
"cid": 6962
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtResumeThread",
"return_value": 0,
"arguments": {
"thread_handle": "0x00000570",
"suspend_count": 1,
"process_identifier": 264
},
"time": 1568681610.5935,
"tid": 2268,
"flags": {}
},
"pid": 264,
"type": "call",
"cid": 7053
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtResumeThread",
"return_value": 0,
"arguments": {
"thread_handle": "0x00000344",
"suspend_count": 1,
"process_identifier": 264
},
"time": 1568681610.5935,
"tid": 2268,
"flags": {}
},
"pid": 264,
"type": "call",
"cid": 7153
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtResumeThread",
"return_value": 0,
"arguments": {
"thread_handle": "0x00000588",
"suspend_count": 1,
"process_identifier": 264
},
"time": 1568681610.6095,
"tid": 2268,
"flags": {}
},
"pid": 264,
"type": "call",
"cid": 7168
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtResumeThread",
"return_value": 0,
"arguments": {
"thread_handle": "0x00000568",
"suspend_count": 1,
"process_identifier": 264
},
"time": 1568681610.6095,
"tid": 2268,
"flags": {}
},
"pid": 264,
"type": "call",
"cid": 7220
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtResumeThread",
"return_value": 0,
"arguments": {
"thread_handle": "0x00000378",
"suspend_count": 1,
"process_identifier": 264
},
"time": 1568681610.6875,
"tid": 2268,
"flags": {}
},
"pid": 264,
"type": "call",
"cid": 7613
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtResumeThread",
"return_value": 0,
"arguments": {
"thread_handle": "0x000002d0",
"suspend_count": 1,
"process_identifier": 264
},
"time": 1568681610.6875,
"tid": 2268,
"flags": {}
},
"pid": 264,
"type": "call",
"cid": 7625
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtResumeThread",
"return_value": 0,
"arguments": {
"thread_handle": "0x000005a8",
"suspend_count": 1,
"process_identifier": 264
},
"time": 1568681610.6875,
"tid": 2268,
"flags": {}
},
"pid": 264,
"type": "call",
"cid": 7638
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtResumeThread",
"return_value": 0,
"arguments": {
"thread_handle": "0x000005b8",
"suspend_count": 1,
"process_identifier": 264
},
"time": 1568681610.6875,
"tid": 2268,
"flags": {}
},
"pid": 264,
"type": "call",
"cid": 7656
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtResumeThread",
"return_value": 0,
"arguments": {
"thread_handle": "0x000005c8",
"suspend_count": 1,
"process_identifier": 264
},
"time": 1568681610.7025,
"tid": 2268,
"flags": {}
},
"pid": 264,
"type": "call",
"cid": 7706
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "CreateProcessInternalW",
"return_value": 1,
"arguments": {
"thread_identifier": 1824,
"thread_handle": "0x0000060c",
"process_identifier": 2256,
"current_directory": "",
"filepath": "C:\\Program Files (x86)\\Mozilla Firefox\\firefox.exe",
"track": 1,
"command_line": "\"C:\\Program Files (x86)\\Mozilla Firefox\\firefox.exe\" -contentproc --channel=\"264.0.1889308942\\1280955394\" -childID 1 -isForBrowser -boolPrefs 299:0| -stringPrefs 285:38;{30125161-3c7f-4c5a-bdb3-beadc01f5994}| -schedulerPrefs 0001,2 -greomni \"C:\\Program Files (x86)\\Mozilla Firefox\\omni.ja\" -appomni \"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\omni.ja\" -appdir \"C:\\Program Files (x86)\\Mozilla Firefox\\browser\" 264 \"\\\\.\\pipe\\gecko-crash-server-pipe.264\" 1536 tab",
"filepath_r": "C:\\Program Files (x86)\\Mozilla Firefox\\firefox.exe",
"stack_pivoted": 0,
"creation_flags": 17302540,
"process_handle": "0x000003e4",
"inherit_handles": 1
},
"time": 1568681610.8275,
"tid": 528,
"flags": {
"creation_flags": "CREATE_BREAKAWAY_FROM_JOB|CREATE_SUSPENDED|CREATE_UNICODE_ENVIRONMENT|DETACHED_PROCESS|EXTENDED_STARTUPINFO_PRESENT"
}
},
"pid": 264,
"type": "call",
"cid": 8442
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtAllocateVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2256,
"region_size": 327680,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"protection": 1,
"process_handle": "0x000003e4",
"allocation_type": 8192,
"base_address": "0x00120000"
},
"time": 1568681610.8275,
"tid": 528,
"flags": {
"protection": "PAGE_NOACCESS",
"allocation_type": "MEM_RESERVE"
}
},
"pid": 264,
"type": "call",
"cid": 8451
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtAllocateVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2256,
"region_size": 65536,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"protection": 1,
"process_handle": "0x000003e4",
"allocation_type": 8192,
"base_address": "0x002b0000"
},
"time": 1568681610.8275,
"tid": 528,
"flags": {
"protection": "PAGE_NOACCESS",
"allocation_type": "MEM_RESERVE"
}
},
"pid": 264,
"type": "call",
"cid": 8452
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtAllocateVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2256,
"region_size": 4096,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"protection": 64,
"process_handle": "0x000003e4",
"allocation_type": 4096,
"base_address": "0x002bb000"
},
"time": 1568681610.8275,
"tid": 528,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE",
"allocation_type": "MEM_COMMIT"
}
},
"pid": 264,
"type": "call",
"cid": 8453
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "WriteProcessMemory",
"return_value": 1,
"arguments": {
"process_identifier": 2256,
"buffer": "\u00b8R\u0000\u0000\u00003\u00c9\u008dT$\u0004d\u00ff\u0015\u00c0\u0000\u0000\u0000\u0083\u00c4\u0004\u00c2,\u0000\u0083\u00ec\bR\u008bT$\f\u0089T$\b\u00c7D$\f\u0010\u00b4+\u0000\u00c7D$\u0004\u00f0\u0013\u0004\u0000Z\u00c3",
"process_handle": "0x000003e4",
"base_address": "0x002bb410"
},
"time": 1568681610.8275,
"tid": 528,
"flags": {}
},
"pid": 264,
"type": "call",
"cid": 8457
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "WriteProcessMemory",
"return_value": 1,
"arguments": {
"process_identifier": 2256,
"buffer": "\u00b8R\u0000\u0000\u0000\u00ba(\u00b4+\u0000\u00ff\u00e2",
"process_handle": "0x000003e4",
"base_address": "0x77bb00a4"
},
"time": 1568681610.8275,
"tid": 528,
"flags": {}
},
"pid": 264,
"type": "call",
"cid": 8459
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "WriteProcessMemory",
"return_value": 1,
"arguments": {
"process_identifier": 2256,
"buffer": "\u00b80\u0000\u0000\u00003\u00c9\u008dT$\u0004d\u00ff\u0015\u00c0\u0000\u0000\u0000\u0083\u00c4\u0004\u00c2\u0018\u0000\u0083\u00ec\bR\u008bT$\f\u0089T$\b\u00c7D$\fP\u00b4+\u0000\u00c7D$\u0004\u00c0\u0015\u0004\u0000Z\u00c3",
"process_handle": "0x000003e4",
"base_address": "0x002bb450"
},
"time": 1568681610.8275,
"tid": 528,
"flags": {}
},
"pid": 264,
"type": "call",
"cid": 8462
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "WriteProcessMemory",
"return_value": 1,
"arguments": {
"process_identifier": 2256,
"buffer": "\u00b80\u0000\u0000\u0000\u00bah\u00b4+\u0000\u00ff\u00e2",
"process_handle": "0x000003e4",
"base_address": "0x77bafd54"
},
"time": 1568681610.8275,
"tid": 528,
"flags": {}
},
"pid": 264,
"type": "call",
"cid": 8464
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "WriteProcessMemory",
"return_value": 1,
"arguments": {
"process_identifier": 2256,
"buffer": "\u00b8:\u0000\u0000\u00003\u00c9\u008dT$\u0004d\u00ff\u0015\u00c0\u0000\u0000\u0000\u0083\u00c4\u0004\u00c2\b\u0000\u0083\u00ec\bR\u008bT$\f\u0089T$\b\u00c7D$\f\u0090\u00b4+\u0000\u00c7D$\u0004p\u0017\u0004\u0000Z\u00c3",
"process_handle": "0x000003e4",
"base_address": "0x002bb490"
},
"time": 1568681610.8275,
"tid": 528,
"flags": {}
},
"pid": 264,
"type": "call",
"cid": 8467
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "WriteProcessMemory",
"return_value": 1,
"arguments": {
"process_identifier": 2256,
"buffer": "\u00b8:\u0000\u0000\u0000\u00ba\u00a8\u00b4+\u0000\u00ff\u00e2",
"process_handle": "0x000003e4",
"base_address": "0x77bafe4c"
},
"time": 1568681610.8275,
"tid": 528,
"flags": {}
},
"pid": 264,
"type": "call",
"cid": 8469
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "WriteProcessMemory",
"return_value": 1,
"arguments": {
"process_identifier": 2256,
"buffer": "\u00b8\u0013\u0001\u0000\u00003\u00c9\u008dT$\u0004d\u00ff\u0015\u00c0\u0000\u0000\u0000\u0083\u00c4\u0004\u00c2\b\u0000\u0083\u00ec\bR\u008bT$\f\u0089T$\b\u00c7D$\f\u00d0\u00b4+\u0000\u00c7D$\u0004\u00c0\u0018\u0004\u0000Z\u00c3",
"process_handle": "0x000003e4",
"base_address": "0x002bb4d0"
},
"time": 1568681610.8275,
"tid": 528,
"flags": {}
},
"pid": 264,
"type": "call",
"cid": 8472
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "WriteProcessMemory",
"return_value": 1,
"arguments": {
"process_identifier": 2256,
"buffer": "\u00b8\u0013\u0001\u0000\u0000\u00ba\u00e8\u00b4+\u0000\u00ff\u00e2",
"process_handle": "0x000003e4",
"base_address": "0x77bb132c"
},
"time": 1568681610.8275,
"tid": 528,
"flags": {}
},
"pid": 264,
"type": "call",
"cid": 8474
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "WriteProcessMemory",
"return_value": 1,
"arguments": {
"process_identifier": 2256,
"buffer": "\u00b8$\u0000\u0000\u00003\u00c9\u008dT$\u0004d\u00ff\u0015\u00c0\u0000\u0000\u0000\u0083\u00c4\u0004\u00c2\u0014\u0000\u0083\u00ec\bR\u008bT$\f\u0089T$\b\u00c7D$\f\u0010\u00b5+\u0000\u00c7D$\u0004\u0010\u001a\u0004\u0000Z\u00c3",
"process_handle": "0x000003e4",
"base_address": "0x002bb510"
},
"time": 1568681610.8275,
"tid": 528,
"flags": {}
},
"pid": 264,
"type": "call",
"cid": 8477
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "WriteProcessMemory",
"return_value": 1,
"arguments": {
"process_identifier": 2256,
"buffer": "\u00b8$\u0000\u0000\u0000\u00ba(\u00b5+\u0000\u00ff\u00e2",
"process_handle": "0x000003e4",
"base_address": "0x77bafc28"
},
"time": 1568681610.8275,
"tid": 528,
"flags": {}
},
"pid": 264,
"type": "call",
"cid": 8479
}
],
"references": [],
"name": "injection_runpe"
}
]Yara
The Yara rules did not detect anything in the file.
Network
{
"tls": [],
"udp": [
{
"src": "192.168.56.101",
"dst": "192.168.56.255",
"offset": 546,
"time": 3.0785629749298,
"dport": 137,
"sport": 137
},
{
"src": "192.168.56.101",
"dst": "192.168.56.255",
"offset": 5226,
"time": 9.0942320823669,
"dport": 138,
"sport": 138
},
{
"src": "192.168.56.101",
"dst": "224.0.0.252",
"offset": 7070,
"time": 3.0396881103516,
"dport": 5355,
"sport": 51001
},
{
"src": "192.168.56.101",
"dst": "224.0.0.252",
"offset": 7398,
"time": 1.0132961273193,
"dport": 5355,
"sport": 53595
},
{
"src": "192.168.56.101",
"dst": "224.0.0.252",
"offset": 7726,
"time": 3.0615050792694,
"dport": 5355,
"sport": 53848
},
{
"src": "192.168.56.101",
"dst": "224.0.0.252",
"offset": 8054,
"time": 1.5855960845947,
"dport": 5355,
"sport": 54255
},
{
"src": "192.168.56.101",
"dst": "224.0.0.252",
"offset": 8382,
"time": -0.095549821853638,
"dport": 5355,
"sport": 55314
},
{
"src": "192.168.56.101",
"dst": "239.255.255.250",
"offset": 8710,
"time": 1.5484671592712,
"dport": 1900,
"sport": 1900
},
{
"src": "192.168.56.101",
"dst": "239.255.255.250",
"offset": 28120,
"time": 1.0446209907532,
"dport": 3702,
"sport": 49152
},
{
"src": "192.168.56.101",
"dst": "239.255.255.250",
"offset": 36504,
"time": 3.1289420127869,
"dport": 1900,
"sport": 53598
}
],
"dns_servers": [],
"http": [],
"icmp": [],
"smtp": [],
"tcp": [],
"smtp_ex": [],
"mitm": [],
"hosts": [],
"pcap_sha256": "5047635f3e673e349fc17624f7a2c29655d6dbde95baa38f7c30f0c9b07d6b60",
"dns": [],
"http_ex": [],
"domains": [],
"dead_hosts": [],
"sorted_pcap_sha256": "45fdc4ed2c6542cc916fdb429e783223b26b980704ed24c516ab6bacd30838f0",
"irc": [],
"https_ex": []
}Screenshots
Hashes [?]
| Property | Value |
|---|---|
| MD5 | 705f5cdacd5693622d29d9d8a4fc6b3b |
| SHA256 | c377d2bfb91b3167f78e37ed202a391e174323b2399b75fac291322d3865c60a |
Error Messages
These are some of the error messages that can appear related to dsc230ri.exe:
dsc230ri.exe has encountered a problem and needs to close. We are sorry for the inconvenience.
dsc230ri.exe - Application Error. The instruction at "0xXXXXXXXX" referenced memory at "0xXXXXXXXX". The memory could not be "read/written". Click on OK to terminate the program.
DS Clock Setup has stopped working.
End Program - dsc230ri.exe. This program is not responding.
dsc230ri.exe is not a valid Win32 application.
dsc230ri.exe - Application Error. The application failed to initialize properly (0xXXXXXXXX). Click OK to terminate the application.
What will you do with dsc230ri.exe?
To help other users, please let us know what you will do with dsc230ri.exe:
Malware or legitimate?
If you feel that you need more information to determine if your should keep this file or remove it, please read this guide.
And now some shameless self promotion ;)
Hi, my name is Roger Karlsson. I've been running this website since 2006. I want to let you know about the FreeFixer program. FreeFixer is a freeware tool that analyzes your system and let you manually identify unwanted programs. Once you've identified some malware files, FreeFixer is pretty good at removing them. You can download FreeFixer here. It runs on Windows 2000/XP/2003/2008/2016/2019/Vista/7/8/8.1/10. Supports both 32- and 64-bit Windows.
If you have questions, feedback on FreeFixer or the freefixer.com website, need help analyzing FreeFixer's scan result or just want to say hello, please contact me. You can find my email address at the contact page.
Comments
Please share with the other users what you think about this file. What does this file do? Is it legitimate or something that your computer is better without? Do you know how it was installed on your system? Did you install it yourself or did it come bundled with some other software? Is it running smoothly or do you get some error message? Any information that will help to document this file is welcome. Thank you for your contributions.
I'm reading all new comments so don't hesitate to post a question about the file. If I don't have the answer perhaps another user can help you.
No comments posted yet.