What is SkypeLauncher.exe?
SkypeLauncher.exe is part of launcher and developed by Microsoft according to the SkypeLauncher.exe version information.
SkypeLauncher.exe's description is "launcher"
SkypeLauncher.exe is digitally signed by Skype Technologies SA.
SkypeLauncher.exe is usually located in the 'C:\Program Files (x86)\Online Services\Skype\' folder.
None of the anti-virus scanners at VirusTotal reports anything malicious about SkypeLauncher.exe.
If you have additional information about the file, please share it with the FreeFixer users by posting a comment at the bottom of this page.
Vendor and version information [?]
The following is the available information on SkypeLauncher.exe:
| Property | Value |
|---|---|
| Product name | launcher |
| Company name | Microsoft |
| File description | launcher |
| Internal name | launcher.exe |
| Original filename | launcher.exe |
| Legal copyright | Copyright © Microsoft 2011 |
| Product version | 1.0.0.0 |
| File version | 1.0.0.0 |
Here's a screenshot of the file properties when displayed by Windows Explorer:
| Product name | launcher |
| Company name | Microsoft |
| File description | launcher |
| Internal name | launcher.exe |
| Original filename | launcher.exe |
| Legal copyright | Copyright © Microsoft 2011 |
| Product version | 1.0.0.0 |
| File version | 1.0.0.0 |
Digital signatures [?]
SkypeLauncher.exe has a valid digital signature.
| Property | Value |
|---|---|
| Signer name | Skype Technologies SA |
| Certificate issuer name | VeriSign Class 3 Code Signing 2009-2 CA |
| Certificate serial number | 4b4749f0d7a0225bb2c32a2a65536305 |
VirusTotal report
None of the 68 anti-virus programs at VirusTotal detected the SkypeLauncher.exe file.
Sandbox Report
The following information was gathered by executing the file inside Cuckoo Sandbox.
Summary
Successfully executed process in sandbox.
Summary
{
"file_opened": [
"",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\1E6CC88205509B4729347C79C048D6FEE47BA702",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4A7B3B12544D1B7ECC140DBCC7F13159E5C2811A",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\116C29D749EF02BBC3455756D834442785F9A388",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\406A03EE0E91037465ACB2B4F4105250A54F282B",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\C7BCCD2D2CA294B38AE834D818CF5D5C0C7A65BE",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\1657114595AmcateirvtiSty.sqlite",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\F17F04878A68505AE5481A71D8B733C5FFC6F285",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\InstallTime20180605171542",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\80C4BD9CF4D3178043F25467076DC8E0EDCA7FA2",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\25BA5C2B3FD98507850409FC3A4FD981B4B57A95",
"C:\\Windows\\assembly\\pubpol4.dat",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\0C2824F70ADF87E5071FE4771AF36357A5500643",
"C:\\Program Files (x86)\\Mozilla Firefox\\defaults\\pref\\channel-prefs.js",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\mozplugin-block-digest256.pset",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\sessionCheckpoints.json",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\53DAE4B1D7BFF6744CCAF7207DE631267F9883DC",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\12C5797F729FEAC529B8B47C188D14EB02D8CB76",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-phish-proto.pset",
"C:\\Windows\\System32\\en-US\\KERNELBASE.dll.mui",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\B7DB036074231ACC212F58CA5B8AF0545A418060",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-downloadwhite-proto.metadata",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\A698B6CF98F43F9B0EE1C1DAF3F2CB9BFF09A47C",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\464DAA9FB3675E2054BC44273AFC184FA46471CB",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\7B303216787123E2E98A2B9594CDF8211C77C0EA",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-harmful-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\14C9FC10F03F11BB6CBD75EA217AB33E64DCC1D8",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\7129FF815464CD6B0D2D26BA6F4172DEB37EEEAD",
"C:\\Windows\\System32\\ieframe.dll",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\addons.json",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\SiteSecurityServiceState.txt",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\03C2D63D520038594126B6B542E92CB503EF60B6",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\9548F9611999ED8CA357720E12017816424CFB6F",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\B871BCA40A90227E35C39797525C79C94A1D99BE",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-downloadwhite-proto.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\except-flashsubdoc-digest256.pset",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-utility-l1-1-0.dll",
"C:\\Windows\\assembly\\GAC_MSIL\\System.Windows.Forms\\2.0.0.0__b77a5c561934e089\\",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\5910B209536948818F465D83D2569E7CE0895207",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\content-prefs.sqlite",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\89ACBB962943FAF1EF2F1C7CA72502C77A714625",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-phish-proto.metadata",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\BD75785200C0E1E894D78880C72AC03D1B02A575",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\89DBE1DF558BB8439E2062ECC3272086F2E3FF1F",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-malware-proto.metadata",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\6052DF2D478CD99FDE4D4B2D810BB2BA580793EC",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D6BFEAEE7117A9C7FDE6A10EAB400F894E4195A8",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\2FD2E2A71F89E3A92F68CB796207228217259289",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-math-l1-1-0.dll",
"C:\\Windows\\System32\\rsaenh.dll",
"C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\machine.config",
"C:\\Users\\cuck\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\BF13DDDC114B55CF8532A4CD90403A99233AEC0E",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4E7F371E5CFBFD3AFD85C29D7EEFFFE842B3C777",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CRLs\\",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\A41FBA22DC5012AD425DF960BDD5033BAB7C7CB6",
"C:\\Users\\cuck\\AppData\\LocalLow",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\allow-flashallow-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\scriptCache-current.bin",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\permissions.sqlite",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\handlers.json",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\B028362E3889BEAC998CED49FD74BA83B106FF93",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\698AC159A6BCBA0D13FE6F10F1A38E498F826F33",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\46E3AF25E304979396708B69DA68563169275511",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\allow-flashallow-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\onboarding@mozilla.org.xpi",
"C:\\Program Files (x86)\\Mozilla Firefox\\gmp-clearkey\\0.1\\manifest.json",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\17AFA6B228D2D87514B84B53E61306EC9F76A8AE",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\179F6D8969C48967D77229126C8892C5E40DBC29",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D5E6BECED2D69F7DA21EFD7B80D6C386F459CAF3",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default",
"C:\\Program Files (x86)\\Mozilla Firefox\\firefox.exe",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\53A3BB8B513161BF46CD7ED76BE06E8E633BE492",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cookies.sqlite",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\92B5C9352DD00CE3BC97E4D5F624D41C2B3E8A45",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-phish-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-harmful-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\2B0BB856207559EBA5FC5511DF6FF5F51DFB5146",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\E771454BB360CA5F7AA169E5416B493549BC2F59",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4FA5EE242D6F5B358CE45D291E80054726F198AC",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\addonStartup.json.lz4",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\EE34617993BEF52E93EC1819B22D42B99366214A",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\F18D85F52EBBBA2AB081EF739ED0D6E8A76D497C",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\blocklist.xml",
"C:\\Windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\96ABC2EA8266E6EA2ABE62F8766B67BC8CA527BD",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\AlternateServices.txt",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-multibyte-l1-1-0.dll",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-badbinurl-proto.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D1B90B03F8D7A2BA6BA1E9251F8101DECDB2CBEC",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\base-track-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\08F6935A08DB711CA491DE732807CFAEAB3E4D3B",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\CabA55C.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\64E75C732D9C3F23724ACEF48E9B6C566BC6D9BE",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\followonsearch@mozilla.com.xpi",
"C:\\Windows\\System32\\wshqos.dll",
"C:\\",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\TarA55D.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-track-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\22C4B7AADA22F61015D43F2AC3959E959BFA7C92",
"C:\\Program Files (x86)\\Mozilla Firefox\\fonts\\EmojiOneMozilla.ttf",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\B25B8C1B43CF7FBFAE6666322FAC0E83376388E2",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\24AB539CB6640E15DB1604220F3951544785212C",
"C:\\Program Files (x86)\\Mozilla Firefox\\lgpllibs.dll",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\505DF13F4DA2C53FEB1945E0598B23F47FDBDCC7",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\BA91797ACB41F0E0E1E95742571EEE322A6A70F0",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\webext.sc.lz4",
"C:\\Program Files (x86)\\Mozilla Firefox\\mozglue.dll",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\CCB2BB2D87699CA64DCF0C60BDECD1E30D1D6A11",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\773ADD9F62EEAF7F2246C8AD56A9F1B7BAA7B703",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\2E3648501A7ACB740BAFCE7FC3EAF3D4DC4E995D",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\9BA38CD17924C08AD334BFB3903E3E7CD5627B1B",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\2DDBF58F5F7BF1E52CD38B42B90ABC8A4B082461",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-block-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\mozplugin-block-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\E7EAFD1748127CEAA48DCDD05E7998E3CAA95B8C",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\C4FA0268E64A0AD9E2040B07A1F10F120BD4EB0C",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\EAF97F7535E2FBDA3D23E536591F7BBFE203FAC1",
"\\Device\\NamedPipe\\",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D5D7B247774E63182A9E2C82B62424AAB64C79A8",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\745D8B14DE6A12F1FAB4E03C1DDDB18AADB91107",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\6E1FED29EBE0BFDE3E498E4192938BE957FF9246",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\xulstore.json",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\A9004750076EB06EEC33AA7B9CC6D2557CD44CF4",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-malware-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\0CB83587A5F8FCB502CB86AC361A93E2B36E861C",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\A3031C2052A395A7FE246EFE1783C6205B841295",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\2F8B15C93D75669CC70EBF85BF71871359837EAF",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-unwanted-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\1679441B8AA7B4D31717C773CC4E86A25B37532B",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\C9BC79B1EF4DD1EF133FEDF6433E235214534AB1",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\search.json.mozlz4",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\10506E8A46D6B713DA6BAF52F85CF29652AB094C",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\19AE0F43DA3528C6C3423A49A8C88E2268C93A9F",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\A9970A5D52CA09C13D9BD1531BCA7CF8B73E283E",
"C:\\Windows\\assembly\\GAC_64\\mscorlib\\2.0.0.0__b77a5c561934e089\\",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\A2FD2AEC52AD764EF05C6E7CE3A4CE4B752EA5F0",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\719CE0C009C49A27AA9874570F196BC7E8FB4270",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\except-flashsubdoc-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\block-flash-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\6301F538B782708AB243E2D7E05058C93BB83863",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\DF08D94982E136FE7C4F2C94421F9E48C2C74A77",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\C664ABAE6A070392F60C7BFF721450AA0CF7DBA0",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\B10EA6E071F884F477118DC8A00E82FC8DE58639",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\key4.db",
"C:\\Program Files (x86)\\Mozilla Firefox\\omni.ja",
"C:\\Users\\cuck\\AppData\\Local\\",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cert9.db",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-badbinurl-proto.metadata",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\E8F333B9BE75EC8017017DAE4ACE9DCC6677A983",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-block-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\1E1444ABF82EF1DC8EE0944028E4CDA455D636F3",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\05582FF5C196A4485F189490FEC9ECEA0890DA32",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\589D8E1EA927649272150213A47BD1143DECB82A",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\ED89A8241905354BB4530DC06257CEF53C1580A2",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-phish-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\BFF1B70350A6A2E0FDC6CD336ADB9119D951BACD",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-string-l1-1-0.dll",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-trackwhite-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\66F684AF9CC570C6247262B47C769C601C2A338B",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\639DC9A240AA5E77CE1A930EDDD634BE796CBFA8",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\containers.json",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\prefs.js",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D1A8E6A06938A84BEC26B6A4F8D583FB4A3E4875",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\1D7A050D55E3C4EE69402F8D55391DE5B50ADDB9",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\pkcs11.txt",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\6C9B846926C287B15F67D64CE91F1CFA7D812660",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\except-flashallow-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\C57B57965CBA09581E320B5AA0337D210F8F93D2",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-phish-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-harmful-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\0CDAD0FEE8D457A239E21FCEAC3C12851FD524BB",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\32D3D40B1A49D72C523AF9C518AFE673224DF48F",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\times.json",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\E2E836DA4479746F0312710A7F9EE78D7DFD4750",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-trackwhite-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\2E51A9404F7D0D33DB132CAF4A9C7B8FA64549AA",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-unwanted-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\120B4106EC203FC932984367D86BBE11C2B9B93C",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\2361C75DF0C4148925BB777DAFEA1BF4F9552B47",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\favicons.sqlite-wal",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\3A472858AE5D0DD4813DF4EFC9F1037A487B1A64",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-block-simple.sbstore",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-locale-l1-1-0.dll",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\65C9C9A27B78717F1015DE362F028E04C3945DEC",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4E83181E964BD40E1FE4C41BAFED645D4BA363B1",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\25D9FE4CEA5B58770648CDAF3242ACDE286A6CBF",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\extensions\\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4AFCE23AA61A96885DF21D2DE2FFB502C41EBD3C",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\3561288849sdhlie.sqlite",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\1FD79E550E990A5DE8BC811C9BBECF380A66A9DF",
"C:\\Program Files (x86)\\Mozilla Firefox\\nss3.dll",
"C:\\Windows\\Fonts\\times.ttf",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-malware-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\361B548BA913570AB336F9E5FA9152F01E567AB9",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\mozstd-trackwhite-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\9843E084E02CC996A82AAAF091B968B2F443AA96",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\base-track-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\webappsstore.sqlite-wal",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\63F48F4F7F1BC3195F5AB831F9794F3DBA2D30E1",
"C:\\Windows\\Fonts\\segoeuii.ttf",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\favicons.sqlite",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4945586D32183A203E85FAFFD463A7684FD62668",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\7F2254AA2A8BC4A627A43E0A537084540A1E884B",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\aushelper@mozilla.org.xpi",
"C:\\Users\\cuck\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\94308059B57B3142E455B38A6EB92015",
"C:\\Program Files (x86)\\Mozilla Firefox\\chrome.manifest",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\950506BC89C1114E4E75E993855000430CECD9D9",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-track-simple.pset",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\Certificates\\",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\1F3A3A34BAF218785600EB46E9182918B9928898",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4824C8FFDEE786A5D8721AF47836EA89F72B9E63",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-phish-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\startupCache.4.little",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\compatibility.ini",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\235A8ED310BFD65966E1EE36D0FD4BE498C8B73C",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\thumbnails\\f8f5d529d35334f2fb264d19f656224e.png",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\.metadata-v2",
"\\\\?\\PIPE\\samr",
"C:\\Windows\\System32\\spool\\drivers\\color\\sRGB Color Space Profile.icm",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\7ADD52E257AB16553D632B8F4B6830030878A19E",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-time-l1-1-0.dll",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\5E4954707B44E5A4B4ACF5F22B52219A1DCA477F",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\AA109EF5680522CB655C98111C00F5A6B7B092B2",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\1AB027184D2B00AF60C1FC40EDE4333DEACDB184",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\B597DA2E9B2D181DF7F2FB8D2BAEC133C8DBA0A3",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\C03DE41C9476F437402F1B6C64B0E4AB01A863E0",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\crashes\\store.json.mozlz4",
"C:\\Program Files (x86)\\Mozilla Firefox\\dependentlibs.list",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\webappsstore.sqlite",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\TRRBlacklist.txt",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\FF55B8192FB0DF5264A1A67E55A281598969EDD1",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-trackwhite-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-malware-proto.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\block-flashsubdoc-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\BA3014356B4F6ECADF1B5288B6841EB407783B99",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\75E50D054B90189E74DAB0C86F5E8680BE580C29",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\session-state.json",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\34D9B2F464DD8C129F58DFEE470B079556A7A3F9",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\167493A5CFB1A41265EC1B95DA06580C32BCF814",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\activity-stream.tippytop.json",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\68B1EB9E09D4BD74CA7A9C1BB118BE821BD39E93",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\DC933A410E769DFD115C892EAF014A6E15ED59CE",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D172C03F361E7325D8F391F992106A828306767D",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\911B0C61350C012E383F7D0845A33B4D64F1AD2A",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D381FB47D731C2651FB103E2F7BC18AF380F7B1F",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\0FEBD8BDBFAC8B82791945DC7E04F675419B2F42",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\block-flash-digest256.pset",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-runtime-l1-1-0.dll",
"C:\\Windows\\assembly\\GAC_MSIL\\System.Drawing\\2.0.0.0__b03f5f7f11d50a3a\\",
"C:\\Users\\cuck\\AppData\\LocalLow\\Mozilla\\Temp-{30125161-3c7f-4c5a-bdb3-beadc01f5994}",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\7A140995F2B1632A4366B29F84525E129CE8019A",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-block-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\13AD07F4960A54F2D183ACF9E94C5128138B1927",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\scriptCache-child-current.bin",
"C:\\Users\\",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\8C98F893C7DC5F2C401AD1482A81572B54197408",
"C:\\Program Files (x86)\\Mozilla Firefox\\VCRUNTIME140.dll",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\10822A86FA4EA4E601152426CBC79395A1336DF4",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\481A82674A6B66F0DE510C9A714F8CD8C49CECDC",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\5DE23E815D1A97B1F4BEA115D8FEE9A592A6F071",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\B3F357E619352C003E94A8CF5A48F89305F38330",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\6D0B804EDDF9F0A04ED44C3E1673404FC2EF042D",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CTLs\\",
"C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4EC268BEC38CFB516EF780E0EBE4E401AF241132",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\796EA7DED8F33BFD4F2F0CD98C76865D063E1FE1",
"C:\\Users\\cuck\\AppData\\",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D8779A474EF9F188508C00F92B9CE49A7892A0AD",
"C:\\Program Files (x86)\\Mozilla Firefox\\xul.dll",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\87526A8EBFB030E474085D20EF15DC8C63814072",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\screenshots@mozilla.org.xpi",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\AC09BBF6FF451E6C03BF3FB18C85B1A52662C4FC",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\0EDDF8C091E2FED62E44BEDDDC1723F5BF38FE4F",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D7152E928865BCA4A03E2E2EA4F70459D0A65CA9",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\except-flash-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-track-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\profiles.ini",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\3105ECE5A1F29E3F4D2F5EDF3C6DC5FE4443FD4A",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-harmful-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\93B95B92B63A5C2327A8048A4BF57824C56B8CF1",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-track-simple.pset",
"C:\\Windows\\Fonts\\segoeui.ttf",
"C:\\Users\\cuck\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\94308059B57B3142E455B38A6EB92015",
"C:\\PROGRAM FILES (X86)\\MOZILLA FIREFOX\\fonts\\EMOJIONEMOZILLA.TTF",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\9B1007AC2F741C4FD7099C41A741D0FD35957BB8",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\places.sqlite-wal",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4966EE335F8967FC706E89E6D02E8524E946F1B9",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\except-flashallow-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\196BCA845E91608F7B4CA6127A60D20AF55413AC",
"C:\\Windows\\System32\\l_intl.nls",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\F8AC72083E334F70A553AE68455FBDF0E65C5221",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\E59C4C731883450D84A0BAE7FDD94546BBC8DE04",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\SecurityPreloadState.txt",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D3AEF13BE0B76F1272C2F5536D4AF952DE6D2579",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-unwanted-simple.pset",
"C:\\Windows\\System32\\en-US\\WINHTTP.dll.mui",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\8366CD083751DA973B30F80B11D910A45A6D920D",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\webcompat@mozilla.org.xpi",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\6509930F4539DB79DA356F2C5D01976D46756302",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\8322BC5E83D3D80175E749D29197F9800286F253",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\2732BCC97E7EB9EC9DE3E8EA8F56D7971CBDCD22",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\except-flash-digest256.pset",
"C:\\Windows\\System32\\wship6.dll",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\E910D1FCE8BF27F5536B88567A4DC32624377CC3",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\B2D65EE14ED1EB19E1A3B4C871D8C24A13F52918",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\firefox@getpocket.com.xpi",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\7A8D3A9360CC37F0AD80962D4AEA72B6D0F0B2B3",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-trackwhite-simple.sbstore",
"C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\AC5E012C1887C7B691A8EA00C4E754025E25C235",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-malware-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\F2BD0701B9399ABF52C338C39C42391FD12832D2",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\01B2BB0FC84221A3593CA7991D57E56AC2CAE656",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\F10983A15DD515D828BE4E816299B9E87852132A",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\EFE71EF03AD3DD79AAEBAA0A3F9596521CBA2FFE",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-filesystem-l1-1-0.dll",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\B43D30F6F6BD7155ECCE1FFC98748C5FE69D8051",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-heap-l1-1-0.dll",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-unwanted-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\71E6B979E60B9BE891481CC4F4A274E2DECFFCD7",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\EA9C51236A8D1BE9B123FE65F49772A97F2EAAEC",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\EFC872FB5405AFC377348FFCDD26E62BBB612D81",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\499B8F86D3D7ACD12153BFF4E7D9C21E20E57862",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4DE8480C465A21C0F01AA2B6F4E13E551F78BBB1",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\AFE5FBBD40656A0DF79CF1E5D0A1DF072C6B9AE9",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\chrome.manifest",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\8763F97414AC5D93807FCCBC67DBAAAEE2972A52",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\F6C3C960F259CC3B54FF1DAD70E2F2E9E5020CA6",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D88DC229735F2EE8DFE494C6D1F37FA7BB2227CE",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\F85DD1E57E8C61DF501ABFFCE74943A8035E83A6",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\state.json",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\shield-preference-experiments.json",
"C:\\Program Files (x86)\\Mozilla Firefox\\msvcp140.dll",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\archived",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\sessionstore.jsonlz4",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\omni.ja",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\006309EAFFD4653F45B69F09BF6F930B6C5B394C",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\63FFF734326AB3EF836515DFE9353A5E12B66B71",
"C:\\Windows\\System32\\ExplorerFrame.dll",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\54EF37D18C4E81EE554527CBAE4A41871ECA817A",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\extensions.json",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\CA53C817FAB68ABF181745737562B15E8CCB7039",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-environment-l1-1-0.dll",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\2918063365piupsah.sqlite",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\3b9e7e16e65a87d943fec0ec7dff8fda4b1d3340829c39e073f6df55405177f9.bin",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-unwanted-proto.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\E600EF8778C4BFEC40D87FF56E5C46E3377094F0",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\16114BA75206B6FA4C51ADC8A73DB4C6635F6AF9",
"C:\\Program Files (x86)\\Mozilla Firefox",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\2F0CC71C57B06F9DEA5A4A190CC4CF489D97C1F4",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\mozstd-trackwhite-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\9B10ECC55593004CB6F9763CF9201C09433055FD",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\79AEB0050B19F23A061AD4C2045261954485EF33",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-malware-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\88A3A91F296EB21A832CB76FA4FDB06CCDE147B9",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\5014D54D3346C39B07AF70090657B2AD092771C7",
"C:\\Users\\cuck\\",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D56D07CBF04B0388B53B943F61C75FC6620FA0A9",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\crashes\\events",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\25FCAA86CF448D2943B56A5788C3C21E5EA8DBC4",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\urlCache-current.bin",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\events",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\places.sqlite",
"C:\\Windows\\",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-unwanted-proto.metadata",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage.sqlite",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\BB03D28C0A5842A9006EBFBFCDEC58959BE6B505",
"C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\index143.dat",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\activity-stream@mozilla.org.xpi",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\53B7A8254D12E292946E4514B3D598C1E6539AE8",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-stdio-l1-1-0.dll",
"C:\\Windows\\winsxs\\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6\\",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-convert-l1-1-0.dll",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\24C085D72E4DC34C183B0875733BBC71612D9696",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\formautofill@mozilla.org.xpi",
"C:\\Windows\\System32\\KBDUS.DLL",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\723D2D7D52AD8AD9A4B8D12D69CBCD97CB4FFC65",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\448A2AB129B26377E2408BBC44A6B4E984B0F25D",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\FDC043D6190638980733E805CC7517F27A931511",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\70F12FE0F788181112B9AEE541D1E9E7E0FAEDE3",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\block-flashsubdoc-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\F456E8433011E699C016D5F1A2CD66D7F02F61A1",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\thumbnails\\ad5a4453bea49203135688a7b8db842d.png",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\ABA24AAB8A9EA0E34C3E86EFD7EE2992CE614003"
],
"regkey_opened": [
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\181938c6\\7950e2c5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\PublisherPolicy\\Default\\policy.2.0.Accessibility__b03f5f7f11d50a3a",
"HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows NT\\DnsClient",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Mozilla\\Firefox\\32to64DidMigrate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\MMDevices\\Audio\\Render\\{c8ce7349-e519-42ea-bfb7-698f1844ee25}",
"HKEY_CURRENT_USER\\Software\\Synaptics\\SynTPEnh\\UltraNavPS2",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{8613E14C-D0C0-4161-AC0F-1DD2563286BC}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\19ab8d57\\1bd7b0d8\\8f",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE",
"HKEY_CURRENT_USER\\Software\\Lenovo\\TrackPoint",
"HKEY_CLASSES_ROOT\\FirefoxHTML-E7CF176E110C211B",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\.NETFramework",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\181938c6\\7950e2c5\\82",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{0000897b-83df-4b96-be07-0fb58b01c4a4}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Class\\{4d36e968-e325-11ce-bfc1-08002be10318}\\0000",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\30bc7c4f\\3f50fe4f",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\41c04c7e\\7f3b6ac4\\80",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\KnownClasses",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.html",
"HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows NT\\Rpc",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\000000000008",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\KnownFolderSettings",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{C1EE01F2-B3B6-4A6A-9DDD-E988C088EC82}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\000000000001",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\000000000002",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\000000000003",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\000000000004",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\000000000005",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\000000000006",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\000000000007",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\.NETFramework\\Security\\Policy\\Extensions\\NamedPermissionSets",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\LSA\\AccessProviders",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-699399860-4089948139-3198924279-1001",
"HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.html\\UserChoice",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\PublisherPolicy\\Default\\policy.2.0.System.Security__b03f5f7f11d50a3a",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Shell\\Associations\\UrlAssociations\\http",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\3ced59c5\\1b2590b1\\85",
"HKEY_CURRENT_USER\\Software\\Elantech\\MainOption",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Tracing\\firefox_RASMANCS",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\msasn1",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\PublisherPolicy\\Default\\policy.2.0.System.Deployment__b03f5f7f11d50a3a",
"HKEY_LOCAL_MACHINE\\Software\\Mozilla\\Firefox\\TaskBarIDs",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{03B5835F-F03C-411B-9CE2-AA23E1171E36}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64",
"HKEY_LOCAL_MACHINE\\System\\Setup",
"HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ICM\\RegisteredProfiles",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\000000000010",
"HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Avalon.Graphics\\DISPLAY1",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\61e7e666\\c991064\\83",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\DnsCache\\Parameters",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\61e7e666\\c991064",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\index143",
"HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\.NETFramework\\Policy\\",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\.NETFramework\\v2.0.50727\\Security\\Policy",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_ALLOW_REVERSE_SOLIDUS_IN_USERINFO_KB932562",
"HKEY_CURRENT_USER\\Software\\Policies\\Mozilla\\Firefox",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\475dce40\\2d382ce6\\8d",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{F25E9F57-2FC8-4EB3-A41A-CCE5F08541E6}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Websense\\Agent",
"HKEY_CURRENT_USER\\Software\\Synaptics\\SynTPEnh\\UltraNavUSB",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\Interface\\{423EC01E-2E35-11D2-B604-00104B703EFD}\\ProxyStubClsid32",
"HKEY_CURRENT_USER\\Software\\Microsoft\\CTF\\DirectSwitchHotkeys",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\IETld",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Windows",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Fusion",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\Policy\\standards\\v2.0.50727",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{618736E0-3C3D-11CF-810C-00AA00389B71}\\ProxyStubClsid32",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Mozilla\\Firefox\\TaskBarIDs",
"HKEY_CURRENT_USER\\SOFTWARE\\Mozilla\\Firefox\\32to64DidMigrate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\PublisherPolicy\\Default\\policy.2.0.System__b77a5c561934e089",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{DCBD6FA8-032F-11D3-B5B1-00C04FC324A1}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\PublisherPolicy\\Default\\policy.2.0.System.Xml__b77a5c561934e089",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\StrongName",
"HKEY_CURRENT_USER\\Software\\Lenovo\\UltraNav",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Fusion",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts",
"HKEY_CURRENT_USER\\Software\\Microsoft\\CTF\\LayoutIcon\\0409\\0000041d",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\PropertyBag",
"HKEY_CURRENT_USER\\SOFTWARE\\Policies",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\WinSock2\\Parameters",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\PublisherPolicy\\Default\\policy.2.0.System.Runtime.Serialization.Formatters.Soap__b03f5f7f11d50a3a",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\.NETFramework\\Policy\\Standards",
"HKEY_CURRENT_USER\\Software\\Mozilla\\Firefox",
"HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\System\\DNSClient",
"HKEY_LOCAL_MACHINE\\HARDWARE\\DESCRIPTION\\System\\CentralProcessor\\0",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{3697C5FA-60DD-4B56-92D4-74A569205C16}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\1",
"HKEY_LOCAL_MACHINE\\Software\\MozillaPlugins",
"HKEY_CURRENT_USER\\Software\\Classes\\.pdf",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\PropertyBag",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Video\\{6FABAC3A-B3E4-4C2F-82E9-AA53D01C5093}\\0000",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\1\\KnownFolders",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Mozilla\\MaintenanceService",
"HKEY_CURRENT_USER\\Interface\\{423EC01E-2E35-11D2-B604-00104B703EFD}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Setup",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\Security\\Policy\\Extensions\\NamedPermissionSets\\LocalIntranet",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\MMDevices\\Audio\\Render\\",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Avalon.Graphics",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\30bc7c4f\\3f50fe4f\\90",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies",
"HKEY_CLASSES_ROOT\\FirefoxHTML-E7CF176E110C211B\\shell\\open\\command",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\000000000009",
"HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\DWM",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{AE6BE008-07FB-400D-8BEB-337A64F7051F}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\2dd6ac50\\163e1f5e\\8a",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\PropertyBag",
"HKEY_CURRENT_USER\\Software\\Alps\\Apoint\\TrackPoint",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{E429B25A-E5D3-4D1F-9BE3-0C608477E3A1}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\MMDevices\\Audio\\Render\\{c8ce7349-e519-42ea-bfb7-698f1844ee25}\\Properties",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\Policy\\AppPatch",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\PublisherPolicy\\Default\\policy.2.0.System.Drawing__b03f5f7f11d50a3a",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\Interface\\{1C1C45EE-4395-11D2-B60B-00104B703EFD}\\ProxyStubClsid32",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.pdf",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\application\/pdf",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\c991064\\2bd33e1c\\81",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Class\\{4D36E96E-E325-11CE-BFC1-08002BE10318}\\0000",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{F89E9E58-BD2F-4008-9AC2-0F816C09F4EE}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_CURRENT_USER\\Interface\\{1C1C45EE-4395-11D2-B60B-00104B703EFD}",
"HKEY_CURRENT_USER\\Keyboard Layout\\Toggle",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\00000005",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{531FDEBF-9B4C-4A43-A2AA-960E8FCDC732}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\Policy\\v2.0",
"HKEY_CURRENT_USER\\Software\\Microsoft\\.NETFramework",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\",
"HKEY_LOCAL_MACHINE\\Software\\Synaptics\\SynTP\\Install",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\LDAP",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\MMDevices\\Audio\\Render\\{6fcf1fb3-47c2-4dea-98cf-b6fd0420a46f}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\3b9e7e16e65a87d943fec0ec7dff8fda4b1d3340829c39e073f6df55405177f9.bin",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Fusion\\PublisherPolicy\\Default",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Shell\\Associations\\UrlAssociations\\http\\UserChoice",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_USE_IETLDLIST_FOR_DOMAIN_DETERMINATION",
"HKEY_CURRENT_USER\\Software\\MozillaPlugins",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings",
"HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\Policy\\APTCA",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{78CB5B0E-26ED-4FCC-854C-77E8F3D1AA80}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\424bd4d8\\1c83327b\\8e",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Mozilla\\Firefox\\Extensions",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\7552bf40\\6f95f100",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ICM\\RegisteredProfiles",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders",
"HKEY_CURRENT_USER\\SOFTWARE\\Mozilla\\Firefox\\Extensions",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Websense\\Agent",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\PropertyBag",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Mozilla\\Firefox",
"HKEY_LOCAL_MACHINE\\SOFTWARE",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{03022430-ABC4-11D0-BDE2-00AA001A1953}\\InProcServer32",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\6dc7d4c0\\a5cd4db\\87",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Fusion\\GACChangeNotification\\Default",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\Policy\\standards",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.html\\(Default)",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{07EB03D6-B001-41DF-9192-BF9B841EE71F}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_CURRENT_USER\\Software\\Microsoft\\.NETFramework\\Policy\\Standards",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\crypt32",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\PublisherPolicy\\Default\\policy.2.0.System.Windows.Forms__b77a5c561934e089",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Class\\{4d36e972-e325-11ce-bfc1-08002be10318}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\Policy\\Upgrades",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\PublisherPolicy\\Default\\policy.2.0.System.Configuration__b03f5f7f11d50a3a",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\3f50fe4f\\6f1da7aa\\90",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\ClusSvc",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\OLEAUT",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontSubstitutes",
"HKEY_LOCAL_MACHINE\\Software\\Alps\\Apoint",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\Tcpip\\Parameters",
"HKEY_LOCAL_MACHINE\\Software\\Cisco Systems\\VPN Client",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\3cca06a0\\6dc7d4c0\\84",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{A028AE76-01B1-46C2-99C4-ACD9858AE02F}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\7950e2c5\\19b8f67f\\82",
"HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ICM",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{81D4E9C9-1D3B-41BC-9E6C-4B40BF79E35E}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\Security\\Policy\\Extensions\\NamedPermissionSets\\Internet",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\internal\\jit\\Perf",
"HKEY_CURRENT_USER\\Software\\Elantech",
"HKEY_CLASSES_ROOT\\FirefoxURL-E7CF176E110C211B\\shell\\open\\command"
],
"guid": [
"{6f237df9-9ddb-47ad-b218-400d54c286ad}",
"{a95664d2-9614-4f35-a746-de8db63617e6}",
"{c43dc798-95d1-4bea-9030-bb99e2983a1a}",
"{17072f7b-9abe-4a74-a261-1eb76b55107a}",
"{0000015b-0000-0000-c000-000000000046}",
"{44aca674-e8fc-11d0-a07c-00c04fb68820}",
"{8bc3f05e-d86b-11d0-a075-00c04fb68820}",
"{529a9e6b-6587-4f23-ab9e-9c7d683e3c50}",
"{591209c7-767b-42b2-9fba-44ee4615f2c7}",
"{4e530b0a-e611-4c77-a3ac-9031d022281b}",
"{465a756d-45ad-4305-85fd-d3321650f3b7}",
"{4590f811-1d3a-11d0-891f-00aa004b2e24}",
"{6332debf-87b5-4670-90c0-5e57b408a49e}",
"{674b6698-ee92-11d0-ad71-00c04fd8fdff}",
"{d5f569d0-593b-101a-b569-08002b2dbf7a}",
"{871c5380-42a0-1069-a2ea-08002b30309d}",
"{000214e6-0000-0000-c000-000000000046}",
"{dc12a687-737f-11cf-884d-00aa004b2e24}",
"{bcde0395-e52f-467c-8e3d-c4579291692e}",
"{77f10cf0-3db5-4966-b520-b7c54fd35ed6}",
"{56fdf344-fd6d-11d0-958a-006097c9a090}",
"{28b4d88b-e072-49e6-804d-26edbe21a7b9}",
"{e77cc89b-7401-4c04-8ced-149db35add04}",
"{0000034b-0000-0000-c000-000000000046}",
"{f309ad18-d86a-11d0-a075-00c04fb68820}",
"{aa80e801-2021-11d2-93e0-0060b067b86e}",
"{722a338c-6e8e-4e72-ac27-1417fb0c81c2}",
"{7c857801-7381-11cf-884d-00aa004b2e24}"
],
"connects_ip": [
"127.0.0.1"
],
"regkey_written": [
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\8F43288AD272F3103B6FB1428485EA3014C0BCFE\\Blob",
"HKEY_CURRENT_USER\\Local Settings\\MuiCache\\2\\52C64B7E\\LanguageList"
],
"file_copied": [
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\block-flashsubdoc-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\block-flashsubdoc-digest256.pset"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-track-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-track-simple.pset"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-malware-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-malware-simple.pset"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\except-flashallow-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\except-flashallow-digest256.sbstore"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-phish-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-phish-simple.sbstore"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-harmful-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-harmful-simple.pset"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-trackwhite-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-trackwhite-simple.pset"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\allow-flashallow-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\allow-flashallow-digest256.pset"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-block-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-block-simple.pset"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-badbinurl-proto.metadata",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-badbinurl-proto.metadata"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-harmful-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-harmful-simple.sbstore"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\block-flash-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\block-flash-digest256.pset"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\except-flashallow-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\except-flashallow-digest256.pset"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\except-flash-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\except-flash-digest256.pset"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-downloadwhite-proto.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-downloadwhite-proto.pset"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-malware-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-malware-simple.sbstore"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-phish-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-phish-simple.pset"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-malware-proto.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-malware-proto.pset"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-unwanted-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-unwanted-simple.sbstore"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\mozstd-trackwhite-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\mozstd-trackwhite-digest256.pset"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\mozplugin-block-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\mozplugin-block-digest256.pset"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-malware-proto.metadata",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-malware-proto.metadata"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-trackwhite-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-trackwhite-simple.sbstore"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\allow-flashallow-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\allow-flashallow-digest256.sbstore"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\mozplugin-block-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\mozplugin-block-digest256.sbstore"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-badbinurl-proto.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-badbinurl-proto.pset"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-block-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-block-simple.sbstore"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-unwanted-proto.metadata",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-unwanted-proto.metadata"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\mozstd-trackwhite-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\mozstd-trackwhite-digest256.sbstore"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-track-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-track-simple.sbstore"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\block-flashsubdoc-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\block-flashsubdoc-digest256.sbstore"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-downloadwhite-proto.metadata",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-downloadwhite-proto.metadata"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-unwanted-proto.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-unwanted-proto.pset"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\except-flashsubdoc-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\except-flashsubdoc-digest256.pset"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\base-track-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\base-track-digest256.pset"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\base-track-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\base-track-digest256.sbstore"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\except-flashsubdoc-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\except-flashsubdoc-digest256.sbstore"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-unwanted-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-unwanted-simple.pset"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-phish-proto.metadata",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-phish-proto.metadata"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\except-flash-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\except-flash-digest256.sbstore"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\block-flash-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\block-flash-digest256.sbstore"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-phish-proto.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-phish-proto.pset"
]
],
"command_line": [
"http:\/\/redirect.hp.com\/svs\/rdr?c=none&bd=all&tp=onlinesvs&locale=all&pf=all&s=skype&TYPE=4",
"\"C:\\Program Files (x86)\\Mozilla Firefox\\firefox.exe\" -contentproc --channel=\"2804.0.1621948294\\611156464\" -childID 1 -isForBrowser -boolPrefs 299:0| -stringPrefs 285:38;{30125161-3c7f-4c5a-bdb3-beadc01f5994}| -schedulerPrefs 0001,2 -greomni \"C:\\Program Files (x86)\\Mozilla Firefox\\omni.ja\" -appomni \"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\omni.ja\" -appdir \"C:\\Program Files (x86)\\Mozilla Firefox\\browser\" 2804 \"\\\\.\\pipe\\gecko-crash-server-pipe.2804\" 1468 tab",
"\"C:\\Program Files (x86)\\Mozilla Firefox\\firefox.exe\" -contentproc --channel=\"2804.6.1527108264\\1632374435\" -childID 2 -isForBrowser -boolPrefs 299:0| -stringPrefs 285:38;{30125161-3c7f-4c5a-bdb3-beadc01f5994}| -schedulerPrefs 0001,2 -greomni \"C:\\Program Files (x86)\\Mozilla Firefox\\omni.ja\" -appomni \"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\omni.ja\" -appdir \"C:\\Program Files (x86)\\Mozilla Firefox\\browser\" 2804 \"\\\\.\\pipe\\gecko-crash-server-pipe.2804\" 2664 tab",
"\"C:\\Program Files (x86)\\Mozilla Firefox\\firefox.exe\" -osint -url \"http:\/\/redirect.hp.com\/svs\/rdr?c=none&bd=all&tp=onlinesvs&locale=all&pf=all&s=skype&TYPE=4\""
],
"regkey_deleted": [
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\8F43288AD272F3103B6FB1428485EA3014C0BCFE"
],
"mutex": [
"Global\\MozillaUpdateMutex-AWkbzLFmEHPmIFtactC8kpT7UdM=",
"Local\\FirefoxStartupMutex"
],
"wmi_query": [
"SELECT * FROM Win32_BIOS"
],
"file_read": [
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\9843E084E02CC996A82AAAF091B968B2F443AA96",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\1E6CC88205509B4729347C79C048D6FEE47BA702",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4A7B3B12544D1B7ECC140DBCC7F13159E5C2811A",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\116C29D749EF02BBC3455756D834442785F9A388",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\C03DE41C9476F437402F1B6C64B0E4AB01A863E0",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\base-track-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\8366CD083751DA973B30F80B11D910A45A6D920D",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\BB03D28C0A5842A9006EBFBFCDEC58959BE6B505",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\1657114595AmcateirvtiSty.sqlite",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\F17F04878A68505AE5481A71D8B733C5FFC6F285",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\B3F357E619352C003E94A8CF5A48F89305F38330",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\BF13DDDC114B55CF8532A4CD90403A99233AEC0E",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\TarA55D.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D7152E928865BCA4A03E2E2EA4F70459D0A65CA9",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\5DE23E815D1A97B1F4BEA115D8FEE9A592A6F071",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\80C4BD9CF4D3178043F25467076DC8E0EDCA7FA2",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\63F48F4F7F1BC3195F5AB831F9794F3DBA2D30E1",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\22C4B7AADA22F61015D43F2AC3959E959BFA7C92",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\25BA5C2B3FD98507850409FC3A4FD981B4B57A95",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-unwanted-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\FF55B8192FB0DF5264A1A67E55A281598969EDD1",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\favicons.sqlite",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-convert-l1-1-0.dll",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-trackwhite-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4945586D32183A203E85FAFFD463A7684FD62668",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4E7F371E5CFBFD3AFD85C29D7EEFFFE842B3C777",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\24AB539CB6640E15DB1604220F3951544785212C",
"C:\\Program Files (x86)\\Mozilla Firefox\\lgpllibs.dll",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\0C2824F70ADF87E5071FE4771AF36357A5500643",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\7F2254AA2A8BC4A627A43E0A537084540A1E884B",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D88DC229735F2EE8DFE494C6D1F37FA7BB2227CE",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\EE34617993BEF52E93EC1819B22D42B99366214A",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\BA91797ACB41F0E0E1E95742571EEE322A6A70F0",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\webext.sc.lz4",
"C:\\Program Files (x86)\\Mozilla Firefox\\defaults\\pref\\channel-prefs.js",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\BD75785200C0E1E894D78880C72AC03D1B02A575",
"C:\\Users\\cuck\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\94308059B57B3142E455B38A6EB92015",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\9B1007AC2F741C4FD7099C41A741D0FD35957BB8",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\F85DD1E57E8C61DF501ABFFCE74943A8035E83A6",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\mozplugin-block-digest256.pset",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\sessionCheckpoints.json",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\CCB2BB2D87699CA64DCF0C60BDECD1E30D1D6A11",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\406A03EE0E91037465ACB2B4F4105250A54F282B",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\EFC872FB5405AFC377348FFCDD26E62BBB612D81",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\12C5797F729FEAC529B8B47C188D14EB02D8CB76",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\F8AC72083E334F70A553AE68455FBDF0E65C5221",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\6509930F4539DB79DA356F2C5D01976D46756302",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-trackwhite-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-phish-proto.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-track-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\C7BCCD2D2CA294B38AE834D818CF5D5C0C7A65BE",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\except-flash-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\B7DB036074231ACC212F58CA5B8AF0545A418060",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\773ADD9F62EEAF7F2246C8AD56A9F1B7BAA7B703",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\2E3648501A7ACB740BAFCE7FC3EAF3D4DC4E995D",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-downloadwhite-proto.metadata",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\A698B6CF98F43F9B0EE1C1DAF3F2CB9BFF09A47C",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\9BA38CD17924C08AD334BFB3903E3E7CD5627B1B",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\2DDBF58F5F7BF1E52CD38B42B90ABC8A4B082461",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-block-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\mozplugin-block-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\E7EAFD1748127CEAA48DCDD05E7998E3CAA95B8C",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D1A8E6A06938A84BEC26B6A4F8D583FB4A3E4875",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\464DAA9FB3675E2054BC44273AFC184FA46471CB",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\1F3A3A34BAF218785600EB46E9182918B9928898",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\10822A86FA4EA4E601152426CBC79395A1336DF4",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\B2D65EE14ED1EB19E1A3B4C871D8C24A13F52918",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4824C8FFDEE786A5D8721AF47836EA89F72B9E63",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\A41FBA22DC5012AD425DF960BDD5033BAB7C7CB6",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\7B303216787123E2E98A2B9594CDF8211C77C0EA",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\9B10ECC55593004CB6F9763CF9201C09433055FD",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D5D7B247774E63182A9E2C82B62424AAB64C79A8",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-phish-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-harmful-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\745D8B14DE6A12F1FAB4E03C1DDDB18AADB91107",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\14C9FC10F03F11BB6CBD75EA217AB33E64DCC1D8",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\87526A8EBFB030E474085D20EF15DC8C63814072",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\7129FF815464CD6B0D2D26BA6F4172DEB37EEEAD",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\startupCache.4.little",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\7A8D3A9360CC37F0AD80962D4AEA72B6D0F0B2B3",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\compatibility.ini",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\BFF1B70350A6A2E0FDC6CD336ADB9119D951BACD",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\235A8ED310BFD65966E1EE36D0FD4BE498C8B73C",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\addons.json",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\SiteSecurityServiceState.txt",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\B597DA2E9B2D181DF7F2FB8D2BAEC133C8DBA0A3",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\thumbnails\\f8f5d529d35334f2fb264d19f656224e.png",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\xulstore.json",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\A9004750076EB06EEC33AA7B9CC6D2557CD44CF4",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\.metadata-v2",
"\\\\?\\PIPE\\samr",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\CA53C817FAB68ABF181745737562B15E8CCB7039",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\0CB83587A5F8FCB502CB86AC361A93E2B36E861C",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4966EE335F8967FC706E89E6D02E8524E946F1B9",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-time-l1-1-0.dll",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\5E4954707B44E5A4B4ACF5F22B52219A1DCA477F",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\2F8B15C93D75669CC70EBF85BF71871359837EAF",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-unwanted-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\AA109EF5680522CB655C98111C00F5A6B7B092B2",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\1679441B8AA7B4D31717C773CC4E86A25B37532B",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-harmful-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\9548F9611999ED8CA357720E12017816424CFB6F",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\B871BCA40A90227E35C39797525C79C94A1D99BE",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\1AB027184D2B00AF60C1FC40EDE4333DEACDB184",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-downloadwhite-proto.pset",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\search.json.mozlz4",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\65C9C9A27B78717F1015DE362F028E04C3945DEC",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\except-flashsubdoc-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\54EF37D18C4E81EE554527CBAE4A41871ECA817A",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\C57B57965CBA09581E320B5AA0337D210F8F93D2",
"C:\\Program Files (x86)\\Mozilla Firefox\\dependentlibs.list",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\webappsstore.sqlite",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\AC5E012C1887C7B691A8EA00C4E754025E25C235",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\96ABC2EA8266E6EA2ABE62F8766B67BC8CA527BD",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\19AE0F43DA3528C6C3423A49A8C88E2268C93A9F",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\7A140995F2B1632A4366B29F84525E129CE8019A",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-utility-l1-1-0.dll",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-trackwhite-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\5910B209536948818F465D83D2569E7CE0895207",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\content-prefs.sqlite",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-malware-proto.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\block-flashsubdoc-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\89ACBB962943FAF1EF2F1C7CA72502C77A714625",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\2732BCC97E7EB9EC9DE3E8EA8F56D7971CBDCD22",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-phish-proto.metadata",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-malware-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\950506BC89C1114E4E75E993855000430CECD9D9",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\719CE0C009C49A27AA9874570F196BC7E8FB4270",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\F2BD0701B9399ABF52C338C39C42391FD12832D2",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\796EA7DED8F33BFD4F2F0CD98C76865D063E1FE1",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\B25B8C1B43CF7FBFAE6666322FAC0E83376388E2",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\34D9B2F464DD8C129F58DFEE470B079556A7A3F9",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\except-flashsubdoc-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\A9970A5D52CA09C13D9BD1531BCA7CF8B73E283E",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\167493A5CFB1A41265EC1B95DA06580C32BCF814",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\block-flash-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\E59C4C731883450D84A0BAE7FDD94546BBC8DE04",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\01B2BB0FC84221A3593CA7991D57E56AC2CAE656",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\F10983A15DD515D828BE4E816299B9E87852132A",
"C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\machine.config",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-malware-proto.metadata",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\EFE71EF03AD3DD79AAEBAA0A3F9596521CBA2FFE",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\6052DF2D478CD99FDE4D4B2D810BB2BA580793EC",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\DF08D94982E136FE7C4F2C94421F9E48C2C74A77",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-filesystem-l1-1-0.dll",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D6BFEAEE7117A9C7FDE6A10EAB400F894E4195A8",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\2FD2E2A71F89E3A92F68CB796207228217259289",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-heap-l1-1-0.dll",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\C4FA0268E64A0AD9E2040B07A1F10F120BD4EB0C",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\911B0C61350C012E383F7D0845A33B4D64F1AD2A",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-unwanted-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\activity-stream.tippytop.json",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\71E6B979E60B9BE891481CC4F4A274E2DECFFCD7",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\7ADD52E257AB16553D632B8F4B6830030878A19E",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\10506E8A46D6B713DA6BAF52F85CF29652AB094C",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\B10EA6E071F884F477118DC8A00E82FC8DE58639",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\32D3D40B1A49D72C523AF9C518AFE673224DF48F",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\key4.db",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\499B8F86D3D7ACD12153BFF4E7D9C21E20E57862",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\F6C3C960F259CC3B54FF1DAD70E2F2E9E5020CA6",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D381FB47D731C2651FB103E2F7BC18AF380F7B1F",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4DE8480C465A21C0F01AA2B6F4E13E551F78BBB1",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\AFE5FBBD40656A0DF79CF1E5D0A1DF072C6B9AE9",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\8763F97414AC5D93807FCCBC67DBAAAEE2972A52",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cert9.db",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\0FEBD8BDBFAC8B82791945DC7E04F675419B2F42",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\block-flash-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-badbinurl-proto.metadata",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\03C2D63D520038594126B6B542E92CB503EF60B6",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\505DF13F4DA2C53FEB1945E0598B23F47FDBDCC7",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\E8F333B9BE75EC8017017DAE4ACE9DCC6677A983",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\EA9C51236A8D1BE9B123FE65F49772A97F2EAAEC",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\state.json",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-runtime-l1-1-0.dll",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-block-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\shield-preference-experiments.json",
"C:\\Program Files (x86)\\Mozilla Firefox\\msvcp140.dll",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\1E1444ABF82EF1DC8EE0944028E4CDA455D636F3",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\05582FF5C196A4485F189490FEC9ECEA0890DA32",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\6301F538B782708AB243E2D7E05058C93BB83863",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-block-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\63FFF734326AB3EF836515DFE9353A5E12B66B71",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\sessionstore.jsonlz4",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\448A2AB129B26377E2408BBC44A6B4E984B0F25D",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\13AD07F4960A54F2D183ACF9E94C5128138B1927",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\589D8E1EA927649272150213A47BD1143DECB82A",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-malware-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\allow-flashallow-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\006309EAFFD4653F45B69F09BF6F930B6C5B394C",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\permissions.sqlite",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\E771454BB360CA5F7AA169E5416B493549BC2F59",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\ED89A8241905354BB4530DC06257CEF53C1580A2",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\handlers.json",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\B028362E3889BEAC998CED49FD74BA83B106FF93",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-phish-simple.pset",
"C:\\Program Files (x86)\\Mozilla Firefox\\VCRUNTIME140.dll",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D3AEF13BE0B76F1272C2F5536D4AF952DE6D2579",
"C:\\Windows\\System32\\ExplorerFrame.dll",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\68B1EB9E09D4BD74CA7A9C1BB118BE821BD39E93",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\698AC159A6BCBA0D13FE6F10F1A38E498F826F33",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\0CDAD0FEE8D457A239E21FCEAC3C12851FD524BB",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\extensions.json",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-unwanted-proto.metadata",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-trackwhite-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D8779A474EF9F188508C00F92B9CE49A7892A0AD",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\481A82674A6B66F0DE510C9A714F8CD8C49CECDC",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\66F684AF9CC570C6247262B47C769C601C2A338B",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\46E3AF25E304979396708B69DA68563169275511",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\allow-flashallow-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\53DAE4B1D7BFF6744CCAF7207DE631267F9883DC",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\2918063365piupsah.sqlite",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\containers.json",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-unwanted-proto.pset",
"C:\\Program Files (x86)\\Mozilla Firefox\\gmp-clearkey\\0.1\\manifest.json",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\InstallTime20180605171542",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\prefs.js",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\17AFA6B228D2D87514B84B53E61306EC9F76A8AE",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\A3031C2052A395A7FE246EFE1783C6205B841295",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\179F6D8969C48967D77229126C8892C5E40DBC29",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\E600EF8778C4BFEC40D87FF56E5C46E3377094F0",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D56D07CBF04B0388B53B943F61C75FC6620FA0A9",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\C664ABAE6A070392F60C7BFF721450AA0CF7DBA0",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\A2FD2AEC52AD764EF05C6E7CE3A4CE4B752EA5F0",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\16114BA75206B6FA4C51ADC8A73DB4C6635F6AF9",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4EC268BEC38CFB516EF780E0EBE4E401AF241132",
"C:\\Windows\\System32\\spool\\drivers\\color\\sRGB Color Space Profile.icm",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\2F0CC71C57B06F9DEA5A4A190CC4CF489D97C1F4",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\08F6935A08DB711CA491DE732807CFAEAB3E4D3B",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D5E6BECED2D69F7DA21EFD7B80D6C386F459CAF3",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\mozstd-trackwhite-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\53A3BB8B513161BF46CD7ED76BE06E8E633BE492",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\B43D30F6F6BD7155ECCE1FFC98748C5FE69D8051",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cookies.sqlite",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\1D7A050D55E3C4EE69402F8D55391DE5B50ADDB9",
"C:\\Program Files (x86)\\Mozilla Firefox\\mozglue.dll",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\pkcs11.txt",
"C:\\Users\\cuck\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\94308059B57B3142E455B38A6EB92015",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\92B5C9352DD00CE3BC97E4D5F624D41C2B3E8A45",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\6C9B846926C287B15F67D64CE91F1CFA7D812660",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\79AEB0050B19F23A061AD4C2045261954485EF33",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\E910D1FCE8BF27F5536B88567A4DC32624377CC3",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\except-flashallow-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-phish-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\88A3A91F296EB21A832CB76FA4FDB06CCDE147B9",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\BA3014356B4F6ECADF1B5288B6841EB407783B99",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\5014D54D3346C39B07AF70090657B2AD092771C7",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-phish-simple.pset",
"C:\\Program Files (x86)\\Mozilla Firefox\\xul.dll",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\2B0BB856207559EBA5FC5511DF6FF5F51DFB5146",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\639DC9A240AA5E77CE1A930EDDD634BE796CBFA8",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\6D0B804EDDF9F0A04ED44C3E1673404FC2EF042D",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-harmful-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4FA5EE242D6F5B358CE45D291E80054726F198AC",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\C9BC79B1EF4DD1EF133FEDF6433E235214534AB1",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\25FCAA86CF448D2943B56A5788C3C21E5EA8DBC4",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\times.json",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\E2E836DA4479746F0312710A7F9EE78D7DFD4750",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\8C98F893C7DC5F2C401AD1482A81572B54197408",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\AC09BBF6FF451E6C03BF3FB18C85B1A52662C4FC",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\profiles.ini",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\0EDDF8C091E2FED62E44BEDDDC1723F5BF38FE4F",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\places.sqlite",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\EAF97F7535E2FBDA3D23E536591F7BBFE203FAC1",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-string-l1-1-0.dll",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage.sqlite",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\addonStartup.json.lz4",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\2E51A9404F7D0D33DB132CAF4A9C7B8FA64549AA",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\75E50D054B90189E74DAB0C86F5E8680BE580C29",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-unwanted-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-track-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\except-flash-digest256.sbstore",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-math-l1-1-0.dll",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\DC933A410E769DFD115C892EAF014A6E15ED59CE",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\session-state.json",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-track-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\2361C75DF0C4148925BB777DAFEA1BF4F9552B47",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\53B7A8254D12E292946E4514B3D598C1E6539AE8",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\3A472858AE5D0DD4813DF4EFC9F1037A487B1A64",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\F18D85F52EBBBA2AB081EF739ED0D6E8A76D497C",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-stdio-l1-1-0.dll",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-block-simple.sbstore",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-locale-l1-1-0.dll",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\blocklist.xml",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\8322BC5E83D3D80175E749D29197F9800286F253",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\70F12FE0F788181112B9AEE541D1E9E7E0FAEDE3",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\3105ECE5A1F29E3F4D2F5EDF3C6DC5FE4443FD4A",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4E83181E964BD40E1FE4C41BAFED645D4BA363B1",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\FDC043D6190638980733E805CC7517F27A931511",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-harmful-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\93B95B92B63A5C2327A8048A4BF57824C56B8CF1",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\25D9FE4CEA5B58770648CDAF3242ACDE286A6CBF",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-track-simple.pset",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-multibyte-l1-1-0.dll",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\6E1FED29EBE0BFDE3E498E4192938BE957FF9246",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-badbinurl-proto.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\723D2D7D52AD8AD9A4B8D12D69CBCD97CB4FFC65",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\crashes\\store.json.mozlz4",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4AFCE23AA61A96885DF21D2DE2FFB502C41EBD3C",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-environment-l1-1-0.dll",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D1B90B03F8D7A2BA6BA1E9251F8101DECDB2CBEC",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\3561288849sdhlie.sqlite",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\89DBE1DF558BB8439E2062ECC3272086F2E3FF1F",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D172C03F361E7325D8F391F992106A828306767D",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\base-track-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\1FD79E550E990A5DE8BC811C9BBECF380A66A9DF",
"C:\\Program Files (x86)\\Mozilla Firefox\\nss3.dll",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\CabA55C.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-malware-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\64E75C732D9C3F23724ACEF48E9B6C566BC6D9BE",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-malware-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\120B4106EC203FC932984367D86BBE11C2B9B93C",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\thumbnails\\ad5a4453bea49203135688a7b8db842d.png",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\24C085D72E4DC34C183B0875733BBC71612D9696",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\block-flashsubdoc-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\except-flashallow-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\F456E8433011E699C016D5F1A2CD66D7F02F61A1",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\196BCA845E91608F7B4CA6127A60D20AF55413AC",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\361B548BA913570AB336F9E5FA9152F01E567AB9",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\mozstd-trackwhite-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\ABA24AAB8A9EA0E34C3E86EFD7EE2992CE614003"
],
"regkey_read": [
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\Providers\\Trust\\Initialization\\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\\$Function",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Serial_Access_Num",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\FirefoxURL-E7CF176E110C211B\\shell\\open\\NeverDefault",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\SecurityProviders\\SecurityProviders",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-699399860-4089948139-3198924279-1001\\ProfileImagePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoSetFolders",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\A43489159A520F0D93D032CCAF37E7FE20A8B419\\Blob",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\crypt32\\DiagMatchAnyMask",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\3ced59c5\\1b2590b1\\85\\DisplayName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\475dce40\\2d382ce6\\8d\\Modules",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Num_Catalog_Entries",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Shell\\Associations\\UrlAssociations\\http\\UserChoice\\Progid",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Rpc\\Extensions\\RemoteRpcDll",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder\\WantsAliasedNotifications",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\Category",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Tcpip\\Parameters\\Domain",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{208D2C60-3AEA-1069-A2D7-08002B30309D}\\ShellFolder\\NoFileFolderJunction",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\DisableImprovedZoneCheck",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\19ab8d57\\1bd7b0d8\\8f\\DisplayName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder\\MapNetDriveVerbs",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Tracing\\firefox_RASAPI32\\EnableConsoleTracing",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\DevOverrideEnable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{208D2C60-3AEA-1069-A2D7-08002B30309D}\\ShellFolder\\WantsFORPARSING",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder\\HasNavigationEnum",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NoClientChecks",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\DownloadCacheQuotaInKB",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\Providers\\Trust\\Message\\{31D1ADC1-D329-11D1-8ED8-0080C76516C6}\\$Function",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\IETld\\IETldVersionLow",
"HKEY_LOCAL_MACHINE\\HARDWARE\\DESCRIPTION\\System\\CentralProcessor\\0\\VendorIdentifier",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\3f50fe4f\\6f1da7aa\\90\\LastModTime",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Next_Catalog_Entry_ID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\InstallDate",
"HKEY_CURRENT_USER\\.pdf\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\c991064\\2bd33e1c\\81\\DisplayName",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\RestrictedAttributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\MaxAIAUrlRetrievalCertCount",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Video\\{6FABAC3A-B3E4-4C2F-82E9-AA53D01C5093}\\0000\\HardwareInformation.MemorySize",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\EMPTY",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\GACChangeNotification\\Default\\mscorlib,2.0.0.0,,b77a5c561934e089,AMD64",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\crypt32\\DebugFlags",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\SspiCache\\credssp.dll\\Comment",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\DisableUnsupportedCriticalExtensions",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\c991064\\2bd33e1c\\81\\SIG",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\LogLevel",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\c991064\\2bd33e1c\\81\\Modules",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\CreateUriCacheSize",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\CA\\Certificates\\FEE449EE0E3965A5246F000E87FDE2A065FD89D4\\Blob",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\CA\\Certificates\\109F1CAED645BB78B3EA2B94C0697C740733031C\\Blob",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\6dc7d4c0\\a5cd4db\\87\\LastModTime",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{208D2C60-3AEA-1069-A2D7-08002B30309D}\\ShellFolder\\MapNetDriveVerbs",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\{BD7A2E7B-21CB-41b2-A086-B309680C6B7E}\\SuppressionPolicy",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\SspiCache\\credssp.dll\\Type",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Video\\{6FABAC3A-B3E4-4C2F-82E9-AA53D01C5093}\\0000\\InstalledDisplayDrivers",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\{450D8FBA-AD25-11D0-98A8-0800361B1103}\\SuppressionPolicy",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{03022430-ABC4-11D0-BDE2-00AA001A1953}\\InProcServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\742C3192E607E424EB4549542BE1BBC53E6174E2\\Blob",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\MapNetDriveVerbs",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\DevicePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\PreCreate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\Disallowed\\Certificates\\7D7F4414CCEF168ADF6BF40753B5BECD78375931\\Blob",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\7950e2c5\\19b8f67f\\82\\SIG",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\181938c6\\7950e2c5\\82\\ILDependencies",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\InProcServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder\\WantsUniversalDelegate",
"HKEY_CURRENT_USER\\Local Settings\\MuiCache\\2\\52C64B7E\\@%SystemRoot%\\system32\\p2pcollab.dll,-8042",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{208D2C60-3AEA-1069-A2D7-08002B30309D}\\ShellFolder\\UseDropHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\Providers\\Trust\\Certificate\\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\\$Function",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\en-US",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\QueryForOverlay",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\TCPIP6\\Parameters\\Winsock\\MaxSockaddrLength",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\Providers\\Trust\\Certificate\\{31D1ADC1-D329-11D1-8ED8-0080C76516C6}\\$DLL",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\CA\\CRLs\\A377D1B1C0538833035211F4083D00FECC414DAB\\Blob",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\SspiCache\\credssp.dll\\Capabilities",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{208D2C60-3AEA-1069-A2D7-08002B30309D}\\ShellFolder\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\LocalizedName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Security",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\PublisherPolicy\\Default\\Latest",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\IETld\\IETldDllVersionLow",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\HideInWebView",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\DevicePath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\SspiCache\\credssp.dll\\TokenSize",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\\Blob",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\LatestIndex",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\{89D83576-6BD1-4c86-9454-BEB04E94C819}\\SuppressionPolicy",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{3f5cc1b5-70f9-11e8-b07b-806e6f6e6963}\\Data",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\TURNOFFDEBUGINFO",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\{98D99750-0B8A-4c59-9151-589053683D73}\\SuppressionPolicy",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy",
"HKEY_CURRENT_USER\\Keyboard Layout\\Preload\\1",
"HKEY_CURRENT_USER\\FirefoxHTML-E7CF176E110C211B\\shell\\open\\command\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{208D2C60-3AEA-1069-A2D7-08002B30309D}\\ShellFolder\\HideInWebView",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ICM\\RegisteredProfiles\\sRGB",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\EnableLog",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\Icon",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\crypt32\\DiagLevel",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\NoFileFolderJunction",
"HKEY_CURRENT_USER\\FirefoxHTML-E7CF176E110C211B\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E968-E325-11CE-BFC1-08002BE10318}\\0000\\DriverVersion",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\CA\\Certificates\\D559A586669B08F46A30A133F8A9ED3D038E2EA8\\Blob",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\IETld\\IETldDllVersionHigh",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E968-E325-11CE-BFC1-08002BE10318}\\0000\\DriverDate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\3cca06a0\\6dc7d4c0\\84\\ConfigString",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\CseOn",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Cryptography\\PrivKeyCachePurgeIntervalSeconds",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\3f50fe4f\\6f1da7aa\\90\\DisplayName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\6dc7d4c0\\a5cd4db\\87\\Status",
"HKEY_CURRENT_USER\\Control Panel\\International\\Geo\\Nation",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\VersioningLog",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\DisableMSIPeek",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\Providers\\Trust\\Initialization\\{31D1ADC1-D329-11D1-8ED8-0080C76516C6}\\$DLL",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\OLE\\MaximumAllowedAllocationSize",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder\\WantsFORDISPLAY",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{208D2C60-3AEA-1069-A2D7-08002B30309D}\\ShellFolder\\QueryForOverlay",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\6dc7d4c0\\a5cd4db\\87\\SIG",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\30bc7c4f\\3f50fe4f\\90\\MVID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\MMDevices\\Audio\\Render\\{c8ce7349-e519-42ea-bfb7-698f1844ee25}\\DeviceState",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\SspiCache\\credssp.dll\\Version",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Tracing\\firefox_RASMANCS\\ConsoleTracingMask",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\3cca06a0\\6dc7d4c0\\84\\NIDependencies",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\c991064\\2bd33e1c\\81\\Status",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Mozilla\\Firefox\\TaskBarIDs\\C:\\Program Files (x86)\\Mozilla Firefox",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\475dce40\\2d382ce6\\8d\\Status",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\CryptnetCachedOcspSwitchToCrlCount",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\Stream",
"HKEY_LOCAL_MACHINE\\SYSTEM\\Setup\\SystemSetupInProgress",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Keyboard Layout\\d0010409",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\MMDevices\\Audio\\Render\\{c8ce7349-e519-42ea-bfb7-698f1844ee25}\\Properties\\{5a9125b7-f367-4924-ace2-0803a4a3a471},0",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\181938c6\\7950e2c5\\82\\ConfigMask",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\97817950D81C9670CC34D809CF794431367EF474\\Blob",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\2dd6ac50\\163e1f5e\\8a\\DisplayName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\Stream",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\SourcePath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\000000000010\\PackedCatalogItem",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\181938c6\\7950e2c5\\82\\DisplayName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\PreCreate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Attributes",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\LDAP\\UseOldHostResolutionOrder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\WantsParseDisplayName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\2dd6ac50\\163e1f5e\\8a\\Status",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\30bc7c4f\\3f50fe4f\\90\\ILDependencies",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\424bd4d8\\1c83327b\\8e\\Modules",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\61e7e666\\c991064\\83\\ConfigMask",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\Security",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{208D2C60-3AEA-1069-A2D7-08002B30309D}\\ShellFolder\\WantsUniversalDelegate",
"HKEY_CURRENT_USER\\FirefoxURL-E7CF176E110C211B\\shell\\open\\command\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Current_Protocol_Catalog",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\OnlyUseLatestCLR",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\181938c6\\7950e2c5\\82\\MissingDependencies",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\ChainCacheResyncFiletime",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\000000000008\\PackedCatalogItem",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\UseDropHandler",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Language\\InstallLanguageFallback",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Wpad\\WpadOverride",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\\SuppressionPolicy",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\30bc7c4f\\3f50fe4f\\90\\Status",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\000000000002\\PackedCatalogItem",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\PreCreate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\3cca06a0\\6dc7d4c0\\84\\MVID",
"HKEY_LOCAL_MACHINE\\HARDWARE\\DESCRIPTION\\System\\CentralProcessor\\0\\~Mhz",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{208D2C60-3AEA-1069-A2D7-08002B30309D}\\ShellFolder\\WantsParseDisplayName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{208D2C60-3AEA-1069-A2D7-08002B30309D}\\ShellFolder\\QueryForInfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoCommonGroups",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\IETld\\IETldVersionHigh",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{208D2C60-3AEA-1069-A2D7-08002B30309D}\\ShellFolder\\PinToNameSpaceTree",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SQMClient\\Windows\\DisabledSessions\\MachineThrottling",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\Defaults\\Provider\\Microsoft Enhanced RSA and AES Cryptographic Provider\\Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\424bd4d8\\1c83327b\\8e\\SIG",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\DisableHotCold",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\{11016101-E366-4D22-BC06-4ADA335C892B}\\SuppressionPolicy",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\{e345f35f-9397-435c-8f95-4e922c26259e}\\SuppressionPolicy",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\MMDevices\\Audio\\Render\\{c8ce7349-e519-42ea-bfb7-698f1844ee25}\\Properties\\{f3e80bef-1723-4ff2-bcc4-7f83dc5e46d4},3",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\MUI\\UILanguages\\en-US\\Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\61e7e666\\c991064\\83\\NIDependencies",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\{645FF040-5081-101B-9F08-00AA002F954E}\\SuppressionPolicy",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\475dce40\\2d382ce6\\8d\\LastModTime",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{00000134-0000-0000-C000-000000000046}\\ProxyStubClsid32\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\7950e2c5\\19b8f67f\\82\\DisplayName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\GCStressStartAtJit",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder\\WantsParseDisplayName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\QueryForInfoTip",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\000000000009\\PackedCatalogItem",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\3ced59c5\\1b2590b1\\85\\SIG",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\8F43288AD272F3103B6FB1428485EA3014C0BCFE",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\BE36A4562FB2EE05DBB3D32323ADF445084ED656\\Blob",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\Providers\\Trust\\Cleanup\\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\\$DLL",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Tracing\\firefox_RASMANCS\\EnableConsoleTracing",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Tcpip\\Parameters\\Hostname",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Tracing\\firefox_RASAPI32\\FileDirectory",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\LocalizedName",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\SspiCache\\credssp.dll\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\LocalRedirectOnly",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoPropertiesRecycleBin",
"HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\EnablePunycode",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\AccessProviders\\MartaExtension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoPropertiesMyComputer",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\{59031a47-3f72-44a7-89c5-5595fe6b30ee}\\SuppressionPolicy",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\6dc7d4c0\\a5cd4db\\87\\Modules",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\000000000004\\PackedCatalogItem",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{208D2C60-3AEA-1069-A2D7-08002B30309D}\\ShellFolder\\HasNavigationEnum",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\WinTrust\\Trust Providers\\Software Publishing\\State",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Tracing\\firefox_RASMANCS\\FileTracingMask",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\HasNavigationEnum",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\7950e2c5\\19b8f67f\\82\\Status",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\3cca06a0\\6dc7d4c0\\84\\ConfigMask",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\GACChangeNotification\\Default\\System.Security,2.0.0.0,,b03f5f7f11d50a3a,MSIL",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows NT\\CurrentVersion\\Windows\\AppInit_DLLs",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Tracing\\firefox_RASAPI32\\FileTracingMask",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Tcpip\\Parameters\\Winsock\\MaxSockaddrLength",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\MaxAIAUrlCountInCert",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\181938c6\\7950e2c5\\82\\ConfigString",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\Providers\\Trust\\Signature\\{31D1ADC1-D329-11D1-8ED8-0080C76516C6}\\$Function",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\DisableImprovedZoneCheck",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Winsock\\Setup Migration\\Providers\\Tcpip\\WinSock 2.0 Provider ID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ICM\\RegisteredProfiles\\ri",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\Providers\\Trust\\Cleanup\\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\\$Function",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\LocalizedName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\30bc7c4f\\3f50fe4f\\90\\DisplayName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\GACChangeNotification\\Default\\System.Configuration,2.0.0.0,,b03f5f7f11d50a3a,MSIL",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\2dd6ac50\\163e1f5e\\8a\\Modules",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\ForceLog",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\7F88CD7223F3C813818C994614A89C99FA3B5247\\Blob",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{3f5cc1b6-70f9-11e8-b07b-806e6f6e6963}\\Generation",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\CreateUriCacheSize",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\LogMaxFileSize",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\61e7e666\\c991064\\83\\EvalationData",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\CDD4EEAE6000AC7F40C3802C171E30148030C072\\Blob",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\Enabled",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Windows\\LoadAppInit_DLLs",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\Providers\\Trust\\Certificate\\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\\$DLL",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\Providers\\Trust\\FinalPolicy\\{31D1ADC1-D329-11D1-8ED8-0080C76516C6}\\$Function",
"HKEY_CURRENT_USER\\FirefoxURL-E7CF176E110C211B\\NoStaticDefaultVerb",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Security\\Safety Warning Level",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\GACChangeNotification\\Default\\System.Runtime.Serialization.Formatters.Soap,2.0.0.0,,b03f5f7f11d50a3a,MSIL",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\MUI\\StringCacheSettings\\StringCacheGeneration",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\SspiCache\\credssp.dll\\RpcId",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\Providers\\Trust\\Initialization\\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\\$DLL",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\Defaults\\Provider\\Microsoft Strong Cryptographic Provider\\Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\PInvokeInline",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder\\CallForAttributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\2dd6ac50\\163e1f5e\\8a\\SIG",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\\Blob",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\LocalRedirectOnly",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\41c04c7e\\7f3b6ac4\\80\\DisplayName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\WantsFORPARSING",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\41c04c7e\\7f3b6ac4\\80\\Status",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CryptDllFindOIDInfo\\1.3.6.1.4.1.311.44.3.4!7\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\3ced59c5\\1b2590b1\\85\\Status",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\3f50fe4f\\6f1da7aa\\90\\Modules",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.html\\UserChoice\\Progid",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{208D2C60-3AEA-1069-A2D7-08002B30309D}\\ShellFolder\\HideOnDesktopPerUser",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\475dce40\\2d382ce6\\8d\\DisplayName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ShareCredsWithWinHttp",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\{9343812e-1c37-4a49-a12e-4b2d810d956b}\\SuppressionPolicy",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}\\SuppressionPolicy",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder\\HideInWebView",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\CTF\\EnableAnchorContext",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{3f5cc1b5-70f9-11e8-b07b-806e6f6e6963}\\Generation",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\CryptnetPreFetchTriggerPeriodSeconds",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Rpc\\Extensions\\NdrOleExtDLL",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\19ab8d57\\1bd7b0d8\\8f\\SIG",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\61e7e666\\c991064\\83\\MVID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\PreCreate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoInternetIcon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\MaxAIAUrlRetrievalCountPerChain",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\Providers\\Trust\\Signature\\{31D1ADC1-D329-11D1-8ED8-0080C76516C6}\\$DLL",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ProxySettingsPerUser",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Winsock\\Parameters\\Transports",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\WantsAliasedNotifications",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Tracing\\firefox_RASMANCS\\FileDirectory",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\TCPIP6\\Parameters\\Winsock\\UseDelayedAcceptance",
"HKEY_LOCAL_MACHINE\\HARDWARE\\DESCRIPTION\\System\\CentralProcessor\\0\\Identifier",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\000000000003\\PackedCatalogItem",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Name",
"HKEY_CURRENT_USER\\Local Settings\\MuiCache\\2\\52C64B7E\\@%SystemRoot%\\system32\\qagentrt.dll,-10",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\LoggingLevel",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\c991064\\2bd33e1c\\81\\LastModTime",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\75E0ABB6138512271C04F85FDDDE38E4B7242EFE\\Blob",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections\\DefaultConnectionSettings",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\{daf95313-e44d-46af-be1b-cbacea2c3065}\\SuppressionPolicy",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\TailCallOpt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\Providers\\Trust\\Signature\\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\\$DLL",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\LocalRedirectOnly",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\crypt32\\DebugHeapFlags",
"HKEY_CURRENT_USER\\Keyboard Layout\\Toggle\\Layout Hotkey",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}\\SuppressionPolicy",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\3cca06a0\\6dc7d4c0\\84\\Status",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Local AppData",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\Providers\\Trust\\CertCheck\\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\\$Function",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\3cca06a0\\6dc7d4c0\\84\\ILDependencies",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{3f5cc1b6-70f9-11e8-b07b-806e6f6e6963}\\Data",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\InProcServer32\\LoadWithoutCOM",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\Stream",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\Security",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\HideOnDesktopPerUser",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\19ab8d57\\1bd7b0d8\\8f\\Status",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\SESSION MANAGER\\SafeProcessSearchMode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\LocalizedName",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\TCPIP6\\Parameters\\Winsock\\HelperDllName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\GACChangeNotification\\Default\\System.Xml,2.0.0.0,,b77a5c561934e089,MSIL",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\Roamable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\61e7e666\\c991064\\83\\Status",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SQMClient\\Windows\\DisabledProcesses\\6986E2C6",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\Providers\\Trust\\CertCheck\\{31D1ADC1-D329-11D1-8ED8-0080C76516C6}\\$Function",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\WantsFORDISPLAY",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\Disallowed\\Certificates\\637162CC59A3A1E25956FA5FA8F60D2E1C52EAC6\\Blob",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\30bc7c4f\\3f50fe4f\\90\\MissingDependencies",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\Defaults\\Provider\\Microsoft Enhanced RSA and AES Cryptographic Provider\\Image Path",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\424bd4d8\\1c83327b\\8e\\LastModTime",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\7950e2c5\\19b8f67f\\82\\LastModTime",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\Interface\\{423EC01E-2E35-11D2-B604-00104B703EFD}\\ProxyStubClsid32\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\LsaExtensionConfig\\SspiCli\\CheckSignatureRoutine",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\3cca06a0\\6dc7d4c0\\84\\EvalationData",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Tracing\\firefox_RASAPI32\\MaxFileSize",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\Description",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\CLRLoadLogDir",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\Providers\\Trust\\Signature\\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\\$Function",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\TCPIP6\\Parameters\\Winsock\\MinSockaddrLength",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\LsaExtensionConfig\\SspiCli\\CheckSignatureDll",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder\\HideOnDesktopPerUser",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\{F3F5824C-AD58-4728-AF59-A1EBE3392799}\\SuppressionPolicy",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\CreateUriCacheSize",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\NewGCCalc",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\Providers\\Trust\\Message\\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\\$DLL",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CryptDllFindOIDInfo\\1.3.6.1.4.1.311.67.1.2!7\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\MMDevices\\Audio\\Render\\{6fcf1fb3-47c2-4dea-98cf-b6fd0420a46f}\\DeviceState",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\GACChangeNotification\\Default\\Accessibility,2.0.0.0,,b03f5f7f11d50a3a,MSIL",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum\\{208D2C60-3AEA-1069-A2D7-08002B30309D}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Mozilla\\Firefox\\32to64DidMigrate\\C:\\Program Files (x86)\\Mozilla Firefox",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\Providers\\Trust\\FinalPolicy\\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\\$Function",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\PinToNameSpaceTree",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\18F7C1FCC3090203FD5BAA2F861A754976C8DD25\\Blob",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\Providers\\Trust\\Message\\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\\$Function",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder\\PinToNameSpaceTree",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\7950e2c5\\19b8f67f\\82\\Modules",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Roamable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\DisableConfigCache",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\181938c6\\7950e2c5\\82\\EvalationData",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder\\QueryForInfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections\\WinHttpSettings",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\19ab8d57\\1bd7b0d8\\8f\\LastModTime",
"HKEY_CURRENT_USER\\Local Settings\\MuiCache\\2\\52C64B7E\\@%SystemRoot%\\System32\\fveui.dll,-844",
"HKEY_CURRENT_USER\\Local Settings\\MuiCache\\2\\52C64B7E\\@%SystemRoot%\\System32\\fveui.dll,-843",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\LogResourceBinds",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\GACChangeNotification\\Default\\System,2.0.0.0,,b77a5c561934e089,MSIL",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\en-US",
"HKEY_CURRENT_USER\\FirefoxURL-E7CF176E110C211B\\shell\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\2dd6ac50\\163e1f5e\\8a\\LastModTime",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\{ED228FDF-9EA8-4870-83b1-96b02CFE0D52}\\SuppressionPolicy",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\LogMask",
"HKEY_LOCAL_MACHINE\\HARDWARE\\DESCRIPTION\\System\\CentralProcessor\\0\\Update Revision",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Cryptography\\PrivKeyCacheMaxItems",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\PInvokeCalliOpt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SQMClient\\Windows\\DisabledSessions\\GlobalSession",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\41c04c7e\\7f3b6ac4\\80\\SIG",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Tcpip\\Parameters\\Winsock\\Mapping",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Tracing\\firefox_RASAPI32\\EnableFileTracing",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\Providers\\Trust\\FinalPolicy\\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\\$DLL",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{208D2C60-3AEA-1069-A2D7-08002B30309D}\\ShellFolder\\RestrictedAttributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\GACChangeNotification\\Default\\System.Windows.Forms,2.0.0.0,,b77a5c561934e089,MSIL",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{208D2C60-3AEA-1069-A2D7-08002B30309D}\\ShellFolder\\HideFolderVerbs",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CryptDllFindOIDInfo\\1.3.6.1.4.1.311.64.1.1!7\\Name",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\AppData",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\181938c6\\7950e2c5\\82\\Status",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\000000000006\\PackedCatalogItem",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\Name",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\000000000005\\PackedCatalogItem",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\{031E4825-7B94-4dc3-B131-E946B44C8DD5}\\SuppressionPolicy",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\WantsUniversalDelegate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\FirefoxURL-E7CF176E110C211B\\NoStaticDefaultVerb",
"HKEY_CURRENT_USER\\Keyboard Layout\\Toggle\\Language Hotkey",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\3cca06a0\\6dc7d4c0\\84\\DisplayName",
"HKEY_CURRENT_USER\\Keyboard Layout\\Toggle\\Hotkey",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Stream",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Tcpip\\Parameters\\Winsock\\UseDelayedAcceptance",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\LDAP\\UseHostnameAsAlias",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\8F43288AD272F3103B6FB1428485EA3014C0BCFE\\Blob",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\GACChangeNotification\\Default\\System.Drawing,2.0.0.0,,b03f5f7f11d50a3a,MSIL",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder\\NoFileFolderJunction",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\6dc7d4c0\\a5cd4db\\87\\DisplayName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\Interface\\{618736E0-3C3D-11CF-810C-00AA00389B71}\\ProxyStubClsid32\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Description",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\3ced59c5\\1b2590b1\\85\\Modules",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{208D2C60-3AEA-1069-A2D7-08002B30309D}\\ShellFolder\\CallForAttributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Tracing\\firefox_RASMANCS\\EnableFileTracing",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Mozilla\\Firefox\\32to64DidMigrate\\Never",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\\SuppressionPolicy",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder\\QueryForOverlay",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\61e7e666\\c991064\\83\\ConfigString",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\GCStressStart",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder\\UseDropHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CryptDllFindOIDInfo\\1.3.6.1.4.1.311.47.1.1!7\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows NT\\CurrentVersion\\Windows\\LoadAppInit_DLLs",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\index143\\ILUsageMask",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE\\*",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\DWM\\AccentColor",
"HKEY_CURRENT_USER\\FirefoxURL-E7CF176E110C211B\\shell\\open\\NeverDefault",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\3f50fe4f\\6f1da7aa\\90\\Status",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\475dce40\\2d382ce6\\8d\\SIG",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\41c04c7e\\7f3b6ac4\\80\\LastModTime",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ICM\\RegisteredProfiles\\camp",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Tracing\\firefox_RASMANCS\\MaxFileSize",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Video\\{6FABAC3A-B3E4-4C2F-82E9-AA53D01C5093}\\0000\\HardwareInformation.qwMemorySize",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\LogFailures",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\GACChangeNotification\\Default\\System.Deployment,2.0.0.0,,b03f5f7f11d50a3a,MSIL",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\Providers\\Trust\\Message\\{31D1ADC1-D329-11D1-8ED8-0080C76516C6}\\$DLL",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\000000000001\\PackedCatalogItem",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\EnablePunycode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\30bc7c4f\\3f50fe4f\\90\\ConfigMask",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\19ab8d57\\1bd7b0d8\\8f\\Modules",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\Providers\\Trust\\CertCheck\\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\\$DLL",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\61e7e666\\c991064\\83\\DisplayName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\MachineGuid",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\MaxAIAUrlRetrievalByteCount",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\EnablePunycode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\Providers\\Trust\\CertCheck\\{31D1ADC1-D329-11D1-8ED8-0080C76516C6}\\$DLL",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\245C97DF7514E7CF2DF8BE72AE957B9E04741E85\\Blob",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\UseLegacyIdentityFormat",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\\Blob",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Cryptography\\PrivateKeyLifetimeSeconds",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\EnablePunycode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder\\RestrictedAttributes",
"HKEY_CURRENT_USER\\Control Panel\\Desktop\\MuiCached\\MachinePreferredUILanguages",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\LDAP\\LdapClientIntegrity",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\CryptnetMaxCachedOcspPerCrlCount",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\424bd4d8\\1c83327b\\8e\\DisplayName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CryptDllFindOIDInfo\\1.3.6.1.4.1.311.67.1.1!7\\Name",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Winsock\\Setup Migration\\Providers\\Tcpip6\\WinSock 2.0 Provider ID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\index143\\NIUsageMask",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum\\{871C5380-42A0-1069-A2EA-08002B30309D}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SQMClient\\Windows\\CEIPEnable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\Roamable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\\Blob",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\Providers\\Trust\\FinalPolicy\\{31D1ADC1-D329-11D1-8ED8-0080C76516C6}\\$DLL",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\30bc7c4f\\3f50fe4f\\90\\ConfigString",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\EnableInetUnknownAuth",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\30bc7c4f\\3f50fe4f\\90\\EvalationData",
"HKEY_CURRENT_USER\\Control Panel\\Desktop\\PreferredUILanguages",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\CacheLocation",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\MUI\\UILanguages\\en-US\\AlternateCodePage",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\Interface\\{1C1C45EE-4395-11D2-B60B-00104B703EFD}\\ProxyStubClsid32\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\DisableCANameConstraints",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\PublisherPolicy\\Default\\LegacyPolicyTimeStamp",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Tcpip\\Parameters\\Winsock\\MinSockaddrLength",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoControlPanel",
"HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\CreateUriCacheSize",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\181938c6\\7950e2c5\\82\\MVID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\3cca06a0\\6dc7d4c0\\84\\MissingDependencies",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder\\HideFolderVerbs",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\41c04c7e\\7f3b6ac4\\80\\Modules",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\WinHttp\\DisableBranchCache",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\InstallRoot",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ICM\\RegisteredProfiles\\rip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\SuppressionPolicy",
"HKEY_LOCAL_MACHINE\\HARDWARE\\DESCRIPTION\\System\\CentralProcessor\\0\\Update Signature",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\3ced59c5\\1b2590b1\\85\\LastModTime",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Tcpip\\Parameters\\Winsock\\HelperDllName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\Security",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\MMDevices\\Audio\\Render\\{6fcf1fb3-47c2-4dea-98cf-b6fd0420a46f}\\Protocol",
"HKEY_CURRENT_USER\\Local Settings\\MuiCache\\2\\52C64B7E\\@%SystemRoot%\\system32\\dnsapi.dll,-103",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\424bd4d8\\1c83327b\\8e\\Status",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\LocalRedirectOnly",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Security_HKLM_only",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\{8FD8B88D-30E1-4F25-AC2B-553D3D65F0EA}\\SuppressionPolicy",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\MaxUrlRetrievalByteCount",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E96E-E325-11CE-BFC1-08002BE10318}\\0000\\ProfileEnumMode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\Description",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\181938c6\\7950e2c5\\82\\NIDependencies",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\MMDevices\\Audio\\Render\\{c8ce7349-e519-42ea-bfb7-698f1844ee25}\\Role:1",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\000000000007\\PackedCatalogItem",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\{26EE0668-A00A-44D7-9371-BEB064C98683}\\SuppressionPolicy",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Mozilla\\MaintenanceService\\Attempted",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\Description",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\HideFolderVerbs",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\GRE_Initialize\\DisableMetaFiles",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{208D2C60-3AEA-1069-A2D7-08002B30309D}\\ShellFolder\\WantsFORDISPLAY",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE\\3b9e7e16e65a87d943fec0ec7dff8fda4b1d3340829c39e073f6df55405177f9.bin",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder\\WantsFORPARSING",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\Providers\\Trust\\Certificate\\{31D1ADC1-D329-11D1-8ED8-0080C76516C6}\\$Function",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\WinHttp\\Tracing\\Enabled",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\CallForAttributes",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Cached\\{871C5380-42A0-1069-A2EA-08002B30309D} {000214E6-0000-0000-C000-000000000046} 0xFFFF",
"HKEY_CURRENT_USER\\Software\\Microsoft\\SystemCertificates\\Root\\ProtectedRoots\\Certificates",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Mozilla\\MaintenanceService\\Installed",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Tracing\\firefox_RASAPI32\\ConsoleTracingMask",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E96E-E325-11CE-BFC1-08002BE10318}\\0000\\ICMProfile",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\Providers\\Trust\\Initialization\\{31D1ADC1-D329-11D1-8ED8-0080C76516C6}\\$Function",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\DisableMandatoryBasicConstraints",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\Defaults\\Provider\\Microsoft Strong Cryptographic Provider\\Image Path",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\61e7e666\\c991064\\83\\ILDependencies",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\3f50fe4f\\6f1da7aa\\90\\SIG",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\EnableWeakSignatureFlags",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{208D2C60-3AEA-1069-A2D7-08002B30309D}\\ShellFolder\\WantsAliasedNotifications",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\61e7e666\\c991064\\83\\MissingDependencies",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\MMDevices\\Audio\\Render\\{c8ce7349-e519-42ea-bfb7-698f1844ee25}\\Protocol",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\Roamable",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\WinSock_Registry_Version",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\TCPIP6\\Parameters\\Winsock\\Mapping",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\30bc7c4f\\3f50fe4f\\90\\NIDependencies",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\PublisherPolicy\\Default\\index4",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Category"
],
"file_created": [
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cookies.sqlite-wal",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\3561288849sdhlie.sqlite-wal",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\addons.json.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-phish-simple-1.sbstore",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\webappsstore.sqlite-wal",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\session-state.json.tmp",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cookies.sqlite-shm",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\aborted-session-ping.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-block-simple-1.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\.startup-incomplete",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\prefs-1.js",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\urlCache-new.bin",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-unwanted-simple-1.sbstore",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\3561288849sdhlie.sqlite-shm",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\favicons.sqlite-wal",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\TarA55D.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-harmful-simple-1.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-trackwhite-simple-1.sbstore",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\2918063365piupsah.sqlite-wal",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\places.sqlite-shm",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\1657114595AmcateirvtiSty.sqlite-shm",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\favicons.sqlite-shm",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\1657114595AmcateirvtiSty.sqlite-wal",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-track-simple-1.sbstore",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\sessionCheckpoints.json.tmp",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\crashes\\store.json.mozlz4.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-malware-simple-1.sbstore",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\places.sqlite-wal",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\webappsstore.sqlite-shm",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\scriptCache-child-new.bin",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\xulstore.json.tmp",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\2918063365piupsah.sqlite-shm",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\CabA55C.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\scriptCache-new.bin"
],
"dll_loaded": [
"C:\\Windows\\system32\\pnrpnsp.dll",
"imagehlp.dll",
"API-MS-Win-Security-LSALookup-L1-1-0.dll",
"DNSAPI.dll",
"C:\\Windows\\system32\\ole32.dll",
"dwmapi.dll",
"cryptsp.dll",
"ADVAPI32.dll",
"ncrypt.dll",
"API-MS-WIN-Service-Management-L2-1-0.dll",
"PROPSYS.dll",
"C:\\Program Files (x86)\\Mozilla Firefox\\lgpllibs.dll",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-utility-l1-1-0.dll",
"API-MS-WIN-Service-winsvc-L1-1-0.dll",
"advapi32.dll",
"ole32.dll",
"SHLWAPI.dll",
"ws2_32.dll",
"USER32.dll",
"C:\\Program Files (x86)\\Mozilla Firefox\\mozglue.dll",
"WINTRUST.dll",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-runtime-l1-1-0.dll",
"C:\\Windows\\System32\\mswsock.dll",
"C:\\Windows\\System32\\wship6.dll",
"C:\\Windows\\system32\\NLAapi.dll",
"Kernel32",
"CFGMGR32.dll",
"C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\mscorlib\\9469491f37d9c35b596968b206615309\\mscorlib.ni.dll",
"Dnsapi.dll",
"Kernel32.dll",
"samcli.dll",
"C:\\Windows\\System32\\wshtcpip.dll",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-convert-l1-1-0.dll",
"ntdll",
"WINSTA.dll",
"apphelp.dll",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-time-l1-1-0.dll",
"kernel32.dll",
"C:\\Windows\\system32\\IMM32.DLL",
"CRYPTBASE.dll",
"SensApi.dll",
"ntdll.dll",
"C:\\Windows\\system32\\napinsp.dll",
"dwrite.dll",
"WININET.dll",
"API-MS-Win-Core-LocalRegistry-L1-1-0.dll",
"cryptbase.dll",
"IPHLPAPI.DLL",
"C:\\Program Files (x86)\\Mozilla Firefox\\freebl3.dll",
"rtutils.dll",
"Iphlpapi.dll",
"RichEd20.dll",
"winhttp.dll",
"profapi.dll",
"rpcrt4.dll",
"USERENV.dll",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-filesystem-l1-1-0.dll",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-heap-l1-1-0.dll",
"VERSION.dll",
"RpcRtRemote.dll",
"WINTRUST.DLL",
"C:\\Windows\\system32\\cryptnet.dll",
"C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\ole32.dll",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-math-l1-1-0.dll",
"DEVRTL.dll",
"C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\System.Windows.Forms\\6c352ff9e3603b0e69d969ff7e7632f5\\System.Windows.Forms.ni.dll",
"Cabinet.dll",
"user32.dll",
"WINHTTP.dll",
"C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\shell32.dll",
"gdi32.dll",
"C:\\Windows\\system32\\rsaenh.dll",
"bcrypt.dll",
"urlmon.dll",
"C:\\Windows\\syswow64\\MSCTF.dll",
"mscms.dll",
"C:\\Program Files (x86)\\Mozilla Firefox\\VCRUNTIME140.dll",
"CRYPTSP.dll",
"C:\\Windows\\system32\\bcryptprimitives.dll",
"credssp.dll",
"SspiCli.dll",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-string-l1-1-0.dll",
"kbdus.dll",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-environment-l1-1-0.dll",
"C:\\Windows\\system32\\CRYPT32.dll",
"netutils.dll",
"NSI.dll",
"mscorsec.dll",
"C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorsec.dll",
"Gdi32.dll",
"C:\\Windows\\system32\\dxgi.dll",
"C:\\Program Files (x86)\\Mozilla Firefox\\MSVCP140.dll",
"C:\\Program Files (x86)\\Mozilla Firefox\\firefox.exe",
"shell32.dll",
"SETUPAPI.dll",
"WS2_32.dll",
"dbghelp.dll",
"kernel32",
"C:\\Program Files (x86)\\Mozilla Firefox\\xul.dll",
"C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorjit.dll",
"AUDIOSES.DLL",
"imm32.dll",
"ntmarta.dll",
"C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\System\\adff7dd9fe8e541775c46b6363401b22\\System.ni.dll",
"API-MS-WIN-Service-Management-L1-1-0.dll",
"cryptnet.dll",
"C:\\Program Files (x86)\\Mozilla Firefox\\softokn3.dll",
"C:\\PROGRA~2\\MOZILL~1\\nssckbi.dll",
"RASMAN.DLL",
"OLEAUT32.DLL",
"setupapi.dll",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-stdio-l1-1-0.dll",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-locale-l1-1-0.dll",
"API-MS-Win-Security-SDDL-L1-1-0.dll",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-multibyte-l1-1-0.dll",
"OLEAUT32.dll",
"RPCRT4.dll",
"C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorwks.dll",
"C:\\Windows\\System32\\winrnr.dll",
"comctl32.dll",
"C:\\Program Files (x86)\\Mozilla Firefox\\nss3.dll",
"mscoree.dll",
"SAMLIB.dll",
"C:\\Windows\\system32\\mswsock.dll",
"AdvApi32.dll",
"C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\System.Drawing\\5910828a337dbe848dc90c7ae0a7dee2\\System.Drawing.ni.dll",
"xul.dll"
],
"file_moved": [
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\urlCache.bin",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\urlCache-current.bin"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-trackwhite-simple-1.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-trackwhite-simple.sbstore"
],
[
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\session-state.json.tmp",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\session-state.json"
],
[
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\addons.json.tmp",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\addons.json"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\urlCache-new.bin",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\urlCache.bin"
],
[
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\sessionCheckpoints.json.tmp",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\sessionCheckpoints.json"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\scriptCache-child.bin",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\scriptCache-child-current.bin"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-harmful-simple-1.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-harmful-simple.sbstore"
],
[
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\aborted-session-ping.tmp",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\aborted-session-ping"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-block-simple-1.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-block-simple.sbstore"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-backup",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing"
],
[
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\prefs-1.js",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\prefs.js"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-phish-simple-1.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-phish-simple.sbstore"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-backup"
],
[
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\crashes\\store.json.mozlz4.tmp",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\crashes\\store.json.mozlz4"
],
[
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\xulstore.json.tmp",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\xulstore.json"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\scriptCache-child-new.bin",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\scriptCache-child.bin"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-unwanted-simple-1.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-unwanted-simple.sbstore"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-malware-simple-1.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-malware-simple.sbstore"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\scriptCache-new.bin",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\scriptCache.bin"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-track-simple-1.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-track-simple.sbstore"
]
],
"file_written": [
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cookies.sqlite-wal",
"\\\\?\\PIPE\\samr",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\addons.json.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-phish-simple-1.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-phish-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-harmful-simple.pset",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\session-state.json.tmp",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\aborted-session-ping.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-block-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-block-simple-1.sbstore",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\prefs-1.js",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-malware-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-unwanted-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\urlCache-new.bin",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-unwanted-simple-1.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\TarA55D.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-harmful-simple-1.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-trackwhite-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-trackwhite-simple-1.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-track-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D1B90B03F8D7A2BA6BA1E9251F8101DECDB2CBEC",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-track-simple-1.sbstore",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\sessionCheckpoints.json.tmp",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\crashes\\store.json.mozlz4.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-malware-simple-1.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\scriptCache-child-new.bin",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\startupCache.4.little",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\CabA55C.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\scriptCache-new.bin"
],
"file_recreated": [
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-malware-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-phish-simple-1.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-phish-simple.pset",
"\\Device\\KsecDD",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-harmful-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-block-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-block-simple-1.sbstore",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\prefs-1.js",
"\\??\\MountPointManager",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-unwanted-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-unwanted-simple-1.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\TarA55D.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-harmful-simple-1.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-trackwhite-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-trackwhite-simple-1.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-track-simple.pset",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\parent.lock",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\CabA55C.tmp",
"\\??\\C:",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-malware-simple-1.sbstore",
"\\??\\Nsi",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-track-simple-1.sbstore"
],
"directory_created": [
"C:\\Users\\cuck\\AppData\\LocalLow\\Mozilla",
"C:\\Users\\cuck\\AppData\\LocalLow",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting",
"C:\\Users\\cuck\\AppData",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default",
"C:\\Users\\cuck\\AppData\\LocalLow\\Mozilla\\Temp-{30125161-3c7f-4c5a-bdb3-beadc01f5994}",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\crashes\\events",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\crashes",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\events",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\bookmarkbackups",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\gmp",
"C:\\Users",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\gmp\\WINNT_x86-msvc",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox",
"C:\\Users\\cuck\\AppData\\Roaming",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Pending Pings",
"C:\\Users\\cuck\\AppData\\Local",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla",
"C:\\Users\\cuck",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating"
],
"file_failed": [
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\user.js",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\ta.res",
"C:\\Windows\\System32\\twinapi.appcore.dll",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\bo.res",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\hi.res",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\chr.res",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\hsb.res",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\sr.res",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\am.res",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\el.res",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\ky.res",
"C:\\Users\\cuck\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\D47DBD2F9E3365FBBE008D71FB06716F_4DD1053BCC726DA41115FFF4C7D6E9CC",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\ru.res",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-unwanted-proto.sbstore",
"C:\\Windows\\System32\\DataExchange.dll",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\sl.res",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\aborted-session-ping",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\or.res",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-track-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\en_US.res",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\uts46.nrm",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\ko.res",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\smn.res",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\fi.res",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\yi.res",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\pl.res",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\postSigningData",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\ja.res",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\ee.res",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\lv.res",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\ug.res",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\cnvalias.icu",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-phish-proto.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\ga.res",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\fa.res",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-phish-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-unwanted-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\as.res",
"C:\\Users\\cuck\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\60E31627FDA0A46932B0E5948949F2A5",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\fa_AF.res",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\sv.res",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\az.res",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\sr_Latn.res",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\wae.res",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\mn.res",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\ur.res",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\3b9e7e16e65a87d943fec0ec7dff8fda4b1d3340829c39e073f6df55405177f9.bin.config",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\pa.res",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\eo.res",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\es.res",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\vi.res",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\ms.res",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\res_index.res",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\se.res",
"C:\\Users\\cuck\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\0797C381B2F87EB5A1D5573BD15BA4F4",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\ShutdownDuration.json",
"C:\\Program Files (x86)\\Mozilla Firefox\\distribution\\policies.json",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\CLR Security Config\\v2.0.50727.312\\64bit\\security.config",
"C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\enterprisesec.config",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\ps.res",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\ha.res",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\haw.res",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-harmful-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-malware-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\mt.res",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\kl.res",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-downloadwhite-proto.sbstore",
"C:\\Windows\\Microsoft.NET\\Framework64\\Upgrades.2.0.50727\\",
"C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\security.config",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\to.res",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\si.res",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\bg.res",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\nb.res",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\pending-deletion-ping",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\zu.res",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\hu.res",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\kk.res",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\km.res",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\en_US_POSIX.res",
"C:\\Users\\cuck\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\D47DBD2F9E3365FBBE008D71FB06716F_BBB35F3D100606CE5776FB7E4248C8F3",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\bs_Cyrl.res",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\sq.res",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\pt.res",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\gu.res",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\hy.res",
"C:\\Windows\\System32\\twinapi.dll",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\mr.res",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\ln.res",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\lkt.res",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\de.res",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\ca.res",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\ka.res",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-block-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\ml.res",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\hr.res",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\ne.res",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-malware-proto.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\res_index.res",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\fo.res",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\logins.json",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\bn.res",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\id.res",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\sk.res",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\ucadata.icu",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cert_override.txt",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\cs.res",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\kn.res",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\root.res",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-badbinurl-proto.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\be.res",
"C:\\Users\\cuck\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\4DD39726D4B55AC3B4119B35A893323C_4D50DAEB551A146AE575DB71610F2464",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\da.res",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\fr_CA.res",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\updates\\0\\update.version",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\lt.res",
"C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\security.config.cch",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\kok.res",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\fr.res",
"C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\enterprisesec.config.cch",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\gl.res",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\nl.res",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\prefs.js",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\de_AT.res",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\he.res",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\mk.res",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\lb.res",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\sw.res",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\ar.res",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\zh.res",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\ig.res",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l.dat",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\sv_SE.res",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\dsb.res",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\wo.res",
"C:\\Users\\cuck\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\4DD39726D4B55AC3B4119B35A893323C_BF314079C54386FC476AC0C777DD0DA8",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\fil.res",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\zh_Hant.res",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\en.res",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\CLR Security Config\\v2.0.50727.312\\64bit\\security.config.cch",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\te.res",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\bs.res",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\is.res",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\uz.res",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\nn.res",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\it.res",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\af.res",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\uk.res",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\my.res",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-trackwhite-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\et.res",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\likelySubtags.res",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\ro.res",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\tr.res",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\yo.res",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\dz.res",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\experiments.json",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\cy.res",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\lo.res",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\th.res",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\downloads.json",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\om.res"
],
"resolves_host": [
"aus5.mozilla.org",
"csc3-2009-2-crl.verisign.com",
"redirect.hp.com",
"tiles.services.mozilla.com",
"crl.verisign.com",
"search.services.mozilla.com",
"ciscobinary.openh264.org",
"shavar.services.mozilla.com",
"detectportal.firefox.com",
"ocsp.verisign.com",
"safebrowsing.googleapis.com",
"redirector.gvt1.com",
"services.addons.mozilla.org",
"versioncheck-bg.addons.mozilla.org"
],
"file_deleted": [
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\CLR Security Config\\v2.0.50727.312\\64bit\\security.config.cch.2736.24097296",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-downloadwhite-proto.metadata",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cookies.sqlite-wal",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\3561288849sdhlie.sqlite-wal",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\mozstd-trackwhite-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-downloadwhite-proto.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-unwanted-proto.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\except-flash-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-phish-simple.pset",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\xulstore.json",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-block-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-badbinurl-proto.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-unwanted-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\except-flashsubdoc-digest256.pset",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cookies.sqlite-shm",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\healthreport.sqlite-wal",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-unwanted-proto.metadata",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-block-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-harmful-simple.pset",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\session-state.json",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\2918063365piupsah.sqlite-wal",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\mozstd-trackwhite-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-unwanted-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\allow-flashallow-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\.startup-incomplete",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-trackwhite-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-malware-proto.metadata",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\3561288849sdhlie.sqlite-shm",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\block-flash-digest256.pset",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\archived\\2018-06\\1529094432250.8d1c7fee-79f4-470a-abe5-30f64452b184.main.jsonlz4",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-malware-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\sessionCheckpoints.json",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\TarA55D.tmp",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\archived\\2018-06\\1529094127628.b6c0f8ae-6867-461f-8b4e-0e5ad121f572.new-profile.jsonlz4",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\except-flashsubdoc-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-track-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-trackwhite-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-phish-proto.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-harmful-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\except-flashallow-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-track-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\except-flashallow-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\block-flash-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-phish-proto.metadata",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\mozplugin-block-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-malware-proto.pset",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\archived\\2018-06\\1529094127657.3ee56f54-bdce-46eb-a6d1-98f68cca4570.main.jsonlz4",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-badbinurl-proto.metadata",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\1657114595AmcateirvtiSty.sqlite-shm",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\base-track-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\except-flash-digest256.pset",
"C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\enterprisesec.config.cch.2736.24097078",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\1657114595AmcateirvtiSty.sqlite-wal",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\allow-flashallow-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\CabA55C.tmp",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\archived\\2018-06\\1529094538341.9c7aca19-57fd-4e4f-b088-84d9d1e147b1.main.jsonlz4",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\mozplugin-block-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-malware-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-phish-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\block-flashsubdoc-digest256.pset",
"C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\security.config.cch.2736.24097078",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\healthreport.sqlite",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\archived\\2018-06\\1529094127660.769b1bb0-a4dd-45df-94dc-162afa98b7dc.first-shutdown.jsonlz4",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\block-flashsubdoc-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\base-track-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\2918063365piupsah.sqlite-shm",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\addons.json",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\healthreport.sqlite-shm"
],
"directory_removed": [
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\archived\\2018-06",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4"
],
"file_exists": [
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\1E6CC88205509B4729347C79C048D6FEE47BA702",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cookies.sqlite-wal",
"C:\\Windows\\SysWOW64",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\406A03EE0E91037465ACB2B4F4105250A54F282B",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\C7BCCD2D2CA294B38AE834D818CF5D5C0C7A65BE",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\1657114595AmcateirvtiSty.sqlite",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\F17F04878A68505AE5481A71D8B733C5FFC6F285",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4A7B3B12544D1B7ECC140DBCC7F13159E5C2811A",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\onboarding@mozilla.org.xpi\\install.rdf",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\5DE23E815D1A97B1F4BEA115D8FEE9A592A6F071",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\80C4BD9CF4D3178043F25467076DC8E0EDCA7FA2",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\plugins",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\25BA5C2B3FD98507850409FC3A4FD981B4B57A95",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\116C29D749EF02BBC3455756D834442785F9A388",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\chrome\\userContent.css",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\0C2824F70ADF87E5071FE4771AF36357A5500643",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\mozplugin-block-digest256.pset",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\sessionCheckpoints.json",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\53DAE4B1D7BFF6744CCAF7207DE631267F9883DC",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\12C5797F729FEAC529B8B47C188D14EB02D8CB76",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-phish-proto.pset",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\webcompat@mozilla.org.xpi\\manifest.json",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\B7DB036074231ACC212F58CA5B8AF0545A418060",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-downloadwhite-proto.metadata",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\A698B6CF98F43F9B0EE1C1DAF3F2CB9BFF09A47C",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\1657114595AmcateirvtiSty.sqlite-shm",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\464DAA9FB3675E2054BC44273AFC184FA46471CB",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-track-simple-1.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-harmful-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\14C9FC10F03F11BB6CBD75EA217AB33E64DCC1D8",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\7129FF815464CD6B0D2D26BA6F4172DEB37EEEAD",
"C:\\Program Files (x86)\\Mozilla Firefox\\gmp-clearkey\\0.1\\clearkey.info",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\addons.json",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\03C2D63D520038594126B6B542E92CB503EF60B6",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4EC268BEC38CFB516EF780E0EBE4E401AF241132",
"C:\\Program Files (x86)\\Mozilla Firefox\\*",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\9548F9611999ED8CA357720E12017816424CFB6F",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\B871BCA40A90227E35C39797525C79C94A1D99BE",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-downloadwhite-proto.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\except-flashsubdoc-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\mozstd-trackwhite-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\allow-flashallow-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\5910B209536948818F465D83D2569E7CE0895207",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\content-prefs.sqlite",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4",
"C:\\Program Files (x86)\\Mozilla Firefox\\dictionaries",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-phish-proto.metadata",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\key4.db-wal",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\Cache",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\BD75785200C0E1E894D78880C72AC03D1B02A575",
"C:\\Program Files (x86)\\Mozilla Firefox\\distribution\\searchplugins",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\except-flashallow-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\89DBE1DF558BB8439E2062ECC3272086F2E3FF1F",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-malware-proto.metadata",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\6052DF2D478CD99FDE4D4B2D810BB2BA580793EC",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\2918063365piupsah.files",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\2FD2E2A71F89E3A92F68CB796207228217259289",
"C:\\Windows\\System32\\spool\\drivers\\color\\Photo.gmmp",
"C:\\Program Files (x86)\\Skype\\Phone\\skype.exe",
"C:\\Program Files (x86)\\online services\\Skype\\SkypeSetup.exe",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\F456E8433011E699C016D5F1A2CD66D7F02F61A1",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\scriptCache-child-new.bin",
"C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\machine.config",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\scriptCache-new.bin",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\BF13DDDC114B55CF8532A4CD90403A99233AEC0E",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\3561288849sdhlie.sqlite-wal",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4E7F371E5CFBFD3AFD85C29D7EEFFFE842B3C777",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-phish-simple-1.sbstore",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\A41FBA22DC5012AD425DF960BDD5033BAB7C7CB6",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage.sqlite-wal",
"C:\\Program Files\\Skype\\Phone\\skype.exe",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\plugins",
"C:\\Users\\cuck\\AppData\\LocalLow",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\prefs-1.js",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\allow-flashallow-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\scriptCache-current.bin",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\extensions\\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi\\manifest.json",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\mozplugin-block-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\B028362E3889BEAC998CED49FD74BA83B106FF93",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\aushelper@mozilla.org.xpi\\install.rdf",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\698AC159A6BCBA0D13FE6F10F1A38E498F826F33",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\extensions\\staged",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-trackwhite-simple-1.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\46E3AF25E304979396708B69DA68563169275511",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\chrome\\custom-strings.txt",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\serviceworker.txt",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\onboarding@mozilla.org.xpi",
"C:\\Program Files (x86)\\Mozilla Firefox\\gmp-clearkey\\0.1\\manifest.json",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\17AFA6B228D2D87514B84B53E61306EC9F76A8AE",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\179F6D8969C48967D77229126C8892C5E40DBC29",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\content-prefs.sqlite-wal",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\1657114595AmcateirvtiSty.sqlite-journal",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D5E6BECED2D69F7DA21EFD7B80D6C386F459CAF3",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default",
"C:\\Program Files (x86)\\Mozilla Firefox\\firefox.exe",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\53A3BB8B513161BF46CD7ED76BE06E8E633BE492",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cookies.sqlite",
"C:\\Program Files (x86)\\Mozilla Firefox\\dictionaries\\sv.aff",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\92B5C9352DD00CE3BC97E4D5F624D41C2B3E8A45",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-phish-simple.sbstore",
"C:\\Users\\cuck\\AppData",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\2918063365piupsah.sqlite-journal",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-harmful-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\2B0BB856207559EBA5FC5511DF6FF5F51DFB5146",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\extensions",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\E771454BB360CA5F7AA169E5416B493549BC2F59",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4FA5EE242D6F5B358CE45D291E80054726F198AC",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\OfflineCache",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\places.sqlite-journal",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\scriptCache.bin",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\B10EA6E071F884F477118DC8A00E82FC8DE58639",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\favicons.sqlite-journal",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\EE34617993BEF52E93EC1819B22D42B99366214A",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\3561288849sdhlie.sqlite-shm",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\B43D30F6F6BD7155ECCE1FFC98748C5FE69D8051",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\F18D85F52EBBBA2AB081EF739ED0D6E8A76D497C",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\defaults\\preferences",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\except-flashsubdoc-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\Cache",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\96ABC2EA8266E6EA2ABE62F8766B67BC8CA527BD",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\FDC043D6190638980733E805CC7517F27A931511",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\block-flash-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-badbinurl-proto.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D1B90B03F8D7A2BA6BA1E9251F8101DECDB2CBEC",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\base-track-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\08F6935A08DB711CA491DE732807CFAEAB3E4D3B",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\2918063365piupsah.sqlite-shm",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\.metadata",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\webappsstore.sqlite-shm",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\followonsearch@mozilla.com.xpi",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\9843E084E02CC996A82AAAF091B968B2F443AA96",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cert9.db",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D7152E928865BCA4A03E2E2EA4F70459D0A65CA9",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\22C4B7AADA22F61015D43F2AC3959E959BFA7C92",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\index.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\FF55B8192FB0DF5264A1A67E55A281598969EDD1",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\B25B8C1B43CF7FBFAE6666322FAC0E83376388E2",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\minidumps",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D88DC229735F2EE8DFE494C6D1F37FA7BB2227CE",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\BA91797ACB41F0E0E1E95742571EEE322A6A70F0",
"C:\\Windows\\System32\\spool\\drivers\\color\\D65.camp",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\formautofill@mozilla.org.xpi\\install.rdf",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\CCB2BB2D87699CA64DCF0C60BDECD1E30D1D6A11",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\773ADD9F62EEAF7F2246C8AD56A9F1B7BAA7B703",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\2E3648501A7ACB740BAFCE7FC3EAF3D4DC4E995D",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\9BA38CD17924C08AD334BFB3903E3E7CD5627B1B",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\2DDBF58F5F7BF1E52CD38B42B90ABC8A4B082461",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-block-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\mozplugin-block-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\E7EAFD1748127CEAA48DCDD05E7998E3CAA95B8C",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\C4FA0268E64A0AD9E2040B07A1F10F120BD4EB0C",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\EAF97F7535E2FBDA3D23E536591F7BBFE203FAC1",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Extensions\\*",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D5D7B247774E63182A9E2C82B62424AAB64C79A8",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\745D8B14DE6A12F1FAB4E03C1DDDB18AADB91107",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-malware-simple-1.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\aushelper@mozilla.org.xpi\\manifest.json",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\7B303216787123E2E98A2B9594CDF8211C77C0EA",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\6E1FED29EBE0BFDE3E498E4192938BE957FF9246",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\xulstore.json",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\A9004750076EB06EEC33AA7B9CC6D2557CD44CF4",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-malware-simple.pset",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\0CB83587A5F8FCB502CB86AC361A93E2B36E861C",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\A3031C2052A395A7FE246EFE1783C6205B841295",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-badbinurl-proto.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\2F8B15C93D75669CC70EBF85BF71871359837EAF",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-unwanted-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\1679441B8AA7B4D31717C773CC4E86A25B37532B",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\C9BC79B1EF4DD1EF133FEDF6433E235214534AB1",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-block-simple-1.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\54EF37D18C4E81EE554527CBAE4A41871ECA817A",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\10506E8A46D6B713DA6BAF52F85CF29652AB094C",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\19AE0F43DA3528C6C3423A49A8C88E2268C93A9F",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\A9970A5D52CA09C13D9BD1531BCA7CF8B73E283E",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\3b9e7e16e65a87d943fec0ec7dff8fda4b1d3340829c39e073f6df55405177f9.config",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\A2FD2AEC52AD764EF05C6E7CE3A4CE4B752EA5F0",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cert9.db-wal",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\719CE0C009C49A27AA9874570F196BC7E8FB4270",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\except-flashsubdoc-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\block-flash-digest256.sbstore",
"C:\\Program Files (x86)",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\mozplugin-block-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\6301F538B782708AB243E2D7E05058C93BB83863",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\parent.lock",
"C:\\Windows\\System32\\p2pcollab.dll",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\DF08D94982E136FE7C4F2C94421F9E48C2C74A77",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\crashreporter-override.ini",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\C664ABAE6A070392F60C7BFF721450AA0CF7DBA0",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\allow-flashallow-digest256.sbstore",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\activity-stream@mozilla.org.xpi\\install.rdf",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\key4.db",
"C:\\Windows\\System32\\MSCOREE.DLL.local",
"C:\\Program Files (x86)\\Mozilla Firefox\\omni.ja",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\webappsstore.sqlite-journal",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-downloadwhite-proto.metadata",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-badbinurl-proto.metadata",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\E8F333B9BE75EC8017017DAE4ACE9DCC6677A983",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\plugins",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-block-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\d3d11layers.guard",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\1E1444ABF82EF1DC8EE0944028E4CDA455D636F3",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\05582FF5C196A4485F189490FEC9ECEA0890DA32",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\2918063365piupsah.sqlite-wal",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\589D8E1EA927649272150213A47BD1143DECB82A",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-to_delete",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-malware-proto.metadata",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-phish-simple.pset",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\3561288849sdhlie.files",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\BFF1B70350A6A2E0FDC6CD336ADB9119D951BACD",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\content-prefs.sqlite-journal",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-trackwhite-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-phish-proto.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\66F684AF9CC570C6247262B47C769C601C2A338B",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\63FFF734326AB3EF836515DFE9353A5E12B66B71",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\1FD79E550E990A5DE8BC811C9BBECF380A66A9DF",
"C:\\Users\\cuck",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\prefs.js",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\followonsearch@mozilla.com.xpi\\manifest.json",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\5E4954707B44E5A4B4ACF5F22B52219A1DCA477F",
"C:\\Program Files (x86)\\Mozilla Firefox\\fonts",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\extensions",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\dictionaries",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-backup",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\1657114595AmcateirvtiSty.files",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\1D7A050D55E3C4EE69402F8D55391DE5B50ADDB9",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\.purgecaches",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\except-flashallow-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\except-flash-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\C57B57965CBA09581E320B5AA0337D210F8F93D2",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-phish-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\64E75C732D9C3F23724ACEF48E9B6C566BC6D9BE",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-harmful-simple.pset",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\chrome",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\32D3D40B1A49D72C523AF9C518AFE673224DF48F",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\E2E836DA4479746F0312710A7F9EE78D7DFD4750",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\onboarding@mozilla.org.xpi\\manifest.json",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\2E51A9404F7D0D33DB132CAF4A9C7B8FA64549AA",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-unwanted-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\urlCache-new.bin",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\120B4106EC203FC932984367D86BBE11C2B9B93C",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\2361C75DF0C4148925BB777DAFEA1BF4F9552B47",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\favicons.sqlite-wal",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\3A472858AE5D0DD4813DF4EFC9F1037A487B1A64",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-block-simple.sbstore",
"C:\\Windows\\winsxs\\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6\\msvcr80.dll",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\CA53C817FAB68ABF181745737562B15E8CCB7039",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\C03DE41C9476F437402F1B6C64B0E4AB01A863E0",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4E83181E964BD40E1FE4C41BAFED645D4BA363B1",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\25D9FE4CEA5B58770648CDAF3242ACDE286A6CBF",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\places.sqlite-shm",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\extensions\\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\urlCache.bin",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4AFCE23AA61A96885DF21D2DE2FFB502C41EBD3C",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\3561288849sdhlie.sqlite",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\SystemExtensionsDev",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-malware-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cert9.db-journal",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\361B548BA913570AB336F9E5FA9152F01E567AB9",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\mozstd-trackwhite-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\base-track-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\webappsstore.sqlite-wal",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\F8AC72083E334F70A553AE68455FBDF0E65C5221",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\63F48F4F7F1BC3195F5AB831F9794F3DBA2D30E1",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\chrome\\userChrome.css",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\extensions\\*",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\favicons.sqlite",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4945586D32183A203E85FAFFD463A7684FD62668",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\7F2254AA2A8BC4A627A43E0A537084540A1E884B",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\aushelper@mozilla.org.xpi",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\950506BC89C1114E4E75E993855000430CECD9D9",
"C:\\Users\\cuck\\AppData\\Roaming",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-track-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D1A8E6A06938A84BEC26B6A4F8D583FB4A3E4875",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\1F3A3A34BAF218785600EB46E9182918B9928898",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4824C8FFDEE786A5D8721AF47836EA89F72B9E63",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-phish-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\89ACBB962943FAF1EF2F1C7CA72502C77A714625",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\3561288849sdhlie.sqlite-journal",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\startupCache.4.little",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\Cache.Trash6767",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\235A8ED310BFD65966E1EE36D0FD4BE498C8B73C",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\.metadata-v2",
"C:\\Program Files (x86)\\Mozilla Firefox",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\firefox@getpocket.com.xpi\\install.rdf",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\7ADD52E257AB16553D632B8F4B6830030878A19E",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\CB29EDE1FD7262A61FFAB793A382D515CAC77D01",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\AA109EF5680522CB655C98111C00F5A6B7B092B2",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\1AB027184D2B00AF60C1FC40EDE4333DEACDB184",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\B597DA2E9B2D181DF7F2FB8D2BAEC133C8DBA0A3",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\65C9C9A27B78717F1015DE362F028E04C3945DEC",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\webappsstore.sqlite",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D3AEF13BE0B76F1272C2F5536D4AF952DE6D2579",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\43CB3924B4D48AD39D6282AE7C1F2C500B3D6732",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-unwanted-simple-1.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-trackwhite-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-malware-proto.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\block-flashsubdoc-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\BA3014356B4F6ECADF1B5288B6841EB407783B99",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\75E50D054B90189E74DAB0C86F5E8680BE580C29",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-downloadwhite-proto.pset",
"C:\\Users\\cuck\\AppData\\LocalLow\\Mozilla\\Temp-{30125161-3c7f-4c5a-bdb3-beadc01f5994}\\*",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\34D9B2F464DD8C129F58DFEE470B079556A7A3F9",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\167493A5CFB1A41265EC1B95DA06580C32BCF814",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\webcompat@mozilla.org.xpi\\install.rdf",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\68B1EB9E09D4BD74CA7A9C1BB118BE821BD39E93",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\DC933A410E769DFD115C892EAF014A6E15ED59CE",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D172C03F361E7325D8F391F992106A828306767D",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cookies.sqlite-journal",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\block-flashsubdoc-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D381FB47D731C2651FB103E2F7BC18AF380F7B1F",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\6C9B846926C287B15F67D64CE91F1CFA7D812660",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\0FEBD8BDBFAC8B82791945DC7E04F675419B2F42",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\block-flash-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-unwanted-proto.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\24AB539CB6640E15DB1604220F3951544785212C",
"C:\\Users\\cuck\\AppData\\LocalLow\\Mozilla\\Temp-{30125161-3c7f-4c5a-bdb3-beadc01f5994}",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\7A140995F2B1632A4366B29F84525E129CE8019A",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-block-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\13AD07F4960A54F2D183ACF9E94C5128138B1927",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\8C98F893C7DC5F2C401AD1482A81572B54197408",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\updates\\0\\update.status",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\permissions.sqlite-wal",
"C:\\Users",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\10822A86FA4EA4E601152426CBC79395A1336DF4",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D6BFEAEE7117A9C7FDE6A10EAB400F894E4195A8",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\481A82674A6B66F0DE510C9A714F8CD8C49CECDC",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Extensions\\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\InstallTime20180605171542",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\B3F357E619352C003E94A8CF5A48F89305F38330",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\favicons.sqlite-shm",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D56D07CBF04B0388B53B943F61C75FC6620FA0A9",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\scriptCache-child.bin",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\1657114595AmcateirvtiSty.files\\journals",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\796EA7DED8F33BFD4F2F0CD98C76865D063E1FE1",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\mozstd-trackwhite-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D8779A474EF9F188508C00F92B9CE49A7892A0AD",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\allow-flashallow-digest256.sbstore",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\87526A8EBFB030E474085D20EF15DC8C63814072",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage.sqlite-journal",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\except-flashsubdoc-digest256.pset",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\screenshots@mozilla.org.xpi",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\AC09BBF6FF451E6C03BF3FB18C85B1A52662C4FC",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\0EDDF8C091E2FED62E44BEDDDC1723F5BF38FE4F",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-track-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\except-flash-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\session-state.json",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-track-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\except-flashallow-digest256.pset",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\formautofill@mozilla.org.xpi\\manifest.json",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\3105ECE5A1F29E3F4D2F5EDF3C6DC5FE4443FD4A",
"C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\fusion.localgac",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-harmful-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\93B95B92B63A5C2327A8048A4BF57824C56B8CF1",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\index.log",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-track-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\9B1007AC2F741C4FD7099C41A741D0FD35957BB8",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\block-flashsubdoc-digest256.pset",
"C:\\Program Files (x86)\\Mozilla Firefox\\distribution\\extensions",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\places.sqlite-wal",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4966EE335F8967FC706E89E6D02E8524E946F1B9",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\except-flashallow-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\196BCA845E91608F7B4CA6127A60D20AF55413AC",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\chrome\\icons\\default\\main-window.ico",
"C:\\Users\\cuck\\AppData\\Local\\Temp",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\E59C4C731883450D84A0BAE7FDD94546BBC8DE04",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cookies.sqlite-shm",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\chrome\\*",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\activity-stream@mozilla.org.xpi\\manifest.json",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-unwanted-simple.pset",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Extensions",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\.startup-incomplete",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-trackwhite-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\pluginreg.dat",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\screenshots@mozilla.org.xpi\\install.rdf",
"C:\\Program Files\\online services\\Skype\\SkypeSetup.exe",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\8366CD083751DA973B30F80B11D910A45A6D920D",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\webcompat@mozilla.org.xpi",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\6509930F4539DB79DA356F2C5D01976D46756302",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\8322BC5E83D3D80175E749D29197F9800286F253",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\2732BCC97E7EB9EC9DE3E8EA8F56D7971CBDCD22",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\except-flash-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-badbinurl-proto.metadata",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\base-track-digest256.pset",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\aborted-session-ping",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\E910D1FCE8BF27F5536B88567A4DC32624377CC3",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\B2D65EE14ED1EB19E1A3B4C871D8C24A13F52918",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\SystemExtensionsDev\\*",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\followonsearch@mozilla.com.xpi\\install.rdf",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\chrome\\icons\\default\\default.ico",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\firefox@getpocket.com.xpi",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\7A8D3A9360CC37F0AD80962D4AEA72B6D0F0B2B3",
"C:\\Users\\cuck\\AppData\\LocalLow\\Mozilla",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\280DEB31796CE454CD8D9594397E4D89E8E5D64F",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\screenshots@mozilla.org.xpi\\manifest.json",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\8612B317C4521EAFE03AFB4EE4DE58D7263A20FB",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\chrome",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-trackwhite-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\block-flash-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\AC5E012C1887C7B691A8EA00C4E754025E25C235",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\extensions\\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi\\install.rdf",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-malware-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\index",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\F2BD0701B9399ABF52C338C39C42391FD12832D2",
"C:\\Windows\\System32\\QAGENTRT.DLL",
"C:\\Windows\\System32\\dnsapi.dll",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\01B2BB0FC84221A3593CA7991D57E56AC2CAE656",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\F10983A15DD515D828BE4E816299B9E87852132A",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\EFE71EF03AD3DD79AAEBAA0A3F9596521CBA2FFE",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\persdict.dat",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-unwanted-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\71E6B979E60B9BE891481CC4F4A274E2DECFFCD7",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\profiles.ini",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\EA9C51236A8D1BE9B123FE65F49772A97F2EAAEC",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\EFC872FB5405AFC377348FFCDD26E62BBB612D81",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\499B8F86D3D7ACD12153BFF4E7D9C21E20E57862",
"C:\\Windows\\assembly\\GAC\\PublisherPolicy.tme",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\permissions.sqlite-journal",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4DE8480C465A21C0F01AA2B6F4E13E551F78BBB1",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\AFE5FBBD40656A0DF79CF1E5D0A1DF072C6B9AE9",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\8763F97414AC5D93807FCCBC67DBAAAEE2972A52",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\F6C3C960F259CC3B54FF1DAD70E2F2E9E5020CA6",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\505DF13F4DA2C53FEB1945E0598B23F47FDBDCC7",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\F85DD1E57E8C61DF501ABFFCE74943A8035E83A6",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\E9B5F1423155DB2E35FD739FC2008DB01C93DE1E",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\permissions.sqlite",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\firefox@getpocket.com.xpi\\manifest.json",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\omni.ja",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\2918063365piupsah.files\\journals",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\006309EAFFD4653F45B69F09BF6F930B6C5B394C",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\ED89A8241905354BB4530DC06257CEF53C1580A2",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\639DC9A240AA5E77CE1A930EDDD634BE796CBFA8",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\0CDAD0FEE8D457A239E21FCEAC3C12851FD524BB",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\extensions.json",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-harmful-simple-1.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\911B0C61350C012E383F7D0845A33B4D64F1AD2A",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\2918063365piupsah.sqlite",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\3b9e7e16e65a87d943fec0ec7dff8fda4b1d3340829c39e073f6df55405177f9.bin",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-unwanted-proto.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-unwanted-proto.metadata",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\E600EF8778C4BFEC40D87FF56E5C46E3377094F0",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\16114BA75206B6FA4C51ADC8A73DB4C6635F6AF9",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\LastCrash",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\2F0CC71C57B06F9DEA5A4A190CC4CF489D97C1F4",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\mozstd-trackwhite-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\9B10ECC55593004CB6F9763CF9201C09433055FD",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\79AEB0050B19F23A061AD4C2045261954485EF33",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\88A3A91F296EB21A832CB76FA4FDB06CCDE147B9",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\key4.db-journal",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\5014D54D3346C39B07AF70090657B2AD092771C7",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\6D0B804EDDF9F0A04ED44C3E1673404FC2EF042D",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\25FCAA86CF448D2943B56A5788C3C21E5EA8DBC4",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\places.sqlite",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-unwanted-proto.metadata",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage.sqlite",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\BB03D28C0A5842A9006EBFBFCDEC58959BE6B505",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\activity-stream@mozilla.org.xpi",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\53B7A8254D12E292946E4514B3D598C1E6539AE8",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\doomed",
"C:\\Windows\\inf\\",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\archived\\2018-06",
"C:\\Windows\\System32\\fveui.dll",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\70F12FE0F788181112B9AEE541D1E9E7E0FAEDE3",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\formautofill@mozilla.org.xpi",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\block-flashsubdoc-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-phish-proto.metadata",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-malware-proto.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\723D2D7D52AD8AD9A4B8D12D69CBCD97CB4FFC65",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\448A2AB129B26377E2408BBC44A6B4E984B0F25D",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\except-flash-digest256.pset",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\1657114595AmcateirvtiSty.sqlite-wal",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-malware-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\24C085D72E4DC34C183B0875733BBC71612D9696",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\base-track-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\3561288849sdhlie.files\\journals",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\ABA24AAB8A9EA0E34C3E86EFD7EE2992CE614003"
],
"directory_enumerated": [
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\*",
"C:\\Users\\cuck\\AppData\\LocalLow\\Mozilla",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\*",
"C:\\Users\\cuck\\AppData\\LocalLow",
"C:\\Users\\cuck\\AppData",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Extensions\\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\\*",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\extensions\\*",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\archived\\*",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\extensions\\*",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\events\\*",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\saved-telemetry-pings\\*",
"C:\\Program Files (x86)\\Mozilla Firefox\\fonts\\*",
"C:\\Users\\cuck\\AppData\\Roaming",
"C:\\Users",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\archived\\2018-06\\*",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\*",
"C:\\Program Files (x86)\\Mozilla Firefox\\defaults\\pref\\*",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\*",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\*",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\doomed\\*",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Pending Pings\\*",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\*",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\crashes\\events\\*",
"C:\\Users\\cuck",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\*",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\bookmarkbackups\\*",
"C:\\Program Files (x86)\\Mozilla Firefox\\firefox.exe",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\*",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\*",
"C:\\Program Files (x86)\\Mozilla Firefox\\dictionaries\\*"
]
}Dropped
[
{
"yara": [],
"sha1": "6c6210bc9fc17d562dc534cc86a887b23e562736",
"name": "dcc418a7770384bd_goog-phish-proto.metadata",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-phish-proto.metadata",
"type": "data",
"sha256": "dcc418a7770384bd334020641728a0b3de630b541063318221c9777c408069d2",
"urls": [],
"crc32": "89C3F02D",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/3575\/files\/dcc418a7770384bd_goog-phish-proto.metadata",
"ssdeep": null,
"size": 67,
"sha512": "917e795a38debf84a25306122b779ea42429b8db2d8e53cfa0428f368a1ed53b8b0341dd73f2ecb4364efc52418146d53c6be1d9f6d3e7f19fd7eb7b986fa651",
"pids": [],
"md5": "c4665c7a6d597a501392274a599af139"
},
{
"yara": [],
"sha1": "5c54ad3ff47c6b925e7ac17d361fe0fa60b9181e",
"name": "5525cbf8f8dc41d1_mozplugin-block-digest256.sbstore",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\mozplugin-block-digest256.sbstore",
"type": "data",
"sha256": "5525cbf8f8dc41d19ac632ed324e55293a510ae0eeba16d0e3f33c707aa58a0c",
"urls": [],
"crc32": "96B20E1D",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/3575\/files\/5525cbf8f8dc41d1_mozplugin-block-digest256.sbstore",
"ssdeep": null,
"size": 3580,
"sha512": "1f72c01aa332a6e3fc5f966ed2b12534653bcacf2dc242850877961cc4c16ac3bd1846939d56ea6e230a71f336f4b37f67e0070dddb66d57bb51526de52819ca",
"pids": [],
"md5": "d6acf2573e12afdd7939568804d3fcc1"
},
{
"yara": [],
"sha1": "6fcab0c408a8b88b4cbf9cb1818831d498a45967",
"name": "edcfcac906d7124a_xulstore.json",
"filepath": "C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\xulstore.json",
"type": "ASCII text, with no line terminators",
"sha256": "edcfcac906d7124a328886aa1aa94be512206cfe899d8c79d5a096a3992cebb3",
"urls": [],
"crc32": "B8524E16",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/3575\/files\/edcfcac906d7124a_xulstore.json",
"ssdeep": null,
"size": 214,
"sha512": "b90b6d11c28a18f7dd4f1a77208b5e9271d5cb9616515a4b2719a0904d5e45c60621310398139c9059f87409761f6a6bec2f67300be888220a3de3a5b2ada22b",
"pids": [],
"md5": "d75474380a8808b0b81e58cf63708eb2"
},
{
"yara": [],
"sha1": "8711844a41a4ace77ba0a01a4d3af2b2e59e6a75",
"name": "23d108134bed6099_test-malware-simple.sbstore",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-malware-simple.sbstore",
"type": "data",
"sha256": "23d108134bed6099793f7dd6b8b6e62081ec3b945efdbc7c5e0e779fd9b82f98",
"urls": [],
"crc32": "CAE3DB42",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/3575\/files\/23d108134bed6099_test-malware-simple.sbstore",
"ssdeep": null,
"size": 232,
"sha512": "9344ca1456e1e74a4dac833e0af55db9730f8ab2954a855b4a775a938b2055c86eff367f25bae80f2ffea45acebade10a8347add18222e715620dd864f2d8e4f",
"pids": [
2804
],
"md5": "3675254e341df799d4307c1f59109185"
},
{
"yara": [],
"sha1": "cecdd4c4dcae10c2ffc8eb938121b6231de48cd3",
"name": "078648c042b9b084_store.json.mozlz4",
"filepath": "c:\\users\\cuck\\appdata\\roaming\\mozilla\\firefox\\profiles\\74r5sasm.default\\crashes\\store.json.mozlz4",
"type": "data",
"sha256": "078648c042b9b08483ce246b7f01371072541a2e90d1beb0c8009a6118cbd965",
"urls": [],
"crc32": "A332ED7E",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/3575\/files\/078648c042b9b084_store.json.mozlz4",
"ssdeep": null,
"size": 66,
"sha512": "d950227ac83f4e8246d73f9f35c19e88ce65d0ca5f1ef8ccbb02ed6efc66b1b7e683e2ba0200279d7ca4b49831fd8c3ceb0584265b10accff2611ec1ca8c0c6c",
"pids": [
2804
],
"md5": "a6338865eb252d0ef8fcf11fa9af3f0d"
},
{
"yara": [],
"sha1": "8b8a132ffac6847ee62c1f5cdb4ac1b01086a7d3",
"name": "e10a6794978e417d_session-state.json",
"filepath": "C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\session-state.json",
"type": "ASCII text, with no line terminators",
"sha256": "e10a6794978e417d8450cf2fe7f95a9c644f4c7ff75c8f31f6a704e6622029df",
"urls": [],
"crc32": "D50BA0C3",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/3575\/files\/e10a6794978e417d_session-state.json",
"ssdeep": null,
"size": 161,
"sha512": "7524bf8eaa58bbcb74e2df47a91064ec44a5f0d421476fb8d251bd30fad79bff77b32be56fa940f84522a6cb3201ab3df031beffafd3ad59048e620dce525880",
"pids": [],
"md5": "1f6cbe9d2ac01eaf6bd263b1e8a16d15"
},
{
"yara": [],
"sha1": "fc2acf66748d1e7138ce85d01b30f5e6020560c9",
"name": "a13174f20dde2249_addons.json",
"filepath": "C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\addons.json",
"type": "ASCII text, with no line terminators",
"sha256": "a13174f20dde2249a49853d6eae20f07ffc4ddf1e3007ab3e4911e511ecffc1c",
"urls": [],
"crc32": "92029A63",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/3575\/files\/a13174f20dde2249_addons.json",
"ssdeep": null,
"size": 45,
"sha512": "8ad0afcaf6604f5524a63af94472137549df1ad01a448b46459c754e9059ba5d253218b4a3f17ebe290934662559bc261133824a17830e38daae3a52aa720e02",
"pids": [],
"md5": "55b5026150dc3a60d07b8bea2ae0f983"
},
{
"yara": [],
"sha1": "10c66032c5acac22d70670b9302437141e6371ef",
"name": "1e13d05d482c3d53_test-phish-simple.sbstore",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-phish-simple.sbstore",
"type": "data",
"sha256": "1e13d05d482c3d533dc6035af2b2d6e84749412a5748d1435b70cec8b312340b",
"urls": [],
"crc32": "D5EBE34A",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/3575\/files\/1e13d05d482c3d53_test-phish-simple.sbstore",
"ssdeep": null,
"size": 232,
"sha512": "ae2f35c0549c26251053689c90ce831f0c5742d6f7c1dc13482560b02fb4a6029f107e472fcb26bf41b4e89e47559490f5da049d5b51864a3c4c2c2ae3f588c2",
"pids": [
2804
],
"md5": "3d1ce5e50208f0cb3b979186043a548f"
},
{
"yara": [],
"sha1": "5a44b2ea9182f1a2bc5b7948ba8afb8779534ffc",
"name": "2353c486c71f1571_startupcache.4.little",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\startupCache.4.little",
"type": "Zip archive data, at least v2.0 to extract",
"sha256": "2353c486c71f15715ccc62b602e4ab526a1a9e331752b762949fc47a8efbf8ea",
"urls": [],
"crc32": "49E9BAD3",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/3575\/files\/2353c486c71f1571_startupcache.4.little",
"ssdeep": null,
"size": 4060079,
"sha512": "905e0769c7524d6c4d786e66b3ae5a5c8a48ce42e111b457be3d629162f494762368a1e0cb7cca511b8912d8ebc5684496b5f348d374555be042b4b9be79e9fd",
"pids": [
2804
],
"md5": "f24b0aa50b8710919d0347d296ccc2d2"
},
{
"yara": [
{
"meta": {
"description": "Possibly employs anti-virtualization techniques",
"author": "nex"
},
"name": "vmdetect",
"offsets": {
"virtualbox8": [
[
7271,
0
]
]
},
"strings": [
"VkJPWCBIQVJERElTSw=="
]
}
],
"sha1": "40a3711f4efe6c8508a5c6639becc164dafcde5d",
"name": "c051dc0c554da7fc_1529094127660.769b1bb0-a4dd-45df-94dc-162afa98b7dc.first-shutdown.jsonlz4",
"filepath": "C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\archived\\2018-06\\1529094127660.769b1bb0-a4dd-45df-94dc-162afa98b7dc.first-shutdown.jsonlz4",
"type": "data",
"sha256": "c051dc0c554da7fc37a6cae1c8237edede90b9b9347364abc8f3ae938224a56f",
"urls": [
"https:\/\/hg."
],
"crc32": "46832564",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/3575\/files\/c051dc0c554da7fc_1529094127660.769b1bb0-a4dd-45df-94dc-162afa98b7dc.first-shutdown.jsonlz4",
"ssdeep": null,
"size": 9016,
"sha512": "5a775191306d23f388d29074eaa7ac41bea79fbc638b5a8f600e913d498fcde30cb5611096b8d048a0d7bec04c735bc2d2714342e32f3e9afab213d82c8dc80d",
"pids": [],
"md5": "eab01f3f3320def39de31945729d6e73"
},
{
"yara": [],
"sha1": "b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a",
"name": "792955295ae9c382_sessionCheckpoints.json",
"filepath": "C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\sessionCheckpoints.json",
"type": "ASCII text, with no line terminators",
"sha256": "792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da",
"urls": [],
"crc32": "697BBACB",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/3575\/files\/792955295ae9c382_sessionCheckpoints.json",
"ssdeep": null,
"size": 53,
"sha512": "076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19",
"pids": [
2804
],
"md5": "ea8b62857dfdbd3d0be7d7e4a954ec9a"
},
{
"yara": [],
"sha1": "a30d26cee0f69fa67bf9e60ba692f4831373cc07",
"name": "0806d98fb3de55f7_test-harmful-simple.sbstore",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-harmful-simple.sbstore",
"type": "data",
"sha256": "0806d98fb3de55f75d7c0b17e26146567e08c483031526659a4a35d09b97ef19",
"urls": [],
"crc32": "B9D2E9EA",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/3575\/files\/0806d98fb3de55f7_test-harmful-simple.sbstore",
"ssdeep": null,
"size": 232,
"sha512": "add2d3c503616070f056ea4e3a64fb54a2d8e75af8fd5d9f1f8ee6b72a1d548fd4ab7d4a3256e4a6f4e1422631439db62b251ee3f9d07b38a612aff5e58936d5",
"pids": [
2804
],
"md5": "051fb32dece757ba112ac36dc72e3a91"
},
{
"yara": [],
"sha1": "59b4479e46eebc984f6398facb41eb897625bd7b",
"name": "c81313eb3febff81_goog-unwanted-proto.metadata",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-unwanted-proto.metadata",
"type": "data",
"sha256": "c81313eb3febff8104f05785a1f00b0f3863d7145c7938abd7c1f77b46ff0d7c",
"urls": [],
"crc32": "5D853F5E",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/3575\/files\/c81313eb3febff81_goog-unwanted-proto.metadata",
"ssdeep": null,
"size": 67,
"sha512": "de7f5780309d61d156c849b9821324880925d0bc02f94eabe037e53f457c0c2b60af31e4cbd0df6762fb5d6cfa977de4fb602a74f2bd4a5a744f7c531709e283",
"pids": [],
"md5": "b7d48a5d1458c835a2c6fb8961d165d1"
},
{
"yara": [],
"sha1": "05eb9659ab1a290f74f2cab3a26aaca9a5d59ba9",
"name": "91352157998b8ac5_scriptcache.bin",
"filepath": "c:\\users\\cuck\\appdata\\local\\mozilla\\firefox\\profiles\\74r5sasm.default\\startupcache\\scriptcache.bin",
"type": "data",
"sha256": "91352157998b8ac5c086b6650776230f9d59c7393ca474f04459c5a4f731364d",
"urls": [
"https:\/\/bugzilla.mozilla.org\/show_bug.cgi?id=1100294",
"http:\/\/www.mozilla.org\/keymaster\/gatekeeper\/there.is.only.xul",
"https:\/\/bugzilla.mozilla.org\/show_bug.cgi?id=1238180",
"http:\/\/www.mozilla.org\/2006\/browser\/search\/",
"https:\/\/discovery.addons.mozilla.org",
"https:\/\/hg.mozilla.org\/releases\/mozilla-release\/rev\/a0b222c551f586904f51228c49149d9b6b7e2a81",
"https:\/\/bugzilla.mozilla.org\/show_bug.cgi?id=1243643",
"http:\/\/www.mozilla.org\/keymaster\/gatekeeper\/there.is.only.xulY",
"http:\/\/a9.com\/-\/spec\/opensearchdescription\/1.1\/_",
"https:\/\/discovery.addons-dev.allizom.org",
"https:\/\/support.mozilla.org\/kb\/warning-unresponsive-script",
"http:\/\/a9.com\/-\/spec\/opensearch\/1.1\/_",
"http:\/\/www.mozilla.org\/2005\/app-update",
"http:\/\/www.mozilla.org\/newlayout\/xml\/parsererror.xmlc",
"http:\/\/a9.com\/-\/spec\/opensearchdescription\/1.0\/",
"http:\/\/www.mozilla.org\/2006\/addons-blocklist",
"http:\/\/a9.com\/-\/spec\/opensearch\/1.0\/I",
"https:\/\/screenshots.firefox.com\/",
"https:\/\/developer.mozilla.org\/docs\/JavaScript_OS.File",
"https:\/\/discovery.addons.allizom.orgQ",
"http:\/\/www.mozilla.org\/2005\/app-updateW",
"http:\/\/www.openh264.org\/",
"http:\/\/example.com",
"https:\/\/support.mozilla.org\/kb\/reset-firefox-easily-fix-most-problems",
"http:\/\/www.mozilla.org\/keymaster\/gatekeeper\/there.is.only.xul\/",
"https:\/\/support.mozilla.org\/kb\/flash-protected-mode-autodisabled",
"http:\/\/www.mozilla.org\/2006\/addons-blocklisti",
"https:\/\/developer.mozilla.org\/en-US\/docs\/JavaScript_OS.File\/OS.File.Info",
"https:\/\/www.google.com\/policies\/privacy\/3",
"https:\/\/developer.mozilla.org\/en-US\/docs\/XPCOM_Interface_Reference\/nsIBrowserSearchService",
"https:\/\/www.widevine.com\/"
],
"crc32": "460A55D4",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/3575\/files\/91352157998b8ac5_scriptcache.bin",
"ssdeep": null,
"size": 5210511,
"sha512": "9f30cb5ed5d1be81685a6b4f6e43179bd1a5bdeb3ff4281dde3b28b7d6af9d9a9c3cc9bc7be36595a44ca088379fd79104d1627bf61da19319680e35214bcada",
"pids": [
2804
],
"md5": "40db8fff598bbf1dad63c6a79ea1e781"
},
{
"yara": [
{
"meta": {
"description": "Possibly employs anti-virtualization techniques",
"author": "nex"
},
"name": "vmdetect",
"offsets": {
"virtualbox8": [
[
929,
0
]
]
},
"strings": [
"VkJPWCBIQVJERElTSw=="
]
}
],
"sha1": "ce3fe1e80840165befc660fb4bba1c198946799f",
"name": "022799133a65ecd8_1529094127628.b6c0f8ae-6867-461f-8b4e-0e5ad121f572.new-profile.jsonlz4",
"filepath": "C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\archived\\2018-06\\1529094127628.b6c0f8ae-6867-461f-8b4e-0e5ad121f572.new-profile.jsonlz4",
"type": "data",
"sha256": "022799133a65ecd86de230909d6341781fad6a843e19c236be5a27773945dc00",
"urls": [
"https:\/\/www."
],
"crc32": "C1DAD3BA",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/3575\/files\/022799133a65ecd8_1529094127628.b6c0f8ae-6867-461f-8b4e-0e5ad121f572.new-profile.jsonlz4",
"ssdeep": null,
"size": 2932,
"sha512": "03655abe57aa03d61be0236af8fd0b87525aeff54e8f09afcecd0038ab66159dbe346316fb86576bc46983f8bb48b7c4913ed29e01c2d5f86e8c70d95d90d3d1",
"pids": [],
"md5": "7b9675d3ffb3336853453e069b8cbf54"
},
{
"yara": [],
"sha1": "5942cd6505fc8a9daba403b082067e1cdefdfbc4",
"name": "00ad9799527c3fd2_sessioncheckpoints.json",
"filepath": "c:\\users\\cuck\\appdata\\roaming\\mozilla\\firefox\\profiles\\74r5sasm.default\\sessioncheckpoints.json",
"type": "ASCII text, with no line terminators",
"sha256": "00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2",
"urls": [],
"crc32": "B270EB94",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/3575\/files\/00ad9799527c3fd2_sessioncheckpoints.json",
"ssdeep": null,
"size": 90,
"sha512": "71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2",
"pids": [
2804
],
"md5": "c4ab2ee59ca41b6d6a6ea911f35bdc00"
},
{
"yara": [],
"sha1": "da39a3ee5e6b4b0d3255bfef95601890afd80709",
"name": "e3b0c44298fc1c14_cookies.sqlite-wal",
"type": "empty",
"sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855",
"urls": [],
"crc32": "00000000",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/3575\/files\/e3b0c44298fc1c14_cookies.sqlite-wal",
"ssdeep": null,
"size": 0,
"sha512": "cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e",
"md5": "d41d8cd98f00b204e9800998ecf8427e"
},
{
"yara": [],
"sha1": "7eb1bd8b4fc65b7fa43cafeaef5f7180dcf40300",
"name": "0dae525eb83da957_xulstore.json",
"filepath": "c:\\users\\cuck\\appdata\\roaming\\mozilla\\firefox\\profiles\\74r5sasm.default\\xulstore.json",
"type": "ASCII text, with no line terminators",
"sha256": "0dae525eb83da9573c5e45e6fc33935b558660e0209251c3e08508976cb1d245",
"urls": [],
"crc32": "75342AC6",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/3575\/files\/0dae525eb83da957_xulstore.json",
"ssdeep": null,
"size": 185,
"sha512": "e4a9d2e5d51f9f5db337fddcc836dc27ce338e0a2e98c703871635b2250c3822547e0bf335de683b96af8dfbf7f2fdabe1fa7ec44076f41a956d56d7b67645f8",
"pids": [
2804
],
"md5": "b82266191585c3f6e488fa2a835b54ce"
},
{
"yara": [],
"sha1": "4188442577fa77f25820d9b2d01cc446e30684ac",
"name": "4cbbd8ca5215b8d1_allow-flashallow-digest256.pset",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\allow-flashallow-digest256.pset",
"type": "data",
"sha256": "4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0",
"urls": [],
"crc32": "42D3DAC4",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/3575\/files\/4cbbd8ca5215b8d1_allow-flashallow-digest256.pset",
"ssdeep": null,
"size": 16,
"sha512": "6fcee9a7b7a7b821d241c03c82377928bc6882e7a08c78a4221199bfa220cdc55212273018ee613317c8293bb8d1ce08d1e017508e94e06ab85a734c99c7cc34",
"pids": [],
"md5": "076933ff9904d1110d896e2c525e39e5"
},
{
"yara": [],
"sha1": "cf925fc512b936fe7d44ceb6e999e4a020ed6ff0",
"name": "4c9c4d831d61c8c3_CabA55C.tmp",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\CabA55C.tmp",
"type": "Microsoft Cabinet archive data, 56952 bytes, 1 file",
"sha256": "4c9c4d831d61c8c38b2513f9b431ef4f4cf6af9fb18a2317cd2178d6e0997822",
"urls": [],
"crc32": "5168F337",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/3575\/files\/4c9c4d831d61c8c3_CabA55C.tmp",
"ssdeep": null,
"size": 56952,
"sha512": "65dc435f6d3e1afd347ba1617a3eee59c6660f221faa36456a09e307d434d7276e8095e8aa34d59933e685a9f84564ec783e59ae9658791f7ebdbbc2eda32f7a",
"pids": [
2736
],
"md5": "04d79a0dc77a8f449cbff6252862d398"
},
{
"yara": [],
"sha1": "608eeb7488042453c9ca40f7e1398fc1a270f3f4",
"name": "fd4c9fda9cd3f9ae_cookies.sqlite-shm",
"filepath": "C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cookies.sqlite-shm",
"type": "data",
"sha256": "fd4c9fda9cd3f9ae7c962b0ddf37232294d55580e1aa165aa06129b8549389eb",
"urls": [],
"crc32": "DDC506B6",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/3575\/files\/fd4c9fda9cd3f9ae_cookies.sqlite-shm",
"ssdeep": null,
"size": 32768,
"sha512": "d8d75760f29b1e27ac9430bc4f4ffcec39f1590be5aef2bfb5a535850302e067c288ef59cf3b2c5751009a22a6957733f9f80fa18f2b0d33d90c068a3f08f3b0",
"pids": [],
"md5": "b7c14ec6110fa820ca6b65f5aec85911"
},
{
"yara": [],
"sha1": "c2636e8ffa8a5256d7d1f21e147101356e783114",
"name": "b48e58ebab82e4c3_block-flashsubdoc-digest256.sbstore",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\block-flashsubdoc-digest256.sbstore",
"type": "data",
"sha256": "b48e58ebab82e4c376f16150a3fff850c1111ff1f5985d68819cfd6f0db159d2",
"urls": [],
"crc32": "E364BCD6",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/3575\/files\/b48e58ebab82e4c3_block-flashsubdoc-digest256.sbstore",
"ssdeep": null,
"size": 82744,
"sha512": "92914b56fb2bdcddcc1bee2bf4dc98420cf0b923d380bb889c8a6ebc333d74ea4ddca915218bea0e729782c4904983424f1de15be7087c5a5338aed7319a03e5",
"pids": [],
"md5": "04824a1f92353f43ebb9e7f74b7476fd"
},
{
"yara": [],
"sha1": "9d23b452ad0d06c355477cf70e3aa5d0adfe6278",
"name": "4ef1038730ec8bc7_except-flash-digest256.sbstore",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\except-flash-digest256.sbstore",
"type": "data",
"sha256": "4ef1038730ec8bc7206713c29a936768831b922c5e6c83355fd62d7401d8c1dc",
"urls": [],
"crc32": "EF8A630C",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/3575\/files\/4ef1038730ec8bc7_except-flash-digest256.sbstore",
"ssdeep": null,
"size": 268,
"sha512": "d06422752562afd1f8b94ff09fc9460be58e07a84fc537fb6b56b1551c37db7e56cb7932cc2d27d2ffe2cbab6ec85bdda6778f2e812e69e5193fcd6bc77066f2",
"pids": [],
"md5": "c921d8e98fa01b4f303481e112202e92"
},
{
"yara": [],
"sha1": "057b63969e2d7130c38e6a474d05a09d9b6bdcad",
"name": "8c78fbfadaad9136_prefs.js",
"filepath": "c:\\users\\cuck\\appdata\\roaming\\mozilla\\firefox\\profiles\\74r5sasm.default\\prefs.js",
"type": "ASCII text, with very long lines, with CRLF line terminators",
"sha256": "8c78fbfadaad9136b23339f886b69a86461093b085f2542f4abab447457522dc",
"urls": [],
"crc32": "3ED7F066",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/3575\/files\/8c78fbfadaad9136_prefs.js",
"ssdeep": null,
"size": 7067,
"sha512": "67dd545a999dbb6b8f50bdf3114cab719c5e141cf8422ec8faddad106c1fba1f0cac0c4843b3915f3bb0482cd984d5097648fde00bb61b9806f012aaa1283b2a",
"pids": [
2804
],
"md5": "28ec8b2cd92965559e22d9854a2d278a"
},
{
"yara": [
{
"meta": {
"description": "Possibly employs anti-virtualization techniques",
"author": "nex"
},
"name": "vmdetect",
"offsets": {
"virtualbox8": [
[
5824,
0
]
]
},
"strings": [
"VkJPWCBIQVJERElTSw=="
]
}
],
"sha1": "c8769e3a071a2622bb4f42375da7f1ce6ba9d74b",
"name": "b545fa48e9979757_1529094538341.9c7aca19-57fd-4e4f-b088-84d9d1e147b1.main.jsonlz4",
"filepath": "C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\archived\\2018-06\\1529094538341.9c7aca19-57fd-4e4f-b088-84d9d1e147b1.main.jsonlz4",
"type": "data",
"sha256": "b545fa48e997975788d5f5d86526369ae42e2d0d2e383007bb1c816fbf6503e8",
"urls": [
"https:\/\/hg.mR8S.org\/"
],
"crc32": "7346FF20",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/3575\/files\/b545fa48e9979757_1529094538341.9c7aca19-57fd-4e4f-b088-84d9d1e147b1.main.jsonlz4",
"ssdeep": null,
"size": 7642,
"sha512": "99a972a41de51d0d9c4cc9fa552717c07f7ff37a94b176d08195f1ba04ed39eb952c87c82e944b29e52a71fa0f91778f4b45b381a6be0cb668069b93afcdeb54",
"pids": [],
"md5": "11deec10e4e7bb2db9697555151b1de0"
},
{
"yara": [],
"sha1": "88a555717e8a4a33eccfb7d47a2a4aa31038f9c0",
"name": "2fca1f29b73dd5b4_sessionCheckpoints.json",
"filepath": "C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\sessionCheckpoints.json",
"type": "ASCII text, with no line terminators",
"sha256": "2fca1f29b73dd5b4159fa1eb16e69276482f5224ba7d2219a547039129a51f0e",
"urls": [],
"crc32": "A3E8300B",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/3575\/files\/2fca1f29b73dd5b4_sessionCheckpoints.json",
"ssdeep": null,
"size": 288,
"sha512": "17e2f65c33f47c8bb4beca31db2aff3d4bbb6c2d36924057f9f847e207bdcb85ffcbb32c80dd06862ffc9b7f0bd3f5e2e65b48bb1bc3363732751101d5596b1a",
"pids": [],
"md5": "948a7403e323297c6bb8a5c791b42866"
},
{
"yara": [],
"sha1": "c354190bb2b8a00a6051ef2fb86e189ab053fe93",
"name": "f1e07b1d717433f4_test-block-simple.sbstore",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-block-simple.sbstore",
"type": "data",
"sha256": "f1e07b1d717433f47073dc54a7d98e3e87b3d0fa88e53466f93ea544af885d11",
"urls": [],
"crc32": "C3BCA3E0",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/3575\/files\/f1e07b1d717433f4_test-block-simple.sbstore",
"ssdeep": null,
"size": 232,
"sha512": "7a585735abfb1292b9fc4709b797f09c6be4dc90a133fbedb14428aae79c6de5faae0b151758a75bf90566c98e5bd2a8201e738f321688180bc5b5814a97bb69",
"pids": [
2804
],
"md5": "e2cf527ca7550b7e7bdf7311e483a2c3"
},
{
"yara": [],
"sha1": "c64ad224b877cd5bbdcdb1799b71f3682602d231",
"name": "b0a39e28d93f7822_TarA55D.tmp",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\TarA55D.tmp",
"type": "data",
"sha256": "b0a39e28d93f7822fe6cac1e082c7adc581dcd2b61eb9f536e74bd14a75b27bc",
"urls": [
"http:\/\/www.microsoft.com\/pkiops\/certs\/Microsoft%20Certificate%20Trust%20List%20PCA(3).crt0",
"http:\/\/www.microsoft.com\/pki\/certs\/MicRooCerAut_2010-06-23.crt07",
"http:\/\/www.microsoft.com\/pki\/certs\/MicCerLisCA2011_2011-03-29.crt0",
"http:\/\/www.microsoft.com\/pki\/certs\/MicrosoftRootCert.crt0",
"http:\/\/www.microsoft.com\/pkiops\/crl\/Microsoft%20Certificate%20Trust%20List%20PCA(3).crl0u"
],
"crc32": "B495BE07",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/3575\/files\/b0a39e28d93f7822_TarA55D.tmp",
"ssdeep": null,
"size": 138525,
"sha512": "0663fb22bcefd0ac5f090104322a8c0dc1ceb77a168b589d7dbb9a74d109daf38beac97dab715220abab08c355496f5719159e17995248caa19eff45bc2a5d46",
"pids": [
2736
],
"md5": "0e34ebf89b843b303f0fb5f194be9d28"
},
{
"yara": [],
"sha1": "0d49003594108518cb460bbf61260e2c524a086e",
"name": "da9cac4b6689dc9a_scriptcache-child.bin",
"filepath": "c:\\users\\cuck\\appdata\\local\\mozilla\\firefox\\profiles\\74r5sasm.default\\startupcache\\scriptcache-child.bin",
"type": "data",
"sha256": "da9cac4b6689dc9a80787e11b5799fce2e537ba28281b37207095fa75a8b0dd6",
"urls": [],
"crc32": "1DE8066C",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/3575\/files\/da9cac4b6689dc9a_scriptcache-child.bin",
"ssdeep": null,
"size": 200455,
"sha512": "24d97091c888a83fc2d86097ec3c570ae7b2bff9788767450d693d8bf6d8a88968b04813c28091e365f5ee229e603e74bdc74ab5759fc8cddd93fdc65feec13f",
"pids": [
2804
],
"md5": "a942a77b751dc571e830aa20bd5df8c1"
},
{
"yara": [],
"sha1": "08fc50d746b427ac02636a9bd48980ede8503070",
"name": "c803e78541691d66_urlcache.bin",
"filepath": "c:\\users\\cuck\\appdata\\local\\mozilla\\firefox\\profiles\\74r5sasm.default\\startupcache\\urlcache.bin",
"type": "data",
"sha256": "c803e78541691d66e8b759d3220c3201b1b07831e9d2afc8bb50e21da98d65a1",
"urls": [],
"crc32": "9B1CC92C",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/3575\/files\/c803e78541691d66_urlcache.bin",
"ssdeep": null,
"size": 3360,
"sha512": "2db3a301b7588cb80c61a4851c65bfc32c18a0948165fdbaca768e78dc077fb3bc7a59eea3212de57fa3c45e5db22d5b6a05697dc6f15f91d326f4943b9b943b",
"pids": [
2804
],
"md5": "82b2a124fb31c0fde2aeed5a2c57ad87"
},
{
"yara": [],
"sha1": "59e863e0d2b4e428d8c738d48fa0f6f7bac36849",
"name": "a03c5e2656d2f292_allow-flashallow-digest256.sbstore",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\allow-flashallow-digest256.sbstore",
"type": "data",
"sha256": "a03c5e2656d2f292bf5794c8eeb8d223cd6ba4f4bfb2ed1f325460e879d0bcf7",
"urls": [],
"crc32": "99C6119F",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/3575\/files\/a03c5e2656d2f292_allow-flashallow-digest256.sbstore",
"ssdeep": null,
"size": 232,
"sha512": "8b5a117bc33463f181458f0a99c14657b365ce2a7695db346d2d086109176ad019dbd5a5f34f09dc3438e6c89ca93d83875daa6d463eb06d995a2523fe51a5ed",
"pids": [],
"md5": "d886a47c89d9c49c795da345bc236990"
},
{
"yara": [],
"sha1": "17232a4e8125f03ceb8f18f49bc16f2e32079477",
"name": "dc39dbe5d2e1c3cd_goog-badbinurl-proto.metadata",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-badbinurl-proto.metadata",
"type": "data",
"sha256": "dc39dbe5d2e1c3cd7e3f515adf9edfa64c989e34046c11767c9b202b83a7bb29",
"urls": [],
"crc32": "928B241F",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/3575\/files\/dc39dbe5d2e1c3cd_goog-badbinurl-proto.metadata",
"ssdeep": null,
"size": 67,
"sha512": "f0151b0c62659aa74080556581e442c72089dd922ab33b8904796ff2a4afce47cbda45b57fcffcffc10bcba11bf25c36777385da835e4fe39df5d578163d6923",
"pids": [],
"md5": "40af141e7ec9ad9fba987072531dc8b9"
},
{
"yara": [],
"sha1": "80f7d95afc0de8c608f672a6837c664ef847bcd5",
"name": "87763df78772f7d7_test-track-simple.sbstore",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-track-simple.sbstore",
"type": "data",
"sha256": "87763df78772f7d750b0fa5a31eec23e931fd3bd1cbb33beddfc61889da36478",
"urls": [],
"crc32": "2A4B9D4F",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/3575\/files\/87763df78772f7d7_test-track-simple.sbstore",
"ssdeep": null,
"size": 272,
"sha512": "c6e09c76840ddea559e243e5c13881cfbcdcc7b0c2163461fdcce1f3f5110e2b0bb553de447a4e1e0d5edf516eeee2fad5efc15c398e101ef3c81501e55320af",
"pids": [
2804
],
"md5": "95f28ede25c301301f25fbbd9a3c56ec"
},
{
"yara": [],
"sha1": "03644ef94672dd8a593fe6408b3b9c8d627e6bd8",
"name": "bca8ccae3ad438d7_1657114595AmcateirvtiSty.sqlite-shm",
"filepath": "C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\1657114595AmcateirvtiSty.sqlite-shm",
"type": "data",
"sha256": "bca8ccae3ad438d78fae5c9b83785c247fd2d52a7b44d194748d741aa4ccc03b",
"urls": [],
"crc32": "86599DD5",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/3575\/files\/bca8ccae3ad438d7_1657114595AmcateirvtiSty.sqlite-shm",
"ssdeep": null,
"size": 32768,
"sha512": "c4abb68f91310c7e1b9c4b5f477c15dbb07de037947cc6f8c0a73ae97f539490a5689ddf144e935ef2d845a99456d0d3d778d87edb36892ba386e5bd4b9ad005",
"pids": [],
"md5": "ce9121b20b4f44bc8283da884ddb5dcd"
},
{
"yara": [],
"sha1": "755ff3a5a8e1955141cf8f45885f86415738c52b",
"name": "00dce01845d833ef_goog-downloadwhite-proto.pset",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-downloadwhite-proto.pset",
"type": "data",
"sha256": "00dce01845d833eff11f38b41499714ee6d3d1b343473c2686dc830cf5297fbe",
"urls": [],
"crc32": "751FD1F8",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/3575\/files\/00dce01845d833ef_goog-downloadwhite-proto.pset",
"ssdeep": null,
"size": 15993,
"sha512": "97653f98f1be95fdbbd156676792daa5f2ae3eb1d9cc6248e1c8f6eb1b74a025ce44d8e58a202c549e2e7f9de0ded9881ac17e1b3352dd336db7883b8b2e373e",
"pids": [],
"md5": "16c5aee35e9d1fd0e735cfbef142be20"
},
{
"yara": [
{
"meta": {
"description": "Possibly employs anti-virtualization techniques",
"author": "nex"
},
"name": "vmdetect",
"offsets": {
"virtualbox8": [
[
15359,
0
],
[
15411,
0
],
[
15463,
0
]
]
},
"strings": [
"VkJPWCBIQVJERElTSw=="
]
}
],
"sha1": "3397f1bfb4f1b899e224ee14af4373cfafc7628e",
"name": "628640391bc6729c_aborted-session-ping",
"filepath": "c:\\users\\cuck\\appdata\\roaming\\mozilla\\firefox\\profiles\\74r5sasm.default\\datareporting\\aborted-session-ping",
"type": "ASCII text, with very long lines, with no line terminators",
"sha256": "628640391bc6729c532eaab4b489978fc43abee3bcf09a2cd89ed8e6475acf8e",
"urls": [
"https:\/\/www.google.com\/search?q=",
"https:\/\/hg.mozilla.org\/releases\/mozilla-release\/rev\/a0b222c551f586904f51228c49149d9b6b7e2a81"
],
"crc32": "F0654325",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/3575\/files\/628640391bc6729c_aborted-session-ping",
"ssdeep": null,
"size": 20469,
"sha512": "4d90fc50bd5d81dce8956949549234e13ed50a96cb57d389169182d5b2b33452f9b4d98a0702714f003037d82b04f3c41493602726fb7cf1a45cd28c3095dc19",
"pids": [
2804
],
"md5": "caf79b0c78da2022fbec551b514ed9e0"
},
{
"yara": [],
"sha1": "a75a92422818c2aeedd6478031a91352bf9521f5",
"name": "1211db132dc51979_goog-downloadwhite-proto.metadata",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-downloadwhite-proto.metadata",
"type": "data",
"sha256": "1211db132dc519792e8fcd0d7142f04ed1e342133c5bac414efae7a6ccf3d1a3",
"urls": [],
"crc32": "45AB169C",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/3575\/files\/1211db132dc51979_goog-downloadwhite-proto.metadata",
"ssdeep": null,
"size": 65,
"sha512": "7283aaa795c081d80c00dadd7331800558352dae07f9c27cc2c89e9540969da2450749726e76f7feb88afc621b240289af91b727ced0b697791fdeadf66357f9",
"pids": [],
"md5": "831cbf3edba160742da613fa2ea71a06"
},
{
"yara": [
{
"meta": {
"description": "Possibly employs anti-virtualization techniques",
"author": "nex"
},
"name": "vmdetect",
"offsets": {
"virtualbox8": [
[
7369,
0
]
]
},
"strings": [
"VkJPWCBIQVJERElTSw=="
]
}
],
"sha1": "c58dc3bda5804d8a3131ed55cef37d6f55073262",
"name": "350c0125cc0c6c9d_1529094432250.8d1c7fee-79f4-470a-abe5-30f64452b184.main.jsonlz4",
"filepath": "C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\archived\\2018-06\\1529094432250.8d1c7fee-79f4-470a-abe5-30f64452b184.main.jsonlz4",
"type": "data",
"sha256": "350c0125cc0c6c9d32154d48bce17a4f42777d7464b249a21d463a1ba915c0d0",
"urls": [
"https:\/\/hg.m1IS.org\/"
],
"crc32": "9E791777",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/3575\/files\/350c0125cc0c6c9d_1529094432250.8d1c7fee-79f4-470a-abe5-30f64452b184.main.jsonlz4",
"ssdeep": null,
"size": 9189,
"sha512": "1f655348df8ace85d011b06e14275e647bfd62b9e27bcffa38aee21c0f98cabcfa20e8af8196158417cc5b60f9e1daa3952e54dc4557bc9e7b45bcbcdbd1e7e4",
"pids": [],
"md5": "e059a50fed105f4dd5bc63c5b7d32f1c"
},
{
"yara": [],
"sha1": "7ca1b5994684a7fe37a61bc350a1fa8a89bf91da",
"name": "34395085da32c8b4_test-trackwhite-simple.sbstore",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-trackwhite-simple.sbstore",
"type": "data",
"sha256": "34395085da32c8b4efe9959e3b0d756b43ffed17694d66f39b966cd331bd9a94",
"urls": [],
"crc32": "321EA964",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/3575\/files\/34395085da32c8b4_test-trackwhite-simple.sbstore",
"ssdeep": null,
"size": 232,
"sha512": "55b09573c235876d0cb4e6c20070cd1954cf1eb94f513a94985896237a350e48fcd47c88d5ec9632ab9d0aed4a59c250e69f59a59ed88f2a0aeb6734302744a9",
"pids": [
2804
],
"md5": "65e942614eee70680464ac4be75019fc"
},
{
"yara": [],
"sha1": "b0f151a5292d4b796668b242bf896fdbb5a24b67",
"name": "042a22b8681d7546_test-unwanted-simple.sbstore",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-unwanted-simple.sbstore",
"type": "data",
"sha256": "042a22b8681d754671d2018ba109b31a53ee3728d48c6379043f8e3394e7fbad",
"urls": [],
"crc32": "7D90B6A7",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/3575\/files\/042a22b8681d7546_test-unwanted-simple.sbstore",
"ssdeep": null,
"size": 232,
"sha512": "c09f56e91b41d01375c458a6ccc3fc0cedc18696aec5d7a2520c51905f4d9bc660f3ad28e69d64b3814aeb3279afc686794c986f0fa6212463f3aac850d40019",
"pids": [
2804
],
"md5": "a5695cc64d77967232b0c1344c6e72b3"
},
{
"yara": [
{
"meta": {
"description": "Possibly employs anti-virtualization techniques",
"author": "nex"
},
"name": "vmdetect",
"offsets": {
"virtualbox8": [
[
7273,
0
]
]
},
"strings": [
"VkJPWCBIQVJERElTSw=="
]
}
],
"sha1": "b4b9b8ca434f7d51ae9e8aec470a902e417ed78d",
"name": "e69d33b80ec86971_1529094127657.3ee56f54-bdce-46eb-a6d1-98f68cca4570.main.jsonlz4",
"filepath": "C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\archived\\2018-06\\1529094127657.3ee56f54-bdce-46eb-a6d1-98f68cca4570.main.jsonlz4",
"type": "data",
"sha256": "e69d33b80ec86971f1edb06235092908f8dad36054892215b699b63d49d2464a",
"urls": [
"https:\/\/hg."
],
"crc32": "DF4B4513",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/3575\/files\/e69d33b80ec86971_1529094127657.3ee56f54-bdce-46eb-a6d1-98f68cca4570.main.jsonlz4",
"ssdeep": null,
"size": 9018,
"sha512": "6f4ee7f535ee5502a7398f3afd855707396c89ed2fc8a72fd00170d4636d728ad02eaace5a911d68bd0d59f9ef538eceeaf8bc3d59ad0adb243fff35dd81a27b",
"pids": [],
"md5": "fb19106d26ec51508211677b194283ab"
},
{
"yara": [],
"sha1": "f81f7ede77baeb51d397df96e337677e4957db7b",
"name": "576a0d2c3ad8d66b_base-track-digest256.sbstore",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\base-track-digest256.sbstore",
"type": "data",
"sha256": "576a0d2c3ad8d66bb202439b18f9fd563f92d9ddd9582a3c4cce0ecafd4f0908",
"urls": [],
"crc32": "B6F39532",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/3575\/files\/576a0d2c3ad8d66b_base-track-digest256.sbstore",
"ssdeep": null,
"size": 64888,
"sha512": "2ae3b849c601b9614fa26c77fd63b9c022a5871e0a4322929dd3589f14f5aa4e4a368c41fc2bf732cd861b1db9542d889172812c2cd2242006562fc24e78f7e7",
"pids": [],
"md5": "cd82f4495eafe523b9b6b938c828611b"
},
{
"yara": [],
"sha1": "6bc966fcd804b7bfa66e5981a7b5cae051619489",
"name": "e082e9f4c1033a3a_goog-malware-proto.pset",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-malware-proto.pset",
"type": "data",
"sha256": "e082e9f4c1033a3af4564416904e244d4892f53d05ade940f091ed50a3dcb236",
"urls": [],
"crc32": "B62CA6D9",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/3575\/files\/e082e9f4c1033a3a_goog-malware-proto.pset",
"ssdeep": null,
"size": 647406,
"sha512": "5cfaa13c4c3295c99f5d940b87432182559bc0dcf8cfd9fee960904e9beec75338215929c17ccac0f7efb90a8de265046018f7a51b90cec680989e9e08a0d2d6",
"pids": [],
"md5": "90e45e83128819fa0f3306e6d691702b"
},
{
"yara": [],
"sha1": "4f36a18da9ec1c295ef5b4e8f75ef679aba32f99",
"name": "2b42e1e744abc73c_d1b90b03f8d7a2ba6ba1e9251f8101decdb2cbec",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D1B90B03F8D7A2BA6BA1E9251F8101DECDB2CBEC",
"type": "data",
"sha256": "2b42e1e744abc73ce09d4fe2d54b459aaeb193465a86e212412ce3d068299855",
"urls": [
"https:\/\/search.services.mozilla.com\/1\/firefox\/60.0.2\/release\/sv-SE\/SE\/default\/default"
],
"crc32": "2E225247",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/3575\/files\/2b42e1e744abc73c_d1b90b03f8d7a2ba6ba1e9251f8101decdb2cbec",
"ssdeep": null,
"size": 7316,
"sha512": "86b5516191c6d6f59b381623185ceba8418501ebfccd4fb00f885b8ce2be49a8df7c69666bd2f3b17fa9983b97f7f93b53163aca4bc2998a12f031de3d9e84a7",
"pids": [
2804
],
"md5": "1e83decf6ddfd657f6b165244aef6d94"
},
{
"yara": [],
"sha1": "c8f6956fa86f4e9cf71599b735e28860245ae4b5",
"name": "66d1c00c04d86e31_except-flashsubdoc-digest256.sbstore",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\except-flashsubdoc-digest256.sbstore",
"type": "data",
"sha256": "66d1c00c04d86e313e9a02775cdf906b1be8d4cd6bef423a1b9e21cc4e9f50c1",
"urls": [],
"crc32": "4BD3414C",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/3575\/files\/66d1c00c04d86e31_except-flashsubdoc-digest256.sbstore",
"ssdeep": null,
"size": 304,
"sha512": "582d7f28f41e6a7a5f882d15ec1f48d0be57dc63e1a0d6e6a8bbd442a3ac27e38e0c3fdb3e1c30f416c41649391afde61f8079844b61a4995e0ab34d6cc8e745",
"pids": [],
"md5": "ba0009932844173bc8f9af264229df24"
},
{
"yara": [],
"sha1": "5344f86eeb230794ce1b1e3d39ac2a08632033da",
"name": "4734b558788ac56e_cookies.sqlite-wal",
"filepath": "C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cookies.sqlite-wal",
"type": "SQLite Write-Ahead Log, version 3007000",
"sha256": "4734b558788ac56ee748adb91e2f0d6096a8a520ddd857de9daf11dc32fd234a",
"urls": [],
"crc32": "D10787E1",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/3575\/files\/4734b558788ac56e_cookies.sqlite-wal",
"ssdeep": null,
"size": 32824,
"sha512": "1bb0ea55cc786dc1d8b6a7f85de97b8c851254cc7f7dd7c0ab4c8ae00c156800a1b37dbf04e765c57a07b7ad129d113d6366f50bcbba64a9f49507d2512c59af",
"pids": [
2804
],
"md5": "36d0645f3f942a95352f94f68328c2ae"
},
{
"yara": [],
"sha1": "190f3bc536c9489c707ae31da32bf86947ea5d78",
"name": "2b124d4026850a3c_block-flash-digest256.sbstore",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\block-flash-digest256.sbstore",
"type": "data",
"sha256": "2b124d4026850a3cffd28dbacb58aec28f7dcd4d40bc14e52bbe96d60ce4e749",
"urls": [],
"crc32": "B946F265",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/3575\/files\/2b124d4026850a3c_block-flash-digest256.sbstore",
"ssdeep": null,
"size": 7648,
"sha512": "0af17bd91464f26072f42bacfbb6ba72e68fa07b9d5801a92b14624cc51ebd00ab127272cecd8df6fe650fe07bf170fd6422d70c2e8cd8f9ad94bc11548446bd",
"pids": [],
"md5": "0e8fe60ccd7e9b4c32589a5743a95302"
},
{
"yara": [],
"sha1": "4df430b4d63605e41855dbcb3837a189d4cc7604",
"name": "c0b3bc9b3dc507ab_except-flashallow-digest256.sbstore",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\except-flashallow-digest256.sbstore",
"type": "data",
"sha256": "c0b3bc9b3dc507ab654caf72d13c3aefa58c9b13b1e4d14dd8816712d80a7e54",
"urls": [],
"crc32": "04D7CD3E",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/3575\/files\/c0b3bc9b3dc507ab_except-flashallow-digest256.sbstore",
"ssdeep": null,
"size": 232,
"sha512": "ae7688d501a1f59d4c247ed57ba0547f6376748af57f554ba1b6de0ef358ed5868721886baf94813979b3a9968ec330ce11c41767e4af42db413efc9556c2e22",
"pids": [],
"md5": "6f85bc4b2ecb49e26b0bd83a821065d0"
},
{
"yara": [],
"sha1": "bdecb51fed41f111cfb19c30e377aa165c0dd7e3",
"name": "8408968dae85e51e_mozstd-trackwhite-digest256.sbstore",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\mozstd-trackwhite-digest256.sbstore",
"type": "data",
"sha256": "8408968dae85e51ea6b0ca7123b0ddfd7425d3013ba311bb1cbe135fff0e5bda",
"urls": [],
"crc32": "D26AA5B7",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/3575\/files\/8408968dae85e51e_mozstd-trackwhite-digest256.sbstore",
"ssdeep": null,
"size": 326032,
"sha512": "acda5c6344cc51e0921c116cb03395f8027f0e1077d5027ca4b6b33e2c1ab663c319eeab22d7ecf968702324bedc882f518bde7711cb140a059d7997580054cf",
"pids": [],
"md5": "bdaa2a3b4259ebf8dd87e5769b1bf3f4"
},
{
"yara": [],
"sha1": "68bb387fcea4ef3d3cd675998ba1f911bba59456",
"name": "f6184c504b8869d3_goog-phish-proto.pset",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-phish-proto.pset",
"type": "data",
"sha256": "f6184c504b8869d300d965005f0304d7773781087d8b5512b4602a5c56c8a424",
"urls": [],
"crc32": "A08274E8",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/3575\/files\/f6184c504b8869d3_goog-phish-proto.pset",
"ssdeep": null,
"size": 3233838,
"sha512": "770a4d8df2b026c53bcbfa803a42c9878c7dafd5636d48c23c78e18e4aa2ce94cd1a9c9941eb87ccc2b55c437f1e85e13f70cc7d9afcb69e5cec37cf381d8669",
"pids": [],
"md5": "cc9b11e15e09c3ba23eb1a054cb61210"
},
{
"yara": [],
"sha1": "16af7ecb7aacb6efe068057b9eb47c42a298d343",
"name": "c7ca3fda74fc7467_goog-malware-proto.metadata",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-malware-proto.metadata",
"type": "data",
"sha256": "c7ca3fda74fc746751635905d18c7ddc55d1e79c011dd0312fa5b05ae964af1a",
"urls": [],
"crc32": "E2AA4C43",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/3575\/files\/c7ca3fda74fc7467_goog-malware-proto.metadata",
"ssdeep": null,
"size": 67,
"sha512": "cfe487dcd2c9fd897c95d5131f7ace2eabfeaa73dcbaa9329a20641ffa27489e64b66602103e7fed36100d6cb20789507e2879b54df445c8f1055046535d371b",
"pids": [],
"md5": "e92e6238bb1f94e1b6ef729356867a68"
},
{
"yara": [],
"sha1": "90348457e50ce9221114fb9891fffc0eafcc7c8a",
"name": "945e1733e9668a78_goog-badbinurl-proto.pset",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-badbinurl-proto.pset",
"type": "data",
"sha256": "945e1733e9668a7882424218b924d71cc636472e7091039a924f37d20e72a3e6",
"urls": [],
"crc32": "13E58FF0",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/3575\/files\/945e1733e9668a78_goog-badbinurl-proto.pset",
"ssdeep": null,
"size": 186536,
"sha512": "92053e43baf90dabd609ea6e8649c3d10bba35af2a11a0ab80b6e3137968f4a1a56fd8ec0e330990057becbec2a90e2f295da80afc51ecfba1ca3bc52e804620",
"pids": [],
"md5": "12971aeeaa03f0c87662d0a34e2e54e8"
},
{
"yara": [
{
"meta": {
"description": "Matched shellcode byte patterns",
"author": "nex"
},
"name": "shellcode",
"offsets": {
"shell2": [
[
209466,
0
]
]
},
"strings": [
"ZKEw"
]
}
],
"sha1": "b7dea002605e9c421b3472e504d4badc62df6a12",
"name": "c2790188e00356b9_goog-unwanted-proto.pset",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-unwanted-proto.pset",
"type": "data",
"sha256": "c2790188e00356b98e715badb4324008dda5aac6d369bb930beb5096bb6190fe",
"urls": [],
"crc32": "A3E41C74",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/3575\/files\/c2790188e00356b9_goog-unwanted-proto.pset",
"ssdeep": null,
"size": 331028,
"sha512": "46b7be548221188a9c1980cc1a868b0d8786e91652c729d9e10a4fe56e6618ed8af5a22f798fcdeab4752832ce7149a0005e1de66bc3dbecfc327a5736960e2e",
"pids": [],
"md5": "20fc99dc00383cc09c45d8798a2bf21a"
},
{
"yara": [],
"sha1": "1c5d88a9e87b9fb83432bda35bd5ca689edbe988",
"name": "77d844ac28d4117f_session-state.json",
"filepath": "c:\\users\\cuck\\appdata\\roaming\\mozilla\\firefox\\profiles\\74r5sasm.default\\datareporting\\session-state.json",
"type": "ASCII text, with no line terminators",
"sha256": "77d844ac28d4117f6cb4841f2781e4e3c76a475a6edf6dccfa054235b0bfbdcb",
"urls": [],
"crc32": "36965883",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/3575\/files\/77d844ac28d4117f_session-state.json",
"ssdeep": null,
"size": 161,
"sha512": "9a7bc740afea5e020f2cdf1bde82a0636363799468d4680b6ff80b02273711a32f446ab8de9942581a0a771ac9f41dffba0f88a93ad43176c8d67010970f7943",
"pids": [
2804
],
"md5": "ee407aeece356e10a0fe7b6128103cb7"
}
]Generic
[
{
"process_path": "C:\\Users\\cuck\\AppData\\Local\\Temp\\3b9e7e16e65a87d943fec0ec7dff8fda4b1d3340829c39e073f6df55405177f9.bin",
"process_name": "3b9e7e16e65a87d943fec0ec7dff8fda4b1d3340829c39e073f6df55405177f9.bin",
"pid": 2736,
"summary": {
"file_created": [
"C:\\Users\\cuck\\AppData\\Local\\Temp\\CabA55C.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\TarA55D.tmp"
],
"file_recreated": [
"C:\\Users\\cuck\\AppData\\Local\\Temp\\CabA55C.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\TarA55D.tmp",
"\\Device\\KsecDD"
],
"regkey_written": [
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\8F43288AD272F3103B6FB1428485EA3014C0BCFE\\Blob",
"HKEY_CURRENT_USER\\Local Settings\\MuiCache\\2\\52C64B7E\\LanguageList"
],
"dll_loaded": [
"C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\shell32.dll",
"PROPSYS.dll",
"imagehlp.dll",
"API-MS-Win-Security-LSALookup-L1-1-0.dll",
"credssp.dll",
"ntdll",
"API-MS-WIN-Service-Management-L2-1-0.dll",
"apphelp.dll",
"gdi32.dll",
"CFGMGR32.dll",
"DNSAPI.dll",
"kernel32.dll",
"API-MS-Win-Security-SDDL-L1-1-0.dll",
"CRYPTBASE.dll",
"C:\\Windows\\system32\\rsaenh.dll",
"SensApi.dll",
"ntdll.dll",
"cryptsp.dll",
"imm32.dll",
"ncrypt.dll",
"bcrypt.dll",
"C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\System\\adff7dd9fe8e541775c46b6363401b22\\System.ni.dll",
"API-MS-WIN-Service-Management-L1-1-0.dll",
"cryptnet.dll",
"setupapi.dll",
"API-MS-Win-Core-LocalRegistry-L1-1-0.dll",
"AdvApi32.dll",
"SspiCli.dll",
"advapi32.dll",
"ole32.dll",
"SHLWAPI.dll",
"CRYPTSP.dll",
"USER32.dll",
"DEVRTL.dll",
"C:\\Windows\\system32\\IMM32.DLL",
"API-MS-WIN-Service-winsvc-L1-1-0.dll",
"IPHLPAPI.DLL",
"SETUPAPI.dll",
"ntmarta.dll",
"ADVAPI32.dll",
"C:\\Windows\\system32\\CRYPT32.dll",
"urlmon.dll",
"winhttp.dll",
"OLEAUT32.dll",
"profapi.dll",
"RPCRT4.dll",
"C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorwks.dll",
"C:\\Windows\\System32\\wship6.dll",
"comctl32.dll",
"USERENV.dll",
"NSI.dll",
"mscorsec.dll",
"RichEd20.dll",
"VERSION.dll",
"mscoree.dll",
"RpcRtRemote.dll",
"C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorsec.dll",
"C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\mscorlib\\9469491f37d9c35b596968b206615309\\mscorlib.ni.dll",
"C:\\Windows\\system32\\cryptnet.dll",
"WINTRUST.DLL",
"C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\ole32.dll",
"C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorjit.dll",
"C:\\Windows\\system32\\bcryptprimitives.dll",
"C:\\Windows\\system32\\mswsock.dll",
"shell32.dll",
"C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\System.Windows.Forms\\6c352ff9e3603b0e69d969ff7e7632f5\\System.Windows.Forms.ni.dll",
"C:\\Windows\\System32\\wshtcpip.dll",
"C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\System.Drawing\\5910828a337dbe848dc90c7ae0a7dee2\\System.Drawing.ni.dll",
"WS2_32.dll",
"Cabinet.dll",
"WINHTTP.dll"
],
"file_opened": [
"C:\\Users\\cuck\\AppData\\LocalLow",
"C:\\",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CRLs\\",
"C:\\Users\\cuck\\",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CTLs\\",
"C:\\Windows\\assembly\\GAC_MSIL\\System.Drawing\\2.0.0.0__b03f5f7f11d50a3a\\",
"C:\\Windows\\System32\\en-US\\WINHTTP.dll.mui",
"C:\\Windows\\",
"C:\\Windows\\assembly\\pubpol4.dat",
"C:\\Users\\",
"C:\\Windows\\System32\\l_intl.nls",
"C:\\Windows\\assembly\\NativeImages_v2.0.50727_64\\index143.dat",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\",
"C:\\Windows\\assembly\\GAC_MSIL\\System.Windows.Forms\\2.0.0.0__b77a5c561934e089\\",
"C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\",
"C:\\Users\\cuck\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\94308059B57B3142E455B38A6EB92015",
"C:\\Windows\\winsxs\\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6\\",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\TarA55D.tmp",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\Certificates\\",
"C:\\Windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac",
"C:\\Windows\\System32\\en-US\\KERNELBASE.dll.mui",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\3b9e7e16e65a87d943fec0ec7dff8fda4b1d3340829c39e073f6df55405177f9.bin",
"C:\\Users\\cuck\\AppData\\Local\\",
"C:\\Users\\cuck\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\",
"C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\",
"C:\\Windows\\System32\\ieframe.dll",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\CabA55C.tmp",
"C:\\Windows\\assembly\\GAC_64\\mscorlib\\2.0.0.0__b77a5c561934e089\\",
"C:\\Windows\\System32\\rsaenh.dll",
"C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\machine.config",
"C:\\Users\\cuck\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\94308059B57B3142E455B38A6EB92015",
"C:\\Users\\cuck\\AppData\\"
],
"command_line": [
"http:\/\/redirect.hp.com\/svs\/rdr?c=none&bd=all&tp=onlinesvs&locale=all&pf=all&s=skype&TYPE=4",
"\"C:\\Program Files (x86)\\Mozilla Firefox\\firefox.exe\" -osint -url \"http:\/\/redirect.hp.com\/svs\/rdr?c=none&bd=all&tp=onlinesvs&locale=all&pf=all&s=skype&TYPE=4\""
],
"regkey_opened": [
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\181938c6\\7950e2c5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\7552bf40\\6f95f100",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\PublisherPolicy\\Default\\policy.2.0.Accessibility__b03f5f7f11d50a3a",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_ALLOW_REVERSE_SOLIDUS_IN_USERINFO_KB932562",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\PublisherPolicy\\Default\\policy.2.0.System.Drawing__b03f5f7f11d50a3a",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\19ab8d57\\1bd7b0d8\\8f",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\61e7e666\\c991064",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\index143",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\PublisherPolicy\\Default\\policy.2.0.System.Runtime.Serialization.Formatters.Soap__b03f5f7f11d50a3a",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\PublisherPolicy\\Default\\policy.2.0.System.Deployment__b03f5f7f11d50a3a",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\3b9e7e16e65a87d943fec0ec7dff8fda4b1d3340829c39e073f6df55405177f9.bin",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\PublisherPolicy\\Default\\policy.2.0.System.Configuration__b03f5f7f11d50a3a",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\Security\\Policy\\Extensions\\NamedPermissionSets\\LocalIntranet",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Fusion\\GACChangeNotification\\Default",
"HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\30bc7c4f\\3f50fe4f",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\41c04c7e\\7f3b6ac4\\80",
"HKEY_CURRENT_USER\\Software\\Microsoft\\.NETFramework\\Policy\\Standards",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\PublisherPolicy\\Default\\policy.2.0.System.Windows.Forms__b77a5c561934e089",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\2dd6ac50\\163e1f5e\\8a",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\PublisherPolicy\\Default\\policy.2.0.System.Security__b03f5f7f11d50a3a",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\IETld",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\Policy\\standards",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Fusion",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\.NETFramework\\Security\\Policy\\Extensions\\NamedPermissionSets",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\Policy\\Upgrades",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Fusion",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\Policy\\standards\\v2.0.50727",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\6dc7d4c0\\a5cd4db\\87",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-699399860-4089948139-3198924279-1001",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_USE_IETLDLIST_FOR_DOMAIN_DETERMINATION",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\.NETFramework\\v2.0.50727\\Security\\Policy",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\PublisherPolicy\\Default\\policy.2.0.System__b77a5c561934e089",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\StrongName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\3f50fe4f\\6f1da7aa\\90",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Fusion\\PublisherPolicy\\Default",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\PublisherPolicy\\Default\\policy.2.0.System.Xml__b77a5c561934e089",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\3ced59c5\\1b2590b1\\85",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\181938c6\\7950e2c5\\82",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\30bc7c4f\\3f50fe4f\\90",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\Policy\\v2.0",
"HKEY_CURRENT_USER\\Software\\Microsoft\\.NETFramework",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\3cca06a0\\6dc7d4c0\\84",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\c991064\\2bd33e1c\\81",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\7950e2c5\\19b8f67f\\82",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Class\\{4d36e972-e325-11ce-bfc1-08002be10318}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\61e7e666\\c991064\\83",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\.NETFramework",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\.NETFramework\\Policy\\",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\Security\\Policy\\Extensions\\NamedPermissionSets\\Internet",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\475dce40\\2d382ce6\\8d",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\internal\\jit\\Perf",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE",
"HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl",
"HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\Policy\\APTCA",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\Policy\\AppPatch",
"HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\.NETFramework\\Policy\\Standards",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\424bd4d8\\1c83327b\\8e"
],
"resolves_host": [
"ocsp.verisign.com",
"csc3-2009-2-crl.verisign.com",
"crl.verisign.com"
],
"file_written": [
"C:\\Users\\cuck\\AppData\\Local\\Temp\\CabA55C.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\TarA55D.tmp"
],
"regkey_deleted": [
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\8F43288AD272F3103B6FB1428485EA3014C0BCFE"
],
"file_deleted": [
"C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\enterprisesec.config.cch.2736.24097078",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\CabA55C.tmp",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\CLR Security Config\\v2.0.50727.312\\64bit\\security.config.cch.2736.24097296",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\TarA55D.tmp",
"C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\security.config.cch.2736.24097078"
],
"file_exists": [
"C:\\Windows\\inf\\",
"C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\machine.config",
"C:\\Windows\\winsxs\\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6\\msvcr80.dll",
"C:\\Program Files\\online services\\Skype\\SkypeSetup.exe",
"C:\\Windows\\System32\\fveui.dll",
"C:\\Users\\cuck\\AppData\\LocalLow",
"C:\\Program Files\\Skype\\Phone\\skype.exe",
"C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\fusion.localgac",
"C:\\Windows\\System32\\QAGENTRT.DLL",
"C:\\Users\\cuck\\AppData\\Local\\Temp",
"C:\\Program Files (x86)\\online services\\Skype\\SkypeSetup.exe",
"C:\\Windows\\assembly\\GAC\\PublisherPolicy.tme",
"C:\\Windows\\System32\\dnsapi.dll",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\3b9e7e16e65a87d943fec0ec7dff8fda4b1d3340829c39e073f6df55405177f9.bin",
"C:\\Windows\\System32\\MSCOREE.DLL.local",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\3b9e7e16e65a87d943fec0ec7dff8fda4b1d3340829c39e073f6df55405177f9.config",
"C:\\Program Files (x86)\\Skype\\Phone\\skype.exe",
"C:\\Windows\\System32\\p2pcollab.dll"
],
"file_failed": [
"C:\\Users\\cuck\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\60E31627FDA0A46932B0E5948949F2A5",
"C:\\Users\\cuck\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\4DD39726D4B55AC3B4119B35A893323C_BF314079C54386FC476AC0C777DD0DA8",
"C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\enterprisesec.config.cch",
"C:\\Windows\\Microsoft.NET\\Framework64\\Upgrades.2.0.50727\\",
"C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\security.config",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\3b9e7e16e65a87d943fec0ec7dff8fda4b1d3340829c39e073f6df55405177f9.bin.config",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\CLR Security Config\\v2.0.50727.312\\64bit\\security.config",
"C:\\Users\\cuck\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\4DD39726D4B55AC3B4119B35A893323C_4D50DAEB551A146AE575DB71610F2464",
"C:\\Users\\cuck\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\D47DBD2F9E3365FBBE008D71FB06716F_4DD1053BCC726DA41115FFF4C7D6E9CC",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\CLR Security Config\\v2.0.50727.312\\64bit\\security.config.cch",
"C:\\Users\\cuck\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\0797C381B2F87EB5A1D5573BD15BA4F4",
"C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\enterprisesec.config",
"C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\security.config.cch",
"C:\\Users\\cuck\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\D47DBD2F9E3365FBBE008D71FB06716F_BBB35F3D100606CE5776FB7E4248C8F3"
],
"guid": [
"{465a756d-45ad-4305-85fd-d3321650f3b7}",
"{6f237df9-9ddb-47ad-b218-400d54c286ad}",
"{871c5380-42a0-1069-a2ea-08002b30309d}",
"{000214e6-0000-0000-c000-000000000046}"
],
"file_read": [
"C:\\Users\\cuck\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\Content\\94308059B57B3142E455B38A6EB92015",
"C:\\Users\\cuck\\AppData\\LocalLow\\Microsoft\\CryptnetUrlCache\\MetaData\\94308059B57B3142E455B38A6EB92015",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\TarA55D.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\CabA55C.tmp",
"C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\CONFIG\\machine.config"
],
"regkey_read": [
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\Providers\\Trust\\Initialization\\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\\$Function",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Serial_Access_Num",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\FirefoxURL-E7CF176E110C211B\\shell\\open\\NeverDefault",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\SecurityProviders\\SecurityProviders",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-699399860-4089948139-3198924279-1001\\ProfileImagePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoSetFolders",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\A43489159A520F0D93D032CCAF37E7FE20A8B419\\Blob",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\crypt32\\DiagMatchAnyMask",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\CA\\CRLs\\A377D1B1C0538833035211F4083D00FECC414DAB\\Blob",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\475dce40\\2d382ce6\\8d\\Modules",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Shell\\Associations\\UrlAssociations\\http\\UserChoice\\Progid",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Rpc\\Extensions\\RemoteRpcDll",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\NoFileFolderJunction",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{208D2C60-3AEA-1069-A2D7-08002B30309D}\\ShellFolder\\NoFileFolderJunction",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\19ab8d57\\1bd7b0d8\\8f\\DisplayName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder\\MapNetDriveVerbs",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\DevOverrideEnable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{208D2C60-3AEA-1069-A2D7-08002B30309D}\\ShellFolder\\WantsFORPARSING",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder\\HasNavigationEnum",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NoClientChecks",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\DownloadCacheQuotaInKB",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\Providers\\Trust\\Message\\{31D1ADC1-D329-11D1-8ED8-0080C76516C6}\\$Function",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\IETld\\IETldVersionLow",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\18F7C1FCC3090203FD5BAA2F861A754976C8DD25\\Blob",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\c991064\\2bd33e1c\\81\\DisplayName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\RestrictedAttributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\MaxAIAUrlRetrievalCertCount",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\SspiCache\\credssp.dll\\Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\GACChangeNotification\\Default\\mscorlib,2.0.0.0,,b77a5c561934e089,AMD64",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\SspiCache\\credssp.dll\\Comment",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\DisableUnsupportedCriticalExtensions",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\LogLevel",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\c991064\\2bd33e1c\\81\\Modules",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\CA\\Certificates\\FEE449EE0E3965A5246F000E87FDE2A065FD89D4\\Blob",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\CA\\Certificates\\109F1CAED645BB78B3EA2B94C0697C740733031C\\Blob",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\6dc7d4c0\\a5cd4db\\87\\LastModTime",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{208D2C60-3AEA-1069-A2D7-08002B30309D}\\ShellFolder\\MapNetDriveVerbs",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\{BD7A2E7B-21CB-41b2-A086-B309680C6B7E}\\SuppressionPolicy",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Tcpip\\Parameters\\Winsock\\UseDelayedAcceptance",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\{450D8FBA-AD25-11D0-98A8-0800361B1103}\\SuppressionPolicy",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Local AppData",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\GCStressStart",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\742C3192E607E424EB4549542BE1BBC53E6174E2\\Blob",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\DevicePath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\SspiCache\\credssp.dll\\TokenSize",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\Disallowed\\Certificates\\7D7F4414CCEF168ADF6BF40753B5BECD78375931\\Blob",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\7950e2c5\\19b8f67f\\82\\SIG",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\181938c6\\7950e2c5\\82\\ILDependencies",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\InProcServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder\\WantsUniversalDelegate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\PublisherPolicy\\Default\\LegacyPolicyTimeStamp",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{208D2C60-3AEA-1069-A2D7-08002B30309D}\\ShellFolder\\UseDropHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\Providers\\Trust\\Certificate\\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\\$Function",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\TCPIP6\\Parameters\\Winsock\\MaxSockaddrLength",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\Providers\\Trust\\Certificate\\{31D1ADC1-D329-11D1-8ED8-0080C76516C6}\\$DLL",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\3ced59c5\\1b2590b1\\85\\DisplayName",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\SspiCache\\credssp.dll\\Capabilities",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{208D2C60-3AEA-1069-A2D7-08002B30309D}\\ShellFolder\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\PublisherPolicy\\Default\\Latest",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\IETld\\IETldDllVersionLow",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\c991064\\2bd33e1c\\81\\SIG",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\index143\\NIUsageMask",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\Providers\\Trust\\FinalPolicy\\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\\$DLL",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\\Blob",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\LatestIndex",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\{89D83576-6BD1-4c86-9454-BEB04E94C819}\\SuppressionPolicy",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{3f5cc1b5-70f9-11e8-b07b-806e6f6e6963}\\Data",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\61e7e666\\c991064\\83\\ConfigString",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\{98D99750-0B8A-4c59-9151-589053683D73}\\SuppressionPolicy",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{208D2C60-3AEA-1069-A2D7-08002B30309D}\\ShellFolder\\HideInWebView",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\EnableLog",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\crypt32\\DiagLevel",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\CA\\Certificates\\D559A586669B08F46A30A133F8A9ED3D038E2EA8\\Blob",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\IETld\\IETldDllVersionHigh",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\MapNetDriveVerbs",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\CseOn",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Cryptography\\PrivKeyCachePurgeIntervalSeconds",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\3f50fe4f\\6f1da7aa\\90\\DisplayName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\6dc7d4c0\\a5cd4db\\87\\Status",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\VersioningLog",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\DisableMSIPeek",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\Providers\\Trust\\Initialization\\{31D1ADC1-D329-11D1-8ED8-0080C76516C6}\\$DLL",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\OLE\\MaximumAllowedAllocationSize",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder\\WantsFORDISPLAY",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{208D2C60-3AEA-1069-A2D7-08002B30309D}\\ShellFolder\\QueryForOverlay",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\6dc7d4c0\\a5cd4db\\87\\SIG",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum\\{208D2C60-3AEA-1069-A2D7-08002B30309D}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\30bc7c4f\\3f50fe4f\\90\\MVID",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\SspiCache\\credssp.dll\\Version",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CryptDllFindOIDInfo\\1.3.6.1.4.1.311.44.3.4!7\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\3cca06a0\\6dc7d4c0\\84\\NIDependencies",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\c991064\\2bd33e1c\\81\\Status",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\UseDropHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\475dce40\\2d382ce6\\8d\\Status",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\CryptnetCachedOcspSwitchToCrlCount",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\181938c6\\7950e2c5\\82\\ConfigMask",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\97817950D81C9670CC34D809CF794431367EF474\\Blob",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\2dd6ac50\\163e1f5e\\8a\\DisplayName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\SourcePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\181938c6\\7950e2c5\\82\\DisplayName",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\LDAP\\UseOldHostResolutionOrder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\WantsParseDisplayName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\Providers\\Trust\\Signature\\{31D1ADC1-D329-11D1-8ED8-0080C76516C6}\\$DLL",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\30bc7c4f\\3f50fe4f\\90\\ILDependencies",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\424bd4d8\\1c83327b\\8e\\Modules",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\61e7e666\\c991064\\83\\ConfigMask",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{208D2C60-3AEA-1069-A2D7-08002B30309D}\\ShellFolder\\WantsUniversalDelegate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\OnlyUseLatestCLR",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\3cca06a0\\6dc7d4c0\\84\\ConfigString",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\ChainCacheResyncFiletime",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Wpad\\WpadOverride",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\\SuppressionPolicy",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\30bc7c4f\\3f50fe4f\\90\\Status",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\3cca06a0\\6dc7d4c0\\84\\MVID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{208D2C60-3AEA-1069-A2D7-08002B30309D}\\ShellFolder\\WantsParseDisplayName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{208D2C60-3AEA-1069-A2D7-08002B30309D}\\ShellFolder\\QueryForInfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoCommonGroups",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\IETld\\IETldVersionHigh",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\crypt32\\DebugFlags",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SQMClient\\Windows\\DisabledSessions\\MachineThrottling",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\Defaults\\Provider\\Microsoft Enhanced RSA and AES Cryptographic Provider\\Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\424bd4d8\\1c83327b\\8e\\SIG",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\{11016101-E366-4D22-BC06-4ADA335C892B}\\SuppressionPolicy",
"HKEY_CURRENT_USER\\Local Settings\\MuiCache\\2\\52C64B7E\\@%SystemRoot%\\system32\\p2pcollab.dll,-8042",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\{e345f35f-9397-435c-8f95-4e922c26259e}\\SuppressionPolicy",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\{645FF040-5081-101B-9F08-00AA002F954E}\\SuppressionPolicy",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\475dce40\\2d382ce6\\8d\\LastModTime",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{00000134-0000-0000-C000-000000000046}\\ProxyStubClsid32\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\7950e2c5\\19b8f67f\\82\\DisplayName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\GCStressStartAtJit",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder\\WantsParseDisplayName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\QueryForInfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\3ced59c5\\1b2590b1\\85\\SIG",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\8F43288AD272F3103B6FB1428485EA3014C0BCFE",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\BE36A4562FB2EE05DBB3D32323ADF445084ED656\\Blob",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\Providers\\Trust\\Cleanup\\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\\$DLL",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\SspiCache\\credssp.dll\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoPropertiesRecycleBin",
"HKEY_CURRENT_USER\\FirefoxURL-E7CF176E110C211B\\NoStaticDefaultVerb",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\AccessProviders\\MartaExtension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoPropertiesMyComputer",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\{59031a47-3f72-44a7-89c5-5595fe6b30ee}\\SuppressionPolicy",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\6dc7d4c0\\a5cd4db\\87\\Modules",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{208D2C60-3AEA-1069-A2D7-08002B30309D}\\ShellFolder\\HasNavigationEnum",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\WinTrust\\Trust Providers\\Software Publishing\\State",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\HasNavigationEnum",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\7950e2c5\\19b8f67f\\82\\Status",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\3cca06a0\\6dc7d4c0\\84\\ConfigMask",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\GACChangeNotification\\Default\\System.Security,2.0.0.0,,b03f5f7f11d50a3a,MSIL",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\3cca06a0\\6dc7d4c0\\84\\EvalationData",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Tcpip\\Parameters\\Winsock\\MaxSockaddrLength",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\MaxAIAUrlCountInCert",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\181938c6\\7950e2c5\\82\\ConfigString",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\19ab8d57\\1bd7b0d8\\8f\\LastModTime",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\DisableImprovedZoneCheck",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Winsock\\Setup Migration\\Providers\\Tcpip\\WinSock 2.0 Provider ID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\Providers\\Trust\\Cleanup\\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\\$Function",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\30bc7c4f\\3f50fe4f\\90\\DisplayName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\GACChangeNotification\\Default\\System.Configuration,2.0.0.0,,b03f5f7f11d50a3a,MSIL",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\2dd6ac50\\163e1f5e\\8a\\Modules",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\ForceLog",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\7F88CD7223F3C813818C994614A89C99FA3B5247\\Blob",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{3f5cc1b6-70f9-11e8-b07b-806e6f6e6963}\\Generation",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\CreateUriCacheSize",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\InstallRoot",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\61e7e666\\c991064\\83\\EvalationData",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoControlPanel",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\Enabled",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\{8FD8B88D-30E1-4F25-AC2B-553D3D65F0EA}\\SuppressionPolicy",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\181938c6\\7950e2c5\\82\\MissingDependencies",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\Providers\\Trust\\FinalPolicy\\{31D1ADC1-D329-11D1-8ED8-0080C76516C6}\\$Function",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Security\\Safety Warning Level",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\GACChangeNotification\\Default\\System.Runtime.Serialization.Formatters.Soap,2.0.0.0,,b03f5f7f11d50a3a,MSIL",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\MUI\\StringCacheSettings\\StringCacheGeneration",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\SspiCache\\credssp.dll\\RpcId",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\Defaults\\Provider\\Microsoft Strong Cryptographic Provider\\Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\PInvokeInline",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder\\CallForAttributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\\Blob",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\61e7e666\\c991064\\83\\NIDependencies",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\41c04c7e\\7f3b6ac4\\80\\DisplayName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\WantsFORPARSING",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\41c04c7e\\7f3b6ac4\\80\\Status",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\3ced59c5\\1b2590b1\\85\\Status",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\3f50fe4f\\6f1da7aa\\90\\Modules",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{208D2C60-3AEA-1069-A2D7-08002B30309D}\\ShellFolder\\HideOnDesktopPerUser",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\475dce40\\2d382ce6\\8d\\DisplayName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ShareCredsWithWinHttp",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\{9343812e-1c37-4a49-a12e-4b2d810d956b}\\SuppressionPolicy",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\QueryForOverlay",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder\\HideInWebView",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{3f5cc1b5-70f9-11e8-b07b-806e6f6e6963}\\Generation",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\CryptnetPreFetchTriggerPeriodSeconds",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Rpc\\Extensions\\NdrOleExtDLL",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\19ab8d57\\1bd7b0d8\\8f\\SIG",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\61e7e666\\c991064\\83\\MVID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoInternetIcon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\MaxAIAUrlRetrievalCountPerChain",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\2dd6ac50\\163e1f5e\\8a\\Status",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ProxySettingsPerUser",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Winsock\\Parameters\\Transports",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\WantsAliasedNotifications",
"HKEY_CURRENT_USER\\Local Settings\\MuiCache\\2\\52C64B7E\\@%SystemRoot%\\system32\\qagentrt.dll,-10",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\LoggingLevel",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\c991064\\2bd33e1c\\81\\LastModTime",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\75E0ABB6138512271C04F85FDDDE38E4B7242EFE\\Blob",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections\\DefaultConnectionSettings",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\{daf95313-e44d-46af-be1b-cbacea2c3065}\\SuppressionPolicy",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\Providers\\Trust\\Signature\\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\\$DLL",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\crypt32\\DebugHeapFlags",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\Providers\\Trust\\Initialization\\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\\$DLL",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}\\SuppressionPolicy",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}\\SuppressionPolicy",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\Providers\\Trust\\CertCheck\\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\\$Function",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\3cca06a0\\6dc7d4c0\\84\\ILDependencies",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{3f5cc1b6-70f9-11e8-b07b-806e6f6e6963}\\Data",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\InProcServer32\\LoadWithoutCOM",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\HideOnDesktopPerUser",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\19ab8d57\\1bd7b0d8\\8f\\Status",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\SESSION MANAGER\\SafeProcessSearchMode",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\TCPIP6\\Parameters\\Winsock\\HelperDllName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder\\PinToNameSpaceTree",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\GACChangeNotification\\Default\\System.Xml,2.0.0.0,,b77a5c561934e089,MSIL",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Tcpip\\Parameters\\Winsock\\Mapping",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\61e7e666\\c991064\\83\\Status",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SQMClient\\Windows\\DisabledProcesses\\6986E2C6",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\Providers\\Trust\\CertCheck\\{31D1ADC1-D329-11D1-8ED8-0080C76516C6}\\$Function",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\WantsFORDISPLAY",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\Disallowed\\Certificates\\637162CC59A3A1E25956FA5FA8F60D2E1C52EAC6\\Blob",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\30bc7c4f\\3f50fe4f\\90\\MissingDependencies",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\Defaults\\Provider\\Microsoft Enhanced RSA and AES Cryptographic Provider\\Image Path",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\424bd4d8\\1c83327b\\8e\\LastModTime",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\7950e2c5\\19b8f67f\\82\\LastModTime",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\LsaExtensionConfig\\SspiCli\\CheckSignatureRoutine",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\CLRLoadLogDir",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\Providers\\Trust\\Signature\\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\\$Function",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\TCPIP6\\Parameters\\Winsock\\MinSockaddrLength",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\LsaExtensionConfig\\SspiCli\\CheckSignatureDll",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder\\HideOnDesktopPerUser",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\{F3F5824C-AD58-4728-AF59-A1EBE3392799}\\SuppressionPolicy",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\CreateUriCacheSize",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\NewGCCalc",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\Providers\\Trust\\Message\\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\\$DLL",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CryptDllFindOIDInfo\\1.3.6.1.4.1.311.67.1.2!7\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder\\WantsAliasedNotifications",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\Providers\\Trust\\FinalPolicy\\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\\$Function",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\PinToNameSpaceTree",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\3f50fe4f\\6f1da7aa\\90\\LastModTime",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\7950e2c5\\19b8f67f\\82\\Modules",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\CreateUriCacheSize",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\DisableConfigCache",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\181938c6\\7950e2c5\\82\\EvalationData",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder\\QueryForInfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections\\WinHttpSettings",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\Providers\\Trust\\Signature\\{31D1ADC1-D329-11D1-8ED8-0080C76516C6}\\$Function",
"HKEY_CURRENT_USER\\Local Settings\\MuiCache\\2\\52C64B7E\\@%SystemRoot%\\System32\\fveui.dll,-844",
"HKEY_CURRENT_USER\\Local Settings\\MuiCache\\2\\52C64B7E\\@%SystemRoot%\\System32\\fveui.dll,-843",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\LogResourceBinds",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\GACChangeNotification\\Default\\System,2.0.0.0,,b77a5c561934e089,MSIL",
"HKEY_CURRENT_USER\\FirefoxURL-E7CF176E110C211B\\shell\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\{ED228FDF-9EA8-4870-83b1-96b02CFE0D52}\\SuppressionPolicy",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\LogMask",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Cryptography\\PrivKeyCacheMaxItems",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\PInvokeCalliOpt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SQMClient\\Windows\\DisabledSessions\\GlobalSession",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\41c04c7e\\7f3b6ac4\\80\\SIG",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{208D2C60-3AEA-1069-A2D7-08002B30309D}\\ShellFolder\\RestrictedAttributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\GACChangeNotification\\Default\\System.Windows.Forms,2.0.0.0,,b77a5c561934e089,MSIL",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{208D2C60-3AEA-1069-A2D7-08002B30309D}\\ShellFolder\\HideFolderVerbs",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CryptDllFindOIDInfo\\1.3.6.1.4.1.311.64.1.1!7\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\181938c6\\7950e2c5\\82\\Status",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\DisableHotCold",
"HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\EnablePunycode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\{031E4825-7B94-4dc3-B131-E946B44C8DD5}\\SuppressionPolicy",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\WantsUniversalDelegate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\FirefoxURL-E7CF176E110C211B\\NoStaticDefaultVerb",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\3cca06a0\\6dc7d4c0\\84\\DisplayName",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\TCPIP6\\Parameters\\Winsock\\UseDelayedAcceptance",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\TailCallOpt",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\LDAP\\UseHostnameAsAlias",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\8F43288AD272F3103B6FB1428485EA3014C0BCFE\\Blob",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\GACChangeNotification\\Default\\System.Drawing,2.0.0.0,,b03f5f7f11d50a3a,MSIL",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder\\NoFileFolderJunction",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\6dc7d4c0\\a5cd4db\\87\\DisplayName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\.NETFramework\\TURNOFFDEBUGINFO",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\3ced59c5\\1b2590b1\\85\\Modules",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{208D2C60-3AEA-1069-A2D7-08002B30309D}\\ShellFolder\\CallForAttributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\Providers\\Trust\\Message\\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\\$Function",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\\SuppressionPolicy",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder\\QueryForOverlay",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder\\UseDropHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CryptDllFindOIDInfo\\1.3.6.1.4.1.311.47.1.1!7\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\index143\\ILUsageMask",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE\\*",
"HKEY_CURRENT_USER\\FirefoxURL-E7CF176E110C211B\\shell\\open\\NeverDefault",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\3f50fe4f\\6f1da7aa\\90\\Status",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\475dce40\\2d382ce6\\8d\\SIG",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\41c04c7e\\7f3b6ac4\\80\\LastModTime",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\424bd4d8\\1c83327b\\8e\\Status",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\LogFailures",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\GACChangeNotification\\Default\\System.Deployment,2.0.0.0,,b03f5f7f11d50a3a,MSIL",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\Providers\\Trust\\Message\\{31D1ADC1-D329-11D1-8ED8-0080C76516C6}\\$DLL",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\EnablePunycode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\30bc7c4f\\3f50fe4f\\90\\ConfigMask",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\19ab8d57\\1bd7b0d8\\8f\\Modules",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\Providers\\Trust\\CertCheck\\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\\$DLL",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\61e7e666\\c991064\\83\\DisplayName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\MachineGuid",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\MaxAIAUrlRetrievalByteCount",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\EnablePunycode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\Providers\\Trust\\CertCheck\\{31D1ADC1-D329-11D1-8ED8-0080C76516C6}\\$DLL",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\245C97DF7514E7CF2DF8BE72AE957B9E04741E85\\Blob",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\UseLegacyIdentityFormat",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\\Blob",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Cryptography\\PrivateKeyLifetimeSeconds",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\EnablePunycode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder\\RestrictedAttributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\LogMaxFileSize",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\LDAP\\LdapClientIntegrity",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\CryptnetMaxCachedOcspPerCrlCount",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\424bd4d8\\1c83327b\\8e\\DisplayName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CryptDllFindOIDInfo\\1.3.6.1.4.1.311.67.1.1!7\\Name",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Winsock\\Setup Migration\\Providers\\Tcpip6\\WinSock 2.0 Provider ID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\HideInWebView",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum\\{871C5380-42A0-1069-A2EA-08002B30309D}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\\Blob",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\Providers\\Trust\\FinalPolicy\\{31D1ADC1-D329-11D1-8ED8-0080C76516C6}\\$DLL",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\30bc7c4f\\3f50fe4f\\90\\ConfigString",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\EnableInetUnknownAuth",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\30bc7c4f\\3f50fe4f\\90\\EvalationData",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\CacheLocation",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\DisableCANameConstraints",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{208D2C60-3AEA-1069-A2D7-08002B30309D}\\ShellFolder\\PinToNameSpaceTree",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Tcpip\\Parameters\\Winsock\\MinSockaddrLength",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\CDD4EEAE6000AC7F40C3802C171E30148030C072\\Blob",
"HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\CreateUriCacheSize",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\181938c6\\7950e2c5\\82\\MVID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\3cca06a0\\6dc7d4c0\\84\\MissingDependencies",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder\\HideFolderVerbs",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\41c04c7e\\7f3b6ac4\\80\\Modules",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\WinHttp\\DisableBranchCache",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\2dd6ac50\\163e1f5e\\8a\\SIG",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\{04731B67-D933-450a-90E6-4ACD2E9408FE}\\SuppressionPolicy",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\3ced59c5\\1b2590b1\\85\\LastModTime",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Tcpip\\Parameters\\Winsock\\HelperDllName",
"HKEY_CURRENT_USER\\Local Settings\\MuiCache\\2\\52C64B7E\\@%SystemRoot%\\system32\\dnsapi.dll,-103",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\3cca06a0\\6dc7d4c0\\84\\Status",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Security_HKLM_only",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Windows\\LoadAppInit_DLLs",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\MaxUrlRetrievalByteCount",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\GACChangeNotification\\Default\\Accessibility,2.0.0.0,,b03f5f7f11d50a3a,MSIL",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\181938c6\\7950e2c5\\82\\NIDependencies",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\30bc7c4f\\3f50fe4f\\90\\NIDependencies",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\2dd6ac50\\163e1f5e\\8a\\LastModTime",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Desktop\\NameSpace\\{26EE0668-A00A-44D7-9371-BEB064C98683}\\SuppressionPolicy",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\Providers\\Trust\\Certificate\\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\\$DLL",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\HideFolderVerbs",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\GRE_Initialize\\DisableMetaFiles",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE\\3b9e7e16e65a87d943fec0ec7dff8fda4b1d3340829c39e073f6df55405177f9.bin",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder\\WantsFORPARSING",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\Providers\\Trust\\Certificate\\{31D1ADC1-D329-11D1-8ED8-0080C76516C6}\\$Function",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\WinHttp\\Tracing\\Enabled",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\CallForAttributes",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Cached\\{871C5380-42A0-1069-A2EA-08002B30309D} {000214E6-0000-0000-C000-000000000046} 0xFFFF",
"HKEY_CURRENT_USER\\Software\\Microsoft\\SystemCertificates\\Root\\ProtectedRoots\\Certificates",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SQMClient\\Windows\\CEIPEnable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\Providers\\Trust\\Initialization\\{31D1ADC1-D329-11D1-8ED8-0080C76516C6}\\$Function",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\DisableMandatoryBasicConstraints",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\Defaults\\Provider\\Microsoft Strong Cryptographic Provider\\Image Path",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\61e7e666\\c991064\\83\\ILDependencies",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\IL\\3f50fe4f\\6f1da7aa\\90\\SIG",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\EnableWeakSignatureFlags",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{208D2C60-3AEA-1069-A2D7-08002B30309D}\\ShellFolder\\WantsAliasedNotifications",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\NativeImagesIndex\\v2.0.50727_64\\NI\\61e7e666\\c991064\\83\\MissingDependencies",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{208D2C60-3AEA-1069-A2D7-08002B30309D}\\ShellFolder\\WantsFORDISPLAY",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\TCPIP6\\Parameters\\Winsock\\Mapping",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Fusion\\PublisherPolicy\\Default\\index4"
]
},
"first_seen": 1573858385.5625,
"ppid": 2456
},
{
"process_path": "C:\\Windows\\System32\\lsass.exe",
"process_name": "lsass.exe",
"pid": 476,
"summary": {},
"first_seen": 1573858385.2969,
"ppid": 376
},
{
"process_path": "C:\\Program Files (x86)\\Mozilla Firefox\\firefox.exe",
"process_name": "firefox.exe",
"pid": 2804,
"summary": {
"file_opened": [
"",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\1E6CC88205509B4729347C79C048D6FEE47BA702",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4A7B3B12544D1B7ECC140DBCC7F13159E5C2811A",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\116C29D749EF02BBC3455756D834442785F9A388",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\406A03EE0E91037465ACB2B4F4105250A54F282B",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\C7BCCD2D2CA294B38AE834D818CF5D5C0C7A65BE",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\1657114595AmcateirvtiSty.sqlite",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\F17F04878A68505AE5481A71D8B733C5FFC6F285",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\InstallTime20180605171542",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\80C4BD9CF4D3178043F25467076DC8E0EDCA7FA2",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\25BA5C2B3FD98507850409FC3A4FD981B4B57A95",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\0C2824F70ADF87E5071FE4771AF36357A5500643",
"C:\\Program Files (x86)\\Mozilla Firefox\\defaults\\pref\\channel-prefs.js",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\mozplugin-block-digest256.pset",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\sessionCheckpoints.json",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\53DAE4B1D7BFF6744CCAF7207DE631267F9883DC",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\12C5797F729FEAC529B8B47C188D14EB02D8CB76",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-phish-proto.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\B7DB036074231ACC212F58CA5B8AF0545A418060",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-downloadwhite-proto.metadata",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\A698B6CF98F43F9B0EE1C1DAF3F2CB9BFF09A47C",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\464DAA9FB3675E2054BC44273AFC184FA46471CB",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\7B303216787123E2E98A2B9594CDF8211C77C0EA",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-harmful-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\14C9FC10F03F11BB6CBD75EA217AB33E64DCC1D8",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\7129FF815464CD6B0D2D26BA6F4172DEB37EEEAD",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\addons.json",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\SiteSecurityServiceState.txt",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\03C2D63D520038594126B6B542E92CB503EF60B6",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\9548F9611999ED8CA357720E12017816424CFB6F",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\B871BCA40A90227E35C39797525C79C94A1D99BE",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-downloadwhite-proto.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\except-flashsubdoc-digest256.pset",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-utility-l1-1-0.dll",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\5910B209536948818F465D83D2569E7CE0895207",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\content-prefs.sqlite",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\89ACBB962943FAF1EF2F1C7CA72502C77A714625",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-phish-proto.metadata",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\BD75785200C0E1E894D78880C72AC03D1B02A575",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\89DBE1DF558BB8439E2062ECC3272086F2E3FF1F",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-malware-proto.metadata",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\6052DF2D478CD99FDE4D4B2D810BB2BA580793EC",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D6BFEAEE7117A9C7FDE6A10EAB400F894E4195A8",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\2FD2E2A71F89E3A92F68CB796207228217259289",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-math-l1-1-0.dll",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\BF13DDDC114B55CF8532A4CD90403A99233AEC0E",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4E7F371E5CFBFD3AFD85C29D7EEFFFE842B3C777",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\A41FBA22DC5012AD425DF960BDD5033BAB7C7CB6",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\allow-flashallow-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\scriptCache-current.bin",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\permissions.sqlite",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\handlers.json",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\B028362E3889BEAC998CED49FD74BA83B106FF93",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\698AC159A6BCBA0D13FE6F10F1A38E498F826F33",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\46E3AF25E304979396708B69DA68563169275511",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\allow-flashallow-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\onboarding@mozilla.org.xpi",
"C:\\Program Files (x86)\\Mozilla Firefox\\gmp-clearkey\\0.1\\manifest.json",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\17AFA6B228D2D87514B84B53E61306EC9F76A8AE",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\179F6D8969C48967D77229126C8892C5E40DBC29",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D5E6BECED2D69F7DA21EFD7B80D6C386F459CAF3",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default",
"C:\\Program Files (x86)\\Mozilla Firefox\\firefox.exe",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\53A3BB8B513161BF46CD7ED76BE06E8E633BE492",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cookies.sqlite",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\92B5C9352DD00CE3BC97E4D5F624D41C2B3E8A45",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-phish-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-harmful-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\2B0BB856207559EBA5FC5511DF6FF5F51DFB5146",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\E771454BB360CA5F7AA169E5416B493549BC2F59",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4FA5EE242D6F5B358CE45D291E80054726F198AC",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\addonStartup.json.lz4",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\EE34617993BEF52E93EC1819B22D42B99366214A",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\F18D85F52EBBBA2AB081EF739ED0D6E8A76D497C",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\blocklist.xml",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\96ABC2EA8266E6EA2ABE62F8766B67BC8CA527BD",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\AlternateServices.txt",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-multibyte-l1-1-0.dll",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-badbinurl-proto.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D1B90B03F8D7A2BA6BA1E9251F8101DECDB2CBEC",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\base-track-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\08F6935A08DB711CA491DE732807CFAEAB3E4D3B",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\64E75C732D9C3F23724ACEF48E9B6C566BC6D9BE",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\followonsearch@mozilla.com.xpi",
"C:\\Windows\\System32\\wshqos.dll",
"C:\\",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-track-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\22C4B7AADA22F61015D43F2AC3959E959BFA7C92",
"C:\\Program Files (x86)\\Mozilla Firefox\\fonts\\EmojiOneMozilla.ttf",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\B25B8C1B43CF7FBFAE6666322FAC0E83376388E2",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\24AB539CB6640E15DB1604220F3951544785212C",
"C:\\Program Files (x86)\\Mozilla Firefox\\lgpllibs.dll",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\505DF13F4DA2C53FEB1945E0598B23F47FDBDCC7",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\BA91797ACB41F0E0E1E95742571EEE322A6A70F0",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\webext.sc.lz4",
"C:\\Program Files (x86)\\Mozilla Firefox\\mozglue.dll",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\CCB2BB2D87699CA64DCF0C60BDECD1E30D1D6A11",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\773ADD9F62EEAF7F2246C8AD56A9F1B7BAA7B703",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\2E3648501A7ACB740BAFCE7FC3EAF3D4DC4E995D",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\9BA38CD17924C08AD334BFB3903E3E7CD5627B1B",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\2DDBF58F5F7BF1E52CD38B42B90ABC8A4B082461",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-block-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\mozplugin-block-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\E7EAFD1748127CEAA48DCDD05E7998E3CAA95B8C",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\C4FA0268E64A0AD9E2040B07A1F10F120BD4EB0C",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\EAF97F7535E2FBDA3D23E536591F7BBFE203FAC1",
"\\Device\\NamedPipe\\",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D5D7B247774E63182A9E2C82B62424AAB64C79A8",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\745D8B14DE6A12F1FAB4E03C1DDDB18AADB91107",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\6E1FED29EBE0BFDE3E498E4192938BE957FF9246",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\xulstore.json",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\A9004750076EB06EEC33AA7B9CC6D2557CD44CF4",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-malware-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\0CB83587A5F8FCB502CB86AC361A93E2B36E861C",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\A3031C2052A395A7FE246EFE1783C6205B841295",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\2F8B15C93D75669CC70EBF85BF71871359837EAF",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-unwanted-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\1679441B8AA7B4D31717C773CC4E86A25B37532B",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\C9BC79B1EF4DD1EF133FEDF6433E235214534AB1",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\search.json.mozlz4",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\10506E8A46D6B713DA6BAF52F85CF29652AB094C",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\19AE0F43DA3528C6C3423A49A8C88E2268C93A9F",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\A9970A5D52CA09C13D9BD1531BCA7CF8B73E283E",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\A2FD2AEC52AD764EF05C6E7CE3A4CE4B752EA5F0",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\719CE0C009C49A27AA9874570F196BC7E8FB4270",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\except-flashsubdoc-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\block-flash-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\6301F538B782708AB243E2D7E05058C93BB83863",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\DF08D94982E136FE7C4F2C94421F9E48C2C74A77",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\C664ABAE6A070392F60C7BFF721450AA0CF7DBA0",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\B10EA6E071F884F477118DC8A00E82FC8DE58639",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\key4.db",
"C:\\Program Files (x86)\\Mozilla Firefox\\omni.ja",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cert9.db",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-badbinurl-proto.metadata",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\E8F333B9BE75EC8017017DAE4ACE9DCC6677A983",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-block-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\1E1444ABF82EF1DC8EE0944028E4CDA455D636F3",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\05582FF5C196A4485F189490FEC9ECEA0890DA32",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\589D8E1EA927649272150213A47BD1143DECB82A",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\ED89A8241905354BB4530DC06257CEF53C1580A2",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-phish-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\BFF1B70350A6A2E0FDC6CD336ADB9119D951BACD",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-string-l1-1-0.dll",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-trackwhite-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\66F684AF9CC570C6247262B47C769C601C2A338B",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\639DC9A240AA5E77CE1A930EDDD634BE796CBFA8",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\containers.json",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\prefs.js",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D1A8E6A06938A84BEC26B6A4F8D583FB4A3E4875",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\1D7A050D55E3C4EE69402F8D55391DE5B50ADDB9",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\pkcs11.txt",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\6C9B846926C287B15F67D64CE91F1CFA7D812660",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\except-flashallow-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\C57B57965CBA09581E320B5AA0337D210F8F93D2",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-phish-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-harmful-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\0CDAD0FEE8D457A239E21FCEAC3C12851FD524BB",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\32D3D40B1A49D72C523AF9C518AFE673224DF48F",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\times.json",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\E2E836DA4479746F0312710A7F9EE78D7DFD4750",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-trackwhite-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\2E51A9404F7D0D33DB132CAF4A9C7B8FA64549AA",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-unwanted-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\120B4106EC203FC932984367D86BBE11C2B9B93C",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\2361C75DF0C4148925BB777DAFEA1BF4F9552B47",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\favicons.sqlite-wal",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\3A472858AE5D0DD4813DF4EFC9F1037A487B1A64",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-block-simple.sbstore",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-locale-l1-1-0.dll",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\65C9C9A27B78717F1015DE362F028E04C3945DEC",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4E83181E964BD40E1FE4C41BAFED645D4BA363B1",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\25D9FE4CEA5B58770648CDAF3242ACDE286A6CBF",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\extensions\\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4AFCE23AA61A96885DF21D2DE2FFB502C41EBD3C",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\3561288849sdhlie.sqlite",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\1FD79E550E990A5DE8BC811C9BBECF380A66A9DF",
"C:\\Program Files (x86)\\Mozilla Firefox\\nss3.dll",
"C:\\Windows\\Fonts\\times.ttf",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-malware-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\361B548BA913570AB336F9E5FA9152F01E567AB9",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\mozstd-trackwhite-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\9843E084E02CC996A82AAAF091B968B2F443AA96",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\base-track-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\webappsstore.sqlite-wal",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\63F48F4F7F1BC3195F5AB831F9794F3DBA2D30E1",
"C:\\Windows\\Fonts\\segoeuii.ttf",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\favicons.sqlite",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4945586D32183A203E85FAFFD463A7684FD62668",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\7F2254AA2A8BC4A627A43E0A537084540A1E884B",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\aushelper@mozilla.org.xpi",
"C:\\Program Files (x86)\\Mozilla Firefox\\chrome.manifest",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\950506BC89C1114E4E75E993855000430CECD9D9",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-track-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\1F3A3A34BAF218785600EB46E9182918B9928898",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4824C8FFDEE786A5D8721AF47836EA89F72B9E63",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-phish-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\startupCache.4.little",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\compatibility.ini",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\235A8ED310BFD65966E1EE36D0FD4BE498C8B73C",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\thumbnails\\f8f5d529d35334f2fb264d19f656224e.png",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\.metadata-v2",
"\\\\?\\PIPE\\samr",
"C:\\Windows\\System32\\spool\\drivers\\color\\sRGB Color Space Profile.icm",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\7ADD52E257AB16553D632B8F4B6830030878A19E",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-time-l1-1-0.dll",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\5E4954707B44E5A4B4ACF5F22B52219A1DCA477F",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\AA109EF5680522CB655C98111C00F5A6B7B092B2",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\1AB027184D2B00AF60C1FC40EDE4333DEACDB184",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\B597DA2E9B2D181DF7F2FB8D2BAEC133C8DBA0A3",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\C03DE41C9476F437402F1B6C64B0E4AB01A863E0",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\crashes\\store.json.mozlz4",
"C:\\Program Files (x86)\\Mozilla Firefox\\dependentlibs.list",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\webappsstore.sqlite",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\TRRBlacklist.txt",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\FF55B8192FB0DF5264A1A67E55A281598969EDD1",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-trackwhite-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-malware-proto.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\block-flashsubdoc-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\BA3014356B4F6ECADF1B5288B6841EB407783B99",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\75E50D054B90189E74DAB0C86F5E8680BE580C29",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\session-state.json",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\34D9B2F464DD8C129F58DFEE470B079556A7A3F9",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\167493A5CFB1A41265EC1B95DA06580C32BCF814",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\activity-stream.tippytop.json",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\68B1EB9E09D4BD74CA7A9C1BB118BE821BD39E93",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\DC933A410E769DFD115C892EAF014A6E15ED59CE",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D172C03F361E7325D8F391F992106A828306767D",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\911B0C61350C012E383F7D0845A33B4D64F1AD2A",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D381FB47D731C2651FB103E2F7BC18AF380F7B1F",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\0FEBD8BDBFAC8B82791945DC7E04F675419B2F42",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\block-flash-digest256.pset",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-runtime-l1-1-0.dll",
"C:\\Users\\cuck\\AppData\\LocalLow\\Mozilla\\Temp-{30125161-3c7f-4c5a-bdb3-beadc01f5994}",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\7A140995F2B1632A4366B29F84525E129CE8019A",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-block-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\13AD07F4960A54F2D183ACF9E94C5128138B1927",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\scriptCache-child-current.bin",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\8C98F893C7DC5F2C401AD1482A81572B54197408",
"C:\\Program Files (x86)\\Mozilla Firefox\\VCRUNTIME140.dll",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\10822A86FA4EA4E601152426CBC79395A1336DF4",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\481A82674A6B66F0DE510C9A714F8CD8C49CECDC",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\5DE23E815D1A97B1F4BEA115D8FEE9A592A6F071",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\B3F357E619352C003E94A8CF5A48F89305F38330",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\6D0B804EDDF9F0A04ED44C3E1673404FC2EF042D",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4EC268BEC38CFB516EF780E0EBE4E401AF241132",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\796EA7DED8F33BFD4F2F0CD98C76865D063E1FE1",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D8779A474EF9F188508C00F92B9CE49A7892A0AD",
"C:\\Program Files (x86)\\Mozilla Firefox\\xul.dll",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\87526A8EBFB030E474085D20EF15DC8C63814072",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\screenshots@mozilla.org.xpi",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\AC09BBF6FF451E6C03BF3FB18C85B1A52662C4FC",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\0EDDF8C091E2FED62E44BEDDDC1723F5BF38FE4F",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D7152E928865BCA4A03E2E2EA4F70459D0A65CA9",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\except-flash-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-track-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\profiles.ini",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\3105ECE5A1F29E3F4D2F5EDF3C6DC5FE4443FD4A",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-harmful-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\93B95B92B63A5C2327A8048A4BF57824C56B8CF1",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-track-simple.pset",
"C:\\Windows\\Fonts\\segoeui.ttf",
"C:\\PROGRAM FILES (X86)\\MOZILLA FIREFOX\\fonts\\EMOJIONEMOZILLA.TTF",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\9B1007AC2F741C4FD7099C41A741D0FD35957BB8",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\places.sqlite-wal",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4966EE335F8967FC706E89E6D02E8524E946F1B9",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\except-flashallow-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\196BCA845E91608F7B4CA6127A60D20AF55413AC",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\F8AC72083E334F70A553AE68455FBDF0E65C5221",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\E59C4C731883450D84A0BAE7FDD94546BBC8DE04",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\SecurityPreloadState.txt",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D3AEF13BE0B76F1272C2F5536D4AF952DE6D2579",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-unwanted-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\8366CD083751DA973B30F80B11D910A45A6D920D",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\webcompat@mozilla.org.xpi",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\6509930F4539DB79DA356F2C5D01976D46756302",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\8322BC5E83D3D80175E749D29197F9800286F253",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\2732BCC97E7EB9EC9DE3E8EA8F56D7971CBDCD22",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\except-flash-digest256.pset",
"C:\\Windows\\System32\\wship6.dll",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\E910D1FCE8BF27F5536B88567A4DC32624377CC3",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\B2D65EE14ED1EB19E1A3B4C871D8C24A13F52918",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\firefox@getpocket.com.xpi",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\7A8D3A9360CC37F0AD80962D4AEA72B6D0F0B2B3",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-trackwhite-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\AC5E012C1887C7B691A8EA00C4E754025E25C235",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-malware-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\F2BD0701B9399ABF52C338C39C42391FD12832D2",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\01B2BB0FC84221A3593CA7991D57E56AC2CAE656",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\F10983A15DD515D828BE4E816299B9E87852132A",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\EFE71EF03AD3DD79AAEBAA0A3F9596521CBA2FFE",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-filesystem-l1-1-0.dll",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\B43D30F6F6BD7155ECCE1FFC98748C5FE69D8051",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-heap-l1-1-0.dll",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-unwanted-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\71E6B979E60B9BE891481CC4F4A274E2DECFFCD7",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\EA9C51236A8D1BE9B123FE65F49772A97F2EAAEC",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\EFC872FB5405AFC377348FFCDD26E62BBB612D81",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\499B8F86D3D7ACD12153BFF4E7D9C21E20E57862",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4DE8480C465A21C0F01AA2B6F4E13E551F78BBB1",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\AFE5FBBD40656A0DF79CF1E5D0A1DF072C6B9AE9",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\chrome.manifest",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\8763F97414AC5D93807FCCBC67DBAAAEE2972A52",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\F6C3C960F259CC3B54FF1DAD70E2F2E9E5020CA6",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D88DC229735F2EE8DFE494C6D1F37FA7BB2227CE",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\F85DD1E57E8C61DF501ABFFCE74943A8035E83A6",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\state.json",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\shield-preference-experiments.json",
"C:\\Program Files (x86)\\Mozilla Firefox\\msvcp140.dll",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\archived",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\sessionstore.jsonlz4",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\omni.ja",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\006309EAFFD4653F45B69F09BF6F930B6C5B394C",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\63FFF734326AB3EF836515DFE9353A5E12B66B71",
"C:\\Windows\\System32\\ExplorerFrame.dll",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\54EF37D18C4E81EE554527CBAE4A41871ECA817A",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\extensions.json",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\CA53C817FAB68ABF181745737562B15E8CCB7039",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-environment-l1-1-0.dll",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\2918063365piupsah.sqlite",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-unwanted-proto.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\E600EF8778C4BFEC40D87FF56E5C46E3377094F0",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\16114BA75206B6FA4C51ADC8A73DB4C6635F6AF9",
"C:\\Program Files (x86)\\Mozilla Firefox",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\2F0CC71C57B06F9DEA5A4A190CC4CF489D97C1F4",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\mozstd-trackwhite-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\9B10ECC55593004CB6F9763CF9201C09433055FD",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\79AEB0050B19F23A061AD4C2045261954485EF33",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-malware-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\88A3A91F296EB21A832CB76FA4FDB06CCDE147B9",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\5014D54D3346C39B07AF70090657B2AD092771C7",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D56D07CBF04B0388B53B943F61C75FC6620FA0A9",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\crashes\\events",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\25FCAA86CF448D2943B56A5788C3C21E5EA8DBC4",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\urlCache-current.bin",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\events",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\places.sqlite",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-unwanted-proto.metadata",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage.sqlite",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\BB03D28C0A5842A9006EBFBFCDEC58959BE6B505",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\activity-stream@mozilla.org.xpi",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\53B7A8254D12E292946E4514B3D598C1E6539AE8",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-stdio-l1-1-0.dll",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-convert-l1-1-0.dll",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\24C085D72E4DC34C183B0875733BBC71612D9696",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\formautofill@mozilla.org.xpi",
"C:\\Windows\\System32\\KBDUS.DLL",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\723D2D7D52AD8AD9A4B8D12D69CBCD97CB4FFC65",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\448A2AB129B26377E2408BBC44A6B4E984B0F25D",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\FDC043D6190638980733E805CC7517F27A931511",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\70F12FE0F788181112B9AEE541D1E9E7E0FAEDE3",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\block-flashsubdoc-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\F456E8433011E699C016D5F1A2CD66D7F02F61A1",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\thumbnails\\ad5a4453bea49203135688a7b8db842d.png",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\ABA24AAB8A9EA0E34C3E86EFD7EE2992CE614003"
],
"regkey_opened": [
"HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows NT\\DnsClient",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Mozilla\\Firefox\\32to64DidMigrate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\MMDevices\\Audio\\Render\\{c8ce7349-e519-42ea-bfb7-698f1844ee25}",
"HKEY_CURRENT_USER\\Software\\Synaptics\\SynTPEnh\\UltraNavPS2",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{8613E14C-D0C0-4161-AC0F-1DD2563286BC}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions",
"HKEY_CURRENT_USER\\Software\\Lenovo\\TrackPoint",
"HKEY_CLASSES_ROOT\\FirefoxHTML-E7CF176E110C211B",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{0000897b-83df-4b96-be07-0fb58b01c4a4}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Class\\{4d36e968-e325-11ce-bfc1-08002be10318}\\0000",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\KnownClasses",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.html",
"HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows NT\\Rpc",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\000000000008",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\KnownFolderSettings",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{C1EE01F2-B3B6-4A6A-9DDD-E988C088EC82}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\000000000001",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\000000000002",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\000000000003",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\000000000004",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\000000000005",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\000000000006",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\000000000007",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\LSA\\AccessProviders",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-699399860-4089948139-3198924279-1001",
"HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.html\\UserChoice",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Shell\\Associations\\UrlAssociations\\http",
"HKEY_CURRENT_USER\\Software\\Elantech\\MainOption",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Tracing\\firefox_RASMANCS",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\msasn1",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion",
"HKEY_LOCAL_MACHINE\\Software\\Mozilla\\Firefox\\TaskBarIDs",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{03B5835F-F03C-411B-9CE2-AA23E1171E36}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\System\\Setup",
"HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ICM\\RegisteredProfiles",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\000000000010",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Avalon.Graphics\\DISPLAY1",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\DnsCache\\Parameters",
"HKEY_CURRENT_USER\\Software\\Policies\\Mozilla\\Firefox",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{F25E9F57-2FC8-4EB3-A41A-CCE5F08541E6}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Websense\\Agent",
"HKEY_CURRENT_USER\\Software\\Synaptics\\SynTPEnh\\UltraNavUSB",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\Interface\\{423EC01E-2E35-11D2-B604-00104B703EFD}\\ProxyStubClsid32",
"HKEY_CURRENT_USER\\Software\\Microsoft\\CTF\\DirectSwitchHotkeys",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Windows",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{618736E0-3C3D-11CF-810C-00AA00389B71}\\ProxyStubClsid32",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Mozilla\\Firefox\\TaskBarIDs",
"HKEY_CURRENT_USER\\SOFTWARE\\Mozilla\\Firefox\\32to64DidMigrate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{DCBD6FA8-032F-11D3-B5B1-00C04FC324A1}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}",
"HKEY_CURRENT_USER\\Software\\Lenovo\\UltraNav",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts",
"HKEY_CURRENT_USER\\Software\\Microsoft\\CTF\\LayoutIcon\\0409\\0000041d",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\PropertyBag",
"HKEY_CURRENT_USER\\SOFTWARE\\Policies",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\WinSock2\\Parameters",
"HKEY_CURRENT_USER\\Software\\Mozilla\\Firefox",
"HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\System\\DNSClient",
"HKEY_LOCAL_MACHINE\\HARDWARE\\DESCRIPTION\\System\\CentralProcessor\\0",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{3697C5FA-60DD-4B56-92D4-74A569205C16}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\1",
"HKEY_LOCAL_MACHINE\\Software\\MozillaPlugins",
"HKEY_CURRENT_USER\\Software\\Classes\\.pdf",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\PropertyBag",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Video\\{6FABAC3A-B3E4-4C2F-82E9-AA53D01C5093}\\0000",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SessionInfo\\1\\KnownFolders",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Mozilla\\MaintenanceService",
"HKEY_CURRENT_USER\\Interface\\{423EC01E-2E35-11D2-B604-00104B703EFD}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Setup",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\MMDevices\\Audio\\Render\\",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Avalon.Graphics",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies",
"HKEY_CLASSES_ROOT\\FirefoxHTML-E7CF176E110C211B\\shell\\open\\command",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\000000000009",
"HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\DWM",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{AE6BE008-07FB-400D-8BEB-337A64F7051F}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\PropertyBag",
"HKEY_CURRENT_USER\\Software\\Alps\\Apoint\\TrackPoint",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{E429B25A-E5D3-4D1F-9BE3-0C608477E3A1}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\MMDevices\\Audio\\Render\\{c8ce7349-e519-42ea-bfb7-698f1844ee25}\\Properties",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\Interface\\{1C1C45EE-4395-11D2-B60B-00104B703EFD}\\ProxyStubClsid32",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.pdf",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\application\/pdf",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Class\\{4D36E96E-E325-11CE-BFC1-08002BE10318}\\0000",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{F89E9E58-BD2F-4008-9AC2-0F816C09F4EE}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_CURRENT_USER\\Interface\\{1C1C45EE-4395-11D2-B60B-00104B703EFD}",
"HKEY_CURRENT_USER\\Keyboard Layout\\Toggle",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\00000005",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{531FDEBF-9B4C-4A43-A2AA-960E8FCDC732}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\",
"HKEY_LOCAL_MACHINE\\Software\\Synaptics\\SynTP\\Install",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\LDAP",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\MMDevices\\Audio\\Render\\{6fcf1fb3-47c2-4dea-98cf-b6fd0420a46f}",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Shell\\Associations\\UrlAssociations\\http\\UserChoice",
"HKEY_CURRENT_USER\\Software\\MozillaPlugins",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{78CB5B0E-26ED-4FCC-854C-77E8F3D1AA80}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Mozilla\\Firefox\\Extensions",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ICM\\RegisteredProfiles",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders",
"HKEY_CURRENT_USER\\SOFTWARE\\Mozilla\\Firefox\\Extensions",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Websense\\Agent",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\PropertyBag",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Mozilla\\Firefox",
"HKEY_LOCAL_MACHINE\\SOFTWARE",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{03022430-ABC4-11D0-BDE2-00AA001A1953}\\InProcServer32",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.html\\(Default)",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{07EB03D6-B001-41DF-9192-BF9B841EE71F}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\crypt32",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\ClusSvc",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\OLEAUT",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\FontSubstitutes",
"HKEY_LOCAL_MACHINE\\Software\\Alps\\Apoint",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\Tcpip\\Parameters",
"HKEY_LOCAL_MACHINE\\Software\\Cisco Systems\\VPN Client",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{A028AE76-01B1-46C2-99C4-ACD9858AE02F}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ICM",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{81D4E9C9-1D3B-41BC-9E6C-4B40BF79E35E}\\Category\\Category\\{534C48C1-0607-4098-A521-4FC899C73E90}",
"HKEY_CURRENT_USER\\Software\\Elantech",
"HKEY_CLASSES_ROOT\\FirefoxURL-E7CF176E110C211B\\shell\\open\\command"
],
"guid": [
"{a95664d2-9614-4f35-a746-de8db63617e6}",
"{c43dc798-95d1-4bea-9030-bb99e2983a1a}",
"{17072f7b-9abe-4a74-a261-1eb76b55107a}",
"{0000015b-0000-0000-c000-000000000046}",
"{44aca674-e8fc-11d0-a07c-00c04fb68820}",
"{8bc3f05e-d86b-11d0-a075-00c04fb68820}",
"{529a9e6b-6587-4f23-ab9e-9c7d683e3c50}",
"{591209c7-767b-42b2-9fba-44ee4615f2c7}",
"{4e530b0a-e611-4c77-a3ac-9031d022281b}",
"{4590f811-1d3a-11d0-891f-00aa004b2e24}",
"{6332debf-87b5-4670-90c0-5e57b408a49e}",
"{674b6698-ee92-11d0-ad71-00c04fd8fdff}",
"{d5f569d0-593b-101a-b569-08002b2dbf7a}",
"{dc12a687-737f-11cf-884d-00aa004b2e24}",
"{bcde0395-e52f-467c-8e3d-c4579291692e}",
"{77f10cf0-3db5-4966-b520-b7c54fd35ed6}",
"{56fdf344-fd6d-11d0-958a-006097c9a090}",
"{28b4d88b-e072-49e6-804d-26edbe21a7b9}",
"{e77cc89b-7401-4c04-8ced-149db35add04}",
"{0000034b-0000-0000-c000-000000000046}",
"{f309ad18-d86a-11d0-a075-00c04fb68820}",
"{aa80e801-2021-11d2-93e0-0060b067b86e}",
"{722a338c-6e8e-4e72-ac27-1417fb0c81c2}",
"{7c857801-7381-11cf-884d-00aa004b2e24}"
],
"connects_ip": [
"127.0.0.1"
],
"file_copied": [
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\block-flashsubdoc-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\block-flashsubdoc-digest256.pset"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-track-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-track-simple.pset"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-malware-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-malware-simple.pset"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\except-flashallow-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\except-flashallow-digest256.sbstore"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-phish-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-phish-simple.sbstore"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-harmful-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-harmful-simple.pset"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-trackwhite-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-trackwhite-simple.pset"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\allow-flashallow-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\allow-flashallow-digest256.pset"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-block-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-block-simple.pset"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-badbinurl-proto.metadata",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-badbinurl-proto.metadata"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-harmful-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-harmful-simple.sbstore"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\block-flash-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\block-flash-digest256.pset"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\except-flashallow-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\except-flashallow-digest256.pset"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\except-flash-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\except-flash-digest256.pset"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-downloadwhite-proto.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-downloadwhite-proto.pset"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-malware-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-malware-simple.sbstore"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-phish-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-phish-simple.pset"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-malware-proto.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-malware-proto.pset"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-unwanted-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-unwanted-simple.sbstore"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\mozstd-trackwhite-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\mozstd-trackwhite-digest256.pset"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\mozplugin-block-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\mozplugin-block-digest256.pset"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-malware-proto.metadata",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-malware-proto.metadata"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-trackwhite-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-trackwhite-simple.sbstore"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\allow-flashallow-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\allow-flashallow-digest256.sbstore"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\mozplugin-block-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\mozplugin-block-digest256.sbstore"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-badbinurl-proto.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-badbinurl-proto.pset"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-block-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-block-simple.sbstore"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-unwanted-proto.metadata",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-unwanted-proto.metadata"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\mozstd-trackwhite-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\mozstd-trackwhite-digest256.sbstore"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-track-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-track-simple.sbstore"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\block-flashsubdoc-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\block-flashsubdoc-digest256.sbstore"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-downloadwhite-proto.metadata",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-downloadwhite-proto.metadata"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-unwanted-proto.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-unwanted-proto.pset"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\except-flashsubdoc-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\except-flashsubdoc-digest256.pset"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\base-track-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\base-track-digest256.pset"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\base-track-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\base-track-digest256.sbstore"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\except-flashsubdoc-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\except-flashsubdoc-digest256.sbstore"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-unwanted-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-unwanted-simple.pset"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-phish-proto.metadata",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-phish-proto.metadata"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\except-flash-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\except-flash-digest256.sbstore"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\block-flash-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\block-flash-digest256.sbstore"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-phish-proto.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-phish-proto.pset"
]
],
"command_line": [
"\"C:\\Program Files (x86)\\Mozilla Firefox\\firefox.exe\" -contentproc --channel=\"2804.0.1621948294\\611156464\" -childID 1 -isForBrowser -boolPrefs 299:0| -stringPrefs 285:38;{30125161-3c7f-4c5a-bdb3-beadc01f5994}| -schedulerPrefs 0001,2 -greomni \"C:\\Program Files (x86)\\Mozilla Firefox\\omni.ja\" -appomni \"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\omni.ja\" -appdir \"C:\\Program Files (x86)\\Mozilla Firefox\\browser\" 2804 \"\\\\.\\pipe\\gecko-crash-server-pipe.2804\" 1468 tab",
"\"C:\\Program Files (x86)\\Mozilla Firefox\\firefox.exe\" -contentproc --channel=\"2804.6.1527108264\\1632374435\" -childID 2 -isForBrowser -boolPrefs 299:0| -stringPrefs 285:38;{30125161-3c7f-4c5a-bdb3-beadc01f5994}| -schedulerPrefs 0001,2 -greomni \"C:\\Program Files (x86)\\Mozilla Firefox\\omni.ja\" -appomni \"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\omni.ja\" -appdir \"C:\\Program Files (x86)\\Mozilla Firefox\\browser\" 2804 \"\\\\.\\pipe\\gecko-crash-server-pipe.2804\" 2664 tab"
],
"mutex": [
"Global\\MozillaUpdateMutex-AWkbzLFmEHPmIFtactC8kpT7UdM=",
"Local\\FirefoxStartupMutex"
],
"wmi_query": [
"SELECT * FROM Win32_BIOS"
],
"file_read": [
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\9843E084E02CC996A82AAAF091B968B2F443AA96",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\1E6CC88205509B4729347C79C048D6FEE47BA702",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4A7B3B12544D1B7ECC140DBCC7F13159E5C2811A",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\116C29D749EF02BBC3455756D834442785F9A388",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\C03DE41C9476F437402F1B6C64B0E4AB01A863E0",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\base-track-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\8366CD083751DA973B30F80B11D910A45A6D920D",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\BB03D28C0A5842A9006EBFBFCDEC58959BE6B505",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\1657114595AmcateirvtiSty.sqlite",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\F17F04878A68505AE5481A71D8B733C5FFC6F285",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\B3F357E619352C003E94A8CF5A48F89305F38330",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\BF13DDDC114B55CF8532A4CD90403A99233AEC0E",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D7152E928865BCA4A03E2E2EA4F70459D0A65CA9",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\5DE23E815D1A97B1F4BEA115D8FEE9A592A6F071",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\80C4BD9CF4D3178043F25467076DC8E0EDCA7FA2",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\63F48F4F7F1BC3195F5AB831F9794F3DBA2D30E1",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\22C4B7AADA22F61015D43F2AC3959E959BFA7C92",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\25BA5C2B3FD98507850409FC3A4FD981B4B57A95",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-unwanted-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\FF55B8192FB0DF5264A1A67E55A281598969EDD1",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\favicons.sqlite",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-convert-l1-1-0.dll",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-trackwhite-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4945586D32183A203E85FAFFD463A7684FD62668",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4E7F371E5CFBFD3AFD85C29D7EEFFFE842B3C777",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\24AB539CB6640E15DB1604220F3951544785212C",
"C:\\Program Files (x86)\\Mozilla Firefox\\lgpllibs.dll",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\0C2824F70ADF87E5071FE4771AF36357A5500643",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\7F2254AA2A8BC4A627A43E0A537084540A1E884B",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D88DC229735F2EE8DFE494C6D1F37FA7BB2227CE",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\EE34617993BEF52E93EC1819B22D42B99366214A",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\BA91797ACB41F0E0E1E95742571EEE322A6A70F0",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\webext.sc.lz4",
"C:\\Program Files (x86)\\Mozilla Firefox\\defaults\\pref\\channel-prefs.js",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\BD75785200C0E1E894D78880C72AC03D1B02A575",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\9B1007AC2F741C4FD7099C41A741D0FD35957BB8",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\F85DD1E57E8C61DF501ABFFCE74943A8035E83A6",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\mozplugin-block-digest256.pset",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\sessionCheckpoints.json",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\CCB2BB2D87699CA64DCF0C60BDECD1E30D1D6A11",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\406A03EE0E91037465ACB2B4F4105250A54F282B",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\EFC872FB5405AFC377348FFCDD26E62BBB612D81",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\12C5797F729FEAC529B8B47C188D14EB02D8CB76",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\F8AC72083E334F70A553AE68455FBDF0E65C5221",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\6509930F4539DB79DA356F2C5D01976D46756302",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-trackwhite-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-phish-proto.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-track-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\C7BCCD2D2CA294B38AE834D818CF5D5C0C7A65BE",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\except-flash-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\B7DB036074231ACC212F58CA5B8AF0545A418060",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\773ADD9F62EEAF7F2246C8AD56A9F1B7BAA7B703",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\2E3648501A7ACB740BAFCE7FC3EAF3D4DC4E995D",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-downloadwhite-proto.metadata",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\A698B6CF98F43F9B0EE1C1DAF3F2CB9BFF09A47C",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\9BA38CD17924C08AD334BFB3903E3E7CD5627B1B",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\2DDBF58F5F7BF1E52CD38B42B90ABC8A4B082461",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-block-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\mozplugin-block-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\E7EAFD1748127CEAA48DCDD05E7998E3CAA95B8C",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D1A8E6A06938A84BEC26B6A4F8D583FB4A3E4875",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\464DAA9FB3675E2054BC44273AFC184FA46471CB",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\1F3A3A34BAF218785600EB46E9182918B9928898",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\10822A86FA4EA4E601152426CBC79395A1336DF4",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\B2D65EE14ED1EB19E1A3B4C871D8C24A13F52918",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4824C8FFDEE786A5D8721AF47836EA89F72B9E63",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\A41FBA22DC5012AD425DF960BDD5033BAB7C7CB6",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\7B303216787123E2E98A2B9594CDF8211C77C0EA",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\9B10ECC55593004CB6F9763CF9201C09433055FD",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D5D7B247774E63182A9E2C82B62424AAB64C79A8",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-phish-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-harmful-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\745D8B14DE6A12F1FAB4E03C1DDDB18AADB91107",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\14C9FC10F03F11BB6CBD75EA217AB33E64DCC1D8",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\87526A8EBFB030E474085D20EF15DC8C63814072",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\7129FF815464CD6B0D2D26BA6F4172DEB37EEEAD",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\startupCache.4.little",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\7A8D3A9360CC37F0AD80962D4AEA72B6D0F0B2B3",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\compatibility.ini",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\BFF1B70350A6A2E0FDC6CD336ADB9119D951BACD",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\235A8ED310BFD65966E1EE36D0FD4BE498C8B73C",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\addons.json",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\SiteSecurityServiceState.txt",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\B597DA2E9B2D181DF7F2FB8D2BAEC133C8DBA0A3",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\thumbnails\\f8f5d529d35334f2fb264d19f656224e.png",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\xulstore.json",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\A9004750076EB06EEC33AA7B9CC6D2557CD44CF4",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\.metadata-v2",
"\\\\?\\PIPE\\samr",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\CA53C817FAB68ABF181745737562B15E8CCB7039",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\0CB83587A5F8FCB502CB86AC361A93E2B36E861C",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4966EE335F8967FC706E89E6D02E8524E946F1B9",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-time-l1-1-0.dll",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\5E4954707B44E5A4B4ACF5F22B52219A1DCA477F",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\2F8B15C93D75669CC70EBF85BF71871359837EAF",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-unwanted-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\AA109EF5680522CB655C98111C00F5A6B7B092B2",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\1679441B8AA7B4D31717C773CC4E86A25B37532B",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-harmful-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\9548F9611999ED8CA357720E12017816424CFB6F",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\B871BCA40A90227E35C39797525C79C94A1D99BE",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\1AB027184D2B00AF60C1FC40EDE4333DEACDB184",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-downloadwhite-proto.pset",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\search.json.mozlz4",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\65C9C9A27B78717F1015DE362F028E04C3945DEC",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\except-flashsubdoc-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\54EF37D18C4E81EE554527CBAE4A41871ECA817A",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\C57B57965CBA09581E320B5AA0337D210F8F93D2",
"C:\\Program Files (x86)\\Mozilla Firefox\\dependentlibs.list",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\webappsstore.sqlite",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\AC5E012C1887C7B691A8EA00C4E754025E25C235",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\96ABC2EA8266E6EA2ABE62F8766B67BC8CA527BD",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\19AE0F43DA3528C6C3423A49A8C88E2268C93A9F",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\7A140995F2B1632A4366B29F84525E129CE8019A",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-utility-l1-1-0.dll",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-trackwhite-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\5910B209536948818F465D83D2569E7CE0895207",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\content-prefs.sqlite",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-malware-proto.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\block-flashsubdoc-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\89ACBB962943FAF1EF2F1C7CA72502C77A714625",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\2732BCC97E7EB9EC9DE3E8EA8F56D7971CBDCD22",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-phish-proto.metadata",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-malware-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\950506BC89C1114E4E75E993855000430CECD9D9",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\719CE0C009C49A27AA9874570F196BC7E8FB4270",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\F2BD0701B9399ABF52C338C39C42391FD12832D2",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\796EA7DED8F33BFD4F2F0CD98C76865D063E1FE1",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\B25B8C1B43CF7FBFAE6666322FAC0E83376388E2",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\34D9B2F464DD8C129F58DFEE470B079556A7A3F9",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\except-flashsubdoc-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\A9970A5D52CA09C13D9BD1531BCA7CF8B73E283E",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\167493A5CFB1A41265EC1B95DA06580C32BCF814",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\block-flash-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\E59C4C731883450D84A0BAE7FDD94546BBC8DE04",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\01B2BB0FC84221A3593CA7991D57E56AC2CAE656",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\F10983A15DD515D828BE4E816299B9E87852132A",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-malware-proto.metadata",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\EFE71EF03AD3DD79AAEBAA0A3F9596521CBA2FFE",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\6052DF2D478CD99FDE4D4B2D810BB2BA580793EC",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\DF08D94982E136FE7C4F2C94421F9E48C2C74A77",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-filesystem-l1-1-0.dll",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D6BFEAEE7117A9C7FDE6A10EAB400F894E4195A8",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\2FD2E2A71F89E3A92F68CB796207228217259289",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-heap-l1-1-0.dll",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\C4FA0268E64A0AD9E2040B07A1F10F120BD4EB0C",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\911B0C61350C012E383F7D0845A33B4D64F1AD2A",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-unwanted-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\activity-stream.tippytop.json",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\71E6B979E60B9BE891481CC4F4A274E2DECFFCD7",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\7ADD52E257AB16553D632B8F4B6830030878A19E",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\10506E8A46D6B713DA6BAF52F85CF29652AB094C",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\B10EA6E071F884F477118DC8A00E82FC8DE58639",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\32D3D40B1A49D72C523AF9C518AFE673224DF48F",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\key4.db",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\499B8F86D3D7ACD12153BFF4E7D9C21E20E57862",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\F6C3C960F259CC3B54FF1DAD70E2F2E9E5020CA6",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D381FB47D731C2651FB103E2F7BC18AF380F7B1F",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4DE8480C465A21C0F01AA2B6F4E13E551F78BBB1",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\AFE5FBBD40656A0DF79CF1E5D0A1DF072C6B9AE9",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\8763F97414AC5D93807FCCBC67DBAAAEE2972A52",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cert9.db",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\0FEBD8BDBFAC8B82791945DC7E04F675419B2F42",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\block-flash-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-badbinurl-proto.metadata",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\03C2D63D520038594126B6B542E92CB503EF60B6",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\505DF13F4DA2C53FEB1945E0598B23F47FDBDCC7",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\E8F333B9BE75EC8017017DAE4ACE9DCC6677A983",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\EA9C51236A8D1BE9B123FE65F49772A97F2EAAEC",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\state.json",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-runtime-l1-1-0.dll",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-block-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\shield-preference-experiments.json",
"C:\\Program Files (x86)\\Mozilla Firefox\\msvcp140.dll",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\1E1444ABF82EF1DC8EE0944028E4CDA455D636F3",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\05582FF5C196A4485F189490FEC9ECEA0890DA32",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\6301F538B782708AB243E2D7E05058C93BB83863",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-block-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\63FFF734326AB3EF836515DFE9353A5E12B66B71",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\sessionstore.jsonlz4",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\448A2AB129B26377E2408BBC44A6B4E984B0F25D",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\13AD07F4960A54F2D183ACF9E94C5128138B1927",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\589D8E1EA927649272150213A47BD1143DECB82A",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-malware-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\allow-flashallow-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\006309EAFFD4653F45B69F09BF6F930B6C5B394C",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\permissions.sqlite",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\E771454BB360CA5F7AA169E5416B493549BC2F59",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\ED89A8241905354BB4530DC06257CEF53C1580A2",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\handlers.json",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\B028362E3889BEAC998CED49FD74BA83B106FF93",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-phish-simple.pset",
"C:\\Program Files (x86)\\Mozilla Firefox\\VCRUNTIME140.dll",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D3AEF13BE0B76F1272C2F5536D4AF952DE6D2579",
"C:\\Windows\\System32\\ExplorerFrame.dll",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\68B1EB9E09D4BD74CA7A9C1BB118BE821BD39E93",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\698AC159A6BCBA0D13FE6F10F1A38E498F826F33",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\0CDAD0FEE8D457A239E21FCEAC3C12851FD524BB",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\extensions.json",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-unwanted-proto.metadata",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-trackwhite-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D8779A474EF9F188508C00F92B9CE49A7892A0AD",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\481A82674A6B66F0DE510C9A714F8CD8C49CECDC",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\66F684AF9CC570C6247262B47C769C601C2A338B",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\46E3AF25E304979396708B69DA68563169275511",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\allow-flashallow-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\53DAE4B1D7BFF6744CCAF7207DE631267F9883DC",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\2918063365piupsah.sqlite",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\containers.json",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-unwanted-proto.pset",
"C:\\Program Files (x86)\\Mozilla Firefox\\gmp-clearkey\\0.1\\manifest.json",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\InstallTime20180605171542",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\prefs.js",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\17AFA6B228D2D87514B84B53E61306EC9F76A8AE",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\A3031C2052A395A7FE246EFE1783C6205B841295",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\179F6D8969C48967D77229126C8892C5E40DBC29",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\E600EF8778C4BFEC40D87FF56E5C46E3377094F0",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D56D07CBF04B0388B53B943F61C75FC6620FA0A9",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\C664ABAE6A070392F60C7BFF721450AA0CF7DBA0",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\A2FD2AEC52AD764EF05C6E7CE3A4CE4B752EA5F0",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\16114BA75206B6FA4C51ADC8A73DB4C6635F6AF9",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4EC268BEC38CFB516EF780E0EBE4E401AF241132",
"C:\\Windows\\System32\\spool\\drivers\\color\\sRGB Color Space Profile.icm",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\2F0CC71C57B06F9DEA5A4A190CC4CF489D97C1F4",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\08F6935A08DB711CA491DE732807CFAEAB3E4D3B",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D5E6BECED2D69F7DA21EFD7B80D6C386F459CAF3",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\mozstd-trackwhite-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\53A3BB8B513161BF46CD7ED76BE06E8E633BE492",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\B43D30F6F6BD7155ECCE1FFC98748C5FE69D8051",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cookies.sqlite",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\1D7A050D55E3C4EE69402F8D55391DE5B50ADDB9",
"C:\\Program Files (x86)\\Mozilla Firefox\\mozglue.dll",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\pkcs11.txt",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\92B5C9352DD00CE3BC97E4D5F624D41C2B3E8A45",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\6C9B846926C287B15F67D64CE91F1CFA7D812660",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\79AEB0050B19F23A061AD4C2045261954485EF33",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\E910D1FCE8BF27F5536B88567A4DC32624377CC3",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\except-flashallow-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-phish-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\88A3A91F296EB21A832CB76FA4FDB06CCDE147B9",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\BA3014356B4F6ECADF1B5288B6841EB407783B99",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\5014D54D3346C39B07AF70090657B2AD092771C7",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-phish-simple.pset",
"C:\\Program Files (x86)\\Mozilla Firefox\\xul.dll",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\2B0BB856207559EBA5FC5511DF6FF5F51DFB5146",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\639DC9A240AA5E77CE1A930EDDD634BE796CBFA8",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\6D0B804EDDF9F0A04ED44C3E1673404FC2EF042D",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-harmful-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4FA5EE242D6F5B358CE45D291E80054726F198AC",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\C9BC79B1EF4DD1EF133FEDF6433E235214534AB1",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\25FCAA86CF448D2943B56A5788C3C21E5EA8DBC4",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\times.json",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\E2E836DA4479746F0312710A7F9EE78D7DFD4750",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\8C98F893C7DC5F2C401AD1482A81572B54197408",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\AC09BBF6FF451E6C03BF3FB18C85B1A52662C4FC",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\profiles.ini",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\0EDDF8C091E2FED62E44BEDDDC1723F5BF38FE4F",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\places.sqlite",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\EAF97F7535E2FBDA3D23E536591F7BBFE203FAC1",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-string-l1-1-0.dll",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage.sqlite",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\addonStartup.json.lz4",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\2E51A9404F7D0D33DB132CAF4A9C7B8FA64549AA",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\75E50D054B90189E74DAB0C86F5E8680BE580C29",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-unwanted-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-track-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\except-flash-digest256.sbstore",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-math-l1-1-0.dll",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\DC933A410E769DFD115C892EAF014A6E15ED59CE",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\session-state.json",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-track-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\2361C75DF0C4148925BB777DAFEA1BF4F9552B47",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\53B7A8254D12E292946E4514B3D598C1E6539AE8",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\3A472858AE5D0DD4813DF4EFC9F1037A487B1A64",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\F18D85F52EBBBA2AB081EF739ED0D6E8A76D497C",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-stdio-l1-1-0.dll",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-block-simple.sbstore",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-locale-l1-1-0.dll",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\blocklist.xml",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\8322BC5E83D3D80175E749D29197F9800286F253",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\70F12FE0F788181112B9AEE541D1E9E7E0FAEDE3",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\3105ECE5A1F29E3F4D2F5EDF3C6DC5FE4443FD4A",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4E83181E964BD40E1FE4C41BAFED645D4BA363B1",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\FDC043D6190638980733E805CC7517F27A931511",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-harmful-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\93B95B92B63A5C2327A8048A4BF57824C56B8CF1",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\25D9FE4CEA5B58770648CDAF3242ACDE286A6CBF",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-track-simple.pset",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-multibyte-l1-1-0.dll",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\6E1FED29EBE0BFDE3E498E4192938BE957FF9246",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-badbinurl-proto.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\723D2D7D52AD8AD9A4B8D12D69CBCD97CB4FFC65",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\crashes\\store.json.mozlz4",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4AFCE23AA61A96885DF21D2DE2FFB502C41EBD3C",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-environment-l1-1-0.dll",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D1B90B03F8D7A2BA6BA1E9251F8101DECDB2CBEC",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\3561288849sdhlie.sqlite",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\89DBE1DF558BB8439E2062ECC3272086F2E3FF1F",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D172C03F361E7325D8F391F992106A828306767D",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\base-track-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\1FD79E550E990A5DE8BC811C9BBECF380A66A9DF",
"C:\\Program Files (x86)\\Mozilla Firefox\\nss3.dll",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-malware-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\64E75C732D9C3F23724ACEF48E9B6C566BC6D9BE",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-malware-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\120B4106EC203FC932984367D86BBE11C2B9B93C",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\thumbnails\\ad5a4453bea49203135688a7b8db842d.png",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\24C085D72E4DC34C183B0875733BBC71612D9696",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\block-flashsubdoc-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\except-flashallow-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\F456E8433011E699C016D5F1A2CD66D7F02F61A1",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\196BCA845E91608F7B4CA6127A60D20AF55413AC",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\361B548BA913570AB336F9E5FA9152F01E567AB9",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\mozstd-trackwhite-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\ABA24AAB8A9EA0E34C3E86EFD7EE2992CE614003"
],
"regkey_read": [
"HKEY_CURRENT_USER\\Keyboard Layout\\Toggle\\Language Hotkey",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\PublishExpandedPath",
"HKEY_CURRENT_USER\\Keyboard Layout\\Toggle\\Hotkey",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Mozilla\\Firefox\\TaskBarIDs\\C:\\Program Files (x86)\\Mozilla Firefox",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Serial_Access_Num",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Stream",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Tracing\\firefox_RASMANCS\\ConsoleTracingMask",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\LDAP\\UseHostnameAsAlias",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-699399860-4089948139-3198924279-1001\\ProfileImagePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\Stream",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.html\\UserChoice\\Progid",
"HKEY_LOCAL_MACHINE\\SYSTEM\\Setup\\SystemSetupInProgress",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\GRE_Initialize\\DisableMetaFiles",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Keyboard Layout\\d0010409",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\Interface\\{618736E0-3C3D-11CF-810C-00AA00389B71}\\ProxyStubClsid32\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Description",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\000000000002\\PackedCatalogItem",
"HKEY_CURRENT_USER\\FirefoxURL-E7CF176E110C211B\\shell\\open\\command\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Tracing\\firefox_RASMANCS\\EnableFileTracing",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Mozilla\\Firefox\\32to64DidMigrate\\Never",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\SourcePath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\000000000010\\PackedCatalogItem",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Num_Catalog_Entries",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\LocalRedirectOnly",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\PreCreate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Attributes",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Video\\{6FABAC3A-B3E4-4C2F-82E9-AA53D01C5093}\\0000\\HardwareInformation.MemorySize",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Tcpip\\Parameters\\Domain",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\DisableImprovedZoneCheck",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows NT\\CurrentVersion\\Windows\\LoadAppInit_DLLs",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\PreCreate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Tracing\\firefox_RASAPI32\\EnableConsoleTracing",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\DWM\\AccentColor",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\Stream",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\Security",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Tracing\\firefox_RASMANCS\\FileDirectory",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\Roamable",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Current_Protocol_Catalog",
"HKEY_LOCAL_MACHINE\\HARDWARE\\DESCRIPTION\\System\\CentralProcessor\\0\\Identifier",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\000000000003\\PackedCatalogItem",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Name",
"HKEY_LOCAL_MACHINE\\HARDWARE\\DESCRIPTION\\System\\CentralProcessor\\0\\VendorIdentifier",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Tracing\\firefox_RASMANCS\\FileTracingMask",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Next_Catalog_Entry_ID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ICM\\RegisteredProfiles\\camp",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\InstallDate",
"HKEY_CURRENT_USER\\.pdf\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\000000000008\\PackedCatalogItem",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Tracing\\firefox_RASMANCS\\MaxFileSize",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Video\\{6FABAC3A-B3E4-4C2F-82E9-AA53D01C5093}\\0000\\HardwareInformation.qwMemorySize",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\LocalRedirectOnly",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Language\\InstallLanguageFallback",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Tracing\\firefox_RASAPI32\\ConsoleTracingMask",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\crypt32\\DebugHeapFlags",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\000000000001\\PackedCatalogItem",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\ParentFolder",
"HKEY_CURRENT_USER\\Keyboard Layout\\Toggle\\Layout Hotkey",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\FolderTypeID",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\Local AppData",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\PreCreate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\HARDWARE\\DESCRIPTION\\System\\CentralProcessor\\0\\~Mhz",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\EMPTY",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\Stream",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\Security",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\FolderTypeID",
"HKEY_CURRENT_USER\\Control Panel\\Desktop\\MuiCached\\MachinePreferredUILanguages",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\LDAP\\LdapClientIntegrity",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\LocalizedName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Security_HKLM_only",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\MMDevices\\Audio\\Render\\{c8ce7349-e519-42ea-bfb7-698f1844ee25}\\Properties\\{f3e80bef-1723-4ff2-bcc4-7f83dc5e46d4},3",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\MUI\\UILanguages\\en-US\\Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\Roamable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Video\\{6FABAC3A-B3E4-4C2F-82E9-AA53D01C5093}\\0000\\InstalledDisplayDrivers",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{03022430-ABC4-11D0-BDE2-00AA001A1953}\\InProcServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\DevicePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\Interface\\{423EC01E-2E35-11D2-B604-00104B703EFD}\\ProxyStubClsid32\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\PreCreate",
"HKEY_CURRENT_USER\\Control Panel\\Desktop\\PreferredUILanguages",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\MUI\\UILanguages\\en-US\\AlternateCodePage",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\Interface\\{1C1C45EE-4395-11D2-B60B-00104B703EFD}\\ProxyStubClsid32\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\000000000009\\PackedCatalogItem",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Tracing\\firefox_RASAPI32\\MaxFileSize",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\Description",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\MMDevices\\Audio\\Render\\{c8ce7349-e519-42ea-bfb7-698f1844ee25}\\Properties\\{5a9125b7-f367-4924-ace2-0803a4a3a471},0",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\Icon",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Tcpip\\Parameters\\Hostname",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\LocalizedName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\LocalRedirectOnly",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Tracing\\firefox_RASMANCS\\EnableConsoleTracing",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ICM\\RegisteredProfiles\\rip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Tracing\\firefox_RASAPI32\\FileDirectory",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\MMDevices\\Audio\\Render\\{6fcf1fb3-47c2-4dea-98cf-b6fd0420a46f}\\DeviceState",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\en-US",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\AccessProviders\\MartaExtension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\HARDWARE\\DESCRIPTION\\System\\CentralProcessor\\0\\Update Signature",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\000000000004\\PackedCatalogItem",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\Security",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\LocalizedName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\MMDevices\\Audio\\Render\\{6fcf1fb3-47c2-4dea-98cf-b6fd0420a46f}\\Protocol",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Security",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Shell\\Associations\\UrlAssociations\\http\\UserChoice\\Progid",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\LocalRedirectOnly",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Roamable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\InitFolderHandler",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows NT\\CurrentVersion\\Windows\\AppInit_DLLs",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Tracing\\firefox_RASAPI32\\FileTracingMask",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\CTF\\EnableAnchorContext",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E96E-E325-11CE-BFC1-08002BE10318}\\0000\\ProfileEnumMode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\Description",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Mozilla\\Firefox\\32to64DidMigrate\\C:\\Program Files (x86)\\Mozilla Firefox",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\MMDevices\\Audio\\Render\\{c8ce7349-e519-42ea-bfb7-698f1844ee25}\\Role:1",
"HKEY_CURRENT_USER\\Keyboard Layout\\Preload\\1",
"HKEY_CURRENT_USER\\FirefoxHTML-E7CF176E110C211B\\shell\\open\\command\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\000000000007\\PackedCatalogItem",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Mozilla\\MaintenanceService\\Attempted",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\en-US",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ICM\\RegisteredProfiles\\sRGB",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\Description",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\LocalizedName",
"HKEY_CURRENT_USER\\FirefoxHTML-E7CF176E110C211B\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E968-E325-11CE-BFC1-08002BE10318}\\0000\\DriverVersion",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E968-E325-11CE-BFC1-08002BE10318}\\0000\\DriverDate",
"HKEY_LOCAL_MACHINE\\HARDWARE\\DESCRIPTION\\System\\CentralProcessor\\0\\Update Revision",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\LDAP\\UseOldHostResolutionOrder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Tracing\\firefox_RASAPI32\\EnableFileTracing",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Mozilla\\MaintenanceService\\Installed",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SQMClient\\Windows\\CEIPEnable",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\CLASS\\{4D36E96E-E325-11CE-BFC1-08002BE10318}\\0000\\ICMProfile",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\AppData",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\StreamResource",
"HKEY_CURRENT_USER\\Control Panel\\International\\Geo\\Nation",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\000000000006\\PackedCatalogItem",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{A520A1A4-1780-4FF6-BD18-167343C5AF16}\\Name",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\000000000005\\PackedCatalogItem",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ICM\\RegisteredProfiles\\ri",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\MMDevices\\Audio\\Render\\{c8ce7349-e519-42ea-bfb7-698f1844ee25}\\Protocol",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}\\Roamable",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\WinSock_Registry_Version",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\MMDevices\\Audio\\Render\\{c8ce7349-e519-42ea-bfb7-698f1844ee25}\\DeviceState",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\ParentFolder"
],
"file_created": [
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cookies.sqlite-wal",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\3561288849sdhlie.sqlite-wal",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\addons.json.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-phish-simple-1.sbstore",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\webappsstore.sqlite-wal",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\session-state.json.tmp",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cookies.sqlite-shm",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\aborted-session-ping.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-block-simple-1.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\.startup-incomplete",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\prefs-1.js",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\urlCache-new.bin",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-unwanted-simple-1.sbstore",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\3561288849sdhlie.sqlite-shm",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\favicons.sqlite-wal",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-harmful-simple-1.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-trackwhite-simple-1.sbstore",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\2918063365piupsah.sqlite-wal",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\places.sqlite-shm",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\1657114595AmcateirvtiSty.sqlite-shm",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\favicons.sqlite-shm",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\1657114595AmcateirvtiSty.sqlite-wal",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-track-simple-1.sbstore",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\sessionCheckpoints.json.tmp",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\crashes\\store.json.mozlz4.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-malware-simple-1.sbstore",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\places.sqlite-wal",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\webappsstore.sqlite-shm",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\scriptCache-child-new.bin",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\xulstore.json.tmp",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\2918063365piupsah.sqlite-shm",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\scriptCache-new.bin"
],
"dll_loaded": [
"dbghelp.dll",
"C:\\Windows\\System32\\mswsock.dll",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-locale-l1-1-0.dll",
"kernel32",
"C:\\Program Files (x86)\\Mozilla Firefox\\softokn3.dll",
"WINTRUST.dll",
"WINSTA.dll",
"C:\\Program Files (x86)\\Mozilla Firefox\\xul.dll",
"gdi32.dll",
"DNSAPI.dll",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-time-l1-1-0.dll",
"kernel32.dll",
"API-MS-Win-Security-SDDL-L1-1-0.dll",
"netutils.dll",
"SAMLIB.dll",
"C:\\Windows\\system32\\ole32.dll",
"AUDIOSES.DLL",
"dwmapi.dll",
"ntdll.dll",
"C:\\Windows\\system32\\napinsp.dll",
"dwrite.dll",
"ntmarta.dll",
"setupapi.dll",
"API-MS-WIN-Service-Management-L1-1-0.dll",
"C:\\Program Files (x86)\\Mozilla Firefox\\lgpllibs.dll",
"API-MS-Win-Core-LocalRegistry-L1-1-0.dll",
"xul.dll",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-utility-l1-1-0.dll",
"C:\\Program Files (x86)\\Mozilla Firefox\\MSVCP140.dll",
"cryptbase.dll",
"C:\\PROGRA~2\\MOZILL~1\\nssckbi.dll",
"RASMAN.DLL",
"mscms.dll",
"C:\\Program Files (x86)\\Mozilla Firefox\\freebl3.dll",
"ole32.dll",
"C:\\Program Files (x86)\\Mozilla Firefox\\VCRUNTIME140.dll",
"ws2_32.dll",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-stdio-l1-1-0.dll",
"USER32.dll",
"C:\\Program Files (x86)\\Mozilla Firefox\\mozglue.dll",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-convert-l1-1-0.dll",
"C:\\Windows\\system32\\IMM32.DLL",
"API-MS-WIN-Service-winsvc-L1-1-0.dll",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-string-l1-1-0.dll",
"C:\\Windows\\syswow64\\MSCTF.dll",
"rtutils.dll",
"Iphlpapi.dll",
"kbdus.dll",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-environment-l1-1-0.dll",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-multibyte-l1-1-0.dll",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-runtime-l1-1-0.dll",
"C:\\Windows\\system32\\pnrpnsp.dll",
"samcli.dll",
"RPCRT4.dll",
"C:\\Windows\\System32\\winrnr.dll",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-filesystem-l1-1-0.dll",
"WININET.dll",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-heap-l1-1-0.dll",
"C:\\Windows\\system32\\NLAapi.dll",
"C:\\Program Files (x86)\\Mozilla Firefox\\nss3.dll",
"CRYPTSP.dll",
"CFGMGR32.dll",
"Gdi32.dll",
"Dnsapi.dll",
"Kernel32",
"Kernel32.dll",
"C:\\Program Files (x86)\\Mozilla Firefox\\api-ms-win-crt-math-l1-1-0.dll",
"C:\\Program Files (x86)\\Mozilla Firefox\\firefox.exe",
"OLEAUT32.DLL",
"ADVAPI32.dll",
"rpcrt4.dll",
"WS2_32.dll",
"C:\\Windows\\system32\\dxgi.dll",
"user32.dll"
],
"file_moved": [
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\urlCache.bin",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\urlCache-current.bin"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-trackwhite-simple-1.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-trackwhite-simple.sbstore"
],
[
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\session-state.json.tmp",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\session-state.json"
],
[
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\addons.json.tmp",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\addons.json"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\urlCache-new.bin",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\urlCache.bin"
],
[
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\sessionCheckpoints.json.tmp",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\sessionCheckpoints.json"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\scriptCache-child.bin",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\scriptCache-child-current.bin"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-harmful-simple-1.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-harmful-simple.sbstore"
],
[
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\aborted-session-ping.tmp",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\aborted-session-ping"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-block-simple-1.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-block-simple.sbstore"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-backup",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing"
],
[
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\prefs-1.js",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\prefs.js"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-phish-simple-1.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-phish-simple.sbstore"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-backup"
],
[
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\crashes\\store.json.mozlz4.tmp",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\crashes\\store.json.mozlz4"
],
[
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\xulstore.json.tmp",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\xulstore.json"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\scriptCache-child-new.bin",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\scriptCache-child.bin"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-unwanted-simple-1.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-unwanted-simple.sbstore"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-malware-simple-1.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-malware-simple.sbstore"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\scriptCache-new.bin",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\scriptCache.bin"
],
[
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-track-simple-1.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-track-simple.sbstore"
]
],
"file_written": [
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cookies.sqlite-wal",
"\\\\?\\PIPE\\samr",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\addons.json.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-phish-simple-1.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-phish-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-harmful-simple.pset",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\session-state.json.tmp",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\aborted-session-ping.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-block-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-block-simple-1.sbstore",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\prefs-1.js",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-malware-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-unwanted-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\urlCache-new.bin",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-unwanted-simple-1.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-harmful-simple-1.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-trackwhite-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-trackwhite-simple-1.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-track-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D1B90B03F8D7A2BA6BA1E9251F8101DECDB2CBEC",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-track-simple-1.sbstore",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\sessionCheckpoints.json.tmp",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\crashes\\store.json.mozlz4.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-malware-simple-1.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\scriptCache-child-new.bin",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\startupCache.4.little",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\scriptCache-new.bin"
],
"file_recreated": [
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-block-simple-1.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-harmful-simple-1.sbstore",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\prefs-1.js",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-malware-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-trackwhite-simple-1.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-phish-simple-1.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-track-simple-1.sbstore",
"\\??\\MountPointManager",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-phish-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-unwanted-simple.pset",
"\\??\\C:",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-malware-simple-1.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-harmful-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-trackwhite-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-unwanted-simple-1.sbstore",
"\\??\\Nsi",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\parent.lock",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-track-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-block-simple.pset"
],
"directory_created": [
"C:\\Users\\cuck\\AppData\\LocalLow\\Mozilla",
"C:\\Users\\cuck\\AppData\\LocalLow",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting",
"C:\\Users\\cuck\\AppData",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default",
"C:\\Users\\cuck\\AppData\\LocalLow\\Mozilla\\Temp-{30125161-3c7f-4c5a-bdb3-beadc01f5994}",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\crashes\\events",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\crashes",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\events",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\bookmarkbackups",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\gmp",
"C:\\Users",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\gmp\\WINNT_x86-msvc",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox",
"C:\\Users\\cuck\\AppData\\Roaming",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Pending Pings",
"C:\\Users\\cuck\\AppData\\Local",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla",
"C:\\Users\\cuck",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating"
],
"file_failed": [
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\user.js",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\ta.res",
"C:\\Windows\\System32\\twinapi.appcore.dll",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\bo.res",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\hi.res",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\chr.res",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\hsb.res",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\sr.res",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\am.res",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\el.res",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\ky.res",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\ru.res",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-unwanted-proto.sbstore",
"C:\\Windows\\System32\\DataExchange.dll",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\sl.res",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\aborted-session-ping",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\or.res",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-track-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\en_US.res",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\uts46.nrm",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\ko.res",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\smn.res",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\fi.res",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\yi.res",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\pl.res",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\postSigningData",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\ja.res",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\ee.res",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\lv.res",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\ug.res",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\cnvalias.icu",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-phish-proto.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\ga.res",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\fa.res",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-phish-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-unwanted-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\as.res",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\fa_AF.res",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\sv.res",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\az.res",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\sr_Latn.res",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\wae.res",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\mn.res",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\ur.res",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\pa.res",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\eo.res",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\es.res",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\vi.res",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\ms.res",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\res_index.res",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\se.res",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\ShutdownDuration.json",
"C:\\Program Files (x86)\\Mozilla Firefox\\distribution\\policies.json",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\ps.res",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\ha.res",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\haw.res",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-harmful-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-malware-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\mt.res",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\kl.res",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-downloadwhite-proto.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\to.res",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\si.res",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\bg.res",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\nb.res",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\pending-deletion-ping",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\zu.res",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\hu.res",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\kk.res",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\km.res",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\en_US_POSIX.res",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\bs_Cyrl.res",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\sq.res",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\pt.res",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\gu.res",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\hy.res",
"C:\\Windows\\System32\\twinapi.dll",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\mr.res",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\ln.res",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\lkt.res",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\de.res",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\ca.res",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\ka.res",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-block-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\ml.res",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\hr.res",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\ne.res",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-malware-proto.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\res_index.res",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\fo.res",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\logins.json",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\bn.res",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\id.res",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\sk.res",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\ucadata.icu",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cert_override.txt",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\cs.res",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\kn.res",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\root.res",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-badbinurl-proto.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\be.res",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\da.res",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\fr_CA.res",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\updates\\0\\update.version",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\lt.res",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\kok.res",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\fr.res",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\gl.res",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\nl.res",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\prefs.js",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\de_AT.res",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\he.res",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\mk.res",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\lb.res",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\sw.res",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\ar.res",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\zh.res",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\ig.res",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l.dat",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\sv_SE.res",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\dsb.res",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\wo.res",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\fil.res",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\zh_Hant.res",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\en.res",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\te.res",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\bs.res",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\is.res",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\uz.res",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\nn.res",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\it.res",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\af.res",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\uk.res",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\my.res",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-trackwhite-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\et.res",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\likelySubtags.res",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\ro.res",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\tr.res",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\yo.res",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\dz.res",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\experiments.json",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\cy.res",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\lo.res",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\th.res",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\downloads.json",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\icudt60l\\coll\\om.res"
],
"resolves_host": [
"aus5.mozilla.org",
"redirect.hp.com",
"tiles.services.mozilla.com",
"search.services.mozilla.com",
"ciscobinary.openh264.org",
"shavar.services.mozilla.com",
"detectportal.firefox.com",
"safebrowsing.googleapis.com",
"redirector.gvt1.com",
"services.addons.mozilla.org",
"versioncheck-bg.addons.mozilla.org"
],
"file_deleted": [
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-downloadwhite-proto.metadata",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cookies.sqlite-wal",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\3561288849sdhlie.sqlite-wal",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\mozstd-trackwhite-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-downloadwhite-proto.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-unwanted-proto.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\except-flash-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-phish-simple.pset",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\xulstore.json",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-block-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-badbinurl-proto.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-unwanted-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\except-flashsubdoc-digest256.pset",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cookies.sqlite-shm",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\healthreport.sqlite-wal",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-unwanted-proto.metadata",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-block-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-harmful-simple.pset",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\session-state.json",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\2918063365piupsah.sqlite-wal",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\mozstd-trackwhite-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-unwanted-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\allow-flashallow-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\.startup-incomplete",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-trackwhite-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-malware-proto.metadata",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\3561288849sdhlie.sqlite-shm",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\block-flash-digest256.pset",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\archived\\2018-06\\1529094432250.8d1c7fee-79f4-470a-abe5-30f64452b184.main.jsonlz4",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-malware-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\sessionCheckpoints.json",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\archived\\2018-06\\1529094127628.b6c0f8ae-6867-461f-8b4e-0e5ad121f572.new-profile.jsonlz4",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\except-flashsubdoc-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-track-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-trackwhite-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-phish-proto.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-harmful-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\except-flashallow-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-track-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\except-flashallow-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\block-flash-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-phish-proto.metadata",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\mozplugin-block-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-malware-proto.pset",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\archived\\2018-06\\1529094127657.3ee56f54-bdce-46eb-a6d1-98f68cca4570.main.jsonlz4",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-badbinurl-proto.metadata",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\1657114595AmcateirvtiSty.sqlite-shm",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\base-track-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\except-flash-digest256.pset",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\1657114595AmcateirvtiSty.sqlite-wal",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\allow-flashallow-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\archived\\2018-06\\1529094538341.9c7aca19-57fd-4e4f-b088-84d9d1e147b1.main.jsonlz4",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\mozplugin-block-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-malware-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-phish-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\block-flashsubdoc-digest256.pset",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\healthreport.sqlite",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\archived\\2018-06\\1529094127660.769b1bb0-a4dd-45df-94dc-162afa98b7dc.first-shutdown.jsonlz4",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\block-flashsubdoc-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\base-track-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\2918063365piupsah.sqlite-shm",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\addons.json",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\healthreport.sqlite-shm"
],
"directory_removed": [
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\archived\\2018-06",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4"
],
"file_exists": [
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\1E6CC88205509B4729347C79C048D6FEE47BA702",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cookies.sqlite-wal",
"C:\\Windows\\SysWOW64",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\406A03EE0E91037465ACB2B4F4105250A54F282B",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\C7BCCD2D2CA294B38AE834D818CF5D5C0C7A65BE",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\1657114595AmcateirvtiSty.sqlite",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\F17F04878A68505AE5481A71D8B733C5FFC6F285",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4A7B3B12544D1B7ECC140DBCC7F13159E5C2811A",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\onboarding@mozilla.org.xpi\\install.rdf",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\5DE23E815D1A97B1F4BEA115D8FEE9A592A6F071",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\80C4BD9CF4D3178043F25467076DC8E0EDCA7FA2",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\plugins",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\25BA5C2B3FD98507850409FC3A4FD981B4B57A95",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\116C29D749EF02BBC3455756D834442785F9A388",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\chrome\\userContent.css",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\0C2824F70ADF87E5071FE4771AF36357A5500643",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\mozplugin-block-digest256.pset",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\sessionCheckpoints.json",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\53DAE4B1D7BFF6744CCAF7207DE631267F9883DC",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\12C5797F729FEAC529B8B47C188D14EB02D8CB76",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-phish-proto.pset",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\webcompat@mozilla.org.xpi\\manifest.json",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\B7DB036074231ACC212F58CA5B8AF0545A418060",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-downloadwhite-proto.metadata",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\A698B6CF98F43F9B0EE1C1DAF3F2CB9BFF09A47C",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\1657114595AmcateirvtiSty.sqlite-shm",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\464DAA9FB3675E2054BC44273AFC184FA46471CB",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-track-simple-1.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-harmful-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\14C9FC10F03F11BB6CBD75EA217AB33E64DCC1D8",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\7129FF815464CD6B0D2D26BA6F4172DEB37EEEAD",
"C:\\Program Files (x86)\\Mozilla Firefox\\gmp-clearkey\\0.1\\clearkey.info",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\addons.json",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\03C2D63D520038594126B6B542E92CB503EF60B6",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4EC268BEC38CFB516EF780E0EBE4E401AF241132",
"C:\\Program Files (x86)\\Mozilla Firefox\\*",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\9548F9611999ED8CA357720E12017816424CFB6F",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\B871BCA40A90227E35C39797525C79C94A1D99BE",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-downloadwhite-proto.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\except-flashsubdoc-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\mozstd-trackwhite-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\allow-flashallow-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\5910B209536948818F465D83D2569E7CE0895207",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\content-prefs.sqlite",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4",
"C:\\Program Files (x86)\\Mozilla Firefox\\dictionaries",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-phish-proto.metadata",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\key4.db-wal",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\Cache",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\BD75785200C0E1E894D78880C72AC03D1B02A575",
"C:\\Program Files (x86)\\Mozilla Firefox\\distribution\\searchplugins",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\except-flashallow-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\89DBE1DF558BB8439E2062ECC3272086F2E3FF1F",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-malware-proto.metadata",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\6052DF2D478CD99FDE4D4B2D810BB2BA580793EC",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\2918063365piupsah.files",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\2FD2E2A71F89E3A92F68CB796207228217259289",
"C:\\Windows\\System32\\spool\\drivers\\color\\Photo.gmmp",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\F456E8433011E699C016D5F1A2CD66D7F02F61A1",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\scriptCache-child-new.bin",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\scriptCache-new.bin",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\BF13DDDC114B55CF8532A4CD90403A99233AEC0E",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\3561288849sdhlie.sqlite-wal",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4E7F371E5CFBFD3AFD85C29D7EEFFFE842B3C777",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-phish-simple-1.sbstore",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\A41FBA22DC5012AD425DF960BDD5033BAB7C7CB6",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage.sqlite-wal",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\plugins",
"C:\\Users\\cuck\\AppData\\LocalLow",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\prefs-1.js",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\allow-flashallow-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\scriptCache-current.bin",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\extensions\\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi\\manifest.json",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\mozplugin-block-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\B028362E3889BEAC998CED49FD74BA83B106FF93",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\aushelper@mozilla.org.xpi\\install.rdf",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\698AC159A6BCBA0D13FE6F10F1A38E498F826F33",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\extensions\\staged",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-trackwhite-simple-1.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\46E3AF25E304979396708B69DA68563169275511",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\chrome\\custom-strings.txt",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\serviceworker.txt",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\onboarding@mozilla.org.xpi",
"C:\\Program Files (x86)\\Mozilla Firefox\\gmp-clearkey\\0.1\\manifest.json",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\17AFA6B228D2D87514B84B53E61306EC9F76A8AE",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\179F6D8969C48967D77229126C8892C5E40DBC29",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\content-prefs.sqlite-wal",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\1657114595AmcateirvtiSty.sqlite-journal",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D5E6BECED2D69F7DA21EFD7B80D6C386F459CAF3",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default",
"C:\\Program Files (x86)\\Mozilla Firefox\\firefox.exe",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\53A3BB8B513161BF46CD7ED76BE06E8E633BE492",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cookies.sqlite",
"C:\\Program Files (x86)\\Mozilla Firefox\\dictionaries\\sv.aff",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\92B5C9352DD00CE3BC97E4D5F624D41C2B3E8A45",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-phish-simple.sbstore",
"C:\\Users\\cuck\\AppData",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\2918063365piupsah.sqlite-journal",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-harmful-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\2B0BB856207559EBA5FC5511DF6FF5F51DFB5146",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\extensions",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\E771454BB360CA5F7AA169E5416B493549BC2F59",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4FA5EE242D6F5B358CE45D291E80054726F198AC",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\OfflineCache",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\places.sqlite-journal",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\scriptCache.bin",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\B10EA6E071F884F477118DC8A00E82FC8DE58639",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\favicons.sqlite-journal",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\EE34617993BEF52E93EC1819B22D42B99366214A",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\3561288849sdhlie.sqlite-shm",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\B43D30F6F6BD7155ECCE1FFC98748C5FE69D8051",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\F18D85F52EBBBA2AB081EF739ED0D6E8A76D497C",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\defaults\\preferences",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\except-flashsubdoc-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\Cache",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\96ABC2EA8266E6EA2ABE62F8766B67BC8CA527BD",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\FDC043D6190638980733E805CC7517F27A931511",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\block-flash-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-badbinurl-proto.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D1B90B03F8D7A2BA6BA1E9251F8101DECDB2CBEC",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\base-track-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\08F6935A08DB711CA491DE732807CFAEAB3E4D3B",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\2918063365piupsah.sqlite-shm",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\.metadata",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\webappsstore.sqlite-shm",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\followonsearch@mozilla.com.xpi",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\9843E084E02CC996A82AAAF091B968B2F443AA96",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cert9.db",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D7152E928865BCA4A03E2E2EA4F70459D0A65CA9",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\22C4B7AADA22F61015D43F2AC3959E959BFA7C92",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\index.tmp",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\FF55B8192FB0DF5264A1A67E55A281598969EDD1",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\B25B8C1B43CF7FBFAE6666322FAC0E83376388E2",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\minidumps",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D88DC229735F2EE8DFE494C6D1F37FA7BB2227CE",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\BA91797ACB41F0E0E1E95742571EEE322A6A70F0",
"C:\\Windows\\System32\\spool\\drivers\\color\\D65.camp",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\formautofill@mozilla.org.xpi\\install.rdf",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\CCB2BB2D87699CA64DCF0C60BDECD1E30D1D6A11",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\773ADD9F62EEAF7F2246C8AD56A9F1B7BAA7B703",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\2E3648501A7ACB740BAFCE7FC3EAF3D4DC4E995D",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\9BA38CD17924C08AD334BFB3903E3E7CD5627B1B",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\2DDBF58F5F7BF1E52CD38B42B90ABC8A4B082461",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-block-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\mozplugin-block-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\E7EAFD1748127CEAA48DCDD05E7998E3CAA95B8C",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\C4FA0268E64A0AD9E2040B07A1F10F120BD4EB0C",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\EAF97F7535E2FBDA3D23E536591F7BBFE203FAC1",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Extensions\\*",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D5D7B247774E63182A9E2C82B62424AAB64C79A8",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\745D8B14DE6A12F1FAB4E03C1DDDB18AADB91107",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-malware-simple-1.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\aushelper@mozilla.org.xpi\\manifest.json",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\7B303216787123E2E98A2B9594CDF8211C77C0EA",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\6E1FED29EBE0BFDE3E498E4192938BE957FF9246",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\xulstore.json",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\A9004750076EB06EEC33AA7B9CC6D2557CD44CF4",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-malware-simple.pset",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\0CB83587A5F8FCB502CB86AC361A93E2B36E861C",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\A3031C2052A395A7FE246EFE1783C6205B841295",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-badbinurl-proto.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\2F8B15C93D75669CC70EBF85BF71871359837EAF",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-unwanted-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\1679441B8AA7B4D31717C773CC4E86A25B37532B",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\C9BC79B1EF4DD1EF133FEDF6433E235214534AB1",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-block-simple-1.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\54EF37D18C4E81EE554527CBAE4A41871ECA817A",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\10506E8A46D6B713DA6BAF52F85CF29652AB094C",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\19AE0F43DA3528C6C3423A49A8C88E2268C93A9F",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\A9970A5D52CA09C13D9BD1531BCA7CF8B73E283E",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\A2FD2AEC52AD764EF05C6E7CE3A4CE4B752EA5F0",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cert9.db-wal",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\719CE0C009C49A27AA9874570F196BC7E8FB4270",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\except-flashsubdoc-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\block-flash-digest256.sbstore",
"C:\\Program Files (x86)",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\mozplugin-block-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\6301F538B782708AB243E2D7E05058C93BB83863",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\parent.lock",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\DF08D94982E136FE7C4F2C94421F9E48C2C74A77",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\crashreporter-override.ini",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\C664ABAE6A070392F60C7BFF721450AA0CF7DBA0",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\allow-flashallow-digest256.sbstore",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\activity-stream@mozilla.org.xpi\\install.rdf",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\key4.db",
"C:\\Program Files (x86)\\Mozilla Firefox\\omni.ja",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\webappsstore.sqlite-journal",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-downloadwhite-proto.metadata",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-badbinurl-proto.metadata",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\E8F333B9BE75EC8017017DAE4ACE9DCC6677A983",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\plugins",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-block-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\d3d11layers.guard",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\1E1444ABF82EF1DC8EE0944028E4CDA455D636F3",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\05582FF5C196A4485F189490FEC9ECEA0890DA32",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\2918063365piupsah.sqlite-wal",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\589D8E1EA927649272150213A47BD1143DECB82A",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-to_delete",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-malware-proto.metadata",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-phish-simple.pset",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\3561288849sdhlie.files",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\BFF1B70350A6A2E0FDC6CD336ADB9119D951BACD",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\content-prefs.sqlite-journal",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-trackwhite-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-phish-proto.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\66F684AF9CC570C6247262B47C769C601C2A338B",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\63FFF734326AB3EF836515DFE9353A5E12B66B71",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\1FD79E550E990A5DE8BC811C9BBECF380A66A9DF",
"C:\\Users\\cuck",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\prefs.js",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\followonsearch@mozilla.com.xpi\\manifest.json",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\5E4954707B44E5A4B4ACF5F22B52219A1DCA477F",
"C:\\Program Files (x86)\\Mozilla Firefox\\fonts",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\extensions",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\dictionaries",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-backup",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\1657114595AmcateirvtiSty.files",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\1D7A050D55E3C4EE69402F8D55391DE5B50ADDB9",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\.purgecaches",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\except-flashallow-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\except-flash-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\C57B57965CBA09581E320B5AA0337D210F8F93D2",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-phish-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\64E75C732D9C3F23724ACEF48E9B6C566BC6D9BE",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-harmful-simple.pset",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\chrome",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\32D3D40B1A49D72C523AF9C518AFE673224DF48F",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\E2E836DA4479746F0312710A7F9EE78D7DFD4750",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\onboarding@mozilla.org.xpi\\manifest.json",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\2E51A9404F7D0D33DB132CAF4A9C7B8FA64549AA",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-unwanted-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\urlCache-new.bin",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\120B4106EC203FC932984367D86BBE11C2B9B93C",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\2361C75DF0C4148925BB777DAFEA1BF4F9552B47",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\favicons.sqlite-wal",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\3A472858AE5D0DD4813DF4EFC9F1037A487B1A64",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-block-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\CA53C817FAB68ABF181745737562B15E8CCB7039",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\C03DE41C9476F437402F1B6C64B0E4AB01A863E0",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4E83181E964BD40E1FE4C41BAFED645D4BA363B1",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\25D9FE4CEA5B58770648CDAF3242ACDE286A6CBF",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\places.sqlite-shm",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\extensions\\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\urlCache.bin",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4AFCE23AA61A96885DF21D2DE2FFB502C41EBD3C",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\3561288849sdhlie.sqlite",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\SystemExtensionsDev",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-malware-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cert9.db-journal",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\361B548BA913570AB336F9E5FA9152F01E567AB9",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\mozstd-trackwhite-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\base-track-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\webappsstore.sqlite-wal",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\F8AC72083E334F70A553AE68455FBDF0E65C5221",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\63F48F4F7F1BC3195F5AB831F9794F3DBA2D30E1",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\chrome\\userChrome.css",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\extensions\\*",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\favicons.sqlite",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4945586D32183A203E85FAFFD463A7684FD62668",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\7F2254AA2A8BC4A627A43E0A537084540A1E884B",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\aushelper@mozilla.org.xpi",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\950506BC89C1114E4E75E993855000430CECD9D9",
"C:\\Users\\cuck\\AppData\\Roaming",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-track-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D1A8E6A06938A84BEC26B6A4F8D583FB4A3E4875",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\1F3A3A34BAF218785600EB46E9182918B9928898",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4824C8FFDEE786A5D8721AF47836EA89F72B9E63",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-phish-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\89ACBB962943FAF1EF2F1C7CA72502C77A714625",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\3561288849sdhlie.sqlite-journal",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\startupCache.4.little",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\Cache.Trash6767",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\235A8ED310BFD65966E1EE36D0FD4BE498C8B73C",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\.metadata-v2",
"C:\\Program Files (x86)\\Mozilla Firefox",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\firefox@getpocket.com.xpi\\install.rdf",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\7ADD52E257AB16553D632B8F4B6830030878A19E",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\CB29EDE1FD7262A61FFAB793A382D515CAC77D01",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\AA109EF5680522CB655C98111C00F5A6B7B092B2",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\1AB027184D2B00AF60C1FC40EDE4333DEACDB184",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\B597DA2E9B2D181DF7F2FB8D2BAEC133C8DBA0A3",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\65C9C9A27B78717F1015DE362F028E04C3945DEC",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\webappsstore.sqlite",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D3AEF13BE0B76F1272C2F5536D4AF952DE6D2579",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\43CB3924B4D48AD39D6282AE7C1F2C500B3D6732",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-unwanted-simple-1.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-trackwhite-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-malware-proto.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\block-flashsubdoc-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\BA3014356B4F6ECADF1B5288B6841EB407783B99",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\75E50D054B90189E74DAB0C86F5E8680BE580C29",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-downloadwhite-proto.pset",
"C:\\Users\\cuck\\AppData\\LocalLow\\Mozilla\\Temp-{30125161-3c7f-4c5a-bdb3-beadc01f5994}\\*",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\34D9B2F464DD8C129F58DFEE470B079556A7A3F9",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\167493A5CFB1A41265EC1B95DA06580C32BCF814",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\webcompat@mozilla.org.xpi\\install.rdf",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\68B1EB9E09D4BD74CA7A9C1BB118BE821BD39E93",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\DC933A410E769DFD115C892EAF014A6E15ED59CE",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D172C03F361E7325D8F391F992106A828306767D",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cookies.sqlite-journal",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\block-flashsubdoc-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D381FB47D731C2651FB103E2F7BC18AF380F7B1F",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\6C9B846926C287B15F67D64CE91F1CFA7D812660",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\0FEBD8BDBFAC8B82791945DC7E04F675419B2F42",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\block-flash-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-unwanted-proto.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\24AB539CB6640E15DB1604220F3951544785212C",
"C:\\Users\\cuck\\AppData\\LocalLow\\Mozilla\\Temp-{30125161-3c7f-4c5a-bdb3-beadc01f5994}",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\7A140995F2B1632A4366B29F84525E129CE8019A",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-block-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\13AD07F4960A54F2D183ACF9E94C5128138B1927",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\8C98F893C7DC5F2C401AD1482A81572B54197408",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\updates\\E7CF176E110C211B\\updates\\0\\update.status",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\permissions.sqlite-wal",
"C:\\Users",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\10822A86FA4EA4E601152426CBC79395A1336DF4",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D6BFEAEE7117A9C7FDE6A10EAB400F894E4195A8",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\481A82674A6B66F0DE510C9A714F8CD8C49CECDC",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Extensions\\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\InstallTime20180605171542",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\B3F357E619352C003E94A8CF5A48F89305F38330",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\favicons.sqlite-shm",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D56D07CBF04B0388B53B943F61C75FC6620FA0A9",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\startupCache\\scriptCache-child.bin",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\1657114595AmcateirvtiSty.files\\journals",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\796EA7DED8F33BFD4F2F0CD98C76865D063E1FE1",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\mozstd-trackwhite-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\D8779A474EF9F188508C00F92B9CE49A7892A0AD",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\allow-flashallow-digest256.sbstore",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\87526A8EBFB030E474085D20EF15DC8C63814072",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage.sqlite-journal",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\except-flashsubdoc-digest256.pset",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\screenshots@mozilla.org.xpi",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\AC09BBF6FF451E6C03BF3FB18C85B1A52662C4FC",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\0EDDF8C091E2FED62E44BEDDDC1723F5BF38FE4F",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-track-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\except-flash-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\session-state.json",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-track-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\except-flashallow-digest256.pset",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\formautofill@mozilla.org.xpi\\manifest.json",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\3105ECE5A1F29E3F4D2F5EDF3C6DC5FE4443FD4A",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-harmful-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\93B95B92B63A5C2327A8048A4BF57824C56B8CF1",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\index.log",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-track-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\9B1007AC2F741C4FD7099C41A741D0FD35957BB8",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\block-flashsubdoc-digest256.pset",
"C:\\Program Files (x86)\\Mozilla Firefox\\distribution\\extensions",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\places.sqlite-wal",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4966EE335F8967FC706E89E6D02E8524E946F1B9",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\except-flashallow-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\196BCA845E91608F7B4CA6127A60D20AF55413AC",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\chrome\\icons\\default\\main-window.ico",
"C:\\Users\\cuck\\AppData\\Local\\Temp",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\E59C4C731883450D84A0BAE7FDD94546BBC8DE04",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cookies.sqlite-shm",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\chrome\\*",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\activity-stream@mozilla.org.xpi\\manifest.json",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-unwanted-simple.pset",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Extensions",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\.startup-incomplete",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-trackwhite-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\pluginreg.dat",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\screenshots@mozilla.org.xpi\\install.rdf",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\8366CD083751DA973B30F80B11D910A45A6D920D",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\webcompat@mozilla.org.xpi",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\6509930F4539DB79DA356F2C5D01976D46756302",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\8322BC5E83D3D80175E749D29197F9800286F253",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\2732BCC97E7EB9EC9DE3E8EA8F56D7971CBDCD22",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\except-flash-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-badbinurl-proto.metadata",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\base-track-digest256.pset",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\aborted-session-ping",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\E910D1FCE8BF27F5536B88567A4DC32624377CC3",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\B2D65EE14ED1EB19E1A3B4C871D8C24A13F52918",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\SystemExtensionsDev\\*",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\followonsearch@mozilla.com.xpi\\install.rdf",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\chrome\\icons\\default\\default.ico",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\firefox@getpocket.com.xpi",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\7A8D3A9360CC37F0AD80962D4AEA72B6D0F0B2B3",
"C:\\Users\\cuck\\AppData\\LocalLow\\Mozilla",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\280DEB31796CE454CD8D9594397E4D89E8E5D64F",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\screenshots@mozilla.org.xpi\\manifest.json",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\8612B317C4521EAFE03AFB4EE4DE58D7263A20FB",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\chrome",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-trackwhite-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\block-flash-digest256.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\AC5E012C1887C7B691A8EA00C4E754025E25C235",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\extensions\\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi\\install.rdf",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-malware-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\index",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\F2BD0701B9399ABF52C338C39C42391FD12832D2",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\01B2BB0FC84221A3593CA7991D57E56AC2CAE656",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\F10983A15DD515D828BE4E816299B9E87852132A",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\EFE71EF03AD3DD79AAEBAA0A3F9596521CBA2FFE",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\persdict.dat",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-unwanted-simple.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\71E6B979E60B9BE891481CC4F4A274E2DECFFCD7",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\profiles.ini",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\EA9C51236A8D1BE9B123FE65F49772A97F2EAAEC",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\EFC872FB5405AFC377348FFCDD26E62BBB612D81",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\499B8F86D3D7ACD12153BFF4E7D9C21E20E57862",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\permissions.sqlite-journal",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\4DE8480C465A21C0F01AA2B6F4E13E551F78BBB1",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\AFE5FBBD40656A0DF79CF1E5D0A1DF072C6B9AE9",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\8763F97414AC5D93807FCCBC67DBAAAEE2972A52",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\F6C3C960F259CC3B54FF1DAD70E2F2E9E5020CA6",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\505DF13F4DA2C53FEB1945E0598B23F47FDBDCC7",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\F85DD1E57E8C61DF501ABFFCE74943A8035E83A6",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\E9B5F1423155DB2E35FD739FC2008DB01C93DE1E",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\permissions.sqlite",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\firefox@getpocket.com.xpi\\manifest.json",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\omni.ja",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\2918063365piupsah.files\\journals",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\006309EAFFD4653F45B69F09BF6F930B6C5B394C",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\ED89A8241905354BB4530DC06257CEF53C1580A2",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\639DC9A240AA5E77CE1A930EDDD634BE796CBFA8",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\0CDAD0FEE8D457A239E21FCEAC3C12851FD524BB",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\extensions.json",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\test-harmful-simple-1.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\911B0C61350C012E383F7D0845A33B4D64F1AD2A",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\2918063365piupsah.sqlite",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-unwanted-proto.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-unwanted-proto.metadata",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\E600EF8778C4BFEC40D87FF56E5C46E3377094F0",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\16114BA75206B6FA4C51ADC8A73DB4C6635F6AF9",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\LastCrash",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\2F0CC71C57B06F9DEA5A4A190CC4CF489D97C1F4",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\mozstd-trackwhite-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\9B10ECC55593004CB6F9763CF9201C09433055FD",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\79AEB0050B19F23A061AD4C2045261954485EF33",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\88A3A91F296EB21A832CB76FA4FDB06CCDE147B9",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\key4.db-journal",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\5014D54D3346C39B07AF70090657B2AD092771C7",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\6D0B804EDDF9F0A04ED44C3E1673404FC2EF042D",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\25FCAA86CF448D2943B56A5788C3C21E5EA8DBC4",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\places.sqlite",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\goog-unwanted-proto.metadata",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage.sqlite",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\BB03D28C0A5842A9006EBFBFCDEC58959BE6B505",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\activity-stream@mozilla.org.xpi",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\53B7A8254D12E292946E4514B3D598C1E6539AE8",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\doomed",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\archived\\2018-06",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\70F12FE0F788181112B9AEE541D1E9E7E0FAEDE3",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\formautofill@mozilla.org.xpi",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\block-flashsubdoc-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-phish-proto.metadata",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\goog-malware-proto.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\723D2D7D52AD8AD9A4B8D12D69CBCD97CB4FFC65",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\448A2AB129B26377E2408BBC44A6B4E984B0F25D",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\except-flash-digest256.pset",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\1657114595AmcateirvtiSty.sqlite-wal",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\test-malware-simple.pset",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\24C085D72E4DC34C183B0875733BBC71612D9696",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\base-track-digest256.sbstore",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\3561288849sdhlie.files\\journals",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\ABA24AAB8A9EA0E34C3E86EFD7EE2992CE614003"
],
"directory_enumerated": [
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\*",
"C:\\Users\\cuck\\AppData\\LocalLow\\Mozilla",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\google4\\*",
"C:\\Users\\cuck\\AppData\\LocalLow",
"C:\\Users\\cuck\\AppData",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Extensions\\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\\*",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\extensions\\*",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\archived\\*",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\extensions\\*",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\events\\*",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\saved-telemetry-pings\\*",
"C:\\Program Files (x86)\\Mozilla Firefox\\fonts\\*",
"C:\\Users\\cuck\\AppData\\Roaming",
"C:\\Users",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\archived\\2018-06\\*",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing\\*",
"C:\\Program Files (x86)\\Mozilla Firefox\\defaults\\pref\\*",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\google4\\*",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\*",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\doomed\\*",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Pending Pings\\*",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\*",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\crashes\\events\\*",
"C:\\Users\\cuck",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\safebrowsing-updating\\*",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\bookmarkbackups\\*",
"C:\\Program Files (x86)\\Mozilla Firefox\\firefox.exe",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\*",
"C:\\Users\\cuck\\AppData\\Local\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\cache2\\entries\\*",
"C:\\Program Files (x86)\\Mozilla Firefox\\dictionaries\\*"
]
},
"first_seen": 1573858409.1875,
"ppid": 2736
}
]Signatures
[
{
"markcount": 124,
"families": [],
"description": "Checks if process is being debugged by a debugger",
"severity": 1,
"marks": [
{
"call": {
"category": "system",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741700,
"api": "IsDebuggerPresent",
"return_value": 0,
"arguments": {},
"time": 1573858386.0625,
"tid": 2504,
"flags": {}
},
"pid": 2736,
"type": "call",
"cid": 385
},
{
"call": {
"category": "system",
"status": 0,
"stacktrace": [],
"last_error": 127,
"nt_status": -1073741511,
"api": "IsDebuggerPresent",
"return_value": 0,
"arguments": {},
"time": 1573858409.6255,
"tid": 2252,
"flags": {}
},
"pid": 2804,
"type": "call",
"cid": 1315
},
{
"call": {
"category": "system",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741811,
"api": "IsDebuggerPresent",
"return_value": 0,
"arguments": {},
"time": 1573858409.8445,
"tid": 1576,
"flags": {}
},
"pid": 2804,
"type": "call",
"cid": 1796
},
{
"call": {
"category": "system",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741811,
"api": "IsDebuggerPresent",
"return_value": 0,
"arguments": {},
"time": 1573858409.8445,
"tid": 1576,
"flags": {}
},
"pid": 2804,
"type": "call",
"cid": 1797
},
{
"call": {
"category": "system",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741811,
"api": "IsDebuggerPresent",
"return_value": 0,
"arguments": {},
"time": 1573858409.8915,
"tid": 2248,
"flags": {}
},
"pid": 2804,
"type": "call",
"cid": 2370
},
{
"call": {
"category": "system",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741811,
"api": "IsDebuggerPresent",
"return_value": 0,
"arguments": {},
"time": 1573858409.8915,
"tid": 2248,
"flags": {}
},
"pid": 2804,
"type": "call",
"cid": 2377
},
{
"call": {
"category": "system",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741811,
"api": "IsDebuggerPresent",
"return_value": 0,
"arguments": {},
"time": 1573858409.8915,
"tid": 1556,
"flags": {}
},
"pid": 2804,
"type": "call",
"cid": 2378
},
{
"call": {
"category": "system",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741811,
"api": "IsDebuggerPresent",
"return_value": 0,
"arguments": {},
"time": 1573858409.8915,
"tid": 1132,
"flags": {}
},
"pid": 2804,
"type": "call",
"cid": 2431
},
{
"call": {
"category": "system",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741811,
"api": "IsDebuggerPresent",
"return_value": 0,
"arguments": {},
"time": 1573858409.9535,
"tid": 2964,
"flags": {}
},
"pid": 2804,
"type": "call",
"cid": 2958
},
{
"call": {
"category": "system",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741811,
"api": "IsDebuggerPresent",
"return_value": 0,
"arguments": {},
"time": 1573858409.9535,
"tid": 1996,
"flags": {}
},
"pid": 2804,
"type": "call",
"cid": 2959
},
{
"call": {
"category": "system",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741811,
"api": "IsDebuggerPresent",
"return_value": 0,
"arguments": {},
"time": 1573858410.0165,
"tid": 2484,
"flags": {}
},
"pid": 2804,
"type": "call",
"cid": 3205
},
{
"call": {
"category": "system",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741811,
"api": "IsDebuggerPresent",
"return_value": 0,
"arguments": {},
"time": 1573858410.0315,
"tid": 2484,
"flags": {}
},
"pid": 2804,
"type": "call",
"cid": 3433
},
{
"call": {
"category": "system",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741811,
"api": "IsDebuggerPresent",
"return_value": 0,
"arguments": {},
"time": 1573858410.0475,
"tid": 852,
"flags": {}
},
"pid": 2804,
"type": "call",
"cid": 3529
},
{
"call": {
"category": "system",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741811,
"api": "IsDebuggerPresent",
"return_value": 0,
"arguments": {},
"time": 1573858410.0625,
"tid": 2700,
"flags": {}
},
"pid": 2804,
"type": "call",
"cid": 3587
},
{
"call": {
"category": "system",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741811,
"api": "IsDebuggerPresent",
"return_value": 0,
"arguments": {},
"time": 1573858410.0785,
"tid": 3048,
"flags": {}
},
"pid": 2804,
"type": "call",
"cid": 3687
},
{
"call": {
"category": "system",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741811,
"api": "IsDebuggerPresent",
"return_value": 0,
"arguments": {},
"time": 1573858410.2665,
"tid": 2440,
"flags": {}
},
"pid": 2804,
"type": "call",
"cid": 5152
},
{
"call": {
"category": "system",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741811,
"api": "IsDebuggerPresent",
"return_value": 0,
"arguments": {},
"time": 1573858410.3125,
"tid": 2624,
"flags": {}
},
"pid": 2804,
"type": "call",
"cid": 5315
},
{
"call": {
"category": "system",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741811,
"api": "IsDebuggerPresent",
"return_value": 0,
"arguments": {},
"time": 1573858410.3595,
"tid": 2784,
"flags": {}
},
"pid": 2804,
"type": "call",
"cid": 5674
},
{
"call": {
"category": "system",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741811,
"api": "IsDebuggerPresent",
"return_value": 0,
"arguments": {},
"time": 1573858410.3595,
"tid": 2784,
"flags": {}
},
"pid": 2804,
"type": "call",
"cid": 5675
},
{
"call": {
"category": "system",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741811,
"api": "IsDebuggerPresent",
"return_value": 0,
"arguments": {},
"time": 1573858410.3755,
"tid": 2360,
"flags": {}
},
"pid": 2804,
"type": "call",
"cid": 5681
},
{
"call": {
"category": "system",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741811,
"api": "IsDebuggerPresent",
"return_value": 0,
"arguments": {},
"time": 1573858410.3755,
"tid": 2360,
"flags": {}
},
"pid": 2804,
"type": "call",
"cid": 5682
},
{
"call": {
"category": "system",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741811,
"api": "IsDebuggerPresent",
"return_value": 0,
"arguments": {},
"time": 1573858410.3755,
"tid": 956,
"flags": {}
},
"pid": 2804,
"type": "call",
"cid": 5690
},
{
"call": {
"category": "system",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741811,
"api": "IsDebuggerPresent",
"return_value": 0,
"arguments": {},
"time": 1573858410.3755,
"tid": 956,
"flags": {}
},
"pid": 2804,
"type": "call",
"cid": 5691
},
{
"call": {
"category": "system",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741811,
"api": "IsDebuggerPresent",
"return_value": 0,
"arguments": {},
"time": 1573858410.4065,
"tid": 2316,
"flags": {}
},
"pid": 2804,
"type": "call",
"cid": 5869
},
{
"call": {
"category": "system",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741811,
"api": "IsDebuggerPresent",
"return_value": 0,
"arguments": {},
"time": 1573858410.4065,
"tid": 2876,
"flags": {}
},
"pid": 2804,
"type": "call",
"cid": 5874
},
{
"call": {
"category": "system",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741811,
"api": "IsDebuggerPresent",
"return_value": 0,
"arguments": {},
"time": 1573858410.4845,
"tid": 1348,
"flags": {}
},
"pid": 2804,
"type": "call",
"cid": 6203
},
{
"call": {
"category": "system",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741811,
"api": "IsDebuggerPresent",
"return_value": 0,
"arguments": {},
"time": 1573858410.5475,
"tid": 2868,
"flags": {}
},
"pid": 2804,
"type": "call",
"cid": 6772
},
{
"call": {
"category": "system",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741811,
"api": "IsDebuggerPresent",
"return_value": 0,
"arguments": {},
"time": 1573858410.5625,
"tid": 2164,
"flags": {}
},
"pid": 2804,
"type": "call",
"cid": 6870
},
{
"call": {
"category": "system",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741811,
"api": "IsDebuggerPresent",
"return_value": 0,
"arguments": {},
"time": 1573858410.5625,
"tid": 2408,
"flags": {}
},
"pid": 2804,
"type": "call",
"cid": 6902
},
{
"call": {
"category": "system",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741811,
"api": "IsDebuggerPresent",
"return_value": 0,
"arguments": {},
"time": 1573858410.5625,
"tid": 2296,
"flags": {}
},
"pid": 2804,
"type": "call",
"cid": 6915
},
{
"call": {
"category": "system",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741811,
"api": "IsDebuggerPresent",
"return_value": 0,
"arguments": {},
"time": 1573858410.6095,
"tid": 2912,
"flags": {}
},
"pid": 2804,
"type": "call",
"cid": 7259
},
{
"call": {
"category": "system",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741811,
"api": "IsDebuggerPresent",
"return_value": 0,
"arguments": {},
"time": 1573858410.6095,
"tid": 2984,
"flags": {}
},
"pid": 2804,
"type": "call",
"cid": 7355
},
{
"call": {
"category": "system",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741811,
"api": "IsDebuggerPresent",
"return_value": 0,
"arguments": {},
"time": 1573858410.6255,
"tid": 560,
"flags": {}
},
"pid": 2804,
"type": "call",
"cid": 7419
},
{
"call": {
"category": "system",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741811,
"api": "IsDebuggerPresent",
"return_value": 0,
"arguments": {},
"time": 1573858410.6415,
"tid": 2216,
"flags": {}
},
"pid": 2804,
"type": "call",
"cid": 7440
},
{
"call": {
"category": "system",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741811,
"api": "IsDebuggerPresent",
"return_value": 0,
"arguments": {},
"time": 1573858410.6415,
"tid": 2600,
"flags": {}
},
"pid": 2804,
"type": "call",
"cid": 7550
},
{
"call": {
"category": "system",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741811,
"api": "IsDebuggerPresent",
"return_value": 0,
"arguments": {},
"time": 1573858410.7345,
"tid": 2948,
"flags": {}
},
"pid": 2804,
"type": "call",
"cid": 7938
},
{
"call": {
"category": "system",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741811,
"api": "IsDebuggerPresent",
"return_value": 0,
"arguments": {},
"time": 1573858410.9535,
"tid": 2964,
"flags": {}
},
"pid": 2804,
"type": "call",
"cid": 8938
},
{
"call": {
"category": "system",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741811,
"api": "IsDebuggerPresent",
"return_value": 0,
"arguments": {},
"time": 1573858411.9535,
"tid": 2964,
"flags": {}
},
"pid": 2804,
"type": "call",
"cid": 9287
},
{
"call": {
"category": "system",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741811,
"api": "IsDebuggerPresent",
"return_value": 0,
"arguments": {},
"time": 1573858412.2345,
"tid": 2816,
"flags": {}
},
"pid": 2804,
"type": "call",
"cid": 9497
},
{
"call": {
"category": "system",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741811,
"api": "IsDebuggerPresent",
"return_value": 0,
"arguments": {},
"time": 1573858412.2345,
"tid": 2816,
"flags": {}
},
"pid": 2804,
"type": "call",
"cid": 9498
},
{
"call": {
"category": "system",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741811,
"api": "IsDebuggerPresent",
"return_value": 0,
"arguments": {},
"time": 1573858412.2345,
"tid": 2420,
"flags": {}
},
"pid": 2804,
"type": "call",
"cid": 9531
},
{
"call": {
"category": "system",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741811,
"api": "IsDebuggerPresent",
"return_value": 0,
"arguments": {},
"time": 1573858412.3595,
"tid": 2460,
"flags": {}
},
"pid": 2804,
"type": "call",
"cid": 10817
},
{
"call": {
"category": "system",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741811,
"api": "IsDebuggerPresent",
"return_value": 0,
"arguments": {},
"time": 1573858412.3915,
"tid": 2888,
"flags": {}
},
"pid": 2804,
"type": "call",
"cid": 10921
},
{
"call": {
"category": "system",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741811,
"api": "IsDebuggerPresent",
"return_value": 0,
"arguments": {},
"time": 1573858412.4065,
"tid": 2472,
"flags": {}
},
"pid": 2804,
"type": "call",
"cid": 11074
},
{
"call": {
"category": "system",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741811,
"api": "IsDebuggerPresent",
"return_value": 0,
"arguments": {},
"time": 1573858412.4065,
"tid": 2332,
"flags": {}
},
"pid": 2804,
"type": "call",
"cid": 11111
},
{
"call": {
"category": "system",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741811,
"api": "IsDebuggerPresent",
"return_value": 0,
"arguments": {},
"time": 1573858412.4225,
"tid": 2292,
"flags": {}
},
"pid": 2804,
"type": "call",
"cid": 11134
},
{
"call": {
"category": "system",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741811,
"api": "IsDebuggerPresent",
"return_value": 0,
"arguments": {},
"time": 1573858412.4845,
"tid": 2520,
"flags": {}
},
"pid": 2804,
"type": "call",
"cid": 11482
},
{
"call": {
"category": "system",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741811,
"api": "IsDebuggerPresent",
"return_value": 0,
"arguments": {},
"time": 1573858412.4845,
"tid": 2584,
"flags": {}
},
"pid": 2804,
"type": "call",
"cid": 11487
},
{
"call": {
"category": "system",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741811,
"api": "IsDebuggerPresent",
"return_value": 0,
"arguments": {},
"time": 1573858412.5005,
"tid": 2204,
"flags": {}
},
"pid": 2804,
"type": "call",
"cid": 11550
},
{
"call": {
"category": "system",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741811,
"api": "IsDebuggerPresent",
"return_value": 0,
"arguments": {},
"time": 1573858412.5785,
"tid": 2096,
"flags": {}
},
"pid": 2804,
"type": "call",
"cid": 12320
}
],
"references": [],
"name": "checks_debugger"
},
{
"markcount": 2,
"families": [],
"description": "Collects information to fingerprint the system (MachineGuid, DigitalProductId, SystemBiosDate)",
"severity": 1,
"marks": [
{
"category": "registry",
"ioc": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\MachineGuid",
"type": "ioc",
"description": null
},
{
"category": "registry",
"ioc": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\InstallDate",
"type": "ioc",
"description": null
}
],
"references": [],
"name": "recon_fingerprint"
},
{
"markcount": 1,
"families": [],
"description": "This executable has a PDB path",
"severity": 1,
"marks": [
{
"category": "pdb_path",
"ioc": "C:\\Users\\shuklaad\\Documents\\_Program Mangement\\3C11\\launcher\\Final\\launcher\\launcher\\obj\\x86\\Release\\launcher.pdb",
"type": "ioc",
"description": null
}
],
"references": [],
"name": "has_pdb"
},
{
"markcount": 1,
"families": [],
"description": "Tries to locate where the browsers are installed",
"severity": 1,
"marks": [
{
"category": "file",
"ioc": "C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\aushelper@mozilla.org.xpi\\install.rdf",
"type": "ioc",
"description": null
}
],
"references": [],
"name": "locates_browser"
},
{
"markcount": 1,
"families": [],
"description": "Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available",
"severity": 1,
"marks": [
{
"call": {
"category": "system",
"status": 1,
"stacktrace": [],
"api": "GlobalMemoryStatusEx",
"return_value": 1,
"arguments": {},
"time": 1573858386.3125,
"tid": 2504,
"flags": {}
},
"pid": 2736,
"type": "call",
"cid": 487
}
],
"references": [],
"name": "antivm_memory_available"
},
{
"markcount": 3,
"families": [],
"description": "Starts servers listening",
"severity": 2,
"marks": [
{
"call": {
"category": "network",
"status": 1,
"stacktrace": [],
"api": "bind",
"return_value": 0,
"arguments": {
"ip_address": "127.0.0.1",
"socket": 712,
"port": 0
},
"time": 1573858409.9535,
"tid": 1132,
"flags": {}
},
"pid": 2804,
"type": "call",
"cid": 2955
},
{
"call": {
"category": "network",
"status": 1,
"stacktrace": [],
"api": "listen",
"return_value": 0,
"arguments": {
"socket": 712,
"backlog": 5
},
"time": 1573858409.9695,
"tid": 1132,
"flags": {}
},
"pid": 2804,
"type": "call",
"cid": 3047
},
{
"call": {
"category": "network",
"status": 1,
"stacktrace": [],
"api": "accept",
"return_value": 784,
"arguments": {
"ip_address": "127.0.0.1",
"socket": 712,
"port": 49199
},
"time": 1573858409.9695,
"tid": 1132,
"flags": {}
},
"pid": 2804,
"type": "call",
"cid": 3053
}
],
"references": [],
"name": "network_bind"
},
{
"markcount": 63,
"families": [],
"description": "Allocates read-write-execute memory (usually to unpack itself)",
"severity": 2,
"marks": [
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2736,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 64,
"process_handle": "0xffffffffffffffff",
"base_address": "0x000007feef821000"
},
"time": 1573858385.9375,
"tid": 2504,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE"
}
},
"pid": 2736,
"type": "call",
"cid": 254
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2736,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 64,
"process_handle": "0xffffffffffffffff",
"base_address": "0x000007feefa9e000"
},
"time": 1573858386.0165,
"tid": 2504,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE"
}
},
"pid": 2736,
"type": "call",
"cid": 330
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2736,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 64,
"process_handle": "0xffffffffffffffff",
"base_address": "0x000007feefa9e000"
},
"time": 1573858386.0165,
"tid": 2504,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE"
}
},
"pid": 2736,
"type": "call",
"cid": 332
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2736,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 64,
"process_handle": "0xffffffffffffffff",
"base_address": "0x000007feefa9f000"
},
"time": 1573858386.0785,
"tid": 2504,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE"
}
},
"pid": 2736,
"type": "call",
"cid": 397
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2736,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 64,
"process_handle": "0xffffffffffffffff",
"base_address": "0x000007feefa9f000"
},
"time": 1573858386.0785,
"tid": 2504,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE"
}
},
"pid": 2736,
"type": "call",
"cid": 399
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2736,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 64,
"process_handle": "0xffffffffffffffff",
"base_address": "0x000007feefa9f000"
},
"time": 1573858386.0785,
"tid": 2504,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE"
}
},
"pid": 2736,
"type": "call",
"cid": 401
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2736,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 64,
"process_handle": "0xffffffffffffffff",
"base_address": "0x000007feefa9f000"
},
"time": 1573858386.0785,
"tid": 2504,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE"
}
},
"pid": 2736,
"type": "call",
"cid": 403
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2736,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 64,
"process_handle": "0xffffffffffffffff",
"base_address": "0x000007feefa9f000"
},
"time": 1573858386.0785,
"tid": 2504,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE"
}
},
"pid": 2736,
"type": "call",
"cid": 405
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2736,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 64,
"process_handle": "0xffffffffffffffff",
"base_address": "0x000007feefa9f000"
},
"time": 1573858386.0785,
"tid": 2504,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE"
}
},
"pid": 2736,
"type": "call",
"cid": 407
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2736,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 64,
"process_handle": "0xffffffffffffffff",
"base_address": "0x000007feefa9f000"
},
"time": 1573858386.0785,
"tid": 2504,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE"
}
},
"pid": 2736,
"type": "call",
"cid": 409
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2736,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 64,
"process_handle": "0xffffffffffffffff",
"base_address": "0x000007feefa9f000"
},
"time": 1573858386.0785,
"tid": 2504,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE"
}
},
"pid": 2736,
"type": "call",
"cid": 411
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2736,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 64,
"process_handle": "0xffffffffffffffff",
"base_address": "0x000007feefaa0000"
},
"time": 1573858386.0785,
"tid": 2504,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE"
}
},
"pid": 2736,
"type": "call",
"cid": 413
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2736,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 64,
"process_handle": "0xffffffffffffffff",
"base_address": "0x000007feefaa0000"
},
"time": 1573858386.0785,
"tid": 2504,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE"
}
},
"pid": 2736,
"type": "call",
"cid": 415
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2736,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 64,
"process_handle": "0xffffffffffffffff",
"base_address": "0x000007feefaa0000"
},
"time": 1573858386.0785,
"tid": 2504,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE"
}
},
"pid": 2736,
"type": "call",
"cid": 417
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2736,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 64,
"process_handle": "0xffffffffffffffff",
"base_address": "0x000007feefaa0000"
},
"time": 1573858386.0785,
"tid": 2504,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE"
}
},
"pid": 2736,
"type": "call",
"cid": 419
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2736,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 64,
"process_handle": "0xffffffffffffffff",
"base_address": "0x000007feefaa0000"
},
"time": 1573858386.0785,
"tid": 2504,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE"
}
},
"pid": 2736,
"type": "call",
"cid": 421
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2736,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 64,
"process_handle": "0xffffffffffffffff",
"base_address": "0x000007feefaa1000"
},
"time": 1573858386.0785,
"tid": 2504,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE"
}
},
"pid": 2736,
"type": "call",
"cid": 423
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2736,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 64,
"process_handle": "0xffffffffffffffff",
"base_address": "0x000007feefaa1000"
},
"time": 1573858386.0785,
"tid": 2504,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE"
}
},
"pid": 2736,
"type": "call",
"cid": 425
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2736,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 64,
"process_handle": "0xffffffffffffffff",
"base_address": "0x000007feefaa1000"
},
"time": 1573858386.0785,
"tid": 2504,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE"
}
},
"pid": 2736,
"type": "call",
"cid": 427
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2736,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 64,
"process_handle": "0xffffffffffffffff",
"base_address": "0x000007feefaa1000"
},
"time": 1573858386.0785,
"tid": 2504,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE"
}
},
"pid": 2736,
"type": "call",
"cid": 429
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2736,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 64,
"process_handle": "0xffffffffffffffff",
"base_address": "0x000007feefa9e000"
},
"time": 1573858386.0785,
"tid": 2504,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE"
}
},
"pid": 2736,
"type": "call",
"cid": 431
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtAllocateVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2736,
"region_size": 4096,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 1,
"protection": 64,
"process_handle": "0xffffffffffffffff",
"allocation_type": 4096,
"base_address": "0x000007ff00032000"
},
"time": 1573858386.3595,
"tid": 2504,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE",
"allocation_type": "MEM_COMMIT"
}
},
"pid": 2736,
"type": "call",
"cid": 560
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtAllocateVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2736,
"region_size": 589824,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"protection": 64,
"process_handle": "0xffffffffffffffff",
"allocation_type": 1056768,
"base_address": "0x000007fffff10000"
},
"time": 1573858406.1875,
"tid": 2504,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE",
"allocation_type": "MEM_RESERVE|MEM_TOP_DOWN"
}
},
"pid": 2736,
"type": "call",
"cid": 5154
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtAllocateVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2736,
"region_size": 4096,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 1,
"protection": 64,
"process_handle": "0xffffffffffffffff",
"allocation_type": 4096,
"base_address": "0x000007fffff10000"
},
"time": 1573858406.1875,
"tid": 2504,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE",
"allocation_type": "MEM_COMMIT"
}
},
"pid": 2736,
"type": "call",
"cid": 5155
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtAllocateVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2736,
"region_size": 4096,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 1,
"protection": 64,
"process_handle": "0xffffffffffffffff",
"allocation_type": 4096,
"base_address": "0x000007fffff10000"
},
"time": 1573858406.2035,
"tid": 2504,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE",
"allocation_type": "MEM_COMMIT"
}
},
"pid": 2736,
"type": "call",
"cid": 5156
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtAllocateVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2736,
"region_size": 65536,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"protection": 64,
"process_handle": "0xffffffffffffffff",
"allocation_type": 1056768,
"base_address": "0x000007fffff00000"
},
"time": 1573858406.2035,
"tid": 2504,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE",
"allocation_type": "MEM_RESERVE|MEM_TOP_DOWN"
}
},
"pid": 2736,
"type": "call",
"cid": 5157
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtAllocateVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2736,
"region_size": 4096,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 1,
"protection": 64,
"process_handle": "0xffffffffffffffff",
"allocation_type": 4096,
"base_address": "0x000007fffff00000"
},
"time": 1573858406.2035,
"tid": 2504,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE",
"allocation_type": "MEM_COMMIT"
}
},
"pid": 2736,
"type": "call",
"cid": 5158
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtAllocateVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2736,
"region_size": 4096,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 1,
"protection": 64,
"process_handle": "0xffffffffffffffff",
"allocation_type": 4096,
"base_address": "0x000007ff000ea000"
},
"time": 1573858406.2035,
"tid": 2504,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE",
"allocation_type": "MEM_COMMIT"
}
},
"pid": 2736,
"type": "call",
"cid": 5159
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtAllocateVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2736,
"region_size": 4096,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 1,
"protection": 64,
"process_handle": "0xffffffffffffffff",
"allocation_type": 4096,
"base_address": "0x000007ff00022000"
},
"time": 1573858406.2035,
"tid": 2504,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE",
"allocation_type": "MEM_COMMIT"
}
},
"pid": 2736,
"type": "call",
"cid": 5160
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtAllocateVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2736,
"region_size": 4096,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 1,
"protection": 64,
"process_handle": "0xffffffffffffffff",
"allocation_type": 4096,
"base_address": "0x000007ff00033000"
},
"time": 1573858406.8445,
"tid": 2504,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE",
"allocation_type": "MEM_COMMIT"
}
},
"pid": 2736,
"type": "call",
"cid": 5992
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtAllocateVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2736,
"region_size": 4096,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 1,
"protection": 64,
"process_handle": "0xffffffffffffffff",
"allocation_type": 4096,
"base_address": "0x000007ff000fa000"
},
"time": 1573858406.8595,
"tid": 2504,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE",
"allocation_type": "MEM_COMMIT"
}
},
"pid": 2736,
"type": "call",
"cid": 6001
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtAllocateVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2736,
"region_size": 4096,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 1,
"protection": 64,
"process_handle": "0xffffffffffffffff",
"allocation_type": 4096,
"base_address": "0x000007ff00122000"
},
"time": 1573858406.8755,
"tid": 2504,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE",
"allocation_type": "MEM_COMMIT"
}
},
"pid": 2736,
"type": "call",
"cid": 6002
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtAllocateVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2736,
"region_size": 4096,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 1,
"protection": 64,
"process_handle": "0xffffffffffffffff",
"allocation_type": 4096,
"base_address": "0x000007ff000fd000"
},
"time": 1573858406.8755,
"tid": 2504,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE",
"allocation_type": "MEM_COMMIT"
}
},
"pid": 2736,
"type": "call",
"cid": 6003
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtAllocateVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2736,
"region_size": 4096,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 1,
"protection": 64,
"process_handle": "0xffffffffffffffff",
"allocation_type": 4096,
"base_address": "0x000007ff0003c000"
},
"time": 1573858406.9065,
"tid": 2504,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE",
"allocation_type": "MEM_COMMIT"
}
},
"pid": 2736,
"type": "call",
"cid": 6044
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtAllocateVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2736,
"region_size": 4096,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 1,
"protection": 64,
"process_handle": "0xffffffffffffffff",
"allocation_type": 4096,
"base_address": "0x000007ff00034000"
},
"time": 1573858407.0475,
"tid": 2504,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE",
"allocation_type": "MEM_COMMIT"
}
},
"pid": 2736,
"type": "call",
"cid": 6162
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtAllocateVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2736,
"region_size": 8192,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 1,
"protection": 64,
"process_handle": "0xffffffffffffffff",
"allocation_type": 4096,
"base_address": "0x000007ff00035000"
},
"time": 1573858407.1725,
"tid": 2504,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE",
"allocation_type": "MEM_COMMIT"
}
},
"pid": 2736,
"type": "call",
"cid": 6283
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtAllocateVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2736,
"region_size": 4096,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 1,
"protection": 64,
"process_handle": "0xffffffffffffffff",
"allocation_type": 4096,
"base_address": "0x000007ff00170000"
},
"time": 1573858407.1875,
"tid": 2504,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE",
"allocation_type": "MEM_COMMIT"
}
},
"pid": 2736,
"type": "call",
"cid": 6290
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtAllocateVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2736,
"region_size": 4096,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 1,
"protection": 64,
"process_handle": "0xffffffffffffffff",
"allocation_type": 4096,
"base_address": "0x000007ff0003a000"
},
"time": 1573858407.2345,
"tid": 2504,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE",
"allocation_type": "MEM_COMMIT"
}
},
"pid": 2736,
"type": "call",
"cid": 6309
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtAllocateVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2736,
"region_size": 4096,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 1,
"protection": 64,
"process_handle": "0xffffffffffffffff",
"allocation_type": 4096,
"base_address": "0x000007ff0004f000"
},
"time": 1573858409.1095,
"tid": 2504,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE",
"allocation_type": "MEM_COMMIT"
}
},
"pid": 2736,
"type": "call",
"cid": 7179
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtAllocateVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2736,
"region_size": 4096,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 1,
"protection": 64,
"process_handle": "0xffffffffffffffff",
"allocation_type": 4096,
"base_address": "0x000007ff00084000"
},
"time": 1573858409.1095,
"tid": 2504,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE",
"allocation_type": "MEM_COMMIT"
}
},
"pid": 2736,
"type": "call",
"cid": 7180
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtAllocateVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2736,
"region_size": 4096,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 1,
"protection": 64,
"process_handle": "0xffffffffffffffff",
"allocation_type": 4096,
"base_address": "0x000007ff00053000"
},
"time": 1573858409.1095,
"tid": 2504,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE",
"allocation_type": "MEM_COMMIT"
}
},
"pid": 2736,
"type": "call",
"cid": 7181
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2804,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 1,
"length": 4096,
"protection": 64,
"process_handle": "0xffffffff",
"base_address": "0x00450000"
},
"time": 1573858409.3285,
"tid": 1224,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE"
}
},
"pid": 2804,
"type": "call",
"cid": 46
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2804,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 64,
"process_handle": "0xffffffff",
"base_address": "0x77bcc000"
},
"time": 1573858409.3285,
"tid": 1224,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE"
}
},
"pid": 2804,
"type": "call",
"cid": 47
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2804,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 1,
"length": 4096,
"protection": 64,
"process_handle": "0xffffffff",
"base_address": "0x00490000"
},
"time": 1573858409.3595,
"tid": 1224,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE"
}
},
"pid": 2804,
"type": "call",
"cid": 139
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2804,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 64,
"process_handle": "0xffffffff",
"base_address": "0x75bc3000"
},
"time": 1573858409.3595,
"tid": 1224,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE"
}
},
"pid": 2804,
"type": "call",
"cid": 140
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2804,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 64,
"process_handle": "0xffffffff",
"base_address": "0x75bc8000"
},
"time": 1573858409.7815,
"tid": 1224,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE"
}
},
"pid": 2804,
"type": "call",
"cid": 1488
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2804,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 64,
"process_handle": "0xffffffff",
"base_address": "0x75bc8000"
},
"time": 1573858409.7815,
"tid": 1224,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE"
}
},
"pid": 2804,
"type": "call",
"cid": 1489
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2804,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 64,
"process_handle": "0xffffffff",
"base_address": "0x75bc8000"
},
"time": 1573858409.7815,
"tid": 1224,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE"
}
},
"pid": 2804,
"type": "call",
"cid": 1490
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2804,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 1,
"length": 4096,
"protection": 64,
"process_handle": "0xffffffff",
"base_address": "0x00770000"
},
"time": 1573858409.7815,
"tid": 1224,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE"
}
},
"pid": 2804,
"type": "call",
"cid": 1495
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2804,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 64,
"process_handle": "0xffffffff",
"base_address": "0x75bc8000"
},
"time": 1573858409.7815,
"tid": 1224,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE"
}
},
"pid": 2804,
"type": "call",
"cid": 1496
}
],
"references": [],
"name": "allocates_rwx"
},
{
"markcount": 1,
"families": [],
"description": "Executes one or more WMI queries",
"severity": 2,
"marks": [
{
"category": "wmi",
"ioc": "SELECT * FROM Win32_BIOS",
"type": "ioc",
"description": null
}
],
"references": [],
"name": "has_wmi"
},
{
"markcount": 1,
"families": [],
"description": "Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time)",
"severity": 2,
"marks": [
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2804,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 1,
"length": 4096,
"protection": 32,
"process_handle": "0xffffffff",
"base_address": "0x00450000"
},
"time": 1573858409.3445,
"tid": 1224,
"flags": {
"protection": "PAGE_EXECUTE_READ"
}
},
"pid": 2804,
"type": "call",
"cid": 49
}
],
"references": [],
"name": "protection_rx"
},
{
"markcount": 1,
"families": [],
"description": "Checks adapter addresses which can be used to detect virtual network interfaces",
"severity": 2,
"marks": [
{
"call": {
"category": "network",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741772,
"api": "GetAdaptersAddresses",
"return_value": 111,
"arguments": {
"flags": 15,
"family": 0
},
"time": 1573858388.1255,
"tid": 2820,
"flags": {}
},
"pid": 2736,
"type": "call",
"cid": 3588
}
],
"references": [],
"name": "antivm_network_adapters"
},
{
"markcount": 1,
"families": [],
"description": "Potentially malicious URLs were found in the process memory dump",
"severity": 2,
"marks": [
{
"category": "url",
"ioc": "https:\/\/crash-reports.mozilla.com\/submit?id=",
"type": "ioc",
"description": null
}
],
"references": [],
"name": "memdump_urls"
},
{
"markcount": 2,
"families": [],
"description": "Uses Windows utilities for basic Windows functionality",
"severity": 2,
"marks": [
{
"category": "cmdline",
"ioc": "\"C:\\Program Files (x86)\\Mozilla Firefox\\firefox.exe\" -contentproc --channel=\"2804.0.1621948294\\611156464\" -childID 1 -isForBrowser -boolPrefs 299:0| -stringPrefs 285:38;{30125161-3c7f-4c5a-bdb3-beadc01f5994}| -schedulerPrefs 0001,2 -greomni \"C:\\Program Files (x86)\\Mozilla Firefox\\omni.ja\" -appomni \"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\omni.ja\" -appdir \"C:\\Program Files (x86)\\Mozilla Firefox\\browser\" 2804 \"\\\\.\\pipe\\gecko-crash-server-pipe.2804\" 1468 tab",
"type": "ioc",
"description": null
},
{
"category": "cmdline",
"ioc": "\"C:\\Program Files (x86)\\Mozilla Firefox\\firefox.exe\" -contentproc --channel=\"2804.6.1527108264\\1632374435\" -childID 2 -isForBrowser -boolPrefs 299:0| -stringPrefs 285:38;{30125161-3c7f-4c5a-bdb3-beadc01f5994}| -schedulerPrefs 0001,2 -greomni \"C:\\Program Files (x86)\\Mozilla Firefox\\omni.ja\" -appomni \"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\omni.ja\" -appdir \"C:\\Program Files (x86)\\Mozilla Firefox\\browser\" 2804 \"\\\\.\\pipe\\gecko-crash-server-pipe.2804\" 2664 tab",
"type": "ioc",
"description": null
}
],
"references": [
"http:\/\/blog.jpcert.or.jp\/2016\/01\/windows-commands-abused-by-attackers.html"
],
"name": "uses_windows_utilities"
},
{
"markcount": 1,
"families": [],
"description": "Executes one or more WMI queries which can be used to identify virtual machines",
"severity": 2,
"marks": [
{
"category": "wmi",
"ioc": "SELECT * FROM Win32_BIOS",
"type": "ioc",
"description": null
}
],
"references": [],
"name": "wmi_antivm"
},
{
"markcount": 2,
"families": [],
"description": "Allocates execute permission to another process indicative of possible code injection",
"severity": 3,
"marks": [
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtAllocateVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 3004,
"region_size": 4096,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"protection": 64,
"process_handle": "0x000005d4",
"allocation_type": 4096,
"base_address": "0x00dbf000"
},
"time": 1573858410.8915,
"tid": 1576,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE",
"allocation_type": "MEM_COMMIT"
}
},
"pid": 2804,
"type": "call",
"cid": 8799
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtAllocateVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2384,
"region_size": 4096,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"protection": 64,
"process_handle": "0x00000820",
"allocation_type": 4096,
"base_address": "0x001f8000"
},
"time": 1573858413.8755,
"tid": 1576,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE",
"allocation_type": "MEM_COMMIT"
}
},
"pid": 2804,
"type": "call",
"cid": 20226
}
],
"references": [],
"name": "allocates_execute_remote_process"
},
{
"markcount": 58,
"families": [],
"description": "Manipulates memory of a non-child process indicative of process injection",
"severity": 3,
"marks": [
{
"category": "Process injection",
"ioc": "Process 2804 manipulating memory of non-child process 3004",
"type": "ioc",
"description": null
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtAllocateVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 3004,
"region_size": 131072,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"protection": 1,
"process_handle": "0x000005d4",
"allocation_type": 8192,
"base_address": "0x000b0000"
},
"time": 1573858410.8915,
"tid": 1576,
"flags": {
"protection": "PAGE_NOACCESS",
"allocation_type": "MEM_RESERVE"
}
},
"pid": 2804,
"type": "call",
"cid": 8796
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtAllocateVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 3004,
"region_size": 12189696,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"protection": 1,
"process_handle": "0x000005d4",
"allocation_type": 8192,
"base_address": "0x00210000"
},
"time": 1573858410.8915,
"tid": 1576,
"flags": {
"protection": "PAGE_NOACCESS",
"allocation_type": "MEM_RESERVE"
}
},
"pid": 2804,
"type": "call",
"cid": 8797
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtAllocateVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 3004,
"region_size": 65536,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"protection": 1,
"process_handle": "0x000005d4",
"allocation_type": 8192,
"base_address": "0x00db0000"
},
"time": 1573858410.8915,
"tid": 1576,
"flags": {
"protection": "PAGE_NOACCESS",
"allocation_type": "MEM_RESERVE"
}
},
"pid": 2804,
"type": "call",
"cid": 8798
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtAllocateVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 3004,
"region_size": 4096,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"protection": 64,
"process_handle": "0x000005d4",
"allocation_type": 4096,
"base_address": "0x00dbf000"
},
"time": 1573858410.8915,
"tid": 1576,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE",
"allocation_type": "MEM_COMMIT"
}
},
"pid": 2804,
"type": "call",
"cid": 8799
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 3004,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 8,
"process_handle": "0x000005d4",
"base_address": "0x77bb0000"
},
"time": 1573858410.8915,
"tid": 1576,
"flags": {
"protection": "PAGE_WRITECOPY"
}
},
"pid": 2804,
"type": "call",
"cid": 8804
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 3004,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 32,
"process_handle": "0x000005d4",
"base_address": "0x77bb0000"
},
"time": 1573858410.8915,
"tid": 1576,
"flags": {
"protection": "PAGE_EXECUTE_READ"
}
},
"pid": 2804,
"type": "call",
"cid": 8806
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 3004,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 8,
"process_handle": "0x000005d4",
"base_address": "0x77baf000"
},
"time": 1573858410.8915,
"tid": 1576,
"flags": {
"protection": "PAGE_WRITECOPY"
}
},
"pid": 2804,
"type": "call",
"cid": 8809
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 3004,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 32,
"process_handle": "0x000005d4",
"base_address": "0x77baf000"
},
"time": 1573858410.8915,
"tid": 1576,
"flags": {
"protection": "PAGE_EXECUTE_READ"
}
},
"pid": 2804,
"type": "call",
"cid": 8811
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 3004,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 8,
"process_handle": "0x000005d4",
"base_address": "0x77baf000"
},
"time": 1573858410.8915,
"tid": 1576,
"flags": {
"protection": "PAGE_WRITECOPY"
}
},
"pid": 2804,
"type": "call",
"cid": 8814
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 3004,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 32,
"process_handle": "0x000005d4",
"base_address": "0x77baf000"
},
"time": 1573858410.8915,
"tid": 1576,
"flags": {
"protection": "PAGE_EXECUTE_READ"
}
},
"pid": 2804,
"type": "call",
"cid": 8816
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 3004,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 8,
"process_handle": "0x000005d4",
"base_address": "0x77bb1000"
},
"time": 1573858410.8915,
"tid": 1576,
"flags": {
"protection": "PAGE_WRITECOPY"
}
},
"pid": 2804,
"type": "call",
"cid": 8819
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 3004,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 32,
"process_handle": "0x000005d4",
"base_address": "0x77bb1000"
},
"time": 1573858410.8915,
"tid": 1576,
"flags": {
"protection": "PAGE_EXECUTE_READ"
}
},
"pid": 2804,
"type": "call",
"cid": 8821
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 3004,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 8,
"process_handle": "0x000005d4",
"base_address": "0x77baf000"
},
"time": 1573858410.8915,
"tid": 1576,
"flags": {
"protection": "PAGE_WRITECOPY"
}
},
"pid": 2804,
"type": "call",
"cid": 8824
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 3004,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 32,
"process_handle": "0x000005d4",
"base_address": "0x77baf000"
},
"time": 1573858410.8915,
"tid": 1576,
"flags": {
"protection": "PAGE_EXECUTE_READ"
}
},
"pid": 2804,
"type": "call",
"cid": 8826
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 3004,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 8,
"process_handle": "0x000005d4",
"base_address": "0x77bb1000"
},
"time": 1573858410.8915,
"tid": 1576,
"flags": {
"protection": "PAGE_WRITECOPY"
}
},
"pid": 2804,
"type": "call",
"cid": 8829
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 3004,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 32,
"process_handle": "0x000005d4",
"base_address": "0x77bb1000"
},
"time": 1573858410.8915,
"tid": 1576,
"flags": {
"protection": "PAGE_EXECUTE_READ"
}
},
"pid": 2804,
"type": "call",
"cid": 8831
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 3004,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 8,
"process_handle": "0x000005d4",
"base_address": "0x77baf000"
},
"time": 1573858410.8915,
"tid": 1576,
"flags": {
"protection": "PAGE_WRITECOPY"
}
},
"pid": 2804,
"type": "call",
"cid": 8834
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 3004,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 32,
"process_handle": "0x000005d4",
"base_address": "0x77baf000"
},
"time": 1573858410.8915,
"tid": 1576,
"flags": {
"protection": "PAGE_EXECUTE_READ"
}
},
"pid": 2804,
"type": "call",
"cid": 8836
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 3004,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 8,
"process_handle": "0x000005d4",
"base_address": "0x77bb1000"
},
"time": 1573858410.8915,
"tid": 1576,
"flags": {
"protection": "PAGE_WRITECOPY"
}
},
"pid": 2804,
"type": "call",
"cid": 8839
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 3004,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 32,
"process_handle": "0x000005d4",
"base_address": "0x77bb1000"
},
"time": 1573858410.8915,
"tid": 1576,
"flags": {
"protection": "PAGE_EXECUTE_READ"
}
},
"pid": 2804,
"type": "call",
"cid": 8841
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 3004,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 8,
"process_handle": "0x000005d4",
"base_address": "0x77baf000"
},
"time": 1573858410.8915,
"tid": 1576,
"flags": {
"protection": "PAGE_WRITECOPY"
}
},
"pid": 2804,
"type": "call",
"cid": 8844
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 3004,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 32,
"process_handle": "0x000005d4",
"base_address": "0x77baf000"
},
"time": 1573858410.8915,
"tid": 1576,
"flags": {
"protection": "PAGE_EXECUTE_READ"
}
},
"pid": 2804,
"type": "call",
"cid": 8846
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 3004,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 8,
"process_handle": "0x000005d4",
"base_address": "0x77baf000"
},
"time": 1573858410.8915,
"tid": 1576,
"flags": {
"protection": "PAGE_WRITECOPY"
}
},
"pid": 2804,
"type": "call",
"cid": 8849
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 3004,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 32,
"process_handle": "0x000005d4",
"base_address": "0x77baf000"
},
"time": 1573858410.8915,
"tid": 1576,
"flags": {
"protection": "PAGE_EXECUTE_READ"
}
},
"pid": 2804,
"type": "call",
"cid": 8851
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 3004,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 8,
"process_handle": "0x000005d4",
"base_address": "0x77baf000"
},
"time": 1573858410.8915,
"tid": 1576,
"flags": {
"protection": "PAGE_WRITECOPY"
}
},
"pid": 2804,
"type": "call",
"cid": 8854
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 3004,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 32,
"process_handle": "0x000005d4",
"base_address": "0x77baf000"
},
"time": 1573858410.8915,
"tid": 1576,
"flags": {
"protection": "PAGE_EXECUTE_READ"
}
},
"pid": 2804,
"type": "call",
"cid": 8856
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 3004,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 8,
"process_handle": "0x000005d4",
"base_address": "0x77baf000"
},
"time": 1573858410.8915,
"tid": 1576,
"flags": {
"protection": "PAGE_WRITECOPY"
}
},
"pid": 2804,
"type": "call",
"cid": 8859
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 3004,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 32,
"process_handle": "0x000005d4",
"base_address": "0x77baf000"
},
"time": 1573858410.8915,
"tid": 1576,
"flags": {
"protection": "PAGE_EXECUTE_READ"
}
},
"pid": 2804,
"type": "call",
"cid": 8861
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 3004,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 32,
"process_handle": "0x000005d4",
"base_address": "0x00dbf000"
},
"time": 1573858410.8915,
"tid": 1576,
"flags": {
"protection": "PAGE_EXECUTE_READ"
}
},
"pid": 2804,
"type": "call",
"cid": 8864
},
{
"category": "Process injection",
"ioc": "Process 2804 manipulating memory of non-child process 2384",
"type": "ioc",
"description": null
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtAllocateVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2384,
"region_size": 65536,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"protection": 1,
"process_handle": "0x00000820",
"allocation_type": 8192,
"base_address": "0x001f0000"
},
"time": 1573858413.8755,
"tid": 1576,
"flags": {
"protection": "PAGE_NOACCESS",
"allocation_type": "MEM_RESERVE"
}
},
"pid": 2804,
"type": "call",
"cid": 20225
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtAllocateVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2384,
"region_size": 4096,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"protection": 64,
"process_handle": "0x00000820",
"allocation_type": 4096,
"base_address": "0x001f8000"
},
"time": 1573858413.8755,
"tid": 1576,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE",
"allocation_type": "MEM_COMMIT"
}
},
"pid": 2804,
"type": "call",
"cid": 20226
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2384,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 8,
"process_handle": "0x00000820",
"base_address": "0x77bb0000"
},
"time": 1573858413.8755,
"tid": 1576,
"flags": {
"protection": "PAGE_WRITECOPY"
}
},
"pid": 2804,
"type": "call",
"cid": 20231
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2384,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 32,
"process_handle": "0x00000820",
"base_address": "0x77bb0000"
},
"time": 1573858413.8755,
"tid": 1576,
"flags": {
"protection": "PAGE_EXECUTE_READ"
}
},
"pid": 2804,
"type": "call",
"cid": 20233
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2384,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 8,
"process_handle": "0x00000820",
"base_address": "0x77baf000"
},
"time": 1573858413.8755,
"tid": 1576,
"flags": {
"protection": "PAGE_WRITECOPY"
}
},
"pid": 2804,
"type": "call",
"cid": 20236
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2384,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 32,
"process_handle": "0x00000820",
"base_address": "0x77baf000"
},
"time": 1573858413.8755,
"tid": 1576,
"flags": {
"protection": "PAGE_EXECUTE_READ"
}
},
"pid": 2804,
"type": "call",
"cid": 20238
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2384,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 8,
"process_handle": "0x00000820",
"base_address": "0x77baf000"
},
"time": 1573858413.8755,
"tid": 1576,
"flags": {
"protection": "PAGE_WRITECOPY"
}
},
"pid": 2804,
"type": "call",
"cid": 20241
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2384,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 32,
"process_handle": "0x00000820",
"base_address": "0x77baf000"
},
"time": 1573858413.8755,
"tid": 1576,
"flags": {
"protection": "PAGE_EXECUTE_READ"
}
},
"pid": 2804,
"type": "call",
"cid": 20243
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2384,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 8,
"process_handle": "0x00000820",
"base_address": "0x77bb1000"
},
"time": 1573858413.8755,
"tid": 1576,
"flags": {
"protection": "PAGE_WRITECOPY"
}
},
"pid": 2804,
"type": "call",
"cid": 20246
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2384,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 32,
"process_handle": "0x00000820",
"base_address": "0x77bb1000"
},
"time": 1573858413.8755,
"tid": 1576,
"flags": {
"protection": "PAGE_EXECUTE_READ"
}
},
"pid": 2804,
"type": "call",
"cid": 20248
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2384,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 8,
"process_handle": "0x00000820",
"base_address": "0x77baf000"
},
"time": 1573858413.8755,
"tid": 1576,
"flags": {
"protection": "PAGE_WRITECOPY"
}
},
"pid": 2804,
"type": "call",
"cid": 20251
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2384,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 32,
"process_handle": "0x00000820",
"base_address": "0x77baf000"
},
"time": 1573858413.8755,
"tid": 1576,
"flags": {
"protection": "PAGE_EXECUTE_READ"
}
},
"pid": 2804,
"type": "call",
"cid": 20253
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2384,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 8,
"process_handle": "0x00000820",
"base_address": "0x77bb1000"
},
"time": 1573858413.8755,
"tid": 1576,
"flags": {
"protection": "PAGE_WRITECOPY"
}
},
"pid": 2804,
"type": "call",
"cid": 20256
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2384,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 32,
"process_handle": "0x00000820",
"base_address": "0x77bb1000"
},
"time": 1573858413.8755,
"tid": 1576,
"flags": {
"protection": "PAGE_EXECUTE_READ"
}
},
"pid": 2804,
"type": "call",
"cid": 20258
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2384,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 8,
"process_handle": "0x00000820",
"base_address": "0x77baf000"
},
"time": 1573858413.8755,
"tid": 1576,
"flags": {
"protection": "PAGE_WRITECOPY"
}
},
"pid": 2804,
"type": "call",
"cid": 20261
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2384,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 32,
"process_handle": "0x00000820",
"base_address": "0x77baf000"
},
"time": 1573858413.8755,
"tid": 1576,
"flags": {
"protection": "PAGE_EXECUTE_READ"
}
},
"pid": 2804,
"type": "call",
"cid": 20263
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2384,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 8,
"process_handle": "0x00000820",
"base_address": "0x77bb1000"
},
"time": 1573858413.8755,
"tid": 1576,
"flags": {
"protection": "PAGE_WRITECOPY"
}
},
"pid": 2804,
"type": "call",
"cid": 20266
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2384,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 32,
"process_handle": "0x00000820",
"base_address": "0x77bb1000"
},
"time": 1573858413.8755,
"tid": 1576,
"flags": {
"protection": "PAGE_EXECUTE_READ"
}
},
"pid": 2804,
"type": "call",
"cid": 20268
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2384,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 8,
"process_handle": "0x00000820",
"base_address": "0x77baf000"
},
"time": 1573858413.8755,
"tid": 1576,
"flags": {
"protection": "PAGE_WRITECOPY"
}
},
"pid": 2804,
"type": "call",
"cid": 20271
}
],
"references": [
"www.endgame.com\/blog\/technical-blog\/ten-process-injection-techniques-technical-survey-common-and-trending-process"
],
"name": "injection_modifies_memory"
},
{
"markcount": 68,
"families": [],
"description": "Potential code injection by writing to the memory of another process",
"severity": 3,
"marks": [
{
"category": "Process injection",
"ioc": "Process 2804 injected into non-child 3004",
"type": "ioc",
"description": null
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "WriteProcessMemory",
"return_value": 1,
"arguments": {
"process_identifier": 3004,
"buffer": "\u00b8R\u0000\u0000\u00003\u00c9\u008dT$\u0004d\u00ff\u0015\u00c0\u0000\u0000\u0000\u0083\u00c4\u0004\u00c2,\u0000\u0083\u00ec\bR\u008bT$\f\u0089T$\b\u00c7D$\f\u0010\u00f8\u00db\u0000\u00c7D$\u0004\u00f0\u0013\"\u0001Z\u00c3",
"process_handle": "0x000005d4",
"base_address": "0x00dbf810"
},
"time": 1573858410.8915,
"tid": 1576,
"flags": {}
},
"pid": 2804,
"type": "call",
"cid": 8803
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "WriteProcessMemory",
"return_value": 1,
"arguments": {
"process_identifier": 3004,
"buffer": "\u00b8R\u0000\u0000\u0000\u00ba(\u00f8\u00db\u0000\u00ff\u00e2",
"process_handle": "0x000005d4",
"base_address": "0x77bb00a4"
},
"time": 1573858410.8915,
"tid": 1576,
"flags": {}
},
"pid": 2804,
"type": "call",
"cid": 8805
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "WriteProcessMemory",
"return_value": 1,
"arguments": {
"process_identifier": 3004,
"buffer": "\u00b80\u0000\u0000\u00003\u00c9\u008dT$\u0004d\u00ff\u0015\u00c0\u0000\u0000\u0000\u0083\u00c4\u0004\u00c2\u0018\u0000\u0083\u00ec\bR\u008bT$\f\u0089T$\b\u00c7D$\fP\u00f8\u00db\u0000\u00c7D$\u0004\u00c0\u0015\"\u0001Z\u00c3",
"process_handle": "0x000005d4",
"base_address": "0x00dbf850"
},
"time": 1573858410.8915,
"tid": 1576,
"flags": {}
},
"pid": 2804,
"type": "call",
"cid": 8808
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "WriteProcessMemory",
"return_value": 1,
"arguments": {
"process_identifier": 3004,
"buffer": "\u00b80\u0000\u0000\u0000\u00bah\u00f8\u00db\u0000\u00ff\u00e2",
"process_handle": "0x000005d4",
"base_address": "0x77bafd54"
},
"time": 1573858410.8915,
"tid": 1576,
"flags": {}
},
"pid": 2804,
"type": "call",
"cid": 8810
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "WriteProcessMemory",
"return_value": 1,
"arguments": {
"process_identifier": 3004,
"buffer": "\u00b8:\u0000\u0000\u00003\u00c9\u008dT$\u0004d\u00ff\u0015\u00c0\u0000\u0000\u0000\u0083\u00c4\u0004\u00c2\b\u0000\u0083\u00ec\bR\u008bT$\f\u0089T$\b\u00c7D$\f\u0090\u00f8\u00db\u0000\u00c7D$\u0004p\u0017\"\u0001Z\u00c3",
"process_handle": "0x000005d4",
"base_address": "0x00dbf890"
},
"time": 1573858410.8915,
"tid": 1576,
"flags": {}
},
"pid": 2804,
"type": "call",
"cid": 8813
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "WriteProcessMemory",
"return_value": 1,
"arguments": {
"process_identifier": 3004,
"buffer": "\u00b8:\u0000\u0000\u0000\u00ba\u00a8\u00f8\u00db\u0000\u00ff\u00e2",
"process_handle": "0x000005d4",
"base_address": "0x77bafe4c"
},
"time": 1573858410.8915,
"tid": 1576,
"flags": {}
},
"pid": 2804,
"type": "call",
"cid": 8815
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "WriteProcessMemory",
"return_value": 1,
"arguments": {
"process_identifier": 3004,
"buffer": "\u00b8\u0013\u0001\u0000\u00003\u00c9\u008dT$\u0004d\u00ff\u0015\u00c0\u0000\u0000\u0000\u0083\u00c4\u0004\u00c2\b\u0000\u0083\u00ec\bR\u008bT$\f\u0089T$\b\u00c7D$\f\u00d0\u00f8\u00db\u0000\u00c7D$\u0004\u00c0\u0018\"\u0001Z\u00c3",
"process_handle": "0x000005d4",
"base_address": "0x00dbf8d0"
},
"time": 1573858410.8915,
"tid": 1576,
"flags": {}
},
"pid": 2804,
"type": "call",
"cid": 8818
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "WriteProcessMemory",
"return_value": 1,
"arguments": {
"process_identifier": 3004,
"buffer": "\u00b8\u0013\u0001\u0000\u0000\u00ba\u00e8\u00f8\u00db\u0000\u00ff\u00e2",
"process_handle": "0x000005d4",
"base_address": "0x77bb132c"
},
"time": 1573858410.8915,
"tid": 1576,
"flags": {}
},
"pid": 2804,
"type": "call",
"cid": 8820
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "WriteProcessMemory",
"return_value": 1,
"arguments": {
"process_identifier": 3004,
"buffer": "\u00b8$\u0000\u0000\u00003\u00c9\u008dT$\u0004d\u00ff\u0015\u00c0\u0000\u0000\u0000\u0083\u00c4\u0004\u00c2\u0014\u0000\u0083\u00ec\bR\u008bT$\f\u0089T$\b\u00c7D$\f\u0010\u00f9\u00db\u0000\u00c7D$\u0004\u0010\u001a\"\u0001Z\u00c3",
"process_handle": "0x000005d4",
"base_address": "0x00dbf910"
},
"time": 1573858410.8915,
"tid": 1576,
"flags": {}
},
"pid": 2804,
"type": "call",
"cid": 8823
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "WriteProcessMemory",
"return_value": 1,
"arguments": {
"process_identifier": 3004,
"buffer": "\u00b8$\u0000\u0000\u0000\u00ba(\u00f9\u00db\u0000\u00ff\u00e2",
"process_handle": "0x000005d4",
"base_address": "0x77bafc28"
},
"time": 1573858410.8915,
"tid": 1576,
"flags": {}
},
"pid": 2804,
"type": "call",
"cid": 8825
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "WriteProcessMemory",
"return_value": 1,
"arguments": {
"process_identifier": 3004,
"buffer": "\u00b8\u00fe\u0000\u0000\u00003\u00c9\u008dT$\u0004d\u00ff\u0015\u00c0\u0000\u0000\u0000\u0083\u00c4\u0004\u00c2\u0010\u0000\u0083\u00ec\bR\u008bT$\f\u0089T$\b\u00c7D$\fP\u00f9\u00db\u0000\u00c7D$\u0004p\u00c8\"\u0001Z\u00c3",
"process_handle": "0x000005d4",
"base_address": "0x00dbf950"
},
"time": 1573858410.8915,
"tid": 1576,
"flags": {}
},
"pid": 2804,
"type": "call",
"cid": 8828
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "WriteProcessMemory",
"return_value": 1,
"arguments": {
"process_identifier": 3004,
"buffer": "\u00b8\u00fe\u0000\u0000\u0000\u00bah\u00f9\u00db\u0000\u00ff\u00e2",
"process_handle": "0x000005d4",
"base_address": "0x77bb1128"
},
"time": 1573858410.8915,
"tid": 1576,
"flags": {}
},
"pid": 2804,
"type": "call",
"cid": 8830
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "WriteProcessMemory",
"return_value": 1,
"arguments": {
"process_identifier": 3004,
"buffer": "\u00b8#\u0000\u0000\u00003\u00c9\u008dT$\u0004d\u00ff\u0015\u00c0\u0000\u0000\u0000\u0083\u00c4\u0004\u00c2\u0010\u0000\u0083\u00ec\bR\u008bT$\f\u0089T$\b\u00c7D$\f\u0090\u00f9\u00db\u0000\u00c7D$\u0004 \u00c5\"\u0001Z\u00c3",
"process_handle": "0x000005d4",
"base_address": "0x00dbf990"
},
"time": 1573858410.8915,
"tid": 1576,
"flags": {}
},
"pid": 2804,
"type": "call",
"cid": 8833
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "WriteProcessMemory",
"return_value": 1,
"arguments": {
"process_identifier": 3004,
"buffer": "\u00b8#\u0000\u0000\u0000\u00ba\u00a8\u00f9\u00db\u0000\u00ff\u00e2",
"process_handle": "0x000005d4",
"base_address": "0x77bafc10"
},
"time": 1573858410.8915,
"tid": 1576,
"flags": {}
},
"pid": 2804,
"type": "call",
"cid": 8835
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "WriteProcessMemory",
"return_value": 1,
"arguments": {
"process_identifier": 3004,
"buffer": "\u00b8\u00f9\u0000\u0000\u00003\u00c9\u008dT$\u0004d\u00ff\u0015\u00c0\u0000\u0000\u0000\u0083\u00c4\u0004\u00c2\f\u0000\u0083\u00ec\bR\u008bT$\f\u0089T$\b\u00c7D$\f\u00d0\u00f9\u00db\u0000\u00c7D$\u0004`\u00c6\"\u0001Z\u00c3",
"process_handle": "0x000005d4",
"base_address": "0x00dbf9d0"
},
"time": 1573858410.8915,
"tid": 1576,
"flags": {}
},
"pid": 2804,
"type": "call",
"cid": 8838
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "WriteProcessMemory",
"return_value": 1,
"arguments": {
"process_identifier": 3004,
"buffer": "\u00b8\u00f9\u0000\u0000\u0000\u00ba\u00e8\u00f9\u00db\u0000\u00ff\u00e2",
"process_handle": "0x000005d4",
"base_address": "0x77bb10b0"
},
"time": 1573858410.8915,
"tid": 1576,
"flags": {}
},
"pid": 2804,
"type": "call",
"cid": 8840
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "WriteProcessMemory",
"return_value": 1,
"arguments": {
"process_identifier": 3004,
"buffer": "\u00b8\n\u0000\u0000\u00003\u00c9\u008dT$\u0004d\u00ff\u0015\u00c0\u0000\u0000\u0000\u0083\u00c4\u0004\u00c2\u0010\u0000\u0083\u00ec\bR\u008bT$\f\u0089T$\b\u00c7D$\f\u0010\u00fa\u00db\u0000\u00c7D$\u0004\u00c0}\"\u0001Z\u00c3",
"process_handle": "0x000005d4",
"base_address": "0x00dbfa10"
},
"time": 1573858410.8915,
"tid": 1576,
"flags": {}
},
"pid": 2804,
"type": "call",
"cid": 8843
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "WriteProcessMemory",
"return_value": 1,
"arguments": {
"process_identifier": 3004,
"buffer": "\u00b8\n\u0000\u0000\u0000\u00ba(\u00fa\u00db\u0000\u00ff\u00e2",
"process_handle": "0x000005d4",
"base_address": "0x77baf99c"
},
"time": 1573858410.8915,
"tid": 1576,
"flags": {}
},
"pid": 2804,
"type": "call",
"cid": 8845
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "WriteProcessMemory",
"return_value": 1,
"arguments": {
"process_identifier": 3004,
"buffer": "\u00b8!\u0000\u0000\u00003\u00c9\u008dT$\u0004d\u00ff\u0015\u00c0\u0000\u0000\u0000\u0083\u00c4\u0004\u00c2\u0010\u0000\u0083\u00ec\bR\u008bT$\f\u0089T$\b\u00c7D$\fP\u00fa\u00db\u0000\u00c7D$\u0004@}\"\u0001Z\u00c3",
"process_handle": "0x000005d4",
"base_address": "0x00dbfa50"
},
"time": 1573858410.8915,
"tid": 1576,
"flags": {}
},
"pid": 2804,
"type": "call",
"cid": 8848
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "WriteProcessMemory",
"return_value": 1,
"arguments": {
"process_identifier": 3004,
"buffer": "\u00b8!\u0000\u0000\u0000\u00bah\u00fa\u00db\u0000\u00ff\u00e2",
"process_handle": "0x000005d4",
"base_address": "0x77bafbe0"
},
"time": 1573858410.8915,
"tid": 1576,
"flags": {}
},
"pid": 2804,
"type": "call",
"cid": 8850
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "WriteProcessMemory",
"return_value": 1,
"arguments": {
"process_identifier": 3004,
"buffer": "\u00b8-\u0000\u0000\u00003\u00c9\u008dT$\u0004d\u00ff\u0015\u00c0\u0000\u0000\u0000\u0083\u00c4\u0004\u00c2\u0010\u0000\u0083\u00ec\bR\u008bT$\f\u0089T$\b\u00c7D$\f\u0090\u00fa\u00db\u0000\u00c7D$\u0004`\u00c7\"\u0001Z\u00c3",
"process_handle": "0x000005d4",
"base_address": "0x00dbfa90"
},
"time": 1573858410.8915,
"tid": 1576,
"flags": {}
},
"pid": 2804,
"type": "call",
"cid": 8853
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "WriteProcessMemory",
"return_value": 1,
"arguments": {
"process_identifier": 3004,
"buffer": "\u00b8-\u0000\u0000\u0000\u00ba\u00a8\u00fa\u00db\u0000\u00ff\u00e2",
"process_handle": "0x000005d4",
"base_address": "0x77bafd08"
},
"time": 1573858410.8915,
"tid": 1576,
"flags": {}
},
"pid": 2804,
"type": "call",
"cid": 8855
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "WriteProcessMemory",
"return_value": 1,
"arguments": {
"process_identifier": 3004,
"buffer": "\u00b8,\u0000\u0000\u00003\u00c9\u008dT$\u0004d\u00ff\u0015\u00c0\u0000\u0000\u0000\u0083\u00c4\u0004\u00c2\u0014\u0000\u0083\u00ec\bR\u008bT$\f\u0089T$\b\u00c7D$\f\u00d0\u00fa\u00db\u0000\u00c7D$\u0004\u0080}\"\u0001Z\u00c3",
"process_handle": "0x000005d4",
"base_address": "0x00dbfad0"
},
"time": 1573858410.8915,
"tid": 1576,
"flags": {}
},
"pid": 2804,
"type": "call",
"cid": 8858
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "WriteProcessMemory",
"return_value": 1,
"arguments": {
"process_identifier": 3004,
"buffer": "\u00b8,\u0000\u0000\u0000\u00ba\u00e8\u00fa\u00db\u0000\u00ff\u00e2",
"process_handle": "0x000005d4",
"base_address": "0x77bafcf0"
},
"time": 1573858410.8915,
"tid": 1576,
"flags": {}
},
"pid": 2804,
"type": "call",
"cid": 8860
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "WriteProcessMemory",
"return_value": 1,
"arguments": {
"process_identifier": 3004,
"buffer": "P\u0003\u0000\u0000\u0010\u0003\u0000\u0000x\u00c2{\u0012\f\u0000\u0000\u0000",
"process_handle": "0x000005d4",
"base_address": "0x00dbf800"
},
"time": 1573858410.8915,
"tid": 1576,
"flags": {}
},
"pid": 2804,
"type": "call",
"cid": 8863
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "WriteProcessMemory",
"return_value": 1,
"arguments": {
"process_identifier": 3004,
"buffer": "\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0010\u00fa\u00db\u0000P\u00fa\u00db\u0000\u00d0\u00fa\u00db\u0000P\u00f9\u00db\u0000\u0090\u00f9\u00db\u0000\u00d0\u00f9\u00db\u0000\u0090\u00fa\u00db\u0000\u0010\u00f8\u00db\u0000P\u00f8\u00db\u0000\u0090\u00f8\u00db\u0000\u00d0\u00f8\u00db\u0000\u0010\u00f9\u00db\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000",
"process_handle": "0x000005d4",
"base_address": "0x0123cc90"
},
"time": 1573858410.8915,
"tid": 1576,
"flags": {}
},
"pid": 2804,
"type": "call",
"cid": 8868
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "WriteProcessMemory",
"return_value": 1,
"arguments": {
"process_identifier": 3004,
"buffer": "\u0000\u0000\u0000\u0000",
"process_handle": "0x000005d4",
"base_address": "0x0123cd34"
},
"time": 1573858410.8915,
"tid": 1576,
"flags": {}
},
"pid": 2804,
"type": "call",
"cid": 8872
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "WriteProcessMemory",
"return_value": 1,
"arguments": {
"process_identifier": 3004,
"buffer": "\u00b0\u00fa\u00baw\u00d0\u00f9\u00baw4\u00fe\u00bawH\u00fb\u00baw@\u00fc\u00baw(\u0000\u00bbw\u00c8\u00fa\u00baw\u00e8\u00f9\u00baw@\u0000\u00bbw\u00c8\u00fb\u00bawp\u00fc\u00baw&\u00e0\u00bbw\u00b5\u00e6\u00bbw\u00b7\u0084\u00bcwI\u0002\u00bdw\u00d1\u00e5\u00c3w\u008e\u009d\u00bdw\u0085\u00df\u00bbw|\u00c2\u00bew\u00e0\u00c4\u00c0w\u00f1V\u00c6w@#\u00bbw",
"process_handle": "0x000005d4",
"base_address": "0x0123cd80"
},
"time": 1573858410.8915,
"tid": 1576,
"flags": {}
},
"pid": 2804,
"type": "call",
"cid": 8877
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "WriteProcessMemory",
"return_value": 1,
"arguments": {
"process_identifier": 3004,
"buffer": "\u0004\u0000\u0000\u0000",
"process_handle": "0x000005d4",
"base_address": "0x0123c33c"
},
"time": 1573858410.8915,
"tid": 1576,
"flags": {}
},
"pid": 2804,
"type": "call",
"cid": 8885
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "WriteProcessMemory",
"return_value": 1,
"arguments": {
"process_identifier": 3004,
"buffer": "\u0000 \u0000\u0000",
"process_handle": "0x000005d4",
"base_address": "0x0123cde8"
},
"time": 1573858410.8915,
"tid": 1576,
"flags": {}
},
"pid": 2804,
"type": "call",
"cid": 8889
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "WriteProcessMemory",
"return_value": 1,
"arguments": {
"process_identifier": 3004,
"buffer": "\u0000\u00e0\u0000\u0000",
"process_handle": "0x000005d4",
"base_address": "0x0123cdd8"
},
"time": 1573858410.8915,
"tid": 1576,
"flags": {}
},
"pid": 2804,
"type": "call",
"cid": 8893
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "WriteProcessMemory",
"return_value": 1,
"arguments": {
"process_identifier": 3004,
"buffer": "\u0004\u0000\u0000\u0000",
"process_handle": "0x000005d4",
"base_address": "0x0123b078"
},
"time": 1573858410.8915,
"tid": 1576,
"flags": {}
},
"pid": 2804,
"type": "call",
"cid": 8914
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "WriteProcessMemory",
"return_value": 1,
"arguments": {
"process_identifier": 3004,
"buffer": "`\u0003\u0000\u0000\u0000\u0000\u0000\u0000",
"process_handle": "0x000005d4",
"base_address": "0x0123ce10"
},
"time": 1573858410.8915,
"tid": 1576,
"flags": {}
},
"pid": 2804,
"type": "call",
"cid": 8918
},
{
"category": "Process injection",
"ioc": "Process 2804 injected into non-child 2384",
"type": "ioc",
"description": null
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "WriteProcessMemory",
"return_value": 1,
"arguments": {
"process_identifier": 2384,
"buffer": "\u00b8R\u0000\u0000\u00003\u00c9\u008dT$\u0004d\u00ff\u0015\u00c0\u0000\u0000\u0000\u0083\u00c4\u0004\u00c2,\u0000\u0083\u00ec\bR\u008bT$\f\u0089T$\b\u00c7D$\f\u0010\u0084\u001f\u0000\u00c7D$\u0004\u00f0\u0013\"\u0001Z\u00c3",
"process_handle": "0x00000820",
"base_address": "0x001f8410"
},
"time": 1573858413.8755,
"tid": 1576,
"flags": {}
},
"pid": 2804,
"type": "call",
"cid": 20230
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "WriteProcessMemory",
"return_value": 1,
"arguments": {
"process_identifier": 2384,
"buffer": "\u00b8R\u0000\u0000\u0000\u00ba(\u0084\u001f\u0000\u00ff\u00e2",
"process_handle": "0x00000820",
"base_address": "0x77bb00a4"
},
"time": 1573858413.8755,
"tid": 1576,
"flags": {}
},
"pid": 2804,
"type": "call",
"cid": 20232
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "WriteProcessMemory",
"return_value": 1,
"arguments": {
"process_identifier": 2384,
"buffer": "\u00b80\u0000\u0000\u00003\u00c9\u008dT$\u0004d\u00ff\u0015\u00c0\u0000\u0000\u0000\u0083\u00c4\u0004\u00c2\u0018\u0000\u0083\u00ec\bR\u008bT$\f\u0089T$\b\u00c7D$\fP\u0084\u001f\u0000\u00c7D$\u0004\u00c0\u0015\"\u0001Z\u00c3",
"process_handle": "0x00000820",
"base_address": "0x001f8450"
},
"time": 1573858413.8755,
"tid": 1576,
"flags": {}
},
"pid": 2804,
"type": "call",
"cid": 20235
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "WriteProcessMemory",
"return_value": 1,
"arguments": {
"process_identifier": 2384,
"buffer": "\u00b80\u0000\u0000\u0000\u00bah\u0084\u001f\u0000\u00ff\u00e2",
"process_handle": "0x00000820",
"base_address": "0x77bafd54"
},
"time": 1573858413.8755,
"tid": 1576,
"flags": {}
},
"pid": 2804,
"type": "call",
"cid": 20237
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "WriteProcessMemory",
"return_value": 1,
"arguments": {
"process_identifier": 2384,
"buffer": "\u00b8:\u0000\u0000\u00003\u00c9\u008dT$\u0004d\u00ff\u0015\u00c0\u0000\u0000\u0000\u0083\u00c4\u0004\u00c2\b\u0000\u0083\u00ec\bR\u008bT$\f\u0089T$\b\u00c7D$\f\u0090\u0084\u001f\u0000\u00c7D$\u0004p\u0017\"\u0001Z\u00c3",
"process_handle": "0x00000820",
"base_address": "0x001f8490"
},
"time": 1573858413.8755,
"tid": 1576,
"flags": {}
},
"pid": 2804,
"type": "call",
"cid": 20240
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "WriteProcessMemory",
"return_value": 1,
"arguments": {
"process_identifier": 2384,
"buffer": "\u00b8:\u0000\u0000\u0000\u00ba\u00a8\u0084\u001f\u0000\u00ff\u00e2",
"process_handle": "0x00000820",
"base_address": "0x77bafe4c"
},
"time": 1573858413.8755,
"tid": 1576,
"flags": {}
},
"pid": 2804,
"type": "call",
"cid": 20242
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "WriteProcessMemory",
"return_value": 1,
"arguments": {
"process_identifier": 2384,
"buffer": "\u00b8\u0013\u0001\u0000\u00003\u00c9\u008dT$\u0004d\u00ff\u0015\u00c0\u0000\u0000\u0000\u0083\u00c4\u0004\u00c2\b\u0000\u0083\u00ec\bR\u008bT$\f\u0089T$\b\u00c7D$\f\u00d0\u0084\u001f\u0000\u00c7D$\u0004\u00c0\u0018\"\u0001Z\u00c3",
"process_handle": "0x00000820",
"base_address": "0x001f84d0"
},
"time": 1573858413.8755,
"tid": 1576,
"flags": {}
},
"pid": 2804,
"type": "call",
"cid": 20245
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "WriteProcessMemory",
"return_value": 1,
"arguments": {
"process_identifier": 2384,
"buffer": "\u00b8\u0013\u0001\u0000\u0000\u00ba\u00e8\u0084\u001f\u0000\u00ff\u00e2",
"process_handle": "0x00000820",
"base_address": "0x77bb132c"
},
"time": 1573858413.8755,
"tid": 1576,
"flags": {}
},
"pid": 2804,
"type": "call",
"cid": 20247
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "WriteProcessMemory",
"return_value": 1,
"arguments": {
"process_identifier": 2384,
"buffer": "\u00b8$\u0000\u0000\u00003\u00c9\u008dT$\u0004d\u00ff\u0015\u00c0\u0000\u0000\u0000\u0083\u00c4\u0004\u00c2\u0014\u0000\u0083\u00ec\bR\u008bT$\f\u0089T$\b\u00c7D$\f\u0010\u0085\u001f\u0000\u00c7D$\u0004\u0010\u001a\"\u0001Z\u00c3",
"process_handle": "0x00000820",
"base_address": "0x001f8510"
},
"time": 1573858413.8755,
"tid": 1576,
"flags": {}
},
"pid": 2804,
"type": "call",
"cid": 20250
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "WriteProcessMemory",
"return_value": 1,
"arguments": {
"process_identifier": 2384,
"buffer": "\u00b8$\u0000\u0000\u0000\u00ba(\u0085\u001f\u0000\u00ff\u00e2",
"process_handle": "0x00000820",
"base_address": "0x77bafc28"
},
"time": 1573858413.8755,
"tid": 1576,
"flags": {}
},
"pid": 2804,
"type": "call",
"cid": 20252
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "WriteProcessMemory",
"return_value": 1,
"arguments": {
"process_identifier": 2384,
"buffer": "\u00b8\u00fe\u0000\u0000\u00003\u00c9\u008dT$\u0004d\u00ff\u0015\u00c0\u0000\u0000\u0000\u0083\u00c4\u0004\u00c2\u0010\u0000\u0083\u00ec\bR\u008bT$\f\u0089T$\b\u00c7D$\fP\u0085\u001f\u0000\u00c7D$\u0004p\u00c8\"\u0001Z\u00c3",
"process_handle": "0x00000820",
"base_address": "0x001f8550"
},
"time": 1573858413.8755,
"tid": 1576,
"flags": {}
},
"pid": 2804,
"type": "call",
"cid": 20255
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "WriteProcessMemory",
"return_value": 1,
"arguments": {
"process_identifier": 2384,
"buffer": "\u00b8\u00fe\u0000\u0000\u0000\u00bah\u0085\u001f\u0000\u00ff\u00e2",
"process_handle": "0x00000820",
"base_address": "0x77bb1128"
},
"time": 1573858413.8755,
"tid": 1576,
"flags": {}
},
"pid": 2804,
"type": "call",
"cid": 20257
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "WriteProcessMemory",
"return_value": 1,
"arguments": {
"process_identifier": 2384,
"buffer": "\u00b8#\u0000\u0000\u00003\u00c9\u008dT$\u0004d\u00ff\u0015\u00c0\u0000\u0000\u0000\u0083\u00c4\u0004\u00c2\u0010\u0000\u0083\u00ec\bR\u008bT$\f\u0089T$\b\u00c7D$\f\u0090\u0085\u001f\u0000\u00c7D$\u0004 \u00c5\"\u0001Z\u00c3",
"process_handle": "0x00000820",
"base_address": "0x001f8590"
},
"time": 1573858413.8755,
"tid": 1576,
"flags": {}
},
"pid": 2804,
"type": "call",
"cid": 20260
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "WriteProcessMemory",
"return_value": 1,
"arguments": {
"process_identifier": 2384,
"buffer": "\u00b8#\u0000\u0000\u0000\u00ba\u00a8\u0085\u001f\u0000\u00ff\u00e2",
"process_handle": "0x00000820",
"base_address": "0x77bafc10"
},
"time": 1573858413.8755,
"tid": 1576,
"flags": {}
},
"pid": 2804,
"type": "call",
"cid": 20262
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "WriteProcessMemory",
"return_value": 1,
"arguments": {
"process_identifier": 2384,
"buffer": "\u00b8\u00f9\u0000\u0000\u00003\u00c9\u008dT$\u0004d\u00ff\u0015\u00c0\u0000\u0000\u0000\u0083\u00c4\u0004\u00c2\f\u0000\u0083\u00ec\bR\u008bT$\f\u0089T$\b\u00c7D$\f\u00d0\u0085\u001f\u0000\u00c7D$\u0004`\u00c6\"\u0001Z\u00c3",
"process_handle": "0x00000820",
"base_address": "0x001f85d0"
},
"time": 1573858413.8755,
"tid": 1576,
"flags": {}
},
"pid": 2804,
"type": "call",
"cid": 20265
}
],
"references": [],
"name": "injection_write_memory"
},
{
"markcount": 1,
"families": [],
"description": "Attempts to create or modify system certificates",
"severity": 3,
"marks": [
{
"category": "registry",
"ioc": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\8F43288AD272F3103B6FB1428485EA3014C0BCFE\\Blob",
"type": "ioc",
"description": null
}
],
"references": [],
"name": "modifies_certificates"
},
{
"markcount": 2,
"families": [],
"description": "One or more martian processes was created",
"severity": 3,
"marks": [
{
"parent_process": "firefox.exe",
"type": "generic",
"martian_process": "\"C:\\Program Files (x86)\\Mozilla Firefox\\firefox.exe\" -contentproc --channel=\"2804.0.1621948294\\611156464\" -childID 1 -isForBrowser -boolPrefs 299:0| -stringPrefs 285:38;{30125161-3c7f-4c5a-bdb3-beadc01f5994}| -schedulerPrefs 0001,2 -greomni \"C:\\Program Files (x86)\\Mozilla Firefox\\omni.ja\" -appomni \"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\omni.ja\" -appdir \"C:\\Program Files (x86)\\Mozilla Firefox\\browser\" 2804 \"\\\\.\\pipe\\gecko-crash-server-pipe.2804\" 1468 tab"
},
{
"parent_process": "firefox.exe",
"type": "generic",
"martian_process": "\"C:\\Program Files (x86)\\Mozilla Firefox\\firefox.exe\" -contentproc --channel=\"2804.6.1527108264\\1632374435\" -childID 2 -isForBrowser -boolPrefs 299:0| -stringPrefs 285:38;{30125161-3c7f-4c5a-bdb3-beadc01f5994}| -schedulerPrefs 0001,2 -greomni \"C:\\Program Files (x86)\\Mozilla Firefox\\omni.ja\" -appomni \"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\omni.ja\" -appdir \"C:\\Program Files (x86)\\Mozilla Firefox\\browser\" 2804 \"\\\\.\\pipe\\gecko-crash-server-pipe.2804\" 2664 tab"
}
],
"references": [],
"name": "process_martian"
},
{
"markcount": 1,
"families": [],
"description": "Appends a known multi-family ransomware file extension to files that have been encrypted",
"severity": 3,
"marks": [
{
"category": "file",
"ioc": "C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\parent.lock",
"type": "ioc",
"description": null
}
],
"references": [],
"name": "ransomware_extensions"
},
{
"markcount": 4,
"families": [],
"description": "Resumed a suspended thread in a remote process potentially indicative of process injection",
"severity": 3,
"marks": [
{
"category": "Process injection",
"ioc": "Process 2804 resumed a thread in remote process 3004",
"type": "ioc",
"description": null
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtResumeThread",
"return_value": 0,
"arguments": {
"thread_handle": "0x000005e8",
"suspend_count": 1,
"process_identifier": 3004
},
"time": 1573858412.1875,
"tid": 1576,
"flags": {}
},
"pid": 2804,
"type": "call",
"cid": 9378
},
{
"category": "Process injection",
"ioc": "Process 2804 resumed a thread in remote process 2384",
"type": "ioc",
"description": null
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtResumeThread",
"return_value": 0,
"arguments": {
"thread_handle": "0x00000a78",
"suspend_count": 1,
"process_identifier": 2384
},
"time": 1573858415.1565,
"tid": 1576,
"flags": {}
},
"pid": 2804,
"type": "call",
"cid": 20851
}
],
"references": [
"www.endgame.com\/blog\/technical-blog\/ten-process-injection-techniques-technical-survey-common-and-trending-process"
],
"name": "injection_resumethread"
},
{
"markcount": 179,
"families": [],
"description": "Executed a process and injected code into it, probably while unpacking",
"severity": 5,
"marks": [
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtResumeThread",
"return_value": 0,
"arguments": {
"thread_handle": "0x00000000000000b0",
"suspend_count": 1,
"process_identifier": 2736
},
"time": 1573858386.0625,
"tid": 2504,
"flags": {}
},
"pid": 2736,
"type": "call",
"cid": 376
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtResumeThread",
"return_value": 0,
"arguments": {
"thread_handle": "0x0000000000000138",
"suspend_count": 1,
"process_identifier": 2736
},
"time": 1573858386.3285,
"tid": 2504,
"flags": {}
},
"pid": 2736,
"type": "call",
"cid": 493
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtResumeThread",
"return_value": 0,
"arguments": {
"thread_handle": "0x0000000000000184",
"suspend_count": 1,
"process_identifier": 2736
},
"time": 1573858386.5475,
"tid": 2504,
"flags": {}
},
"pid": 2736,
"type": "call",
"cid": 838
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtResumeThread",
"return_value": 0,
"arguments": {
"thread_handle": "0x0000000000000364",
"suspend_count": 1,
"process_identifier": 2736
},
"time": 1573858388.0315,
"tid": 2504,
"flags": {}
},
"pid": 2736,
"type": "call",
"cid": 3350
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtResumeThread",
"return_value": 0,
"arguments": {
"thread_handle": "0x00000000000003a0",
"suspend_count": 1,
"process_identifier": 2736
},
"time": 1573858393.5005,
"tid": 2504,
"flags": {}
},
"pid": 2736,
"type": "call",
"cid": 3846
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtResumeThread",
"return_value": 0,
"arguments": {
"thread_handle": "0x0000000000000370",
"suspend_count": 1,
"process_identifier": 2736
},
"time": 1573858399.0315,
"tid": 2504,
"flags": {}
},
"pid": 2736,
"type": "call",
"cid": 4336
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtResumeThread",
"return_value": 0,
"arguments": {
"thread_handle": "0x000000000000041c",
"suspend_count": 1,
"process_identifier": 2736
},
"time": 1573858403.4695,
"tid": 2504,
"flags": {}
},
"pid": 2736,
"type": "call",
"cid": 4523
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "CreateProcessInternalW",
"return_value": 1,
"arguments": {
"thread_identifier": 1224,
"thread_handle": "0x0000000000000520",
"process_identifier": 2804,
"current_directory": "C:\\Users\\cuck\\AppData\\Local\\Temp",
"filepath": "C:\\Program Files (x86)\\Mozilla Firefox\\firefox.exe",
"track": 1,
"command_line": "\"C:\\Program Files (x86)\\Mozilla Firefox\\firefox.exe\" -osint -url \"http:\/\/redirect.hp.com\/svs\/rdr?c=none&bd=all&tp=onlinesvs&locale=all&pf=all&s=skype&TYPE=4\"",
"filepath_r": "C:\\Program Files (x86)\\Mozilla Firefox\\firefox.exe",
"stack_pivoted": 0,
"creation_flags": 67634192,
"process_handle": "0x0000000000000518",
"inherit_handles": 0
},
"time": 1573858409.0625,
"tid": 2256,
"flags": {
"creation_flags": "CREATE_DEFAULT_ERROR_MODE|CREATE_NEW_CONSOLE|CREATE_UNICODE_ENVIRONMENT|EXTENDED_STARTUPINFO_PRESENT"
}
},
"pid": 2736,
"type": "call",
"cid": 7169
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtResumeThread",
"return_value": 0,
"arguments": {
"thread_handle": "0x00000200",
"suspend_count": 1,
"process_identifier": 2804
},
"time": 1573858409.8915,
"tid": 1224,
"flags": {}
},
"pid": 2804,
"type": "call",
"cid": 2369
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtResumeThread",
"return_value": 0,
"arguments": {
"thread_handle": "0x00000210",
"suspend_count": 1,
"process_identifier": 2804
},
"time": 1573858409.8915,
"tid": 1224,
"flags": {}
},
"pid": 2804,
"type": "call",
"cid": 2376
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtResumeThread",
"return_value": 0,
"arguments": {
"thread_handle": "0x00000220",
"suspend_count": 1,
"process_identifier": 2804
},
"time": 1573858409.8915,
"tid": 1224,
"flags": {}
},
"pid": 2804,
"type": "call",
"cid": 2381
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtResumeThread",
"return_value": 0,
"arguments": {
"thread_handle": "0x000002b4",
"suspend_count": 1,
"process_identifier": 2804
},
"time": 1573858409.9065,
"tid": 1224,
"flags": {}
},
"pid": 2804,
"type": "call",
"cid": 2551
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtResumeThread",
"return_value": 0,
"arguments": {
"thread_handle": "0x000002cc",
"suspend_count": 1,
"process_identifier": 2804
},
"time": 1573858409.9535,
"tid": 1224,
"flags": {}
},
"pid": 2804,
"type": "call",
"cid": 2942
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtResumeThread",
"return_value": 0,
"arguments": {
"thread_handle": "0x0000031c",
"suspend_count": 1,
"process_identifier": 2804
},
"time": 1573858410.0165,
"tid": 1224,
"flags": {}
},
"pid": 2804,
"type": "call",
"cid": 3191
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtResumeThread",
"return_value": 0,
"arguments": {
"thread_handle": "0x000002c8",
"suspend_count": 1,
"process_identifier": 2804
},
"time": 1573858410.0165,
"tid": 1224,
"flags": {}
},
"pid": 2804,
"type": "call",
"cid": 3198
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtResumeThread",
"return_value": 0,
"arguments": {
"thread_handle": "0x00000330",
"suspend_count": 1,
"process_identifier": 2804
},
"time": 1573858410.0165,
"tid": 1224,
"flags": {}
},
"pid": 2804,
"type": "call",
"cid": 3217
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtResumeThread",
"return_value": 0,
"arguments": {
"thread_handle": "0x00000334",
"suspend_count": 1,
"process_identifier": 2804
},
"time": 1573858410.0165,
"tid": 1224,
"flags": {}
},
"pid": 2804,
"type": "call",
"cid": 3219
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtResumeThread",
"return_value": 0,
"arguments": {
"thread_handle": "0x00000344",
"suspend_count": 1,
"process_identifier": 2804
},
"time": 1573858410.0315,
"tid": 1224,
"flags": {}
},
"pid": 2804,
"type": "call",
"cid": 3444
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtResumeThread",
"return_value": 0,
"arguments": {
"thread_handle": "0x00000360",
"suspend_count": 1,
"process_identifier": 2804
},
"time": 1573858410.0475,
"tid": 1224,
"flags": {}
},
"pid": 2804,
"type": "call",
"cid": 3533
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtResumeThread",
"return_value": 0,
"arguments": {
"thread_handle": "0x00000364",
"suspend_count": 1,
"process_identifier": 2804
},
"time": 1573858410.0625,
"tid": 1224,
"flags": {}
},
"pid": 2804,
"type": "call",
"cid": 3600
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtResumeThread",
"return_value": 0,
"arguments": {
"thread_handle": "0x000003b8",
"suspend_count": 1,
"process_identifier": 2804
},
"time": 1573858410.3125,
"tid": 1224,
"flags": {}
},
"pid": 2804,
"type": "call",
"cid": 5314
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtResumeThread",
"return_value": 0,
"arguments": {
"thread_handle": "0x0000048c",
"suspend_count": 1,
"process_identifier": 2804
},
"time": 1573858410.3915,
"tid": 1224,
"flags": {}
},
"pid": 2804,
"type": "call",
"cid": 5858
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtResumeThread",
"return_value": 0,
"arguments": {
"thread_handle": "0x000004a0",
"suspend_count": 1,
"process_identifier": 2804
},
"time": 1573858410.4065,
"tid": 1224,
"flags": {}
},
"pid": 2804,
"type": "call",
"cid": 5873
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtResumeThread",
"return_value": 0,
"arguments": {
"thread_handle": "0x000004d0",
"suspend_count": 1,
"process_identifier": 2804
},
"time": 1573858410.4845,
"tid": 1224,
"flags": {}
},
"pid": 2804,
"type": "call",
"cid": 6202
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtResumeThread",
"return_value": 0,
"arguments": {
"thread_handle": "0x00000554",
"suspend_count": 1,
"process_identifier": 2804
},
"time": 1573858410.5475,
"tid": 1224,
"flags": {}
},
"pid": 2804,
"type": "call",
"cid": 6760
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtResumeThread",
"return_value": 0,
"arguments": {
"thread_handle": "0x0000055c",
"suspend_count": 1,
"process_identifier": 2804
},
"time": 1573858410.5625,
"tid": 1224,
"flags": {}
},
"pid": 2804,
"type": "call",
"cid": 6869
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtResumeThread",
"return_value": 0,
"arguments": {
"thread_handle": "0x0000056c",
"suspend_count": 1,
"process_identifier": 2804
},
"time": 1573858410.5625,
"tid": 1224,
"flags": {}
},
"pid": 2804,
"type": "call",
"cid": 6898
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtResumeThread",
"return_value": 0,
"arguments": {
"thread_handle": "0x0000057c",
"suspend_count": 1,
"process_identifier": 2804
},
"time": 1573858410.5625,
"tid": 1224,
"flags": {}
},
"pid": 2804,
"type": "call",
"cid": 6914
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtResumeThread",
"return_value": 0,
"arguments": {
"thread_handle": "0x00000594",
"suspend_count": 1,
"process_identifier": 2804
},
"time": 1573858410.6095,
"tid": 1224,
"flags": {}
},
"pid": 2804,
"type": "call",
"cid": 7258
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtResumeThread",
"return_value": 0,
"arguments": {
"thread_handle": "0x0000033c",
"suspend_count": 1,
"process_identifier": 2804
},
"time": 1573858410.6095,
"tid": 1224,
"flags": {}
},
"pid": 2804,
"type": "call",
"cid": 7350
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtResumeThread",
"return_value": 0,
"arguments": {
"thread_handle": "0x000002c8",
"suspend_count": 1,
"process_identifier": 2804
},
"time": 1573858410.6255,
"tid": 1224,
"flags": {}
},
"pid": 2804,
"type": "call",
"cid": 7404
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtResumeThread",
"return_value": 0,
"arguments": {
"thread_handle": "0x00000348",
"suspend_count": 1,
"process_identifier": 2804
},
"time": 1573858410.6255,
"tid": 1224,
"flags": {}
},
"pid": 2804,
"type": "call",
"cid": 7428
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtResumeThread",
"return_value": 0,
"arguments": {
"thread_handle": "0x00000588",
"suspend_count": 1,
"process_identifier": 2804
},
"time": 1573858410.6415,
"tid": 1224,
"flags": {}
},
"pid": 2804,
"type": "call",
"cid": 7544
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtResumeThread",
"return_value": 0,
"arguments": {
"thread_handle": "0x00000324",
"suspend_count": 1,
"process_identifier": 2804
},
"time": 1573858410.7345,
"tid": 1224,
"flags": {}
},
"pid": 2804,
"type": "call",
"cid": 7931
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "CreateProcessInternalW",
"return_value": 1,
"arguments": {
"thread_identifier": 2988,
"thread_handle": "0x000005dc",
"process_identifier": 3004,
"current_directory": "",
"filepath": "C:\\Program Files (x86)\\Mozilla Firefox\\firefox.exe",
"track": 1,
"command_line": "\"C:\\Program Files (x86)\\Mozilla Firefox\\firefox.exe\" -contentproc --channel=\"2804.0.1621948294\\611156464\" -childID 1 -isForBrowser -boolPrefs 299:0| -stringPrefs 285:38;{30125161-3c7f-4c5a-bdb3-beadc01f5994}| -schedulerPrefs 0001,2 -greomni \"C:\\Program Files (x86)\\Mozilla Firefox\\omni.ja\" -appomni \"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\omni.ja\" -appdir \"C:\\Program Files (x86)\\Mozilla Firefox\\browser\" 2804 \"\\\\.\\pipe\\gecko-crash-server-pipe.2804\" 1468 tab",
"filepath_r": "C:\\Program Files (x86)\\Mozilla Firefox\\firefox.exe",
"stack_pivoted": 0,
"creation_flags": 17302540,
"process_handle": "0x000005d4",
"inherit_handles": 1
},
"time": 1573858410.8915,
"tid": 1576,
"flags": {
"creation_flags": "CREATE_BREAKAWAY_FROM_JOB|CREATE_SUSPENDED|CREATE_UNICODE_ENVIRONMENT|DETACHED_PROCESS|EXTENDED_STARTUPINFO_PRESENT"
}
},
"pid": 2804,
"type": "call",
"cid": 8787
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtAllocateVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 3004,
"region_size": 131072,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"protection": 1,
"process_handle": "0x000005d4",
"allocation_type": 8192,
"base_address": "0x000b0000"
},
"time": 1573858410.8915,
"tid": 1576,
"flags": {
"protection": "PAGE_NOACCESS",
"allocation_type": "MEM_RESERVE"
}
},
"pid": 2804,
"type": "call",
"cid": 8796
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtAllocateVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 3004,
"region_size": 12189696,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"protection": 1,
"process_handle": "0x000005d4",
"allocation_type": 8192,
"base_address": "0x00210000"
},
"time": 1573858410.8915,
"tid": 1576,
"flags": {
"protection": "PAGE_NOACCESS",
"allocation_type": "MEM_RESERVE"
}
},
"pid": 2804,
"type": "call",
"cid": 8797
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtAllocateVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 3004,
"region_size": 65536,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"protection": 1,
"process_handle": "0x000005d4",
"allocation_type": 8192,
"base_address": "0x00db0000"
},
"time": 1573858410.8915,
"tid": 1576,
"flags": {
"protection": "PAGE_NOACCESS",
"allocation_type": "MEM_RESERVE"
}
},
"pid": 2804,
"type": "call",
"cid": 8798
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtAllocateVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 3004,
"region_size": 4096,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"protection": 64,
"process_handle": "0x000005d4",
"allocation_type": 4096,
"base_address": "0x00dbf000"
},
"time": 1573858410.8915,
"tid": 1576,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE",
"allocation_type": "MEM_COMMIT"
}
},
"pid": 2804,
"type": "call",
"cid": 8799
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "WriteProcessMemory",
"return_value": 1,
"arguments": {
"process_identifier": 3004,
"buffer": "\u00b8R\u0000\u0000\u00003\u00c9\u008dT$\u0004d\u00ff\u0015\u00c0\u0000\u0000\u0000\u0083\u00c4\u0004\u00c2,\u0000\u0083\u00ec\bR\u008bT$\f\u0089T$\b\u00c7D$\f\u0010\u00f8\u00db\u0000\u00c7D$\u0004\u00f0\u0013\"\u0001Z\u00c3",
"process_handle": "0x000005d4",
"base_address": "0x00dbf810"
},
"time": 1573858410.8915,
"tid": 1576,
"flags": {}
},
"pid": 2804,
"type": "call",
"cid": 8803
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "WriteProcessMemory",
"return_value": 1,
"arguments": {
"process_identifier": 3004,
"buffer": "\u00b8R\u0000\u0000\u0000\u00ba(\u00f8\u00db\u0000\u00ff\u00e2",
"process_handle": "0x000005d4",
"base_address": "0x77bb00a4"
},
"time": 1573858410.8915,
"tid": 1576,
"flags": {}
},
"pid": 2804,
"type": "call",
"cid": 8805
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "WriteProcessMemory",
"return_value": 1,
"arguments": {
"process_identifier": 3004,
"buffer": "\u00b80\u0000\u0000\u00003\u00c9\u008dT$\u0004d\u00ff\u0015\u00c0\u0000\u0000\u0000\u0083\u00c4\u0004\u00c2\u0018\u0000\u0083\u00ec\bR\u008bT$\f\u0089T$\b\u00c7D$\fP\u00f8\u00db\u0000\u00c7D$\u0004\u00c0\u0015\"\u0001Z\u00c3",
"process_handle": "0x000005d4",
"base_address": "0x00dbf850"
},
"time": 1573858410.8915,
"tid": 1576,
"flags": {}
},
"pid": 2804,
"type": "call",
"cid": 8808
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "WriteProcessMemory",
"return_value": 1,
"arguments": {
"process_identifier": 3004,
"buffer": "\u00b80\u0000\u0000\u0000\u00bah\u00f8\u00db\u0000\u00ff\u00e2",
"process_handle": "0x000005d4",
"base_address": "0x77bafd54"
},
"time": 1573858410.8915,
"tid": 1576,
"flags": {}
},
"pid": 2804,
"type": "call",
"cid": 8810
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "WriteProcessMemory",
"return_value": 1,
"arguments": {
"process_identifier": 3004,
"buffer": "\u00b8:\u0000\u0000\u00003\u00c9\u008dT$\u0004d\u00ff\u0015\u00c0\u0000\u0000\u0000\u0083\u00c4\u0004\u00c2\b\u0000\u0083\u00ec\bR\u008bT$\f\u0089T$\b\u00c7D$\f\u0090\u00f8\u00db\u0000\u00c7D$\u0004p\u0017\"\u0001Z\u00c3",
"process_handle": "0x000005d4",
"base_address": "0x00dbf890"
},
"time": 1573858410.8915,
"tid": 1576,
"flags": {}
},
"pid": 2804,
"type": "call",
"cid": 8813
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "WriteProcessMemory",
"return_value": 1,
"arguments": {
"process_identifier": 3004,
"buffer": "\u00b8:\u0000\u0000\u0000\u00ba\u00a8\u00f8\u00db\u0000\u00ff\u00e2",
"process_handle": "0x000005d4",
"base_address": "0x77bafe4c"
},
"time": 1573858410.8915,
"tid": 1576,
"flags": {}
},
"pid": 2804,
"type": "call",
"cid": 8815
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "WriteProcessMemory",
"return_value": 1,
"arguments": {
"process_identifier": 3004,
"buffer": "\u00b8\u0013\u0001\u0000\u00003\u00c9\u008dT$\u0004d\u00ff\u0015\u00c0\u0000\u0000\u0000\u0083\u00c4\u0004\u00c2\b\u0000\u0083\u00ec\bR\u008bT$\f\u0089T$\b\u00c7D$\f\u00d0\u00f8\u00db\u0000\u00c7D$\u0004\u00c0\u0018\"\u0001Z\u00c3",
"process_handle": "0x000005d4",
"base_address": "0x00dbf8d0"
},
"time": 1573858410.8915,
"tid": 1576,
"flags": {}
},
"pid": 2804,
"type": "call",
"cid": 8818
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "WriteProcessMemory",
"return_value": 1,
"arguments": {
"process_identifier": 3004,
"buffer": "\u00b8\u0013\u0001\u0000\u0000\u00ba\u00e8\u00f8\u00db\u0000\u00ff\u00e2",
"process_handle": "0x000005d4",
"base_address": "0x77bb132c"
},
"time": 1573858410.8915,
"tid": 1576,
"flags": {}
},
"pid": 2804,
"type": "call",
"cid": 8820
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "WriteProcessMemory",
"return_value": 1,
"arguments": {
"process_identifier": 3004,
"buffer": "\u00b8$\u0000\u0000\u00003\u00c9\u008dT$\u0004d\u00ff\u0015\u00c0\u0000\u0000\u0000\u0083\u00c4\u0004\u00c2\u0014\u0000\u0083\u00ec\bR\u008bT$\f\u0089T$\b\u00c7D$\f\u0010\u00f9\u00db\u0000\u00c7D$\u0004\u0010\u001a\"\u0001Z\u00c3",
"process_handle": "0x000005d4",
"base_address": "0x00dbf910"
},
"time": 1573858410.8915,
"tid": 1576,
"flags": {}
},
"pid": 2804,
"type": "call",
"cid": 8823
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "WriteProcessMemory",
"return_value": 1,
"arguments": {
"process_identifier": 3004,
"buffer": "\u00b8$\u0000\u0000\u0000\u00ba(\u00f9\u00db\u0000\u00ff\u00e2",
"process_handle": "0x000005d4",
"base_address": "0x77bafc28"
},
"time": 1573858410.8915,
"tid": 1576,
"flags": {}
},
"pid": 2804,
"type": "call",
"cid": 8825
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "WriteProcessMemory",
"return_value": 1,
"arguments": {
"process_identifier": 3004,
"buffer": "\u00b8\u00fe\u0000\u0000\u00003\u00c9\u008dT$\u0004d\u00ff\u0015\u00c0\u0000\u0000\u0000\u0083\u00c4\u0004\u00c2\u0010\u0000\u0083\u00ec\bR\u008bT$\f\u0089T$\b\u00c7D$\fP\u00f9\u00db\u0000\u00c7D$\u0004p\u00c8\"\u0001Z\u00c3",
"process_handle": "0x000005d4",
"base_address": "0x00dbf950"
},
"time": 1573858410.8915,
"tid": 1576,
"flags": {}
},
"pid": 2804,
"type": "call",
"cid": 8828
}
],
"references": [],
"name": "injection_runpe"
}
]Yara
The Yara rules did not detect anything in the file.
Network
{
"tls": [],
"udp": [
{
"src": "192.168.56.101",
"dst": "192.168.56.255",
"offset": 662,
"time": 6.2278139591217,
"dport": 137,
"sport": 137
},
{
"src": "192.168.56.101",
"dst": "192.168.56.255",
"offset": 11822,
"time": 12.266709804535,
"dport": 138,
"sport": 138
},
{
"src": "192.168.56.101",
"dst": "224.0.0.252",
"offset": 13666,
"time": 10.185889959335,
"dport": 5355,
"sport": 49840
},
{
"src": "192.168.56.101",
"dst": "224.0.0.252",
"offset": 13986,
"time": 6.1736769676208,
"dport": 5355,
"sport": 51001
},
{
"src": "192.168.56.101",
"dst": "224.0.0.252",
"offset": 14314,
"time": 15.541109800339,
"dport": 5355,
"sport": 52259
},
{
"src": "192.168.56.101",
"dst": "224.0.0.252",
"offset": 14634,
"time": 4.1554319858551,
"dport": 5355,
"sport": 53595
},
{
"src": "192.168.56.101",
"dst": "224.0.0.252",
"offset": 14962,
"time": 6.1897058486938,
"dport": 5355,
"sport": 53848
},
{
"src": "192.168.56.101",
"dst": "224.0.0.252",
"offset": 15290,
"time": 4.6600358486176,
"dport": 5355,
"sport": 54255
},
{
"src": "192.168.56.101",
"dst": "224.0.0.252",
"offset": 15618,
"time": 21.036574840546,
"dport": 5355,
"sport": 54335
},
{
"src": "192.168.56.101",
"dst": "224.0.0.252",
"offset": 15938,
"time": 3.0550367832184,
"dport": 5355,
"sport": 55314
},
{
"src": "192.168.56.101",
"dst": "224.0.0.252",
"offset": 16266,
"time": 7.5186820030212,
"dport": 5355,
"sport": 55880
},
{
"src": "192.168.56.101",
"dst": "224.0.0.252",
"offset": 16586,
"time": 25.680298805237,
"dport": 5355,
"sport": 58989
},
{
"src": "192.168.56.101",
"dst": "224.0.0.252",
"offset": 16906,
"time": 22.855540990829,
"dport": 5355,
"sport": 59548
},
{
"src": "192.168.56.101",
"dst": "224.0.0.252",
"offset": 17226,
"time": 18.405945777893,
"dport": 5355,
"sport": 63506
},
{
"src": "192.168.56.101",
"dst": "224.0.0.252",
"offset": 17546,
"time": 12.881800889969,
"dport": 5355,
"sport": 64017
},
{
"src": "192.168.56.101",
"dst": "239.255.255.250",
"offset": 17866,
"time": 4.6859018802643,
"dport": 1900,
"sport": 1900
},
{
"src": "192.168.56.101",
"dst": "239.255.255.250",
"offset": 37276,
"time": 4.1738557815552,
"dport": 3702,
"sport": 49152
},
{
"src": "192.168.56.101",
"dst": "239.255.255.250",
"offset": 45660,
"time": 6.3095529079437,
"dport": 1900,
"sport": 53598
}
],
"dns_servers": [],
"http": [],
"icmp": [],
"smtp": [],
"tcp": [],
"smtp_ex": [],
"mitm": [],
"hosts": [],
"pcap_sha256": "7cde06a2869b2112b4b179f3b94615953dd488ac41cf4597a1c25bd3899379d8",
"dns": [],
"http_ex": [],
"domains": [],
"dead_hosts": [],
"sorted_pcap_sha256": "3def508fabeed8d802e873aa566927b4051c677eb42b140fd7686095b972f6c5",
"irc": [],
"https_ex": []
}Screenshots
Hashes [?]
| Property | Value |
|---|---|
| MD5 | e3c8d1fca7c57e69bdcc64b48cb48870 |
| SHA256 | 3b9e7e16e65a87d943fec0ec7dff8fda4b1d3340829c39e073f6df55405177f9 |
Error Messages
These are some of the error messages that can appear related to skypelauncher.exe:
skypelauncher.exe has encountered a problem and needs to close. We are sorry for the inconvenience.
skypelauncher.exe - Application Error. The instruction at "0xXXXXXXXX" referenced memory at "0xXXXXXXXX". The memory could not be "read/written". Click on OK to terminate the program.
launcher has stopped working.
End Program - skypelauncher.exe. This program is not responding.
skypelauncher.exe is not a valid Win32 application.
skypelauncher.exe - Application Error. The application failed to initialize properly (0xXXXXXXXX). Click OK to terminate the application.
What will you do with the file?
To help other users, please let us know what you will do with the file:
Malware or legitimate?
If you feel that you need more information to determine if your should keep this file or remove it, please read this guide.
And now some shameless self promotion ;)
Hi, my name is Roger Karlsson. I've been running this website since 2006. I want to let you know about the FreeFixer program. FreeFixer is a freeware tool that analyzes your system and let you manually identify unwanted programs. Once you've identified some malware files, FreeFixer is pretty good at removing them. You can download FreeFixer here. It runs on Windows 2000/XP/2003/2008/2016/2019/Vista/7/8/8.1/10. Supports both 32- and 64-bit Windows.
If you have questions, feedback on FreeFixer or the freefixer.com website, need help analyzing FreeFixer's scan result or just want to say hello, please contact me. You can find my email address at the contact page.
Comments
Please share with the other users what you think about this file. What does this file do? Is it legitimate or something that your computer is better without? Do you know how it was installed on your system? Did you install it yourself or did it come bundled with some other software? Is it running smoothly or do you get some error message? Any information that will help to document this file is welcome. Thank you for your contributions.
I'm reading all new comments so don't hesitate to post a question about the file. If I don't have the answer perhaps another user can help you.
No comments posted yet.