What is f_00479c?
f_00479c is part of Kaspersky Security Cloud and developed by Kaspersky according to the f_00479c version information.
f_00479c's description is "Kaspersky Security Cloud [21.2.16.590.0.320.0]"
f_00479c is digitally signed by Kaspersky Lab JSC.
f_00479c is usually located in the 'c:\users\%USERNAME%\appdata\local\microsoft\edge\user data\default\cache\' folder.
None of the anti-virus scanners at VirusTotal reports anything malicious about f_00479c.
If you have additional information about the file, please share it with the FreeFixer users by posting a comment at the bottom of this page.
Vendor and version information [?]
The following is the available information on f_00479c:
| Property | Value |
|---|---|
| Product name | Kaspersky Security Cloud |
| Company name | Kaspersky |
| File description | Kaspersky Security Cloud [21.2.16.590.0.320.0] |
| Internal name | Setup |
| Original filename | Setup.exe |
| Legal copyright | © 2020 AO Kaspersky Lab |
| Legal trademark | Registered trademarks and service marks are the property of their respective owners |
| Product version | 21.2.16.590 |
| File version | 21.2.16.590 |
Here's a screenshot of the file properties when displayed by Windows Explorer:
| Product name | Kaspersky Security Cloud |
| Company name | Kaspersky |
| File description | Kaspersky Security Cloud [21.2.16.59.. |
| Internal name | Setup |
| Original filename | Setup.exe |
| Legal copyright | © 2020 AO Kaspersky Lab |
| Legal trademark | Registered trademarks and service ma.. |
| Product version | 21.2.16.590 |
| File version | 21.2.16.590 |
Digital signatures [?]
f_00479c has a valid digital signature.
| Property | Value |
|---|---|
| Signer name | Kaspersky Lab JSC |
| Certificate issuer name | DigiCert High Assurance Code Signing CA-1 |
| Certificate serial number | 013c6684e0f39030c05fa36b42af33ca |
VirusTotal report
None of the 72 anti-virus programs at VirusTotal detected the f_00479c file.
Sandbox Report
The following information was gathered by executing the file inside Cuckoo Sandbox.
Summary
Successfully executed process in sandbox.
Summary
{
"file_created": [
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-loading.gif",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-loading-g.gif",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\google-chrome-banner.png",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-error.png",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-about-rtl.png",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\jquery.custom_select.min.js",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-style.css",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-select-bg.png",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\default-slide-style.css",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\share-vkontakte.png",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\select_lang_page.html",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\rtl.css",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-refresh.png",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\yandex-motivation.png",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\share-facebook.png",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\btn.png",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-script-lte-ie8.js",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\remove.png",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-print.css",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-checkbox-unchecked-disabled.gif",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\share-twitter.png",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-loading-h.gif",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-script.js",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\chrome-logo.png",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-information.png",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-win8.png",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\btn_bg.png",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-loading-f.gif",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\product.png",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-progress-bar.png",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-loading-b.gif",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\google-toolbar-banner.png",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\install_programm.png",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-checkbox-checked.gif",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-incompatible-soft-ico.png",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-refresh-disabled.png",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-select-selected.png",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-win8-bg.png",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-select-down.png",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-select-up.png",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\print.png",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-about-disabled.png",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\autorun-bullet.png",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\C7D5F23490C2BE118892800072949DB9\\setup.dll",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-logo.png",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-checkbox-checked-disabled.gif",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-arrows.png",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\kl-setup-2020-11-21-07-53-07_SAAS.21.2.16.590.log",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-checkbox-unchecked.gif",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-radio-checked.gif",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-about.png",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\jquery-1.12.4.min.js",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\tfu.png",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\MSHist012020112120201122\\index.dat",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-radio-unchecked.gif",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-icon-ok.png"
],
"regkey_written": [
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache\\MSHist012020112120201122\\CachePrefix",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\DirectDraw\\MostRecentApplication\\ID",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Cached\\{E7E4BC40-E76A-11CE-A9BB-00AA004AE837} {000214E6-0000-0000-C000-000000000046} 0xFFFF",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Shell\\Bags\\1\\Desktop\\GroupByKey:FMTID",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Shell\\BagMRU\\NodeSlots",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Shell\\Bags\\1\\Desktop\\IconSize",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\UNCAsIntranet",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Shell\\Bags\\1\\Desktop\\FFlags",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache\\MSHist012020112120201122\\CacheOptions",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Shell\\BagMRU\\MRUListEx",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Shell\\Bags\\1\\Desktop\\Sort",
"HKEY_CURRENT_USER\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\TrayNotify\\IconStreams",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\DirectDraw\\MostRecentApplication\\Name",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Shell\\Bags\\1\\Desktop\\ColInfo",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache\\MSHist012020112120201122\\CachePath",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache\\MSHist012020112120201122\\CacheLimit",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Shell\\Bags\\1\\Desktop\\GroupByDirection",
"HKEY_CURRENT_USER\\Software\\KasperskyLab\\IEOverride\\Main\\UseSWRender",
"HKEY_CURRENT_USER\\Local Settings\\MuiCache\\2\\52C64B7E\\LanguageList",
"HKEY_CURRENT_USER\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\TrayNotify\\LastAdvertisement",
"HKEY_CURRENT_USER\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\TrayNotify\\PastIconsStream",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Shell\\Bags\\1\\Desktop\\GroupView",
"HKEY_CURRENT_USER\\Software\\KasperskyLab\\IEOverride\\Main\\Enable Browser Extensions",
"HKEY_CURRENT_USER\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\TrayNotify\\UserStartTime",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache\\MSHist012020112120201122\\CacheRepair",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StuckRects2\\Settings",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Shell\\Bags\\1\\Desktop\\GroupByKey:PID",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Shell\\Bags\\1\\Desktop\\LogicalViewMode",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Shell\\Bags\\1\\Desktop\\Mode",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\AutoDetect",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Streams\\Desktop\\TaskbarWinXP"
],
"dll_loaded": [
"IEFRAME.dll",
"MMDevAPI.DLL",
"urlmon.dll",
"kernel32",
"mshtml.dll",
"wdmaud.drv",
"apphelp.dll",
"CFGMGR32.dll",
"Advapi32.dll",
"kernel32.dll",
"MMDEVAPI.DLL",
"oleaut32.dll",
"C:\\Windows\\system32\\ole32.dll",
"AUDIOSES.DLL",
"dwmapi.dll",
"C:\\Windows\\system32\\msimg32.dll",
"ImgUtil.dll",
"C:\\Windows\\system32\\WINMM.dll",
"C:\\Windows\\system32\\Msimtf.dll",
"API-MS-WIN-Service-Management-L1-1-0.dll",
"C:\\Windows\\syswow64\\MSCTF.dll",
"WININET.dll",
"SXS.DLL",
"API-MS-Win-Core-LocalRegistry-L1-1-0.dll",
"OLEACC.DLL",
"MLANG.dll",
"OLEAUT32.DLL",
"ole32.dll",
"SHLWAPI.dll",
"Shcore.dll",
"C:\\Windows\\system32\\DbgHelp.dll",
"COMCTL32.dll",
"Comctl32.dll",
"C:\\Windows\\system32\\IMM32.DLL",
"API-MS-WIN-Service-winsvc-L1-1-0.dll",
"midimap.dll",
"msacm32.drv",
"OLEAUT32.dll",
"C:\\Windows\\system32\\kernel32.dll",
"C:\\Windows\\system32\\Oleacc.dll",
"SHELL32.dll",
"RPCRT4.dll",
"User32.dll",
"comctl32.dll",
"CRYPTSP.dll",
"WINMM.dll",
"RpcRtRemote.dll",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\C7D5F23490C2BE118892800072949DB9\\setup.dll",
"GDI32.dll",
"msi.dll",
"UxTheme.dll",
"C:\\Windows\\SysWOW64\\oleaut32.dll",
"ADVAPI32.dll",
"rpcrt4.dll",
"C:\\Windows\\system32\\jscript9.dll",
"SETUPAPI.dll",
"WINTRUST.dll",
"user32.dll",
"ddraw.dll"
],
"file_failed": [
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\select_lang_page.html",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-script-lte-ie8.js",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\jquery.custom_select.min.js",
"C:\\cuckoo_1788.ini",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-script.js",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\jquery-1.12.4.min.js",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\MSHist012019040920190410\\",
"C:\\Windows\\SysWOW64\\jscript9.dll",
"C:\\Windows\\System32\\msxml3.dll\\1"
],
"regkey_opened": [
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\image\/pjpeg\\Bits",
"HKEY_CLASSES_ROOT\\PROTOCOLS\\Name-Space Handler\\about\\",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\image\/tiff\\Bits",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\285499F23409ED14FB4A01230F5DFA91",
"HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Internet Explorer\\Main",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Comdlg32",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\0F4DC93AAA8AD1D448BC4E6A207F4FE0",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Security\\Adv AddrBar Spoof Detection",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\ActiveX Compatibility\\{ADC6CB82-424C-11D2-952A-00C04FA34F05}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\0EF52818FCE3E7B488427C1F8266654E",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\11E2BA15171FE704B98E7505E58D7749",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\1E82F31DC0D05AA4CB291B7BAA23FC8E",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache\\feedplat",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Suggested Sites",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\F356843B045CC0A4BA0D83C1D85AAAFD",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\A7E9995902A24964C9C5D461E1C86F19",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_IEDDE_REGISTER_URLECHO",
"HKEY_CLASSES_ROOT\\.js",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\4486F7CE8F022FB4EB0154C5226C27A0",
"HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Internet Explorer\\Suggested Sites",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\DxTrans",
"HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0",
"HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1",
"HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2",
"HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3",
"HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\5E429E5BC27530F4786481EC687D9EC9",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\0411990C889EE9B47BB0B5D356564877",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\CB2182A03B6B11341A1F09A021991CE1",
"HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\7BF7ABF4D25C03F4582D4BC3082FB208",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\CF65AB832507EDB4BB357F9D8E0431BD",
"HKEY_CURRENT_USER\\Software\\KasperskyLab\\IEOverride\\International\\Scripts\\3",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\PROTOCOLS\\Handler\\about",
"HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Internet Explorer\\Main",
"HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1",
"HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0",
"HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3",
"HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2",
"HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\9BA984AD4F03E284382FFBB7A68BEE27",
"HKEY_CURRENT_USER\\SOFTWARE\\Classes\\PROTOCOLS\\Filter\\text\/html",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_IPERSISTMONIKER_LOAD_REDIRECTED_URL_KB976425",
"HKEY_CURRENT_USER\\Software\\Policies",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\B4BBDDC88CEE4DD439E8BB261CE222A8",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_CrossDomain_Fix_KB867801",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Installer\\UpgradeCodes\\F57A0D0910D2A3648B904FB0D98E449E",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\Feeds",
"HKEY_LOCAL_MACHINE\\System\\Setup",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\30FAECE2400494D4FB69207288EB5B73",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_DISABLE_NAVIGATION_SOUNDS",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Url History",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\D1FB8179F9A660439A2936F0E72F1F46",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\A558E619ABC4CE5479C1DA5070EFBF81",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\PageSetup",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_IGNORE_POLICIES_ZONEMAP_IF_ESC_ENABLED_KB918915",
"HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings",
"HKEY_CURRENT_USER\\Software\\KasperskyLabSetup\\Setup21.2.16.590.0.320.0",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\669C9DC1419C0F240B35B36B99AAB50C",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\E40FDF839772BEB41AC977860DBB4853",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_DISABLE_BEHAVIORS_DRAW_REENTRANCY",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache\\MSHist012019040920190410",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache\\ietld",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_ZONES_CHECK_ZONEMAP_POLICY_KB941001",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\423FE7A87AC0BF940B5796B2F11C80B4",
"HKEY_CURRENT_USER\\Software\\KasperskyLab\\IEOverride\\Main",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\863CA21BBA4DFCE489FDF96EAB898616",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\TravelLog",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache",
"HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\",
"HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Internet Explorer\\Activities",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\ActiveX Compatibility",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Ftp",
"HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Internet Explorer\\Suggested Sites",
"HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\",
"HKEY_CURRENT_USER\\AppEvents\\Schemes\\Apps\\Explorer\\Navigating\\.current",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_IEDDE_REGISTER_PROTOCOL",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_PROTOCOL_LOCKDOWN",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\D725CB8E57307E64EB574E04214D8B5F",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Ftp",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\18F5DB38C45303843B06B1B5025E4820",
"HKEY_CURRENT_USER\\Software\\KasperskyLab\\IEOverride\\Settings",
"HKEY_CLASSES_ROOT\\.png",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_PROTOCOL_LOCKDOWN",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\C4040CC509FB0DC4886F590DDF6B6132",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\F21868A51A175874BB819DCA5FAA40A3",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\image\/x-png",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_ZONE_ELEVATION",
"HKEY_LOCAL_MACHINE\\Software\\Classes\\Installer\\UpgradeCodes\\F57A0D0910D2A3648B904FB0D98E449E",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\International",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\F41A458014D57E54E8DBD0B0CBC361A2",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\9E40FDB6330EBA242A4BD5F4FDD0B803",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_RESTRICT_ABOUT_PROTOCOL_IE7",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\Low Rights",
"HKEY_CLASSES_ROOT\\.css",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\965742E8F65116F4BB2CB01341464FA7",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\MediaTypeClass",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\335F6F64CD461D9469519574D34757EB",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\17E23EF6C775D324DB90E0E2B7D1CA72",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\55B1C35005E2E8A459498D3F2B477EE7",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_ACTIVEX_INACTIVATE_MODE_REMOVAL_REVERT",
"HKEY_CURRENT_USER\\Software\\KasperskyLab\\IEOverride",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\image\/jpeg\\Bits",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\A76D7C84BF4322E32AF51E3EB60EC63B",
"HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Policies",
"HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Internet Explorer\\Zoom",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\B1D093E8AD3A3A34B89ACD5DB5F7A05B",
"HKEY_CURRENT_USER\\Software\\Microsoft\\windows\\CurrentVersion\\Internet Settings\\Zones",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\3EBAEE5AA284A1D4A9F1CF84FBA7DC11",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\218841810B0E6254C837A7244B6CD4D0",
"HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Internet Explorer\\Services",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\895805CC90C04694887EF6BD140A622D",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\B06071FE021ECB04E8B3BF1E39AD5BB3",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\ActiveDesktop",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\Recovery",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\8020CF43278B2644190F51544810251E",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\Domains\\",
"HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Internet Explorer",
"HKEY_LOCAL_MACHINE\\Software",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_LOCALMACHINE_LOCKDOWN",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows Search",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Url History",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\D3541DFF9B79C584284E8981624C04CB",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_UNC_SAVEDFILECHECK",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\E85E64F0A7FC58E47A87E5AB98A6F2DD",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\B1D5EA6004F809D48B117CE563261011",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_SAFE_BINDTOOBJECT",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\Managed\\S-1-5-21-699399860-4089948139-3198924279-1001\\Installer\\UpgradeCodes\\5A8E9D0E2E6761E45ABC045341450B4D",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache\\MSHist012020112120201122",
"HKEY_CLASSES_ROOT\\PROTOCOLS\\Name-Space Handler\\",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\5B04950B5EC5C924B8F428B5484A2720",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\75B368B60C908BA4E87C31F66B02F3F0",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_SCRIPTURL_MITIGATION",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_BINARY_CALLER_SERVICE_PROVIDER",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_MIME_SNIFFING",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\D9AB5A7ABF894DC42B2A5AFA657107B4",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\63B1AF366905AF641BA514CCBAE803C4",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\5E3DAE67887931944BCD7171908FA775",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\8D0CBB37A94C46943A90AC5008CF1CC9",
"HKEY_CURRENT_USER\\Software\\KasperskyLab\\IEOverride\\International",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\image\/png\\Bits",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\9F5ED6B416EF0A1448D94799D0FF20BA",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\text\/html",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\7FEB01D34D0F67E4F9CD810B432C1B91",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\4514EC211C8947C4B9BA24F353AFFD50",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_SHOW_FAILED_CONNECT_CONTENT_KB942615",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Policies",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\7814D91294731FF4DBBB840810BEB3BB",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\67C12EF40671B7342A2F990919031A57",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_READ_ZONE_STRINGS_FROM_REGISTRY",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\F428FE2E5AA63BC34AF10B4BCFD0C047",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\B690B72A999998C47B5F93C94A8D43B2",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_ADDITIONAL_IE8_MEMORY_CLEANUP",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\B71ED456496A76F41BFCC780358434D1",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\7C0477DE66D1A6749864FCE02A6DCB6C",
"HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Internet Explorer\\BrowserEmulation",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\Feature_Enable_Compat_Logging",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\315C767EFC72D8445B1D2D16F72653F0",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_RESTRICT_FILEDOWNLOAD",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\Ranges\\",
"HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Internet Explorer\\International\\Scripts",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\89BBBC8A0D32B014696C4BA3C20CDD34",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\9DD74C0626DC33C479C1929714AB5295",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_BROWSER_EMULATION",
"HKEY_CLASSES_ROOT\\PROTOCOLS\\Name-Space Handler\\*\\",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Nls\\CodePage",
"HKEY_CURRENT_USER\\AppEvents\\Schemes\\Apps\\Explorer\\ActivatingDocument\\.current",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Url History",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\53F08364FFD17F14B8FD7CA7F52FAE76",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_SUBDOWNLOAD_LOCKDOWN",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_IGNORE_LEADING_FILE_SEPARATOR_IN_URI_KB933105",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\0C8C847E8E3D6CF4980241250D83AC18",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\8D04063BE69797D4D8505462827A0D19",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\73964AA699D5B5140ADC41ED3F7DB38A",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\95EE473833000D6409127D1B85882AC9",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\9753E3A35E3BDFB468DF95B5D19C8A04",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Accepted Documents",
"HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\Ranges\\",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_SSLUX",
"HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Internet Explorer\\Restrictions",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\TravelLog",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\Managed\\S-1-5-21-699399860-4089948139-3198924279-1001\\Installer\\UpgradeCodes\\05BC42BE22FC33341B7C78B132D96CE4",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\1C1ED53B8F25FD248955C15232E46886",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StuckRects2",
"HKEY_LOCAL_MACHINE\\Software\\Policies",
"HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Internet Explorer\\Control Panel",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\AD21E12039BB3BC47B1938BC4ABDFEE2",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_RESTRICT_FILEDOWNLOAD",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\034A8F8E06031EF46BCB4C10469098E5",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\84BBAC70FB00B6046881B55CB3122F0F",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Feeds",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\ProtocolDefaults\\",
"HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Internet Explorer\\Infodelivery\\Restrictions",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\D5FD8239A83FE564F97379EA15CE8CB6",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Feed Discovery",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_MIME_HANDLING",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache\\DOMStore",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\7BE19005FBFF82D4C9AC1CD315606D5C",
"HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3",
"HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2",
"HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1",
"HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0",
"HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4",
"HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Internet Explorer\\BrowserEmulation",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\A0256FF64030E0746A4AA95D3FFD0BE4",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\FileSystem",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Feed Discovery",
"HKEY_CURRENT_USER\\Software\\KasperskyLab\\IEOverride\\International\\Scripts",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Ratings",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_DOCUMENT_COMPATIBLE_MODE",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\F05C8358C56DAD54BB81D0A11DD52F41",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_WEBOC_DOCUMENT_ZOOM",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\BE0BD5097A638224EB0DAAE870267F03",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Installer\\UpgradeCodes\\05BC42BE22FC33341B7C78B132D96CE4",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\5B5C8B2FB95B57147954C18085D53ACE",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\040E2A370D6DB2F45AE45A0032BC2179",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\AboutURLs",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\3D197E722531D614AB40C182904D9A31",
"HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Internet Explorer",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_UNC_SAVEDFILECHECK",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\FBEAAA6C37E8AF24B87AAEA0047433BD",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\87C48B95924E3294FBC1766C9225DD0C",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_BLOCK_LMZ_SCRIPT",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\33AB3CD4D27277545B5A93CD4ECB96B4",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\EBCC7F29EA459B945AC92361F803C5BA",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\7FE547D6F0D72534A80F89C4AB727618",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\89DF671CDA74E9D4EB10275B10D5CF3F",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\9D22CD4619F5DBC499A083AAD70FE7B3",
"HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\Domains\\",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_BLOCK_LMZ_IMG",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\CE5B971A0DBB8FD4F83AE0DADC348104",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_Isolate_Named_Windows",
"HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\",
"HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Internet Explorer\\Zoom",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_CUSTOM_IMAGE_MIME_TYPES_KB910561",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\Security",
"HKEY_CLASSES_ROOT\\PROTOCOLS\\Name-Space Handler\\res\\",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\DxTrans",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_XSSFILTER",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\DE5E96135060B6632BBF5FF64015CF72",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\Zoom",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\0F957507B71E16D48AB8F8D24E499BFD",
"HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\Installer",
"HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\0A191B45599EEB74CA305184EA3C2A94",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\Security\\Adv AddrBar Spoof Detection",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Recovery",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\99C330202A8B38A4C82D60ECE5D3A9E9",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\04C56B5D827A9194FA2CBFD014EAD0DA",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_DISABLE_NAVIGATION_SOUNDS",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\18D84E9490A485948A17A1F02CDAA62A",
"HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Policies\\ActiveDesktop",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Activities",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\Services",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_FEEDS",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\8D38A6F5FC8262149A9FAAE8C621EE3F",
"HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap",
"HKEY_CLASSES_ROOT\\.gif",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\95E2C34402A93A14FA8CB3420B85375C",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\Suggested Sites",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\C1EF68F348457B246A0AD0C18B3079AF",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_SAFE_BINDTOOBJECT",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\Default Behaviors",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\image\/x-jg\\Bits",
"HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache",
"HKEY_CURRENT_USER\\Software",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\31B36E22B03C9944E9E1AA20F6E02DBE",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\MAIN",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\1A0857155A8EF604FA5D1648CF382DC7",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\COM3",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\D45956AB0EB412C44B019BEAEF450F82",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\PROTOCOLS\\Filter\\text\/html",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\BAC5D52BFA9F4614D8C771B1CAC291E3",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1",
"HKEY_CURRENT_USER\\Software\\KasperskyLab\\IEOverride\\Styles",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\WindowsSearch",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_FEEDS",
"HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Internet Explorer\\Activities",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_MIME_SNIFFING",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Zoom",
"HKEY_CURRENT_USER\\SOFTWARE\\Classes\\PROTOCOLS\\Handler\\about",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\Domains\\",
"HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Internet Explorer\\Services",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_ALLOW_REVERSE_SOLIDUS_IN_USERINFO_KB932562",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_SSLUX",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\CDBF699A8F2EAC2438564C3D50E9E638",
"HKEY_CLASSES_ROOT\\.html",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\103857F24A2EDA54A800A41FA570861F",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_ZONE_ELEVATION",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\C435ED7D4D11C54458BBF52D7FE7E7B9",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\958C4A0DE6C8D5C428C6E9D875BC33B6",
"HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\Security\\Floppy Access",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\AE5A0040C41ACA642AF6DB16F4D2F638",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\2FA90A429E82313489DAA2E2C2F0872C",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_USE_WINDOWEDSELECTCONTROL",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_SHIM_MSHELP_COMBINE",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\image\/x-icon\\Bits",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Security",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\62293D511DB84E5489074C5AFA18E882",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\8ECC347096FA78C4E8291F449F71E16E",
"HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\2268E2F45D65B3B4ABBE6378BD9EBC30",
"HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Internet Explorer\\Infodelivery\\Restrictions",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\8691BCC36FF121849A90B085BFAF5E5E",
"HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\Domains\\",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\D613776D85BA57646A2100F5CC8CE339",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\image\/x-wmf\\Bits",
"HKEY_LOCAL_MACHINE\\Software\\Classes\\Installer\\UpgradeCodes\\05BC42BE22FC33341B7C78B132D96CE4",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\4FE19F224928A59468049F045950CB08",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\84C584688CFC74A4E9D36E5EE2E02FA7",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\4FE462B32EFD81040A184ED17E00452B",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\296744B7EBFEB2741A47781AE6E32269",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\92F9143E715DEF045A539256438E41FB",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\16AC40BE991DF1643B2800729063B2F9",
"HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4",
"HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0",
"HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1",
"HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2",
"HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3",
"HKEY_CURRENT_USER\\Software\\KasperskyLab\\IEOverride\\MenuExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_ZONES_DEFAULT_DRIVE_INTRANET_KB941000",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Services",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\image\/x-png\\Bits",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\4626147D107665540A84D43A5908E74D",
"HKEY_CURRENT_USER\\SOFTWARE\\Classes\\PROTOCOLS\\Handler\\res",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Low Rights",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\26E80FB920712D74591068281FA765BA",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\Managed\\S-1-5-21-699399860-4089948139-3198924279-1001\\Installer\\UpgradeCodes\\F57A0D0910D2A3648B904FB0D98E449E",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_Cross_Domain_Redirect_Mitigation",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\FF9FDEA72CD9DDC47A6DAB85F9F76B81",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\FE056816E41FD2F4CACD03E7A2CA2E6E",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\image\/bmp\\Bits",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\PROTOCOLS\\Handler\\res",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\E116C831A95AB5B4787CE3086FE83631",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\image\/gif\\Bits",
"HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_BEHAVIORS",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\A0DB900AFB7545D4C8A344F58A17F7C9",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\FFFA6DF7EA9EDFC45A1F02FE6DF8F067",
"HKEY_CLASSES_ROOT\\PROTOCOLS\\Name-Space Handler\\file\\",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_MANAGE_SCRIPT_CIRCULAR_REFS",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\3B6475D6660257440A1F014807F98F15",
"HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Installer\\UpgradeCodes\\5A8E9D0E2E6761E45ABC045341450B4D",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_BEHAVIORS",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\6D8F0E61F693ABE4DA7E1BDC76DC05A7",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\Activities",
"HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\38DA7FA63426B513593FBB7BD274256D",
"HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Url History",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Network",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl",
"HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\Ranges\\",
"HKEY_CURRENT_USER\\Control Panel\\Desktop\\WindowMetrics",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\3C68656E520593A45925ADFB41F821B5",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\90860AAA7BD3DE34EB32330DD29CAD62",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\002F6EFFA8A0A40498F3035BD153685A",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_MSHTML_AUTOLOAD_IEFRAME",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Policies\\ActiveDesktop",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache\\PrivacIE:",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\F591EF48DE97A00428A5BC1AFFFAA868",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\717591555BCB1604BA9777E8A55D0E41",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_LOCALMACHINE_LOCKDOWN",
"HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Internet Explorer\\Restrictions",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\6E1F5EC53DCCB704BB1223446ED382A9",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\Version Vector",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\0FD387D006FD9734FA65B249F36DE42A",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\7636A94AA21EDBB48B6AFFB17E5907B8",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1",
"HKEY_LOCAL_MACHINE\\Software\\Classes\\Installer\\UpgradeCodes\\5A8E9D0E2E6761E45ABC045341450B4D",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\EEF8AA9EB45B5DB4BBE46B8634C910CD",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\AB106BB28FBF004489BA8212BF5C075E",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_MIME_HANDLING",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\Main"
],
"file_written": [
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-loading.gif",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-loading-g.gif",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\google-chrome-banner.png",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-error.png",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-about-rtl.png",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\jquery.custom_select.min.js",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-style.css",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-select-bg.png",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\default-slide-style.css",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\share-vkontakte.png",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\select_lang_page.html",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\rtl.css",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-refresh.png",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\yandex-motivation.png",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\share-facebook.png",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\btn.png",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-script-lte-ie8.js",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\remove.png",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-print.css",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-checkbox-unchecked-disabled.gif",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\share-twitter.png",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-loading-h.gif",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-script.js",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\chrome-logo.png",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-information.png",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-win8.png",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\btn_bg.png",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-loading-f.gif",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\product.png",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-progress-bar.png",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-loading-b.gif",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\google-toolbar-banner.png",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\install_programm.png",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-checkbox-checked.gif",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-incompatible-soft-ico.png",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-refresh-disabled.png",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-select-selected.png",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-win8-bg.png",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-select-down.png",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-select-up.png",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\print.png",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-about-disabled.png",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\autorun-bullet.png",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\C7D5F23490C2BE118892800072949DB9\\setup.dll",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-logo.png",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-checkbox-checked-disabled.gif",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-arrows.png",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\kl-setup-2020-11-21-07-53-07_SAAS.21.2.16.590.log",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-checkbox-unchecked.gif",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-radio-checked.gif",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-about.png",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\jquery-1.12.4.min.js",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\tfu.png",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-radio-unchecked.gif",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-icon-ok.png"
],
"regkey_deleted": [
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Shell\\Bags\\1\\Desktop\\GroupCollapseState",
"HKEY_CURRENT_USER\\System\\CurrentControlSet\\Control\\Network\\ShowWirelessConnectingOnStart",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache\\MSHist012019040920190410",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\ProxyBypass",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\ProxyBypass",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\IntranetName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\IntranetName",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Shell\\Bags\\1\\Desktop\\ItemPos800x600x96(1)",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Shell\\Bags\\1\\Desktop\\ItemOrder"
],
"file_deleted": [
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\MSHist012019040920190410\\index.dat"
],
"directory_removed": [
"",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\MSHist012019040920190410\\"
],
"file_exists": [
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\jquery.custom_select.min.js:Zone.Identifier",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\MSHist012019040920190410\\desktop.ini",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\select_lang_page.html",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-script-lte-ie8.js",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\jquery-1.12.4.min.js:Zone.Identifier",
"C:\\Users\\cuck\\Desktop",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\select_lang_page.html:Zone.Identifier",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\downloader.ini",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\History\\desktop.ini",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\69f362d1742094a58f6586ebcc457627fce0d560bf5c43bcdd49e941493ff95a.bin",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-script-lte-ie8.js:Zone.Identifier",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\",
"C:\\cuckoo_1788.ini",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-print.css",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-script.js",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-style.css:Zone.Identifier",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-print.css:Zone.Identifier",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Internet Explorer",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\jquery.custom_select.min.js",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\MSHist012020112120201122\\",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-script.js:Zone.Identifier",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\C7D5F23490C2BE118892800072949DB9",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-style.css",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-logo.png",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\setup_autotest.dll",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-radio-checked.gif",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\jquery-1.12.4.min.js",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\MSHist012020112120201122\\index.dat",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-radio-unchecked.gif",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\kl-setup-2020-11-21-07-53-07_SAAS.21.2.16.590.log"
],
"mutex": [
"Local\\Shell.CMruPidlList",
"MSIMGSIZECacheMutex",
"Local\\ZonesCounterMutex",
"Local\\ZonesLockedCacheCounterMutex",
"Local\\c:!users!cuck!appdata!local!microsoft!windows!history!history.ie5!mshist012020112120201122!",
"Local\\ZoneAttributeCacheCounterMutex",
"Local\\DDrawDriverObjectListMutex",
"Local\\ZonesCacheCounterMutex",
"Local\\DDrawWindowListMutex",
"Local\\MidiMapper_modLongMessage_RefCnt",
"Kaspersky_Setup_Single_Instance",
"Local\\__DDrawExclMode__",
"Local\\__DDrawCheckExclMode__"
],
"file_opened": [
"C:\\Windows\\Fonts\\cour.ttf",
"C:\\Windows\\Fonts\\msyh.ttf",
"C:\\Windows\\Fonts\\verdanaz.ttf",
"C:\\Windows\\Fonts\\cambriaz.ttf",
"C:\\Windows\\Fonts\\arial.ttf",
"C:\\",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-radio-unchecked.gif",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-script-lte-ie8.js",
"C:\\Windows\\Fonts\\simsun.ttc",
"C:\\Windows\\Fonts\\cordiaz.ttf",
"C:\\Windows\\Fonts\\simkai.ttf",
"C:\\Windows\\Fonts\\tahoma.ttf",
"C:\\Windows\\Fonts\\palabi.ttf",
"C:\\Windows\\Fonts\\kalinga.ttf",
"C:\\Windows\\Fonts\\utsaah.ttf",
"C:\\Windows\\Fonts\\taileb.ttf",
"C:\\Windows\\Fonts\\aparaj.ttf",
"C:\\Windows\\Fonts\\tahomabd.ttf",
"C:\\Windows\\Fonts\\frank.ttf",
"C:\\Windows\\Fonts\\upcil.ttf",
"C:\\Windows\\Fonts\\raavi.ttf",
"C:\\Windows\\Fonts\\sylfaen.ttf",
"C:\\Windows\\Fonts\\segoeuii.ttf",
"C:\\Windows\\SysWOW64",
"C:\\Windows\\Fonts\\corbel.ttf",
"C:\\Windows\\Fonts\\upcli.ttf",
"C:\\Windows\\Fonts\\ahronbd.ttf",
"C:\\Windows\\Fonts\\verdanab.ttf",
"C:\\Windows\\Fonts\\gulim.ttc",
"C:\\Windows\\Fonts\\constanb.ttf",
"C:\\Windows\\Fonts\\cordiai.ttf",
"C:\\Windows\\Fonts\\utsaahb.ttf",
"C:\\Windows\\Fonts\\simpo.ttf",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-print.css",
"C:\\Windows\\Fonts\\Candara.ttf",
"C:\\Windows\\Fonts\\seguisb.ttf",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-script.js",
"C:\\Windows\\Fonts\\Candarab.ttf",
"C:\\Windows\\Fonts\\mriam.ttf",
"C:\\Windows\\Fonts\\upcii.ttf",
"C:\\Windows\\Fonts\\LaoUI.ttf",
"C:\\Windows\\Fonts\\majallab.ttf",
"C:\\Windows\\System32\\shell32.dll",
"C:\\Windows\\Fonts\\malgunbd.ttf",
"C:\\Windows\\SysWOW64\\ieframe.dll",
"C:\\Windows\\Fonts\\comicbd.ttf",
"C:\\Windows\\Fonts\\dokchamp.ttf",
"C:\\Windows\\Fonts\\calibri.ttf",
"C:\\Windows\\Fonts\\iskpota.ttf",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft",
"C:\\Windows\\Fonts\\segoeprb.ttf",
"C:\\Windows\\Fonts\\kokilai.ttf",
"C:\\Windows\\Fonts\\segoesc.ttf",
"C:\\Windows\\Fonts\\kartikab.ttf",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\jquery.custom_select.min.js",
"C:\\Windows\\Fonts\\Shonar.ttf",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows",
"C:\\Windows\\Fonts\\trebucit.ttf",
"C:\\Windows\\Fonts\\segoeuil.ttf",
"C:\\Windows\\Fonts\\kokilab.ttf",
"C:\\Windows\\Fonts\\mriamc.ttf",
"C:\\Windows\\Fonts\\euphemia.ttf",
"C:\\Windows\\Fonts\\cordiab.ttf",
"C:\\Windows\\Fonts\\gautamib.ttf",
"C:\\Windows\\Fonts\\mangal.ttf",
"C:\\Windows\\Fonts\\georgiai.ttf",
"C:\\Windows\\Fonts\\leelawdb.ttf",
"C:\\Windows\\Fonts\\mingliu.ttc",
"C:\\Windows\\Fonts\\mingliub.ttc",
"C:\\Windows\\Fonts\\utsaahi.ttf",
"C:\\Windows\\Fonts\\cambriab.ttf",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-style.css",
"C:\\Windows\\Fonts\\constani.ttf",
"C:\\Windows\\Fonts\\l_10646.ttf",
"C:\\Windows\\Fonts\\simhei.ttf",
"C:\\Windows\\Fonts\\arialbd.ttf",
"C:\\Windows\\Fonts\\himalaya.ttf",
"C:\\Windows\\Fonts\\msyhbd.ttf",
"C:\\Windows\\Fonts\\shruti.ttf",
"C:\\Windows\\Fonts\\calibrib.ttf",
"C:\\Users\\cuck",
"C:\\Windows\\Fonts\\ebrima.ttf",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-radio-checked.gif",
"C:\\Windows\\Fonts\\upckbi.ttf",
"C:\\Windows\\System32\\msxml3.dll",
"C:\\Windows\\Fonts\\vijaya.ttf",
"C:\\Windows\\Fonts\\trado.ttf",
"C:\\Windows\\Fonts\\lvnm.ttf",
"C:\\Windows\\Fonts\\angsai.ttf",
"C:\\Windows\\Fonts\\upcjl.ttf",
"C:\\Windows\\Fonts\\upcfb.ttf",
"C:\\Windows\\Fonts\\msjh.ttf",
"C:\\Windows\\Fonts\\majalla.ttf",
"C:\\Windows\\Fonts\\comic.ttf",
"C:\\Windows\\Fonts\\tunga.ttf",
"C:\\Windows\\Fonts\\latha.ttf",
"C:\\Windows\\Fonts\\simsunb.ttf",
"C:\\Windows\\Fonts\\monbaiti.ttf",
"C:\\Windows\\Fonts\\upcji.ttf",
"C:\\Windows\\SysWOW64\\mshtml.dll",
"C:\\Windows\\Fonts\\ariali.ttf",
"C:\\Windows\\Fonts\\ariblk.ttf",
"C:\\Windows\\Fonts\\shrutib.ttf",
"C:\\Windows\\Fonts\\mvboli.ttf",
"C:\\Windows\\Fonts\\lvnmbd.ttf",
"C:\\Windows\\Fonts\\gautami.ttf",
"C:\\Windows\\Fonts\\raavib.ttf",
"C:\\Windows\\Fonts\\msyi.ttf",
"C:\\Windows\\Fonts\\cordia.ttf",
"C:\\Windows\\Fonts\\meiryob.ttc",
"C:\\Windows\\Fonts\\timesbd.ttf",
"C:\\Windows\\Fonts\\simpbdo.ttf",
"C:\\Windows\\Fonts\\verdanai.ttf",
"C:\\Windows\\Fonts\\browaz.ttf",
"C:\\Windows\\Fonts\\nrkis.ttf",
"C:\\Windows\\win.ini",
"C:\\Windows\\Fonts\\davidbd.ttf",
"C:\\Windows\\Fonts\\phagspab.ttf",
"C:\\Windows\\Fonts\\moolbor.ttf",
"C:\\Windows\\Fonts\\KhmerUIb.ttf",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Internet Explorer\\MSIMGSIZ.DAT",
"C:\\Windows\\Fonts\\ntailu.ttf",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\MSHist012020112120201122\\index.dat",
"C:\\Windows\\Fonts\\gishabd.ttf",
"C:\\Windows\\Fonts\\msmincho.ttc",
"C:\\Windows\\Fonts\\meiryo.ttc",
"C:\\Windows\\Fonts\\upcdb.ttf",
"C:\\Windows\\Fonts\\upcfl.ttf",
"C:\\Windows\\Fonts\\constan.ttf",
"C:\\Windows\\Fonts\\msgothic.ttc",
"C:\\Windows\\Fonts\\Vanib.ttf",
"C:\\Windows\\Fonts\\upcfbi.ttf",
"C:\\Windows\\Fonts\\angsab.ttf",
"C:\\Windows\\Fonts\\corbeli.ttf",
"C:\\Windows\\Fonts\\browai.ttf",
"C:\\Windows\\SysWOW64\\wdmaud.drv",
"C:\\Windows\\Fonts\\upcebi.ttf",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-logo.png",
"C:\\Windows\\Fonts\\pala.ttf",
"C:\\Windows\\Fonts\\upcll.ttf",
"C:\\Windows\\Fonts\\Candaraz.ttf",
"C:\\Windows\\SysWOW64\\msi.dll",
"C:\\Windows\\Fonts\\upckl.ttf",
"C:\\Windows\\Fonts\\vrindab.ttf",
"C:\\Windows\\Fonts\\consolab.ttf",
"C:\\Windows\\Fonts\\kalingab.ttf",
"C:\\Windows\\Fonts\\estre.ttf",
"C:\\Windows\\Fonts\\calibrii.ttf",
"C:\\Windows\\Fonts\\upcfi.ttf",
"C:\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2",
"C:\\Windows\\Fonts\\palab.ttf",
"C:\\Windows\\Fonts\\framdit.ttf",
"C:\\Windows\\Fonts\\daunpenh.ttf",
"C:\\Windows\\Fonts\\Vani.ttf",
"C:\\Windows\\Fonts\\rod.ttf",
"C:\\Windows\\Fonts\\upcib.ttf",
"C:\\Windows\\Fonts\\tradbdo.ttf",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Caches\\cversions.1.db",
"C:\\Windows\\Media\\Windows Navigation Start.wav",
"C:\\Windows\\Fonts\\kaiu.ttf",
"C:\\Windows\\Fonts\\msuighur.ttf",
"C:\\Windows\\Fonts\\courbd.ttf",
"C:\\Windows\\Fonts\\georgia.ttf",
"C:\\Windows\\Fonts\\trebucbi.ttf",
"C:\\Windows\\Fonts\\timesbi.ttf",
"C:\\Windows\\Fonts\\upcki.ttf",
"C:\\Windows\\Fonts\\lucon.ttf",
"C:\\Windows\\Fonts\\browauz.ttf",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\69f362d1742094a58f6586ebcc457627fce0d560bf5c43bcdd49e941493ff95a.bin",
"C:\\Windows\\Fonts\\aparajb.ttf",
"C:\\Windows\\System32\\dxtrans.dll",
"C:\\Windows\\Fonts\\angsau.ttf",
"C:\\Windows\\Fonts\\courbi.ttf",
"C:\\Windows\\Fonts\\corbelb.ttf",
"C:\\Windows\\Fonts\\georgiab.ttf",
"C:\\Windows\\Fonts\\arabtype.ttf",
"C:\\Windows\\Fonts\\vrinda.ttf",
"C:\\Users",
"C:\\Windows\\Fonts\\Candarai.ttf",
"C:\\Windows\\Fonts\\angsaub.ttf",
"C:\\Windows\\Fonts\\upckb.ttf",
"C:\\Windows\\SysWOW64\\stdole2.tlb",
"C:\\Windows\\Fonts\\palai.ttf",
"C:\\Windows\\Fonts\\LaoUIb.ttf",
"C:\\Windows\\Fonts\\aparajbi.ttf",
"C:\\Windows\\SysWOW64\\en-US\\KERNELBASE.dll.mui",
"C:\\Users\\desktop.ini",
"C:\\Windows\\Fonts\\simpfxo.ttf",
"C:\\Windows\\Fonts\\seguisym.ttf",
"C:\\Windows\\Fonts\\tungab.ttf",
"C:\\Windows\\Fonts\\segoescb.ttf",
"C:\\Windows\\Fonts\\nyala.ttf",
"C:\\Users\\cuck\\AppData\\Local",
"C:\\Windows\\System32\\ntmarta.dll",
"C:\\Windows\\Fonts\\angsa.ttf",
"C:\\Windows\\Fonts\\georgiaz.ttf",
"C:\\Windows\\Fonts\\trebuc.ttf",
"C:\\Windows\\Fonts\\cordiauz.ttf",
"C:\\Windows\\Fonts\\batang.ttc",
"C:\\Windows\\Fonts\\Shonarb.ttf",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000004.db",
"C:\\Windows\\Fonts\\webdings.ttf",
"C:\\Windows\\System32\\dxtmsft.dll",
"C:\\Windows\\Fonts\\constanz.ttf",
"C:\\Windows\\Fonts\\upceb.ttf",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B",
"C:\\Windows\\Fonts\\consola.ttf",
"C:\\Users\\cuck\\AppData\\Local\\Temp",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\jquery-1.12.4.min.js",
"C:\\Windows\\Fonts\\browau.ttf",
"C:\\Windows\\Fonts\\angsaz.ttf",
"C:\\Windows\\Fonts\\leelawad.ttf",
"C:\\Windows\\Fonts\\taile.ttf",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\select_lang_page.html",
"C:\\Users\\cuck\\AppData",
"C:\\Windows\\Fonts\\browaub.ttf",
"C:\\Windows\\Fonts\\arialbi.ttf",
"C:\\Windows\\Fonts\\msjhbd.ttf",
"C:\\Windows\\Fonts\\upclbi.ttf",
"C:\\Windows\\Fonts\\aparaji.ttf",
"C:\\Windows\\Fonts\\andlso.ttf",
"C:\\Windows\\Fonts\\browa.ttf",
"C:\\Windows\\Fonts\\segoeuiz.ttf",
"C:\\Windows\\Fonts\\framd.ttf",
"C:\\Windows\\Fonts\\lathab.ttf",
"C:\\Windows\\Fonts\\cambriai.ttf",
"C:\\Windows\\Fonts\\upcjb.ttf",
"C:\\Windows\\Fonts\\upcdl.ttf",
"C:\\Windows\\Fonts\\calibriz.ttf",
"C:\\Windows\\Fonts\\upcdbi.ttf",
"C:\\Windows\\Fonts\\simfang.ttf",
"C:\\Windows\\Fonts\\browab.ttf",
"C:\\Windows\\Fonts\\cordiaui.ttf",
"C:\\Windows\\Fonts\\phagspa.ttf",
"C:\\Windows\\Fonts\\angsauz.ttf",
"C:\\Windows\\Fonts\\browaui.ttf",
"C:\\Windows\\Fonts\\impact.ttf",
"C:\\Windows\\Fonts\\consolaz.ttf",
"C:\\Windows\\Fonts\\malgun.ttf",
"C:\\Windows\\Fonts\\kokila.ttf",
"C:\\Windows\\Fonts\\verdana.ttf",
"C:\\Windows\\Fonts\\upcei.ttf",
"C:\\Windows\\Fonts\\upcel.ttf",
"C:\\Windows\\Fonts\\wingding.ttf",
"C:\\Windows\\Fonts\\mangalb.ttf",
"C:\\Windows\\Fonts\\kartika.ttf",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\History\\desktop.ini",
"C:\\Windows\\Fonts\\ebrimabd.ttf",
"C:\\Windows\\Fonts\\upclb.ttf",
"C:\\Windows\\Fonts\\ntailub.ttf",
"C:\\Windows\\Fonts\\cordiau.ttf",
"C:\\Windows\\Fonts\\segoeuib.ttf",
"C:\\Windows\\Fonts\\segoeui.ttf",
"C:\\Windows\\Fonts\\angsaui.ttf",
"C:\\Windows\\Fonts\\david.ttf",
"C:\\Windows\\Fonts\\KhmerUI.ttf",
"C:\\Windows\\Fonts\\utsaahbi.ttf",
"C:\\Windows\\Fonts\\corbelz.ttf",
"C:\\Windows\\Fonts\\vijayab.ttf",
"C:\\Windows\\Fonts\\segoepr.ttf",
"C:\\Windows\\Fonts\\Gabriola.ttf",
"C:\\Windows\\Fonts\\plantc.ttf",
"C:\\Windows\\Fonts\\cambria.ttc",
"C:\\Windows\\Fonts\\cordiaub.ttf",
"C:\\Windows\\Fonts\\symbol.ttf",
"C:\\Windows\\Fonts\\upcdi.ttf",
"C:\\Windows\\Fonts\\micross.ttf",
"C:\\Windows\\Fonts\\upcjbi.ttf",
"C:\\Windows\\Fonts\\times.ttf",
"C:\\Windows\\Fonts\\consolai.ttf",
"C:\\Windows\\Fonts\\kokilabi.ttf",
"C:\\Windows\\Fonts\\trebucbd.ttf",
"C:\\Windows\\Fonts\\upcibi.ttf",
"C:\\Windows\\Fonts\\timesi.ttf",
"C:\\Windows\\Fonts\\couri.ttf",
"C:\\Windows\\Fonts\\gisha.ttf"
],
"guid": [
"{2fb499a3-cfce-480f-a5f3-2453db7a2b7a}",
"{275c23e2-3747-11d0-9fea-00aa003f8646}",
"{00000003-0000-0000-c000-000000000046}",
"{6a01fda0-30df-11d0-b724-00aa006c1a01}",
"{ea1afb91-9e28-4b86-90e9-9e9f8a5eefaf}",
"{30c3b080-30fb-11d0-b724-00aa006c1a01}",
"{254dbbc1-f922-11d0-883a-3c8b00c10000}",
"{dccfc164-2b38-11d2-b7ec-00c04f8f5d9a}",
"{30a5fb78-e11f-11d1-9064-00c04fd9189d}",
"{660b90c8-73a9-4b58-8cae-355b7f55341b}",
"{ba126ae5-2166-11d1-b1d0-00805fc1270e}",
"{c08956a2-1cd3-11d1-b1c5-00805fc1270e}",
"{25336920-03f9-11cf-8fd0-00aa00686f13}",
"{a3ccedf7-2de2-11d0-86f4-00a0c913f750}",
"{4fd2a832-86c8-11d0-8fca-00c04fd9189d}",
"{9b63616c-36b2-46bc-959f-c1593952d19b}",
"{1a1f4206-0688-4e7f-be03-d82ec69df9a5}",
"{5762f2a7-4658-4c7a-a4ac-bdabfe154e0d}",
"{42aedc87-2188-41fd-b9a3-0c966feabec1}",
"{4ef17940-30e0-11d0-b724-00aa006c1a01}",
"{00000146-0000-0000-c000-000000000046}",
"{6c736dc1-ab0d-11d0-a2ad-00a0c90f27e8}",
"{a7ee7f34-3bd1-427f-9231-f941e9b7e1fe}",
"{d0074ffd-570f-4a9b-8d69-199fdba5723b}",
"{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}",
"{4cb26c03-ff93-11d0-817e-0000f87557db}",
"{b39fd73f-e139-11d1-9065-00c04fd9189d}",
"{a3ccedf3-2de2-11d0-86f4-00a0c913f750}",
"{f414c260-6ac0-11cf-b6d1-00aa00bbbb58}",
"{871c5380-42a0-1069-a2ea-08002b30309d}",
"{000214e6-0000-0000-c000-000000000046}",
"{00000001-0000-0000-c000-000000000046}",
"{3050f3bc-98b5-11cf-bb82-00aa00bdce0b}",
"{ff393560-c2a7-11cf-bff4-444553540000}",
"{d9e89500-30fa-11d0-b724-00aa006c1a01}",
"{00000323-0000-0000-c000-000000000046}",
"{ba126ad1-2166-11d1-b1d0-00805fc1270e}",
"{56fdf344-fd6d-11d0-958a-006097c9a090}",
"{ed8c108e-4349-11d2-91a4-00c04f7969e8}",
"{e7e4bc40-e76a-11ce-a9bb-00aa004ae837}",
"{faedcf69-31fe-11d1-aad2-00805fc1270e}",
"{3050f429-98b5-11cf-bb82-00aa00bdce0b}",
"{cd773740-b187-4974-a1d5-e0ff91372277}",
"{8856f961-340a-11d0-a96b-00c04fd705a2}",
"{81397204-f51a-4571-8d7b-dc030521aabd}",
"{50d5107a-d278-4871-8989-f4ceaaf59cfc}",
"{6187e5a2-a445-4608-8fc0-be7a6c8db386}",
"{385a91bc-1e8a-4e4a-a7a6-f4fc1e6ca1bd}",
"{bb1a2ae1-a4f9-11cf-8f20-00805f2cd064}",
"{adc6cb82-424c-11d2-952a-00c04fa34f05}",
"{a47979d2-c419-11d9-a5b4-001185ad2b89}",
"{46a6eeff-908e-4dc6-92a6-64be9177b41c}",
"{00000339-0000-0000-c000-000000000046}",
"{7007acc7-3202-11d1-aad2-00805fc1270e}",
"{30a99515-1527-4451-af9f-00c5f0234daf}",
"{0e890f83-5f79-11d1-9043-00c04fd9189d}",
"{4fd2a833-86c8-11d0-8fca-00c04fd9189d}",
"{22b07b33-8bfb-49d4-9b90-0938370c9019}",
"{6c736db1-bd94-11d0-8a23-00aa00b58e10}",
"{3050f406-98b5-11cf-bb82-00aa00bdce0b}",
"{08c0e040-62d1-11d1-9326-0060b067b86e}"
],
"file_read": [
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\select_lang_page.html",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-script-lte-ie8.js",
"C:\\Windows\\Media\\Windows Navigation Start.wav",
"C:\\Windows\\System32\\msxml3.dll",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\History\\desktop.ini",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\69f362d1742094a58f6586ebcc457627fce0d560bf5c43bcdd49e941493ff95a.bin",
"C:\\Windows\\SysWOW64\\mshtml.dll",
"C:\\Windows\\System32\\dxtrans.dll",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-print.css",
"C:\\Windows\\System32\\dxtmsft.dll",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-script.js",
"C:\\Windows\\SysWOW64\\stdole2.tlb",
"C:\\Windows\\SysWOW64\\ieframe.dll",
"C:\\Users\\desktop.ini",
"C:\\Windows\\win.ini",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\jquery.custom_select.min.js",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-style.css",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-logo.png",
"C:\\Windows\\SysWOW64\\msi.dll",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-radio-checked.gif",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\jquery-1.12.4.min.js",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-radio-unchecked.gif"
],
"regkey_read": [
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\DirectDraw\\Compatibility\\StarCraft100\\ID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder\\HideFolderVerbs",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Rpc\\MaxRpcSize",
"HKEY_CURRENT_USER\\.html\\Content Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\image\/x-png\\Image Filter CLSID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\Version Vector\\VML",
"HKEY_CURRENT_USER\\FirefoxHTML-E7CF176E110C211B\\IsShortcut",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_BLOCK_LMZ_IMG\\69f362d1742094a58f6586ebcc457627fce0d560bf5c43bcdd49e941493ff95a.bin",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_XSSFILTER\\69f362d1742094a58f6586ebcc457627fce0d560bf5c43bcdd49e941493ff95a.bin",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoSetFolders",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_SAFE_BINDTOOBJECT\\69f362d1742094a58f6586ebcc457627fce0d560bf5c43bcdd49e941493ff95a.bin",
"HKEY_CURRENT_USER\\Software\\KasperskyLab\\IEOverride\\Main\\Print_Background",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoFileUrl",
"HKEY_CURRENT_USER\\Software\\KasperskyLab\\IEOverride\\Main\\SmoothScroll",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache\\ietld\\CachePrefix",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows NT\\CurrentVersion\\DRIVERS32\\wave",
"HKEY_CURRENT_USER\\AppEvents\\Schemes\\Apps\\Explorer\\Navigating\\.Current\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Rpc\\Extensions\\RemoteRpcDll",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows NT\\CurrentVersion\\DRIVERS32\\wavemapper",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\DirectDraw\\Compatibility\\MortalKombat3\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\DirectDraw\\DisableDDSCAPSInDDSD",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\DisableImprovedZoneCheck",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_SHIM_MSHELP_COMBINE\\*",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_BEHAVIORS\\*",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache\\MSHist012019040920190410\\CacheRepair",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\CreateUriCacheSize",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\Feed Discovery\\Sound",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{ED8C108E-4349-11D2-91A4-00C04F7969E8}\\InProcServer32\\ThreadingModel",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache\\DOMStore\\CachePrefix",
"HKEY_CURRENT_USER\\Control Panel\\Desktop\\WindowMetrics\\AppliedDPI",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\DirectDraw\\Compatibility\\Terracide\\Flags",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\DirectDraw\\DisableMMX",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\AutoCheckSelect",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\BrowseInPlace",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\Attributes",
"HKEY_CURRENT_USER\\Software\\KasperskyLab\\IEOverride\\Main\\Use_DlgBox_Colors",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\DirectDraw\\OWNDC",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\DirectDraw\\Compatibility\\Bug!\\ID",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ProxyEnable",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3\\Icon",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\UrlEncoding",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.gif\\Content Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder\\MapNetDriveVerbs",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\DirectDraw\\Compatibility\\ThirdDimension\\Flags",
"HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\DisableCachingOfSSLPages",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\DirectDraw\\Compatibility\\MsGolf98\\ID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\IsShortcut",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\WantsAliasedNotifications",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\EMPTY",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0\\MinLevel",
"HKEY_CURRENT_USER\\System\\CurrentControlSet\\Control\\MediaProperties\\PrivateProperties\\Joystick\\Winmm\\wheel",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_LOCALMACHINE_LOCKDOWN\\*",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Zoom\\ZoomDisabled",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0\\Flags",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\PROTOCOLS\\Handler\\about\\CLSID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\DocObject",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_FEEDS\\*",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\CoInternetCombineIUriCacheSize",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\IsTextPlainHonored",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache\\ietld\\CacheRepair",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_ZONE_ELEVATION\\69f362d1742094a58f6586ebcc457627fce0d560bf5c43bcdd49e941493ff95a.bin",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_USE_WINDOWEDSELECTCONTROL\\*",
"HKEY_CURRENT_USER\\Software\\KasperskyLab\\IEOverride\\Main\\Cleanup HTCs",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\AboutURLs\\blank",
"HKEY_CURRENT_USER\\Software\\KasperskyLab\\IEOverride\\Main\\CSS_Compat",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}\\InProcServer32\\LoadWithoutCOM",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\DontPrettyPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\DirectDraw\\Compatibility\\NortonSystemInfo\\Flags",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\AllowFileCLSIDJunctions",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}\\InProcServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder\\HideOnDesktopPerUser",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_UNC_SAVEDFILECHECK\\69f362d1742094a58f6586ebcc457627fce0d560bf5c43bcdd49e941493ff95a.bin",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\WebView",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\DirectDraw\\Compatibility\\Savage\\Flags",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.js\\Content Type",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache\\MSHist012019040920190410\\CachePrefix",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\DirectDraw\\Compatibility\\Rogue Squadron\\Flags",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder\\QueryForOverlay",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\Low Rights\\ProtectedModeOffForAllZones",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache\\MSHist012019040920190410\\CacheLimit",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.html\\AlwaysShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{00020424-0000-0000-C000-000000000046}\\InprocServer32\\ThreadingModel",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\MapNetDrvBtn",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\FileSystem\\Win31FileSystem",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\DirectDraw\\EnablePrintScreen",
"HKEY_CURRENT_USER\\Software\\KasperskyLab\\IEOverride\\Main\\DOMStorage",
"HKEY_CURRENT_USER\\Software\\KasperskyLab\\IEOverride\\Main\\UseClearType",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2\\Flags",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Shell\\BagMRU Size",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2227A280-3AEA-1069-A2DE-08002B30309D}\\LocalizedString",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CodePage\\950",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\CoInternetCombineIUriCacheSize",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_MSHTML_AUTOLOAD_IEFRAME\\69f362d1742094a58f6586ebcc457627fce0d560bf5c43bcdd49e941493ff95a.bin",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3\\2106",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\MMDevices\\Audio\\Render\\{c8ce7349-e519-42ea-bfb7-698f1844ee25}\\Properties\\{a45c254e-df1c-4efd-8020-67d146a850e0},2",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\TabProcGrowth",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\en",
"HKEY_CURRENT_USER\\Software\\KasperskyLab\\IEOverride\\Main\\Enable AutoImageResize",
"HKEY_CURRENT_USER\\Software\\KasperskyLab\\IEOverride\\Main\\UseThemes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\DevicePath",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache\\PrivacIE:\\CacheOptions",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\SpecialFoldersCacheSize",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\ShowTypeOverlay",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{7007ACC7-3202-11D1-AAD2-00805FC1270E}\\System.ItemNameDisplay",
"HKEY_CURRENT_USER\\Software\\KasperskyLab\\IEOverride\\Main\\Anchor Underline",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{3f5cc1b5-70f9-11e8-b07b-806e6f6e6963}\\Data",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\HideFileExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\DirectDraw\\Compatibility\\DemolitionDerby2\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum\\{871C5380-42A0-1069-A2EA-08002B30309D}",
"HKEY_CURRENT_USER\\Local Settings\\MuiCache\\2\\52C64B7E\\@C:\\Windows\\system32\\netshell.dll,-1200",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\image\/jpeg\\Bits\\0",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache\\feedplat\\CacheRepair",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\MUI\\StringCacheSettings\\StringCacheGeneration",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache\\MSHist012020112120201122\\CachePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\DirectDraw\\Compatibility\\ThirdDimension\\Name",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1\\2500",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4\\CurrentLevel",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\SeparateProcess",
"HKEY_CURRENT_USER\\Software\\KasperskyLab\\IEOverride\\Main\\Page_Transitions",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\DirectDraw\\Compatibility\\ScorchedPlanet\\Flags",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder\\CallForAttributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\DirectDraw\\Compatibility\\MortalKombat3\\Flags",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\DirectDraw\\Compatibility\\Diablo\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\DirectDraw\\Compatibility\\ThirdDimension\\ID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoWebView",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache\\DOMStore\\CachePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder\\RestrictedAttributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\OLE\\MaximumAllowedAllocationSize",
"HKEY_CURRENT_USER\\Software\\KasperskyLab\\IEOverride\\Main\\Q300829",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows NT\\CurrentVersion\\DRIVERS32\\wdmaud.drv",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_SUBDOWNLOAD_LOCKDOWN\\69f362d1742094a58f6586ebcc457627fce0d560bf5c43bcdd49e941493ff95a.bin",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\MMDevices\\Audio\\Render\\{c8ce7349-e519-42ea-bfb7-698f1844ee25}\\DeviceState",
"HKEY_CURRENT_USER\\Software\\KasperskyLab\\IEOverride\\Main\\Use Stylesheets",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\DirectDraw\\ForceRefreshRate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0\\2000",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\DirectDraw\\Compatibility\\Savage\\Name",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache\\DOMStore\\CacheLimit",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{0000897b-83df-4b96-be07-0fb58b01c4a4}\\LanguageProfile\\0x00000000\\{0001bea3-ed56-483d-a2e2-aeae25577436}\\Enable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_BLOCK_LMZ_IMG\\*",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\International\\AcceptLanguage",
"HKEY_LOCAL_MACHINE\\SYSTEM\\Setup\\SystemSetupInProgress",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\FrameTabWindow",
"HKEY_CURRENT_USER\\Software\\KasperskyLabSetup\\Setup21.2.16.590.0.320.0\\AppCommandLine",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\InProcServer32\\(Default)",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\WindowsSearch\\EnabledScopes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0\\RecommendedLevel",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\SourcePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\image\/pjpeg\\Bits\\0",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\RestrictedAttributes",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\LDAP\\UseOldHostResolutionOrder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\NeverShowExt",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\ShowInfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{7007ACC7-3202-11D1-AAD2-00805FC1270E}\\InProcServer32\\(Default)",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache\\PrivacIE:\\CachePrefix",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.html\\Content Type",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4\\2500",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\MMDevices\\Audio\\Capture\\{d87a0b1a-8975-43e7-9879-c2912b61be65}\\Properties\\{1da5d803-d492-4edd-8c23-e0c0ffee7f0e},0",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\AdminTabProcs",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\HideIcons",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\SessionMerging",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\image\/x-wmf\\Bits\\0",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2\\RecommendedLevel",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_SHIM_MSHELP_COMBINE\\69f362d1742094a58f6586ebcc457627fce0d560bf5c43bcdd49e941493ff95a.bin",
"HKEY_CURRENT_USER\\AppEvents\\Schemes\\Apps\\Explorer\\ActivatingDocument\\.Current\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3\\RecommendedLevel",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\NoFileFolderJunction",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\AlwaysShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{645FF040-5081-101B-9F08-00AA002F954E}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\DirectDraw\\Compatibility\\StarCraftDemo\\Flags",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_SSLUX\\*",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2\\2500",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Language\\InstallLanguageFallback",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\SecuritySafe",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Locale\\00000409",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_MIME_SNIFFING\\*",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\SpecialFoldersCacheSize",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\WarnOnIntranet",
"HKEY_CURRENT_USER\\Software\\KasperskyLab\\IEOverride\\Main\\XDomainRequest",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\en",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.html\\IsShortcut",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoCommonGroups",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\DirectDraw\\Compatibility\\StarCraftDemo\\ID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\TypeLib\\{00020430-0000-0000-C000-000000000046}\\2.0\\0\\win32\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\ClearRecentDocsOnExit",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\FirefoxHTML-E7CF176E110C211B\\DocObject",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\PinToNameSpaceTree",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SQMClient\\Windows\\DisabledSessions\\MachineThrottling",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache\\feedplat\\CacheOptions",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\COM3\\COM+Enabled",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows NT\\CurrentVersion\\DRIVERS32\\wave6",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows NT\\CurrentVersion\\DRIVERS32\\wave7",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows NT\\CurrentVersion\\DRIVERS32\\wave4",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows NT\\CurrentVersion\\DRIVERS32\\wave5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows NT\\CurrentVersion\\DRIVERS32\\wave2",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows NT\\CurrentVersion\\DRIVERS32\\wave3",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows NT\\CurrentVersion\\DRIVERS32\\wave1",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\WantsFORPARSING",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows NT\\CurrentVersion\\DRIVERS32\\wave8",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows NT\\CurrentVersion\\DRIVERS32\\wave9",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\DisableCachingOfSSLPages",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\BrowseInPlace",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\MUI\\UILanguages\\en-US\\Type",
"HKEY_CURRENT_USER\\Software\\KasperskyLab\\IEOverride\\RtfConverterFlags",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\DirectDraw\\Compatibility\\StarCraftDemo\\Name",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3\\2000",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0\\2000",
"HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\UrlEncoding",
"HKEY_CURRENT_USER\\FirefoxHTML-E7CF176E110C211B\\AlwaysShowExt",
"HKEY_CURRENT_USER\\FirefoxHTML-E7CF176E110C211B\\BrowseInPlace",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_MIME_SNIFFING\\69f362d1742094a58f6586ebcc457627fce0d560bf5c43bcdd49e941493ff95a.bin",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE\\*",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\ShowCompColor",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder\\HasNavigationEnum",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\MMDevices\\Audio\\Capture\\{d87a0b1a-8975-43e7-9879-c2912b61be65}\\Properties\\{b3f8fa53-0004-438e-9003-51a46e139bfc},1",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\MMDevices\\Audio\\Capture\\{d87a0b1a-8975-43e7-9879-c2912b61be65}\\Properties\\{b3f8fa53-0004-438e-9003-51a46e139bfc},2",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\MMDevices\\Audio\\Capture\\{d87a0b1a-8975-43e7-9879-c2912b61be65}\\Properties\\{b3f8fa53-0004-438e-9003-51a46e139bfc},6",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Services\\SelectionActivityButtonDisable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\IsShortcut",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache\\feedplat\\CacheLimit",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoPropertiesRecycleBin",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Cached\\{E7E4BC40-E76A-11CE-A9BB-00AA004AE837} {000214E6-0000-0000-C000-000000000046} 0xFFFF",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoPropertiesMyComputer",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\image\/x-png\\Bits\\0",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache\\MSHist012020112120201122\\CacheRepair",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\DirectDraw\\Compatibility\\Rogue Squadron\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{00020424-0000-0000-C000-000000000046}\\InprocServer32\\InprocServer32",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\SessionMerging",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3\\MinLevel",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\InProcServer32\\LoadWithoutCOM",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShellState",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\DirectDraw\\Compatibility\\NHLPowerPlay\\Flags",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_MIME_HANDLING\\69f362d1742094a58f6586ebcc457627fce0d560bf5c43bcdd49e941493ff95a.bin",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.css\\Content Type",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache\\MSHist012020112120201122\\CachePrefix",
"HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\CoInternetCombineIUriCacheSize",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder\\WantsUniversalDelegate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\UrlEncoding",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows NT\\CurrentVersion\\DRIVERS32\\midi",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder\\WantsFORPARSING",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\MMDevices\\Audio\\Render\\{c8ce7349-e519-42ea-bfb7-698f1844ee25}\\Properties\\{b3f8fa53-0004-438e-9003-51a46e139bfc},2",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\MMDevices\\Audio\\Render\\{c8ce7349-e519-42ea-bfb7-698f1844ee25}\\Properties\\{b3f8fa53-0004-438e-9003-51a46e139bfc},1",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\MMDevices\\Audio\\Render\\{c8ce7349-e519-42ea-bfb7-698f1844ee25}\\Properties\\{b3f8fa53-0004-438e-9003-51a46e139bfc},6",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Direct3D\\FlipNoVsync",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\DirectDraw\\Compatibility\\Diablo\\ID",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0\\CurrentLevel",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\NeverShowExt",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2\\Icon",
"HKEY_CURRENT_USER\\Software\\KasperskyLab\\IEOverride\\Main\\Move System Caret",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Drive\\shellex\\FolderExtensions\\{fbeb8a05-beee-4442-804e-409d6c4515e9}\\DriveMask",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\DirectDraw\\Compatibility\\SilentThunder\\Flags",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache\\MSHist012020112120201122\\CacheLimit",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{3f5cc1b6-70f9-11e8-b07b-806e6f6e6963}\\Generation",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2227A280-3AEA-1069-A2DE-08002B30309D}\\System.ItemNameDisplay",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_SAFE_BINDTOOBJECT\\*",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Shell\\BagMRU\\NodeSlots",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoControlPanel",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\DirectDraw\\UseNonLocalVidMem",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\DirectDraw\\EmulationOnly",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_BLOCK_LMZ_SCRIPT\\69f362d1742094a58f6586ebcc457627fce0d560bf5c43bcdd49e941493ff95a.bin",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Cached\\{FF393560-C2A7-11CF-BFF4-444553540000} {000214E6-0000-0000-C000-000000000046} 0xFFFF",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\Interface\\{00000134-0000-0000-C000-000000000046}\\ProxyStubClsid32\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\DirectDraw\\Compatibility\\StarCraft115\\Flags",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1\\2500",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1\\Flags",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\Interface\\{332C4425-26CB-11D0-B483-00C04FD90119}\\ProxyStubClsid32\\(Default)",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FrameTabWindow",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\DirectDraw\\Compatibility\\ScorchedPlanet\\Name",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Shell\\BagMRU\\NodeSlot",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\TypeLib\\{54314D1D-35FE-11D1-81A1-0000F87557DB}\\1.1\\0\\win32\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder\\UseDropHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE\\69f362d1742094a58f6586ebcc457627fce0d560bf5c43bcdd49e941493ff95a.bin",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.html\\UserChoice\\Progid",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_ZONE_ELEVATION\\*",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\DirectDraw\\Compatibility\\StarCraft100\\Name",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Filter",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\DirectDraw\\Compatibility\\Rogue Squadron\\ID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\WantsFORDISPLAY",
"HKEY_CURRENT_USER\\.html\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\DirectDraw\\Compatibility\\SilentThunder\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\CTF\\EnableAnchorContext",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{3f5cc1b5-70f9-11e8-b07b-806e6f6e6963}\\Generation",
"HKEY_CURRENT_USER\\Local Settings\\MuiCache\\2\\52C64B7E\\@C:\\Windows\\system32\\prnfldr.dll,-8036",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache\\ietld\\CacheLimit",
"HKEY_CURRENT_USER\\Software\\KasperskyLab\\IEOverride\\Main\\Force Offscreen Composition",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Rpc\\Extensions\\NdrOleExtDLL",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\DirectDraw\\Compatibility\\MsGolf98\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\DirectDraw\\Compatibility\\ZiffDavisQualityBenchmark\\ID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoInternetIcon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DontShowSuperHidden",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder\\WantsFORDISPLAY",
"HKEY_CURRENT_USER\\Software\\KasperskyLab\\IEOverride\\SmartDithering",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\No3DBorder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\Default Behaviors\\DXTFilterBehavior",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.html\\NeverShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{FF393560-C2A7-11CF-BFF4-444553540000}\\InProcServer32\\LoadWithoutCOM",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\Version Vector\\WindowsEdition",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\SQMServiceList\\SQMServiceList",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Url History\\DaysToKeep",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\MapNetDriveVerbs",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder\\WantsParseDisplayName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\QueryForInfoTip",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Security\\DisableSecuritySettingsCheck",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{FF393560-C2A7-11CF-BFF4-444553540000}\\InProcServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\crypt32\\DebugHeapFlags",
"HKEY_CURRENT_USER\\Keyboard Layout\\Toggle\\Layout Hotkey",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1\\CurrentLevel",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\FirefoxHTML-E7CF176E110C211B\\BrowseInPlace",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{ED8C108E-4349-11D2-91A4-00C04F7969E8}\\InProcServer32\\(Default)",
"HKEY_CURRENT_USER\\Software\\KasperskyLab\\IEOverride\\Main\\UseHR",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_PROTOCOL_LOCKDOWN\\*",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4\\2500",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\DirectDraw\\Compatibility\\NortonSystemInfo\\ID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\DirectDraw\\Compatibility\\StarCraft115\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4\\MinLevel",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{3f5cc1b6-70f9-11e8-b07b-806e6f6e6963}\\Data",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\UseDropHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\DirectDraw\\Compatibility\\Terracide\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\DirectDraw\\Compatibility\\MsGolf98\\Flags",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{ED8C108E-4349-11D2-91A4-00C04F7969E8}\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.html\\BrowseInPlace",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache\\ietld\\CachePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\DirectDraw\\Compatibility\\Terracide\\ID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder\\WantsAliasedNotifications",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3\\CurrentLevel",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder\\QueryForInfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\DirectDraw\\ShowFrameRate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\FirefoxHTML-E7CF176E110C211B\\AlwaysShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{7007ACC7-3202-11D1-AAD2-00805FC1270E}\\InProcServer32\\LoadWithoutCOM",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder\\Attributes",
"HKEY_CURRENT_USER\\AppEvents\\Schemes\\Apps\\Explorer\\Navigating\\.Current\\Default Flags",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{7007ACC7-3202-11D1-AAD2-00805FC1270E}\\{B725F130-47EF-101A-A5F1-02608C9EEBAC} 10",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_RESTRICT_ABOUT_PROTOCOL_IE7\\69f362d1742094a58f6586ebcc457627fce0d560bf5c43bcdd49e941493ff95a.bin",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Suggested Sites\\Enabled",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\DisableCachingOfSSLPages",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache\\feedplat\\CachePrefix",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{ED8C108E-4349-11D2-91A4-00C04F7969E8}\\InProcServer32\\InprocServer32",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\HideFolderVerbs",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_RESTRICT_FILEDOWNLOAD\\*",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoNetCrawling",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\DirectDraw\\Compatibility\\MortalKombat3\\ID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\MMDevices\\Audio\\Capture\\{d87a0b1a-8975-43e7-9879-c2912b61be65}\\Properties\\{a45c254e-df1c-4efd-8020-67d146a850e0},2",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache\\MSHist012020112120201122\\CacheOptions",
"HKEY_CURRENT_USER\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\TrayNotify\\PromotedIconCache",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache\\MSHist012019040920190410\\CacheOptions",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache\\PrivacIE:\\CacheLimit",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\DirectDraw\\Compatibility\\Bug!\\Flags",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\TabProcGrowth",
"HKEY_LOCAL_MACHINE\\SYSTEM\\Setup\\OOBEInProgress",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\DirectDraw\\Compatibility\\StarCraft100\\Flags",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\CreateUriCacheSize",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows NT\\CurrentVersion\\DRIVERS32\\midi6",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows NT\\CurrentVersion\\DRIVERS32\\midi7",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\HideInWebView",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows NT\\CurrentVersion\\DRIVERS32\\midi5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows NT\\CurrentVersion\\DRIVERS32\\midi2",
"HKEY_CURRENT_USER\\Software\\KasperskyLab\\IEOverride\\Main\\Display Inline Videos",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\PROTOCOLS\\Handler\\res\\CLSID",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\NoProtectedModeBanner",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows NT\\CurrentVersion\\DRIVERS32\\midi9",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\MaxRenderLine",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\CallForAttributes",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Recovery\\AutoRecover",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_RESTRICT_FILEDOWNLOAD\\69f362d1742094a58f6586ebcc457627fce0d560bf5c43bcdd49e941493ff95a.bin",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\No3DBorder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder\\NoFileFolderJunction",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows Script\\Settings\\JITDebug",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows\\DragDelay",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\FirefoxHTML-E7CF176E110C211B\\NeverShowExt",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\AdminTabProcs",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\CreateUriCacheSize",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\DirectDraw\\ModeXOnly",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_BROWSER_EMULATION\\69f362d1742094a58f6586ebcc457627fce0d560bf5c43bcdd49e941493ff95a.bin",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\DirectDraw\\Compatibility\\ZiffDavisWinMarkBenchmark\\ID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\OLE\\PageAllocatorUseSystemHeap",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\EnablePunycode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{ED8C108E-4349-11D2-91A4-00C04F7969E8}\\ProgID\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.png\\Content Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\DirectDraw\\Compatibility\\DemolitionDerby2\\ID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\NavigationDelay",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder\\PinToNameSpaceTree",
"HKEY_CURRENT_USER\\Software\\KasperskyLab\\IEOverride\\Main\\Display Inline Images",
"HKEY_CURRENT_USER\\Software\\KasperskyLab\\IEOverride\\Main\\DisableScriptDebuggerIE",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{00020424-0000-0000-C000-000000000046}\\InprocServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\HasNavigationEnum",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\DirectDraw\\Compatibility\\DemolitionDerby2\\Flags",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SQMClient\\Windows\\DisabledSessions\\GlobalSession",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\MMDevices\\Audio\\Render\\{c8ce7349-e519-42ea-bfb7-698f1844ee25}\\Properties\\{026e516e-b814-414b-83cd-856d6fef4822},2",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\DocObject",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3\\2500",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\DirectDraw\\Compatibility\\ZiffDavisQualityBenchmark\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4\\RecommendedLevel",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\ShowSuperHidden",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\LocalizedString",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache\\DOMStore\\CacheOptions",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_BLOCK_LMZ_SCRIPT\\*",
"HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\EnablePunycode",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache\\PrivacIE:\\CacheRepair",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\DirectDraw\\Compatibility\\NHLPowerPlay\\ID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_MSHTML_AUTOLOAD_IEFRAME\\*",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoFileMenu",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\DirectDraw\\ForceAGPSupport",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2\\CurrentLevel",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\DirectDraw\\Compatibility\\Bug!\\Name",
"HKEY_CURRENT_USER\\Keyboard Layout\\Toggle\\Language Hotkey",
"HKEY_CURRENT_USER\\FirefoxHTML-E7CF176E110C211B\\NeverShowExt",
"HKEY_CURRENT_USER\\Software\\KasperskyLab\\IEOverride\\Main\\Play_Background_Sounds",
"HKEY_CURRENT_USER\\Keyboard Layout\\Toggle\\Hotkey",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache\\DOMStore\\CacheRepair",
"HKEY_CURRENT_USER\\Software\\KasperskyLab\\IEOverride\\Main\\Disable Script Debugger",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\LDAP\\UseHostnameAsAlias",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\NoNetCrawling",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_XSSFILTER\\*",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache\\PrivacIE:\\CachePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\Interface\\{618736E0-3C3D-11CF-810C-00AA00389B71}\\ProxyStubClsid32\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\DirectDraw\\Compatibility\\ScorchedPlanet\\ID",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache\\MSHist012019040920190410\\CachePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\DirectDraw\\Compatibility\\ZiffDavisQualityBenchmark\\Flags",
"HKEY_CURRENT_USER\\Software\\KasperskyLab\\IEOverride\\Main\\XMLHTTP",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\WarnOnIntranet",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Language Groups\\1",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows NT\\CurrentVersion\\Windows\\LoadAppInit_DLLs",
"HKEY_CURRENT_USER\\FirefoxHTML-E7CF176E110C211B\\DocObject",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_MIME_HANDLING\\*",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\DirectDraw\\DisableWiderSurfaces",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\Version Vector\\IE",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{7007ACC7-3202-11D1-AAD2-00805FC1270E}\\SortOrderIndex",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows NT\\CurrentVersion\\DRIVERS32\\midimapper",
"HKEY_CURRENT_USER\\Software\\KasperskyLab\\IEOverride\\Main\\Expand Alt Text",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_BEHAVIORS\\69f362d1742094a58f6586ebcc457627fce0d560bf5c43bcdd49e941493ff95a.bin",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\WantsUniversalDelegate",
"HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\SpecialFoldersCacheSize",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{FF393560-C2A7-11CF-BFF4-444553540000}\\InProcServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\QueryForOverlay",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\CoInternetCombineIUriCacheSize",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\ClassicShell",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{21EC2020-3AEA-1069-A2DD-08002B30309D}\\SortOrderIndex",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\WantsParseDisplayName",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\EnablePunycode",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Allow Programmatic Cut_Copy_Paste",
"HKEY_CURRENT_USER\\Software\\Microsoft\\FTP\\Use Web Based FTP",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3\\2500",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Microsoft.XMLHTTP\\CLSID\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2\\MinLevel",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\IconsOnly",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.html\\DocObject",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\DirectDraw\\Compatibility\\ZiffDavisWinMarkBenchmark\\Flags",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2\\2500",
"HKEY_CURRENT_USER\\Software\\KasperskyLab\\IEOverride\\Main\\Show image placeholders",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\FrameMerging",
"HKEY_CURRENT_USER\\Control Panel\\Desktop\\MuiCached\\MachinePreferredUILanguages",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3\\Flags",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\LDAP\\LdapClientIntegrity",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\Security\\DisableSecuritySettingsCheck",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\AutoDetect",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache\\feedplat\\CachePath",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows\\DragScrollInterval",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\SeparateProcess",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SQMClient\\Windows\\CEIPEnable",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows\\DragScrollInset",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache\\ietld\\CacheOptions",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{7007ACC7-3202-11D1-AAD2-00805FC1270E}\\LocalizedString",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1\\Icon",
"HKEY_CURRENT_USER\\Software\\KasperskyLab\\IEOverride\\Main\\Play_Animations",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1\\RecommendedLevel",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\DocObject",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2227A280-3AEA-1069-A2DE-08002B30309D}\\{B725F130-47EF-101A-A5F1-02608C9EEBAC} 10",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_SUBDOWNLOAD_LOCKDOWN\\*",
"HKEY_CURRENT_USER\\Control Panel\\Desktop\\PreferredUILanguages",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_UNC_SAVEDFILECHECK\\*",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows\\DragScrollDelay",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\MUI\\UILanguages\\en-US\\AlternateCodePage",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\image\/bmp\\Bits\\0",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\DirectDraw\\DisableAGPSupport",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SQMClient\\Windows\\DisabledProcesses\\2F2BE9FF",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\DirectDraw\\Compatibility\\StarCraft115\\ID",
"HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\CreateUriCacheSize",
"HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\WarnOnIntranet",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoSimpleStartMenu",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{FF393560-C2A7-11CF-BFF4-444553540000}\\InProcServer32\\LoadWithoutCOM",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\MMDevices\\Audio\\Render\\{c8ce7349-e519-42ea-bfb7-698f1844ee25}\\Properties\\{1da5d803-d492-4edd-8c23-e0c0ffee7f0e},0",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_BROWSER_EMULATION\\*",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_SSLUX\\69f362d1742094a58f6586ebcc457627fce0d560bf5c43bcdd49e941493ff95a.bin",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\DirectDraw\\Compatibility\\ZiffDavisWinMarkBenchmark\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\OLE\\PageAllocatorSystemHeapIsPrivate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\DirectDraw\\Compatibility\\Savage\\ID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\DirectDraw\\Compatibility\\SilentThunder\\ID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\DirectDraw\\Compatibility\\Diablo\\Flags",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_PROTOCOL_LOCKDOWN\\69f362d1742094a58f6586ebcc457627fce0d560bf5c43bcdd49e941493ff95a.bin",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_RESTRICT_ABOUT_PROTOCOL_IE7\\*",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1\\MinLevel",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\image\/png\\Bits\\0",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{00020424-0000-0000-C000-000000000046}\\(Default)",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FrameMerging",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Security_HKLM_only",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\TypeLib\\{5E77EB03-937C-11D1-B047-00AA003B6061}\\1.1\\0\\win32\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows Search\\CurrentVersion",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows NT\\CurrentVersion\\DRIVERS32\\midi4",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_FEEDS\\69f362d1742094a58f6586ebcc457627fce0d560bf5c43bcdd49e941493ff95a.bin",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\image\/gif\\Bits\\0",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\DirectDraw\\Compatibility\\NortonSystemInfo\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\EnablePunycode",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\PageSetup\\Print_Background",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows NT\\CurrentVersion\\DRIVERS32\\midi3",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Shell\\BagMRU\\MRUListEx",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows NT\\CurrentVersion\\DRIVERS32\\midi1",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\GRE_Initialize\\DisableMetaFiles",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4\\Flags",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\FirefoxHTML-E7CF176E110C211B\\IsShortcut",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Hidden",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\HideOnDesktopPerUser",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\NeverShowExt",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Cached\\{871C5380-42A0-1069-A2EA-08002B30309D} {000214E6-0000-0000-C000-000000000046} 0xFFFF",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\IsShortcut",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_USE_WINDOWEDSELECTCONTROL\\69f362d1742094a58f6586ebcc457627fce0d560bf5c43bcdd49e941493ff95a.bin",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder\\HideInWebView",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows NT\\CurrentVersion\\DRIVERS32\\midi8",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\MMDevices\\Audio\\Capture\\{d87a0b1a-8975-43e7-9879-c2912b61be65}\\Properties\\{026e516e-b814-414b-83cd-856d6fef4822},2",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\ComputerName\\ActiveComputerName\\ComputerName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\SpecialFoldersCacheSize",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\BrowseInPlace",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_LOCALMACHINE_LOCKDOWN\\69f362d1742094a58f6586ebcc457627fce0d560bf5c43bcdd49e941493ff95a.bin",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\DirectDraw\\Compatibility\\NHLPowerPlay\\Name",
"HKEY_CURRENT_USER\\AppEvents\\Schemes\\(Default)"
],
"directory_enumerated": [
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\MSHist012019040920190410\\*.*",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\select_lang_page.html",
"C:\\Users\\cuck\\AppData",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-script-lte-ie8.js",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-style.css",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\jquery.custom_select.min.js",
"C:\\Users\\cuck\\AppData\\Local\\Temp",
"C:\\Users\\cuck",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-print.css",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-logo.png",
"C:\\Users",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-radio-checked.gif",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-script.js",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\jquery-1.12.4.min.js",
"C:\\Users\\cuck\\AppData\\Local",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-radio-unchecked.gif"
],
"directory_created": [
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\MSHist012020112120201122\\",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\C7D5F23490C2BE118892800072949DB9",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Caches"
]
}Dropped
[
{
"yara": [],
"sha1": "250d41f2b47718d06af59aeea357a46173072953",
"name": "af39a5ee8977cc2a_kis-select-up.png",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-select-up.png",
"type": "PNG image data, 8 x 6, 8-bit\/color RGBA, non-interlaced",
"sha256": "af39a5ee8977cc2a6a8217d6d051286320c2524fe2532a501c3a6ef60e68ad86",
"urls": [],
"crc32": "558C2B8C",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10993\/files\/af39a5ee8977cc2a_kis-select-up.png",
"ssdeep": null,
"size": 179,
"sha512": "b9f6cc136c4ed21b365c93eb621aca426e0366dda817c5c44fa81759bccad1078e480d9b92d6b8423dcb6b39194d8967c1bbf5d78f173747ef250b6778776246",
"pids": [
2308
],
"md5": "eeede79637195b1b1efd8ca118a97df1"
},
{
"yara": [],
"sha1": "2893f83ce9d0f2f904a23649804ed0ea5d570c54",
"name": "801625faa0cbfbbc_kis-radio-unchecked.gif",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-radio-unchecked.gif",
"type": "GIF image data, version 89a, 16 x 16",
"sha256": "801625faa0cbfbbcf00e47e4f75b01c5cfce6806bfcbafe9c894f33aecbc4c3c",
"urls": [],
"crc32": "E42E6C62",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10993\/files\/801625faa0cbfbbc_kis-radio-unchecked.gif",
"ssdeep": null,
"size": 367,
"sha512": "3c477749e4b06e5574fd030ecd4372d6d2b520134d559e18df5c7220e6e65d2049438502f507a00fab485cd62123d77d8edf72e284dede15500e214adc7749ee",
"pids": [
2308
],
"md5": "2c92b4f633e9eae9b2d6633ff2239ef8"
},
{
"yara": [],
"sha1": "bbe2eb6b6a744facf7791eff11d59c3872144cf2",
"name": "fe796973b9cb784d_rtl.css",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\rtl.css",
"type": "assembler source, ASCII text, with CRLF line terminators",
"sha256": "fe796973b9cb784d7d83f8eca8c0618ec312502fa2b9b8289c76f149e99ba2ca",
"urls": [],
"crc32": "AE9E7073",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10993\/files\/fe796973b9cb784d_rtl.css",
"ssdeep": null,
"size": 2302,
"sha512": "d01beda2107ffa3794ef46798af90e2aae44dfee32bfa711cc3a1ca4490f1ee05ce7cf217a03c0be97ecd36d586f81ca663b2420d50481454c74f42070780b6a",
"pids": [
2308
],
"md5": "04f07f31ceb6421a9ee4af3210851aa6"
},
{
"yara": [],
"sha1": "4ac145590e208668e3fad106074512b7717132b4",
"name": "2c867d78c61a2f5a_btn_bg.png",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\btn_bg.png",
"type": "PNG image data, 1 x 69, 8-bit\/color RGBA, interlaced",
"sha256": "2c867d78c61a2f5a6e8f428b077d3c239cff71267204a281941da8b538bd0a25",
"urls": [],
"crc32": "293BAD95",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10993\/files\/2c867d78c61a2f5a_btn_bg.png",
"ssdeep": null,
"size": 243,
"sha512": "259e0e70f9ffe68aa2b9ba4d759ab2c9f510a21bbcac15df584e5c822c127d350b008e41445c7428f29fcb8e7f08094da30e2a9e3d5c10c10bd13fb9b233e060",
"pids": [
2308
],
"md5": "c7a50498053dfbf123b12e7b92a69c99"
},
{
"yara": [],
"sha1": "b6f826a62fb08e63488ce87345ec21a1b609d7a9",
"name": "e55ca07f9f4dbd34_kis-progress-bar.png",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-progress-bar.png",
"type": "PNG image data, 1 x 49, 8-bit\/color RGBA, non-interlaced",
"sha256": "e55ca07f9f4dbd34884a6cc34b72b03cc95c9eba964fe502f28c0e7280b082bb",
"urls": [],
"crc32": "6BDBCAFD",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10993\/files\/e55ca07f9f4dbd34_kis-progress-bar.png",
"ssdeep": null,
"size": 185,
"sha512": "5687efd482de19a54ad09d3612fc979ea47ca79c1443c6f730a32c55cb7d996abe636038948157445615472d49f4a4a4b99ce59bb56eaa1740bdcec47cc11cc1",
"pids": [
2308
],
"md5": "e56c09ed2e4f2375c43836819dabb5ff"
},
{
"yara": [],
"sha1": "dd73b397ffeab03fd87b48bbc8af10d690a327b8",
"name": "90feb9b49315f0e4_install_programm.png",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\install_programm.png",
"type": "PNG image data, 572 x 379, 8-bit\/color RGB, non-interlaced",
"sha256": "90feb9b49315f0e4464a2e0e47b9ee31671e5babc17184ba84f980e39511998a",
"urls": [],
"crc32": "81A389F5",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10993\/files\/90feb9b49315f0e4_install_programm.png",
"ssdeep": null,
"size": 337759,
"sha512": "9e6c2fd48eb8a5d4aa4baacf2c1289fe400123c5ed1ac745e4343576c8eff6f57442d344bba3e49e51148eb5f9d0a64c4e5deb12a4d5ef0353fd03982084ddb5",
"pids": [
2308
],
"md5": "102f18283b42828d63c82182c947f514"
},
{
"yara": [],
"sha1": "f82b16e78ee9e400e3eaa614639773013b9ffe5a",
"name": "bb02b5426d98b8d7_kis-about-disabled.png",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-about-disabled.png",
"type": "PNG image data, 16 x 16, 8-bit\/color RGBA, non-interlaced",
"sha256": "bb02b5426d98b8d712dbb6c5101e4b0774444d65099b94275e8a76dc2a9f22c7",
"urls": [],
"crc32": "D66F56BF",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10993\/files\/bb02b5426d98b8d7_kis-about-disabled.png",
"ssdeep": null,
"size": 659,
"sha512": "d406b34491a6106622c13bacbb5713d8f98bdd37f7fb8deb642eaf0877b388c952d21bb1ad5ceefe0d1f64049540c79587ba4f2c715454b1fb7bf51913939e2a",
"pids": [
2308
],
"md5": "c9a150e77e2b1283cf8b067c904ab1e6"
},
{
"yara": [],
"sha1": "d8cfa6ebf67d7f3ad38cdc2da90cfb8f8ce8aa34",
"name": "45ac4bc8041a64f6_google-toolbar-banner.png",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\google-toolbar-banner.png",
"type": "PNG image data, 472 x 80, 8-bit\/color RGB, non-interlaced",
"sha256": "45ac4bc8041a64f6288533ce528f75d886952529d36ee1e05f7a647e0d1837f0",
"urls": [
"http:\/\/ns.adobe.com\/xap\/1.0\/mm\/",
"http:\/\/ns.adobe.com\/xap\/1.0\/sType\/ResourceRef",
"http:\/\/ns.adobe.com\/xap\/1.0\/"
],
"crc32": "3DE9CFC1",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10993\/files\/45ac4bc8041a64f6_google-toolbar-banner.png",
"ssdeep": null,
"size": 9082,
"sha512": "c37b65c711cec14cad97b2e5f469c73c044306d7f281201d9c72ac2248e1abc3d5a89c8c0f71520d638e6b5d43f501965abaa51771d2dc3f999a03405c30a12b",
"pids": [
2308
],
"md5": "cbc5200066dae9292de04e22cc64c95a"
},
{
"yara": [],
"sha1": "23bddb16b3b6c3a687dfcfed5c1a6c23c0ed1f0a",
"name": "33e84b33ff911257_kis-script-lte-ie8.js",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-script-lte-ie8.js",
"type": "UTF-8 Unicode (with BOM) text, with CRLF line terminators",
"sha256": "33e84b33ff911257e3a6a303c08a2cc178827dadb7dfd7c951e096866e02ad5e",
"urls": [],
"crc32": "7621D8D2",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10993\/files\/33e84b33ff911257_kis-script-lte-ie8.js",
"ssdeep": null,
"size": 1864,
"sha512": "8ad216cee9192533801b0f10f3bc149506f75dfd2cd554e801e1732b474629435ada4549473176b5440c57c112986dd198dcf508fb0e55ed3a050a75b0fa3d82",
"pids": [
2308
],
"md5": "5134186180074c51639d7a514919ed23"
},
{
"yara": [],
"sha1": "0f67c2a0a301f5cfa0a74f3453b004fe8b3bf620",
"name": "b21c7a835ce58b9a_chrome-logo.png",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\chrome-logo.png",
"type": "PNG image data, 64 x 64, 8-bit\/color RGBA, non-interlaced",
"sha256": "b21c7a835ce58b9aea88f286cc168cddd2aaa13aec78cce24645ea13d682dc81",
"urls": [],
"crc32": "6AFFD3DA",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10993\/files\/b21c7a835ce58b9a_chrome-logo.png",
"ssdeep": null,
"size": 6134,
"sha512": "5ccb98d62992ba065056b33d30555feabbe3df568eafe90b1c38df068cf750882b2a1e4bc37bc3e999051c76fe2e6e809d7835ad6bfbf13ac45f457e17d645c6",
"pids": [
2308
],
"md5": "1961ed241de88432ca1b6aa0350b47c4"
},
{
"yara": [],
"sha1": "7f567d02a47360dfb590b565be8c388de7f162f7",
"name": "654ce72436037a3f_btn.png",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\btn.png",
"type": "PNG image data, 1 x 364, 8-bit\/color RGBA, non-interlaced",
"sha256": "654ce72436037a3f3fcbc2ad7753bbdee2c8ed66940ae48d24600e80a3f26d15",
"urls": [
"http:\/\/ns.adobe.com\/xap\/1.0\/mm\/",
"http:\/\/ns.adobe.com\/xap\/1.0\/",
"http:\/\/ns.adobe.com\/xap\/1.0\/sType\/ResourceRef"
],
"crc32": "66872E75",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10993\/files\/654ce72436037a3f_btn.png",
"ssdeep": null,
"size": 1486,
"sha512": "e0ad370a33113df4da40a7793b2b5507e08e9afa874e7b29082e4a17e32d028a6dad23ffba68f62c91639f526ca68067e6f671bae9618de0eaeb6610c10eb10d",
"pids": [
2308
],
"md5": "c8ecc65b7ab69b1114bfbe0d9c5ee56e"
},
{
"yara": [],
"sha1": "c9f6bb4d6494bbd7a47d52874da43501afb97c6d",
"name": "f056164cf9979923_kis-loading.gif",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-loading.gif",
"type": "GIF image data, version 89a, 25 x 25",
"sha256": "f056164cf99799234c90e2318e90ab5d83d0fd855118224286ff0680ee455734",
"urls": [
"http:\/\/ns.adobe.com\/xap\/1.0\/mm\/",
"http:\/\/ns.adobe.com\/xap\/1.0\/sType\/ResourceRef",
"http:\/\/ns.adobe.com\/xap\/1.0\/"
],
"crc32": "42204508",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10993\/files\/f056164cf9979923_kis-loading.gif",
"ssdeep": null,
"size": 10492,
"sha512": "2aa95fa187d24b4310af4e72a49c8fe665b84aa15ed33ca5b78a88da861554948d5fdb2f0b59ba8560b8c9dc1d4ff8cf5b37bdc1cbdb4fdf7a6e6fbe7e4f4b1a",
"pids": [
2308
],
"md5": "69d4b9b309bfa6a87f7620647bafd2d0"
},
{
"yara": [],
"sha1": "0b605433d34af7a82719f951ac9e681c5beabe38",
"name": "cf183c55465bf00a_tfu.png",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\tfu.png",
"type": "PNG image data, 100 x 100, 8-bit\/color RGBA, non-interlaced",
"sha256": "cf183c55465bf00a0b14d5dcc3ec0c12878653339d2d87baa0f4449039a715dc",
"urls": [],
"crc32": "C9620895",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10993\/files\/cf183c55465bf00a_tfu.png",
"ssdeep": null,
"size": 3594,
"sha512": "cc8aac37db90abeb9adc9381ebc3a271dd17ba25dbc138871318c7f5f7f2f408ca36684ac1bb985f85ef2422027201d637236c5863c022983b8c7f178be0ac99",
"pids": [
2308
],
"md5": "21c0a9ae6d504f2c62840d54fb025ade"
},
{
"yara": [],
"sha1": "013a7fadf9a4bb4f6ee943b0defb94f6149c07cd",
"name": "4f01f479b56d65d4_share-vkontakte.png",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\share-vkontakte.png",
"type": "PNG image data, 24 x 24, 8-bit\/color RGBA, non-interlaced",
"sha256": "4f01f479b56d65d475abc0d17605402cac80ce76889b2643d94b157fdd3ba616",
"urls": [],
"crc32": "0FA2E448",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10993\/files\/4f01f479b56d65d4_share-vkontakte.png",
"ssdeep": null,
"size": 1052,
"sha512": "01176ea2fa2be3f82887a27cb6c82530bd06ee550f9d96393dcfda8f1bf6751978ad7908e366cc39631ab7ca4be838a27e5b74a12df0727a9d8954899b026ff4",
"pids": [
2308
],
"md5": "f45396544fda16b834b866852fdaa521"
},
{
"yara": [],
"sha1": "b8c3622f74e2885ce8eb69dd2e7acdc14fdf5f54",
"name": "b98397b56bc022ad_default-slide-style.css",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\default-slide-style.css",
"type": "ASCII text, with CRLF line terminators",
"sha256": "b98397b56bc022ad1084f1eb353e84bb523c8de14a1df85b3bd64205d2bb22d1",
"urls": [],
"crc32": "90C2D86B",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10993\/files\/b98397b56bc022ad_default-slide-style.css",
"ssdeep": null,
"size": 1877,
"sha512": "fa689b0ee0cc5c4b9384ff09ddc597cde2d4195357f469b9c60109121d4629af6db2e14d2c1977d0d2fcb70c1c3261b1439434921d6c621cac9b7f3cd7751857",
"pids": [
2308
],
"md5": "51b3efcc61ef1d3398af18544b20cbd5"
},
{
"yara": [],
"sha1": "036707b2c4518b90d0b878a6dfbbbb443b925555",
"name": "b164c5786a6a4e8b_kis-arrows.png",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-arrows.png",
"type": "PNG image data, 44 x 67, 8-bit grayscale, non-interlaced",
"sha256": "b164c5786a6a4e8b5aa6228bf79aeed6dea764d4dfcb8766b7a49288771ce93f",
"urls": [],
"crc32": "76EDFA7D",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10993\/files\/b164c5786a6a4e8b_kis-arrows.png",
"ssdeep": null,
"size": 653,
"sha512": "51deb61db886b2188dedfa69eeb386fb57a46451709f727bad0947fb5fa1fbb6c50a71ecd0f736ef63545521dc178f949c7034727fbb2f9cd8bb969069edfc38",
"pids": [
2308
],
"md5": "afde930f546b881cc84d52bda21cdcdf"
},
{
"yara": [],
"sha1": "975682df97a4cf020c4e6db48a197bbbb7408ec0",
"name": "3d4da9b1a68beec8_kis-icon-ok.png",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-icon-ok.png",
"type": "PNG image data, 96 x 96, 8-bit\/color RGBA, non-interlaced",
"sha256": "3d4da9b1a68beec800bb111e9baaa711fa594683545429595cdf929431149917",
"urls": [
"http:\/\/purl.org\/dc\/elements\/1.1\/",
"http:\/\/ns.adobe.com\/xap\/1.0\/mm\/",
"http:\/\/ns.adobe.com\/photoshop\/1.0\/",
"http:\/\/ns.adobe.com\/xap\/1.0\/",
"http:\/\/ns.adobe.com\/xap\/1.0\/sType\/ResourceEvent"
],
"crc32": "BEFE3BC3",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10993\/files\/3d4da9b1a68beec8_kis-icon-ok.png",
"ssdeep": null,
"size": 4188,
"sha512": "dfd22fc6f9ea6943062bf6d91f8c22f9c36c1f5238c3b0094da2b1e67fffee593b9da039af53ccc6813a88c27c0eb13600e0824529177168a862fd8f46815a28",
"pids": [
2308
],
"md5": "c669405d323c8ca4a3d09daab2757dc6"
},
{
"yara": [],
"sha1": "9cfaac082f796e008965a7ded2f03548000c7ddc",
"name": "2c6fa068388d012c_kis-select-selected.png",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-select-selected.png",
"type": "PNG image data, 1 x 23, 8-bit\/color RGB, non-interlaced",
"sha256": "2c6fa068388d012c77efcb329fdde4e841650190e801ac938bc45b67eef33c3c",
"urls": [],
"crc32": "D34BD8AB",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10993\/files\/2c6fa068388d012c_kis-select-selected.png",
"ssdeep": null,
"size": 113,
"sha512": "ed97290cf7fb257642a2c2e533638cc2300b6c9f52b1e3613494f28a8a45f4d81da1e9e723d1909a13f2b62f02b6d41984c8c2684c15416da8a31ece7fc28181",
"pids": [
2308
],
"md5": "cdcb17e4b1df87288dc232f6c9ec1e97"
},
{
"yara": [],
"sha1": "52eb48ff24bba705f431502f4d83659b3b343778",
"name": "61a2d12903a45272_kis-select-bg.png",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-select-bg.png",
"type": "PNG image data, 1 x 99, 8-bit\/color RGBA, interlaced",
"sha256": "61a2d12903a45272ffab40510184e70f943cd81cd8b3bc0dbd8fa579be334687",
"urls": [],
"crc32": "E8A7369C",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10993\/files\/61a2d12903a45272_kis-select-bg.png",
"ssdeep": null,
"size": 355,
"sha512": "42d2422dc2769b520c0219ce0fcd25a855e6b513e054ca784444047cbf8d33561390a7bcfdb85a582f7fe009abbe03aafc5207b7d095313f8161143df9d52598",
"pids": [
2308
],
"md5": "1ff43c68dfb51487bd6e19345b71380a"
},
{
"yara": [],
"sha1": "29582366360689b68b894e0a36c87538f6fcf344",
"name": "854705d8428dec6e_kis-loading-h.gif",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-loading-h.gif",
"type": "GIF image data, version 89a, 64 x 64",
"sha256": "854705d8428dec6ef49293585689be80f60339141c3b0a9516218d5445c59aeb",
"urls": [
"http:\/\/ns.adobe.com\/xap\/1.0\/mm\/",
"http:\/\/ns.adobe.com\/xap\/1.0\/sType\/ResourceRef",
"http:\/\/ns.adobe.com\/xap\/1.0\/"
],
"crc32": "A47F760D",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10993\/files\/854705d8428dec6e_kis-loading-h.gif",
"ssdeep": null,
"size": 44203,
"sha512": "69fd5df62aecbfb5bd440935b9fb491d307565605f06b933ab7ee23b648b420befb1ea53038c6444143e56c7253277d195c0edd4f8a1fe42d2c91a03039664c2",
"pids": [
2308
],
"md5": "1521dca0a72801592fec0c72602eb834"
},
{
"yara": [],
"sha1": "668eb3932d9150efe7df507bba780752bab49465",
"name": "7cb6dad81191e40c_kis-checkbox-checked-disabled.gif",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-checkbox-checked-disabled.gif",
"type": "GIF image data, version 89a, 16 x 16",
"sha256": "7cb6dad81191e40c1907d0d759cd3622b77e105050bab005b0b21a3632d8875c",
"urls": [],
"crc32": "76A9C586",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10993\/files\/7cb6dad81191e40c_kis-checkbox-checked-disabled.gif",
"ssdeep": null,
"size": 95,
"sha512": "f08bf72b49975e405532c2e004f8f0545f2964bdd5bd90f0b67bb247a127766fd7b5adb12e2e1811b3bfdbac306f5b6c8aefdde6115be2ab686dafcbba87c592",
"pids": [
2308
],
"md5": "2e677d050977abb718edbaed8eb24241"
},
{
"yara": [],
"sha1": "772a169d90e72249ecc16b98ebb1ff214e188462",
"name": "fae6bd96a3d58a2d_kis-about.png",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-about.png",
"type": "PNG image data, 16 x 16, 8-bit\/color RGBA, non-interlaced",
"sha256": "fae6bd96a3d58a2dbfd52c5c44f8883bef0091ade70897d0a066bda965c51457",
"urls": [
"http:\/\/purl.org\/dc\/elements\/1.1\/",
"http:\/\/ns.adobe.com\/xap\/1.0\/mm\/",
"http:\/\/ns.adobe.com\/photoshop\/1.0\/",
"http:\/\/ns.adobe.com\/xap\/1.0\/",
"http:\/\/ns.adobe.com\/xap\/1.0\/sType\/ResourceEvent"
],
"crc32": "17AC3AA7",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10993\/files\/fae6bd96a3d58a2d_kis-about.png",
"ssdeep": null,
"size": 1784,
"sha512": "c6780af9310c540e51a060cd1b73394075b9965a6e6f83e31a0d175116d0de96b90dcf4360291325b8649b1a82bfa728868f98da00c1af33eea6f6fd7d43152d",
"pids": [
2308
],
"md5": "d1d3a61a3bd317451fa9f2da4f785b7c"
},
{
"yara": [],
"sha1": "acd9bd6034277455e4411a7fada2add5a53313a8",
"name": "441d36fd94f061be_kis-refresh.png",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-refresh.png",
"type": "PNG image data, 16 x 16, 8-bit\/color RGBA, non-interlaced",
"sha256": "441d36fd94f061bed658b43672bbf3d844999147af6589c032d5b26d644e8b4e",
"urls": [
"http:\/\/purl.org\/dc\/elements\/1.1\/",
"http:\/\/ns.adobe.com\/xap\/1.0\/mm\/",
"http:\/\/ns.adobe.com\/photoshop\/1.0\/",
"http:\/\/ns.adobe.com\/xap\/1.0\/",
"http:\/\/ns.adobe.com\/xap\/1.0\/sType\/ResourceEvent"
],
"crc32": "03F7434C",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10993\/files\/441d36fd94f061be_kis-refresh.png",
"ssdeep": null,
"size": 1701,
"sha512": "17b47b4a36b031dfaa450d6c8b26d9fffd366d32091906ffd674194abd3585646c5ce83d056bccd7a5a7b37beeb0805abd53abb27db185c8bd2a48285a95476c",
"pids": [
2308
],
"md5": "b6af4dd456059a37b8a1b15be3a38663"
},
{
"yara": [],
"sha1": "0d1957bdc0e2410eb9da0f3e6803bb43af77bf8c",
"name": "cb71fa6ea3bb75b3_share-twitter.png",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\share-twitter.png",
"type": "PNG image data, 24 x 24, 8-bit\/color RGBA, non-interlaced",
"sha256": "cb71fa6ea3bb75b39c79be77adbe4eb8af0b09ebaed8b0034518d4693b9411a5",
"urls": [],
"crc32": "88AAC64A",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10993\/files\/cb71fa6ea3bb75b3_share-twitter.png",
"ssdeep": null,
"size": 864,
"sha512": "d564d04bd69898ec1d44f50c71a6f4ff3c32b3eb42b81b084d4dfe11c2ee0bc2134ee185a4c801bd463e72e88a608c4200ae1075b0c77aa3df1a17fb0c1bb043",
"pids": [
2308
],
"md5": "a59db8bfbd67383c0393db5ad9fedf92"
},
{
"yara": [],
"sha1": "682162d9480e37b751abc087b2f4bf5cef5b7371",
"name": "1ca76fd6c74f24b6_share-facebook.png",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\share-facebook.png",
"type": "PNG image data, 24 x 24, 8-bit\/color RGBA, non-interlaced",
"sha256": "1ca76fd6c74f24b69bb6a8559a9bdbc30711d2032a06dba46a2112403f5cd2b4",
"urls": [],
"crc32": "20EB4B39",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10993\/files\/1ca76fd6c74f24b6_share-facebook.png",
"ssdeep": null,
"size": 734,
"sha512": "f1b818ba902df8b5f488f5ca35a253e83cb561504eb70d663be741f51fc93cc1a2ecc74ade8cc5e1c30d216b900510b2d2cf0e1d959924abbdd902acdfa26357",
"pids": [
2308
],
"md5": "d578c90cb37dd94c0ea15c0c9e111661"
},
{
"yara": [],
"sha1": "955cb7f4c6cd774844b9cfe0118e145cc70da535",
"name": "5465e9a47eac697d_yandex-motivation.png",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\yandex-motivation.png",
"type": "PNG image data, 401 x 221, 8-bit\/color RGBA, non-interlaced",
"sha256": "5465e9a47eac697d9b7c15be7eab9870ba853b9a253c9817a8c29ebb7c334d79",
"urls": [],
"crc32": "BBD6D5AE",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10993\/files\/5465e9a47eac697d_yandex-motivation.png",
"ssdeep": null,
"size": 14751,
"sha512": "0134856076d4f78ed499583fb0af95203998deb5775a5f50b634c507ee381e85ba2bab2bceb8349cdbb5ede5ca07820dd5e47c682f2e4a8fd4bac23a91257589",
"pids": [
2308
],
"md5": "a105149963baff28180fb23a5be732d1"
},
{
"yara": [],
"sha1": "900f78eb8e1103be1535af5e76d1bed686cdcce3",
"name": "dd678d3207307855_jquery.custom_select.min.js",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\jquery.custom_select.min.js",
"type": "ASCII text, with CRLF line terminators",
"sha256": "dd678d32073078552e0e2c35eed78f16cc8d6e8662d4734518561a1b183f775c",
"urls": [
"http:\/\/www.opensource.org\/licenses\/mit-license.html",
"http:\/\/www.gnu.org\/licenses\/gpl.html",
"http:\/\/adam.co\/lab\/jquery\/customselect\/"
],
"crc32": "5F9FE72E",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10993\/files\/dd678d3207307855_jquery.custom_select.min.js",
"ssdeep": null,
"size": 6011,
"sha512": "40e1180b63b328c22cfacc40529cbda2409a54fbbbd5813fcc5f8dcdf95ad7fcd74ea96382e3a2d0bcfed9e68c208f7733b7c630edee7e2013c9a5459091c02c",
"pids": [
2308
],
"md5": "d2c620c462b75696eea1fb22fb23602a"
},
{
"yara": [],
"sha1": "1e134a27c4b55d828cd7f186f69df03e49e6a349",
"name": "f2430a3e9ae95897_kis-loading-g.gif",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-loading-g.gif",
"type": "GIF image data, version 89a, 19 x 19",
"sha256": "f2430a3e9ae958979d311bf0fb5a521a019083b76354f30786ef73ca7ed01bea",
"urls": [
"http:\/\/ns.adobe.com\/xap\/1.0\/mm\/",
"http:\/\/ns.adobe.com\/xap\/1.0\/sType\/ResourceRef",
"http:\/\/ns.adobe.com\/xap\/1.0\/"
],
"crc32": "256D8146",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10993\/files\/f2430a3e9ae95897_kis-loading-g.gif",
"ssdeep": null,
"size": 8739,
"sha512": "2c040b5aeabb538f79ebd3f53cc7fff7247cac0766fbbd7de89854b5a5d5fdabbcfed24bee5dc413fe7760aaf5320f8c0ad7f8124355d3cf3c5417dc7dee7c6f",
"pids": [
2308
],
"md5": "2a9e91e7a6aebc4887f4f65f0e0c29f5"
},
{
"yara": [],
"sha1": "46dc55262ec7791624d6bfe3c03b0aacf0249c8f",
"name": "3fe86cbcd5838137_remove.png",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\remove.png",
"type": "PNG image data, 14 x 15, 8-bit colormap, non-interlaced",
"sha256": "3fe86cbcd583813792ea939fa3e6512e73ebea4a00405758f75282852b7751c0",
"urls": [],
"crc32": "800A17B1",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10993\/files\/3fe86cbcd5838137_remove.png",
"ssdeep": null,
"size": 1241,
"sha512": "31595082cbe6a0042e85dc67bff91fb1341eaa1305ce8db22f127acf796a834e514fe233e1600ac08a67da6fac9b602f17b3b705f9bd756ca369fd86ff7a108e",
"pids": [
2308
],
"md5": "ec7b1d7d03f5225a69a850fd6b243c8f"
},
{
"yara": [],
"sha1": "95b57b6866543014afcaa2e8a107407e738a6508",
"name": "e4ef644e7538d787_kis-checkbox-checked.gif",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-checkbox-checked.gif",
"type": "GIF image data, version 89a, 16 x 16",
"sha256": "e4ef644e7538d7879f21d945320ae829e481de7be017d2477197c8a693d4d260",
"urls": [],
"crc32": "C73B6EC1",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10993\/files\/e4ef644e7538d787_kis-checkbox-checked.gif",
"ssdeep": null,
"size": 128,
"sha512": "ab8c3c8422ca7c3992d3765a6616293aea9cf6bad55895c7cbf6b7259c4ab37e58a02fe9422823ef58ab0ca130fb87d829841b1094fdc06b453d736347cd65a3",
"pids": [
2308
],
"md5": "84c906cbde5a9ba98147a5a1f571c994"
},
{
"yara": [],
"sha1": "121b2e9e388ccb1d2acc62c1f594b5a997648756",
"name": "4c9a48ce91f0da15_kis-checkbox-unchecked.gif",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-checkbox-unchecked.gif",
"type": "GIF image data, version 89a, 16 x 16",
"sha256": "4c9a48ce91f0da1551a4acfee477caacc487458973f0c6fe810b628dc4bc49c2",
"urls": [],
"crc32": "F041D41A",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10993\/files\/4c9a48ce91f0da15_kis-checkbox-unchecked.gif",
"ssdeep": null,
"size": 98,
"sha512": "ebb8ac6e0690a4bd1a8fd8f41200ce40bc41835f2e4432f623a62b3326c5b7a24b05fbb7b9e07f99c24b62916221c2f861fc6d7997e9051d860f7b975a7ec6a1",
"pids": [
2308
],
"md5": "6ab084a10af06b9655deab35b72fd616"
},
{
"yara": [],
"sha1": "24ee040988c416b0a73faa4c3e7ca9017f434e1c",
"name": "5e10b6decb2503fd_product.png",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\product.png",
"type": "PNG image data, 116 x 134, 8-bit\/color RGBA, non-interlaced",
"sha256": "5e10b6decb2503fd3366e6a5009578448b088a1b79612bd1d9afc36916ec9f2a",
"urls": [],
"crc32": "90987298",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10993\/files\/5e10b6decb2503fd_product.png",
"ssdeep": null,
"size": 7683,
"sha512": "2947e41b68197ac64aecad7365c6013e2538b1e40fab8637bc6c54fc44a4163c87f3eaf4b4c55eb3b9cb625b619ff1cb084e6553a9ef20447783e9e24915e10e",
"pids": [
2308
],
"md5": "a8696327cc1e96f2033a7f47bd899cdb"
},
{
"yara": [],
"sha1": "dacc1f76630a9708add066819b1aabf8dce01056",
"name": "27d92130c0321dad_jquery-1.12.4.min.js",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\jquery-1.12.4.min.js",
"type": "ASCII text, with very long lines, with CRLF line terminators",
"sha256": "27d92130c0321dad5a03760fd5ac98a3d04ed4c94d88418fe6d50da1f7fc5cbe",
"urls": [],
"crc32": "CBF6C985",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10993\/files\/27d92130c0321dad_jquery-1.12.4.min.js",
"ssdeep": null,
"size": 97168,
"sha512": "bcb6754ea246939a19a917cc0b810e1753c1b0f1a8b1b7e652128ef15dee4fc79111e4d88fe12f9188449a307e82240d0261af402d783428edfe5785c860372d",
"pids": [
2308
],
"md5": "618538b4ab9639d444e962729a927f15"
},
{
"yara": [],
"sha1": "bbaa6fbc5a992f5592c4c98efd14c74950f0e836",
"name": "397cadf85298e01e_kis-radio-checked.gif",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-radio-checked.gif",
"type": "GIF image data, version 89a, 16 x 16",
"sha256": "397cadf85298e01e4fa946e7aa3d0e8efe3408aac3c3948bd18fc0947a55969c",
"urls": [],
"crc32": "F804AC4E",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10993\/files\/397cadf85298e01e_kis-radio-checked.gif",
"ssdeep": null,
"size": 389,
"sha512": "774d1368e103fa44e812d42fb76e2ce72b1d0a40fccbaa21e95f9f31be14862a39017afd8a2b69ff7b64a826498f2e1dab0a1fc9a93db57b4ee5bc6cb209b69d",
"pids": [
2308
],
"md5": "d8198113fd47ffaabcf001eaccbbf4e9"
},
{
"yara": [],
"sha1": "a953b9f6781d4b6daa2eedc0c45d358f2a472370",
"name": "97e5f342227ea23c_kis-script.js",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-script.js",
"type": "ASCII text, with CRLF line terminators",
"sha256": "97e5f342227ea23c27c1b660f111847fcdd9d7b23c1d248c733a36f983fd7f04",
"urls": [],
"crc32": "B4E70FC7",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10993\/files\/97e5f342227ea23c_kis-script.js",
"ssdeep": null,
"size": 306,
"sha512": "a266e2f9f10620347f0d05d081362086e81c67fb7c5f4a74c26cca54686f6afb2f2933b1f7afb6d9c96382ff4e4e3cf2f0f38cdd162175cdefccb5909b1aa6c3",
"pids": [
2308
],
"md5": "026425ccbf4417eefa444285707132ef"
},
{
"yara": [],
"sha1": "65b605c5519b03e01de3cc51d624f482042dfb0a",
"name": "8881a44bb97f096c_kis-incompatible-soft-ico.png",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-incompatible-soft-ico.png",
"type": "PNG image data, 20 x 20, 8-bit\/color RGBA, non-interlaced",
"sha256": "8881a44bb97f096cc328e9e8747ac4dbf41104c8591ddd9fc3ad2743f99356fc",
"urls": [],
"crc32": "E6525332",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10993\/files\/8881a44bb97f096c_kis-incompatible-soft-ico.png",
"ssdeep": null,
"size": 112,
"sha512": "51a33dcbb6cf4e38929be0ae85b54321bde0ecf7e7669efe11494e79b7999d6a95f79b07ff2aacba4c2a98980993c235cd078768f1f74c441640592ad8150960",
"pids": [
2308
],
"md5": "840ed19932bfa7bdbcff58c22ca8773a"
},
{
"yara": [],
"sha1": "87ec458c25a35e3a45c2a6ede9ec16ec4d4c7093",
"name": "2481b34b48fd96b1_kis-print.css",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-print.css",
"type": "ASCII text, with CRLF line terminators",
"sha256": "2481b34b48fd96b194405da621e8e5f19142dcb55744f9c9a93591705cb697fd",
"urls": [],
"crc32": "6F8B4430",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10993\/files\/2481b34b48fd96b1_kis-print.css",
"ssdeep": null,
"size": 306,
"sha512": "4371fbd6ba7e84ae827ec73bec4c903275e4373c16063b6fe63ca157a4db346df5617a9db5c9e1fdcb661f220f6dcbc1f7e4003805dba9fa7a279fc882aebeeb",
"pids": [
2308
],
"md5": "1304724dd5001b2600fc5bd80c098f1e"
},
{
"yara": [],
"sha1": "0f0753271f09aecd6731c9dd998d15df5f967b7e",
"name": "681a96b96b5e0425_kis-logo.png",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-logo.png",
"type": "PNG image data, 150 x 34, 8-bit\/color RGBA, non-interlaced",
"sha256": "681a96b96b5e0425fc74be929d29164528bf0bc0a84ac97952c011e407e23d9b",
"urls": [],
"crc32": "58D0EDAD",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10993\/files\/681a96b96b5e0425_kis-logo.png",
"ssdeep": null,
"size": 4274,
"sha512": "5e07a3f44f6135291909680abb62e21d0c6bca899905aafa66cc3b436e77430a3ea96a95b54f2705e1f9dd49b60a855d986c4d76ea65dc9a9a5edf3d2748550d",
"pids": [
2308
],
"md5": "18f81892daa926fec1d30324b4cd9367"
},
{
"yara": [],
"sha1": "8e0e9371595602d0940047c51c92cc0c60cd3d86",
"name": "6f8545a57e606165_kl-setup-2020-11-21-07-53-07_saas.21.2.16.590.log",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\kl-setup-2020-11-21-07-53-07_SAAS.21.2.16.590.log",
"type": "Little-endian UTF-16 Unicode text, with very long lines, with CRLF, CR line terminators",
"sha256": "6f8545a57e60616569fd0c849bda4a7a1b3131050865fa4832778213e49fb5bd",
"urls": [],
"crc32": "8AF2BD6D",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10993\/files\/6f8545a57e606165_kl-setup-2020-11-21-07-53-07_saas.21.2.16.590.log",
"ssdeep": null,
"size": 91034,
"sha512": "d45762b27c839ee526824f4efa5ce00294087e188cbcf96055f6694d5438b2ae454e42f21c8696dc473e140bffa08e8e07d8f0e6a4817f855946294bab53290c",
"pids": [
2308
],
"md5": "b49475d6ef3f7ea6deca34fb335f6cc3"
},
{
"yara": [],
"sha1": "d85d9ebb04ec4fc44430b68860d56132f6f37d20",
"name": "364542744a99fa8b_print.png",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\print.png",
"type": "PNG image data, 16 x 16, 8-bit\/color RGBA, non-interlaced",
"sha256": "364542744a99fa8bd55d53372a0e96ce7f7c4d0ef7a0d32699bfe9d0bc25bf76",
"urls": [
"http:\/\/purl.org\/dc\/elements\/1.1\/",
"http:\/\/ns.adobe.com\/xap\/1.0\/mm\/",
"http:\/\/ns.adobe.com\/photoshop\/1.0\/",
"http:\/\/ns.adobe.com\/xap\/1.0\/",
"http:\/\/ns.adobe.com\/xap\/1.0\/sType\/ResourceEvent"
],
"crc32": "5F35DB18",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10993\/files\/364542744a99fa8b_print.png",
"ssdeep": null,
"size": 1560,
"sha512": "3a629f4ca5074de402f35e4beab2dc2173585975a1f97e29f1e70300bffd2f7ed5cbcda50d118f3a2bac76af3c381d574980438390eb33916552168273503585",
"pids": [
2308
],
"md5": "20a2383c3ac20c88fd1a923dd9083fd6"
},
{
"yara": [
{
"meta": {
"description": "Possibly employs anti-virtualization techniques",
"author": "nex"
},
"name": "vmdetect",
"offsets": {
"virtualpc": [
[
2090872,
0
]
]
},
"strings": [
"Dz8HCw=="
]
}
],
"sha1": "9de138c44324c1745ab9131050c46bdaf9cf7626",
"name": "c8de9059f0019ca1_setup.dll",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\C7D5F23490C2BE118892800072949DB9\\setup.dll",
"type": "PE32 executable (DLL) (GUI) Intel 80386, for MS Windows",
"sha256": "c8de9059f0019ca169ad3b71d82af34be1ebd21713d897bf8063a81e6d8cb259",
"urls": [
"http:\/\/crl3.digicert.com\/DigiCertHighAssuranceEVRootCA.crl0",
"http:\/\/cacerts.digicert.com\/DigiCertAssuredIDRootCA.crt0",
"http:\/\/www.opensource.org\/licenses\/mit-license.html",
"http:\/\/crl4.digicert.com\/EVCodeSigningSHA2-g1.crl0K",
"http:\/\/ns.adobe.com\/xap\/1.0\/sType\/ResourceRef",
"http:\/\/crl4.digicert.com\/DigiCertAssuredIDCA-1.crl0w",
"https:\/\/help.kaspersky.com",
"https:\/\/www.kaspersky.com\/Products-and-Services-Privacy-Policy.",
"http:\/\/crl3.digicert.com\/ha-cs-2011a.crl0.",
"http:\/\/crl3.digicert.com\/DigiCertAssuredIDRootCA.crl0:",
"http:\/\/crl4.digicert.com\/DigiCertHighAssuranceEVRootCA.crl0",
"http:\/\/crl3.digicert.com\/EVCodeSigningSHA2-g1.crl07",
"http:\/\/purl.org\/dc\/elements\/1.1\/",
"http:\/\/adam.co\/lab\/jquery\/customselect\/",
"https:\/\/www.pango.co.",
"http:\/\/ns.adobe.com\/xap\/1.0\/mm\/",
"http:\/\/www.gnu.org\/licenses\/gpl.html",
"https:\/\/www.pango.co\/privacy\/.",
"http:\/\/ocsp.digicert.com0C",
"http:\/\/cacerts.digicert.com\/DigiCertSHA2AssuredIDTimestampingCA.crt0",
"http:\/\/cacerts.digicert.com\/DigiCertHighAssuranceEVRootCA.crt0",
"http:\/\/ocsp.digicert.com0A",
"http:\/\/ocsp.digicert.com0O",
"http:\/\/crl3.digicert.com\/DigiCertAssuredIDRootCA.crl0P",
"http:\/\/ocsp.digicert.com0I",
"http:\/\/ocsp.digicert.com0H",
"http:\/\/cacerts.digicert.com\/DigiCertHighAssuranceCodeSigningCA-1.crt0",
"http:\/\/ocsp.digicert.com0P",
"http:\/\/crl3.digicert.com\/sha2-assured-ts.crl02",
"http:\/\/ns.adobe.com\/photoshop\/1.0\/",
"http:\/\/ns.adobe.com\/xap\/1.0\/",
"http:\/\/crl4.digicert.com\/ha-cs-2011a.crl0L",
"http:\/\/crl4.digicert.com\/sha2-assured-ts.crl0",
"http:\/\/crl4.digicert.com\/DigiCertAssuredIDRootCA.crl0",
"https:\/\/github.com\/tyea\/dobpicker",
"http:\/\/ns.adobe.com\/xap\/1.0\/sType\/ResourceEvent",
"https:\/\/www.kaspersky.com\/Products-and-Services-Privacy-Policy",
"https:\/\/help.kaspersky.com.",
"http:\/\/cacerts.digicert.com\/DigiCertAssuredIDCA-1.crt0",
"https:\/\/support.kaspersky.com.",
"http:\/\/cacerts.digicert.com\/DigiCertEVCodeSigningCA-SHA2.crt0",
"http:\/\/crl4.digicert.com\/DigiCertAssuredIDRootCA.crl0:",
"https:\/\/www.kaspersky.com",
"https:\/\/www.digicert.com\/CPS0",
"http:\/\/www.digicert.com\/ssl-cps-repository.htm0",
"http:\/\/crl3.digicert.com\/DigiCertAssuredIDCA-1.crl08"
],
"crc32": "CC375CAC",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10993\/files\/c8de9059f0019ca1_setup.dll",
"ssdeep": null,
"size": 5847736,
"sha512": "3b6a65555ce1c0550362d725a2e4634c7eec078961377942214e20089b248769d53d284187b7da75675961f4ba53576338c4b34e04aac7094784363feb4ffaf5",
"pids": [
2308
],
"md5": "b185eb7425dd2edd4e73df537dd28aea"
},
{
"yara": [],
"sha1": "12abfb642fc49948a70c6be2e2a429d09e3792d8",
"name": "a941af55adff84f3_kis-error.png",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-error.png",
"type": "PNG image data, 48 x 48, 8-bit\/color RGBA, non-interlaced",
"sha256": "a941af55adff84f31549a72042eeebdd297f1de54a5d346e1667e11a2372dea4",
"urls": [],
"crc32": "4CB7B2E0",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10993\/files\/a941af55adff84f3_kis-error.png",
"ssdeep": null,
"size": 275,
"sha512": "9fc8e21cb58048271e04fe52915d3cd9a6337a0609a088c7df6ccfd0ec7eb1b9e4bf3eb0eee598f4be90b5850f3b9b55424ef2d29535cda97afc145f0a3ef119",
"pids": [
2308
],
"md5": "90d406727e33427408a3da1de587ff95"
},
{
"yara": [],
"sha1": "646fceddb81249f86a3820555cfa7128c4d9df26",
"name": "52787da054f3daf0_kis-style.css",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-style.css",
"type": "UTF-8 Unicode (with BOM) text, with CRLF line terminators",
"sha256": "52787da054f3daf09ec9494565735ea3a14428556ae6129110caa0d8975f38eb",
"urls": [],
"crc32": "BA92461E",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10993\/files\/52787da054f3daf0_kis-style.css",
"ssdeep": null,
"size": 31591,
"sha512": "3c4f10ae4730af7f53d4f807c2c07afa85e594a6685f439e3df54e1af700c54c3e0148e8d756ee19bd8cf116320dfa2fd25d36e9bc973d00218ee8020d536fca",
"pids": [
2308
],
"md5": "98d7269182ae679fc12fe0964741ee74"
},
{
"yara": [],
"sha1": "359770fcabf808e1b530f397c488f0ca10e2d749",
"name": "3d98c0ed9c4448c5_kis-checkbox-unchecked-disabled.gif",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-checkbox-unchecked-disabled.gif",
"type": "GIF image data, version 89a, 16 x 16",
"sha256": "3d98c0ed9c4448c541003eac6780c89c7a42ac14955d9ebd084043d8e9cf73d5",
"urls": [],
"crc32": "A34A2036",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10993\/files\/3d98c0ed9c4448c5_kis-checkbox-unchecked-disabled.gif",
"ssdeep": null,
"size": 98,
"sha512": "c5e34cc5d8ae21dcbbbf412339e31cb7ebaeb2c71ed90b1b06d892437f80a2ec6f9e45b7c2ed6b11d93638a8e8c72fee0ac306a51359f481f69294b8e1cdc73e",
"pids": [
2308
],
"md5": "e47f0182f4507f5c902a0cd7dd652a84"
},
{
"yara": [],
"sha1": "2e62e280f36f42d3ef9ac13d7387372fb1c64089",
"name": "274475bcff25c5f8_kis-loading-b.gif",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-loading-b.gif",
"type": "GIF image data, version 89a, 64 x 64",
"sha256": "274475bcff25c5f8f7c0c85a2e5f7e39c0b98c18f50b1d924ba2996a4d8e596a",
"urls": [
"http:\/\/ns.adobe.com\/xap\/1.0\/mm\/",
"http:\/\/ns.adobe.com\/xap\/1.0\/sType\/ResourceRef",
"http:\/\/ns.adobe.com\/xap\/1.0\/"
],
"crc32": "458963A0",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10993\/files\/274475bcff25c5f8_kis-loading-b.gif",
"ssdeep": null,
"size": 23399,
"sha512": "fb7795f518b8e8821fbcd1bfd2c9198e81dc3160d6d8e05ceffc4fa2e8124b5d4bddf75039a94cb3898b6a99c9e73a738107efc50c7938cc43fb1c7ecf3e2796",
"pids": [
2308
],
"md5": "e797543108faf987dca5a999a7677a32"
},
{
"yara": [],
"sha1": "9428a77690d72a0dc97da74abd9ce9a26988dee2",
"name": "4c185963672b9328_index.dat",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\MSHist012019040920190410\\index.dat",
"type": "Internet Explorer cache file version Ver 5.2",
"sha256": "4c185963672b9328803419163c44921f86dfbcc43c80a05c404f45ec98c3f3c7",
"urls": [],
"crc32": "2FD5BD0F",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10993\/files\/4c185963672b9328_index.dat",
"ssdeep": null,
"size": 32768,
"sha512": "ab48ce2d403af192b18cc353d6607447b5dc629246ba39a8e0c124cbcc12594a8e130e0f943d121578f036e2c3ac8536a9246b83e55f09f5e64a70eb9ffd68de",
"pids": [],
"md5": "1ceeb21b5ecce1bfb45cd0b931505a3e"
},
{
"yara": [],
"sha1": "dd02430aba4524bf3f79e537fcd8a88c0cfbf23b",
"name": "b4b92359798e8f3c_kis-information.png",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-information.png",
"type": "PNG image data, 16 x 16, 8-bit\/color RGBA, non-interlaced",
"sha256": "b4b92359798e8f3cfa4063f2ebd097cb66c5b9a4ab962bd1bac839243440f816",
"urls": [],
"crc32": "4036DDBA",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10993\/files\/b4b92359798e8f3c_kis-information.png",
"ssdeep": null,
"size": 619,
"sha512": "b8ec41241c78949ecb75464ed2b0b13da672be2f16bd3b28083f10bb94a72c0799843d1f45a406c6f9ab0be74f39467b3d96c62560188294b3fd58b2fd332bbb",
"pids": [
2308
],
"md5": "9d7538a49bfaf3b735ddf21024655371"
},
{
"yara": [],
"sha1": "cf85182f8dfd0d11dd82f8394b00dec10f51c603",
"name": "65b0a5d30c3f9e00_autorun-bullet.png",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\autorun-bullet.png",
"type": "PNG image data, 16 x 16, 8-bit\/color RGB, non-interlaced",
"sha256": "65b0a5d30c3f9e001705f5ca1cd638c6053d13332a2f2df812f12916beba1dfa",
"urls": [],
"crc32": "2EA03736",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10993\/files\/65b0a5d30c3f9e00_autorun-bullet.png",
"ssdeep": null,
"size": 531,
"sha512": "6abfeae1f75be14833d7fee9b320ee51468105f6cbbf008f7dfc2167eb19df781153a7ca6ecd3655780968e96c89964e48daa6e3ee720736b3b8ac258e18eaf1",
"pids": [
2308
],
"md5": "c50389222c087f2683a70ddd9bb508d5"
},
{
"yara": [],
"sha1": "9c8235b1a207ff8504fd44349501baa7e2c52662",
"name": "2c2ef546bdd79383_select_lang_page.html",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\select_lang_page.html",
"type": "HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators",
"sha256": "2c2ef546bdd79383e894e7d481814053ab522f4855878196ac0211f86cd44cd8",
"urls": [],
"crc32": "B1387332",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10993\/files\/2c2ef546bdd79383_select_lang_page.html",
"ssdeep": null,
"size": 2064,
"sha512": "4f1b79c4fdea66814b2dfb126c66e43395017c61daf726566a0146699bc4eb0355acf0ddf3aa198aac44b15379d0249416ba58ba5ea4f0c1e3a05a77ad8ebb9b",
"pids": [
2308
],
"md5": "1e8bc4b50b4e7beadc0e873488f38a35"
},
{
"yara": [],
"sha1": "f704f03ac9f88e125211f9459b90596635c03768",
"name": "75cea82c7c2b4273_kis-win8-bg.png",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-win8-bg.png",
"type": "PNG image data, 2 x 3, 8-bit\/color RGB, non-interlaced",
"sha256": "75cea82c7c2b4273567e1cd01361edf5ed6663aa1d32e3f1685167f2c92bfd78",
"urls": [
"http:\/\/purl.org\/dc\/elements\/1.1\/",
"http:\/\/ns.adobe.com\/xap\/1.0\/mm\/",
"http:\/\/ns.adobe.com\/photoshop\/1.0\/",
"http:\/\/ns.adobe.com\/xap\/1.0\/",
"http:\/\/ns.adobe.com\/xap\/1.0\/sType\/ResourceEvent"
],
"crc32": "C2FF2A61",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10993\/files\/75cea82c7c2b4273_kis-win8-bg.png",
"ssdeep": null,
"size": 1418,
"sha512": "58006d1f2c601a17e0332ae149fea97106c651b41e44695b13c54dbca27bd040dc01157cf6bc5d74babea33b68938d7b84e075a346cd457e5fb603a5bfa02aad",
"pids": [
2308
],
"md5": "1ea102f9ca7aa731318bfc818abcf247"
},
{
"yara": [],
"sha1": "f38eeed6a268a9864927971251300146c7bb5b80",
"name": "5d9d05d4ef66090f_kis-loading-f.gif",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-loading-f.gif",
"type": "GIF image data, version 89a, 19 x 19",
"sha256": "5d9d05d4ef66090f50286cbb8d69653f66339728be417400882e8ed894565ddc",
"urls": [
"http:\/\/ns.adobe.com\/xap\/1.0\/mm\/",
"http:\/\/ns.adobe.com\/xap\/1.0\/sType\/ResourceRef",
"http:\/\/ns.adobe.com\/xap\/1.0\/"
],
"crc32": "CAD9CBEB",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10993\/files\/5d9d05d4ef66090f_kis-loading-f.gif",
"ssdeep": null,
"size": 13353,
"sha512": "d32d0873d0f55007bc554f6beb855cc6d4f2b28852e06193027a18ccee041a4afe291afdf00929d6fc79984835d1247f84583e1f1e6894af8ed2585f9fe4417a",
"pids": [
2308
],
"md5": "301a31c096308f76e0c0f1cb5662ce9d"
},
{
"yara": [],
"sha1": "82e22bb7e69fc2c06ad170a824dcb0014b6ec064",
"name": "255cf434747246c0_kis-refresh-disabled.png",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-refresh-disabled.png",
"type": "PNG image data, 16 x 16, 8-bit\/color RGBA, non-interlaced",
"sha256": "255cf434747246c077f799eca4e38bac05eeb3ec5c6738ffdda3bfa82d3ac10f",
"urls": [],
"crc32": "B8FF8983",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10993\/files\/255cf434747246c0_kis-refresh-disabled.png",
"ssdeep": null,
"size": 513,
"sha512": "54bbc6b8f498fd9d6f4a4fda982fbdaa2074c7303bfc385ef176738b3208792226241078a61411f719bdd7722f51fc6ad24497b89be3ba33e0179a6c2f0fbd46",
"pids": [
2308
],
"md5": "c1d8ff21a250813f538cedc35d167e0a"
},
{
"yara": [],
"sha1": "8d695b65a7eaed0ff337bc32062344c84aacfb74",
"name": "c1bf462ccf1fe4c0_google-chrome-banner.png",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\google-chrome-banner.png",
"type": "PNG image data, 472 x 80, 8-bit\/color RGB, non-interlaced",
"sha256": "c1bf462ccf1fe4c0d90fe0934312d2e4ade773d036666be02c594db3ccdadefb",
"urls": [
"http:\/\/ns.adobe.com\/xap\/1.0\/mm\/",
"http:\/\/ns.adobe.com\/xap\/1.0\/sType\/ResourceRef",
"http:\/\/ns.adobe.com\/xap\/1.0\/"
],
"crc32": "6B3D5436",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10993\/files\/c1bf462ccf1fe4c0_google-chrome-banner.png",
"ssdeep": null,
"size": 10866,
"sha512": "fbfed6637c02d595019e828150e8668c51513b219772e16c5bb34d13fe8b5c44cb16b85af1e7e515bd51d13cb2b959846cd51f062c3e29735142b6a4a9613614",
"pids": [
2308
],
"md5": "ef8fefb54a4c88d977d47b03ca6bd74e"
},
{
"yara": [],
"sha1": "73c3801a3c5c138133b1cbe3de8ce3a409a9c89e",
"name": "5be7b64abf262e2c_kis-about-rtl.png",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-about-rtl.png",
"type": "PNG image data, 16 x 16, 8-bit\/color RGBA, non-interlaced",
"sha256": "5be7b64abf262e2cbd14d123a8a7300698c957156d22560f0cac4fe6f8bf9661",
"urls": [
"http:\/\/purl.org\/dc\/elements\/1.1\/",
"http:\/\/ns.adobe.com\/xap\/1.0\/mm\/",
"http:\/\/ns.adobe.com\/photoshop\/1.0\/",
"http:\/\/ns.adobe.com\/xap\/1.0\/",
"http:\/\/ns.adobe.com\/xap\/1.0\/sType\/ResourceEvent"
],
"crc32": "106F18F9",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10993\/files\/5be7b64abf262e2c_kis-about-rtl.png",
"ssdeep": null,
"size": 1783,
"sha512": "21ad57efb2c9317858d10d455183b3a56042869914fd765ea0c82db8ad9e6289c7e64047cea700afbd736846fbfc0ffa5e0ddf39cd57f2eb0deb6670ea55d1aa",
"pids": [
2308
],
"md5": "1c0430195214e85a587a5c8362665f23"
},
{
"yara": [],
"sha1": "cedc683f198b219727a7f145554fd0a54a20ec2b",
"name": "10bb69a749a9c559_kis-win8.png",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-win8.png",
"type": "PNG image data, 42 x 50, 8-bit\/color RGBA, non-interlaced",
"sha256": "10bb69a749a9c559d85d6e9c875615823c10d9c37bd625ea9275465423342291",
"urls": [
"http:\/\/purl.org\/dc\/elements\/1.1\/",
"http:\/\/ns.adobe.com\/xap\/1.0\/mm\/",
"http:\/\/ns.adobe.com\/photoshop\/1.0\/",
"http:\/\/ns.adobe.com\/xap\/1.0\/",
"http:\/\/ns.adobe.com\/xap\/1.0\/sType\/ResourceEvent"
],
"crc32": "5B718CA7",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/10993\/files\/10bb69a749a9c559_kis-win8.png",
"ssdeep": null,
"size": 2942,
"sha512": "fe1a23b6320002019b451c7ff675eeee85a7b02c266be72c31623203523976f1485fd9cbd489f6f21559b18dc662af756b8ac7230351605621d9885a95fc66d5",
"pids": [
2308
],
"md5": "a6f682bbd803cb614f5f328bcfd223dd"
}
]Generic
[
{
"process_path": "C:\\Users\\cuck\\AppData\\Local\\Temp\\69f362d1742094a58f6586ebcc457627fce0d560bf5c43bcdd49e941493ff95a.bin",
"process_name": "69f362d1742094a58f6586ebcc457627fce0d560bf5c43bcdd49e941493ff95a.bin",
"pid": 2308,
"summary": {
"file_created": [
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-loading.gif",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-loading-g.gif",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\google-chrome-banner.png",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-error.png",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-about-rtl.png",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\jquery.custom_select.min.js",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-style.css",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-select-bg.png",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\default-slide-style.css",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\share-vkontakte.png",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\select_lang_page.html",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\rtl.css",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-refresh.png",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\yandex-motivation.png",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\share-facebook.png",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\btn.png",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-script-lte-ie8.js",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\remove.png",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-print.css",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-checkbox-unchecked-disabled.gif",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\share-twitter.png",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-loading-h.gif",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-script.js",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\chrome-logo.png",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-information.png",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-win8.png",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\btn_bg.png",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-loading-f.gif",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\product.png",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-progress-bar.png",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-loading-b.gif",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\google-toolbar-banner.png",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\install_programm.png",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-checkbox-checked.gif",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-incompatible-soft-ico.png",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-refresh-disabled.png",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-select-selected.png",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-win8-bg.png",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-select-down.png",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-select-up.png",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\print.png",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-about-disabled.png",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\autorun-bullet.png",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\C7D5F23490C2BE118892800072949DB9\\setup.dll",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-logo.png",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-checkbox-checked-disabled.gif",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-arrows.png",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\kl-setup-2020-11-21-07-53-07_SAAS.21.2.16.590.log",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-checkbox-unchecked.gif",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-radio-checked.gif",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-about.png",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\jquery-1.12.4.min.js",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\tfu.png",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\MSHist012020112120201122\\index.dat",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-radio-unchecked.gif",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-icon-ok.png"
],
"directory_created": [
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\MSHist012020112120201122\\",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\C7D5F23490C2BE118892800072949DB9",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Caches"
],
"dll_loaded": [
"IEFRAME.dll",
"MMDevAPI.DLL",
"urlmon.dll",
"kernel32",
"mshtml.dll",
"wdmaud.drv",
"apphelp.dll",
"CFGMGR32.dll",
"Advapi32.dll",
"kernel32.dll",
"MMDEVAPI.DLL",
"oleaut32.dll",
"C:\\Windows\\system32\\ole32.dll",
"AUDIOSES.DLL",
"dwmapi.dll",
"C:\\Windows\\system32\\msimg32.dll",
"ImgUtil.dll",
"C:\\Windows\\system32\\WINMM.dll",
"C:\\Windows\\system32\\Msimtf.dll",
"API-MS-WIN-Service-Management-L1-1-0.dll",
"C:\\Windows\\syswow64\\MSCTF.dll",
"WININET.dll",
"SXS.DLL",
"API-MS-Win-Core-LocalRegistry-L1-1-0.dll",
"OLEACC.DLL",
"MLANG.dll",
"OLEAUT32.DLL",
"ole32.dll",
"SHLWAPI.dll",
"Shcore.dll",
"C:\\Windows\\system32\\DbgHelp.dll",
"COMCTL32.dll",
"Comctl32.dll",
"C:\\Windows\\system32\\IMM32.DLL",
"API-MS-WIN-Service-winsvc-L1-1-0.dll",
"midimap.dll",
"msacm32.drv",
"OLEAUT32.dll",
"C:\\Windows\\system32\\kernel32.dll",
"C:\\Windows\\system32\\Oleacc.dll",
"SHELL32.dll",
"RPCRT4.dll",
"User32.dll",
"comctl32.dll",
"CRYPTSP.dll",
"WINMM.dll",
"RpcRtRemote.dll",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\C7D5F23490C2BE118892800072949DB9\\setup.dll",
"GDI32.dll",
"msi.dll",
"UxTheme.dll",
"C:\\Windows\\SysWOW64\\oleaut32.dll",
"ADVAPI32.dll",
"rpcrt4.dll",
"C:\\Windows\\system32\\jscript9.dll",
"SETUPAPI.dll",
"WINTRUST.dll",
"user32.dll",
"ddraw.dll"
],
"file_opened": [
"C:\\Windows\\Fonts\\cour.ttf",
"C:\\Windows\\Fonts\\msyh.ttf",
"C:\\Windows\\Fonts\\verdanaz.ttf",
"C:\\Windows\\Fonts\\cambriaz.ttf",
"C:\\Windows\\Fonts\\arial.ttf",
"C:\\",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-radio-unchecked.gif",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-script-lte-ie8.js",
"C:\\Windows\\Fonts\\simsun.ttc",
"C:\\Windows\\Fonts\\cordiaz.ttf",
"C:\\Windows\\Fonts\\simkai.ttf",
"C:\\Windows\\Fonts\\tahoma.ttf",
"C:\\Windows\\Fonts\\palabi.ttf",
"C:\\Windows\\Fonts\\kalinga.ttf",
"C:\\Windows\\Fonts\\utsaah.ttf",
"C:\\Windows\\Fonts\\taileb.ttf",
"C:\\Windows\\Fonts\\aparaj.ttf",
"C:\\Windows\\Fonts\\tahomabd.ttf",
"C:\\Windows\\Fonts\\frank.ttf",
"C:\\Windows\\Fonts\\upcil.ttf",
"C:\\Windows\\Fonts\\raavi.ttf",
"C:\\Windows\\Fonts\\sylfaen.ttf",
"C:\\Windows\\Fonts\\segoeuii.ttf",
"C:\\Windows\\SysWOW64",
"C:\\Windows\\Fonts\\corbel.ttf",
"C:\\Windows\\Fonts\\upcli.ttf",
"C:\\Windows\\Fonts\\ahronbd.ttf",
"C:\\Windows\\Fonts\\verdanab.ttf",
"C:\\Windows\\Fonts\\gulim.ttc",
"C:\\Windows\\Fonts\\constanb.ttf",
"C:\\Windows\\Fonts\\cordiai.ttf",
"C:\\Windows\\Fonts\\utsaahb.ttf",
"C:\\Windows\\Fonts\\simpo.ttf",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-print.css",
"C:\\Windows\\Fonts\\Candara.ttf",
"C:\\Windows\\Fonts\\seguisb.ttf",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-script.js",
"C:\\Windows\\Fonts\\Candarab.ttf",
"C:\\Windows\\Fonts\\mriam.ttf",
"C:\\Windows\\Fonts\\upcii.ttf",
"C:\\Windows\\Fonts\\LaoUI.ttf",
"C:\\Windows\\Fonts\\majallab.ttf",
"C:\\Windows\\System32\\shell32.dll",
"C:\\Windows\\Fonts\\malgunbd.ttf",
"C:\\Windows\\SysWOW64\\ieframe.dll",
"C:\\Windows\\Fonts\\comicbd.ttf",
"C:\\Windows\\Fonts\\dokchamp.ttf",
"C:\\Windows\\Fonts\\calibri.ttf",
"C:\\Windows\\Fonts\\iskpota.ttf",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft",
"C:\\Windows\\Fonts\\segoeprb.ttf",
"C:\\Windows\\Fonts\\kokilai.ttf",
"C:\\Windows\\Fonts\\segoesc.ttf",
"C:\\Windows\\Fonts\\kartikab.ttf",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\jquery.custom_select.min.js",
"C:\\Windows\\Fonts\\Shonar.ttf",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows",
"C:\\Windows\\Fonts\\trebucit.ttf",
"C:\\Windows\\Fonts\\segoeuil.ttf",
"C:\\Windows\\Fonts\\kokilab.ttf",
"C:\\Windows\\Fonts\\mriamc.ttf",
"C:\\Windows\\Fonts\\euphemia.ttf",
"C:\\Windows\\Fonts\\cordiab.ttf",
"C:\\Windows\\Fonts\\gautamib.ttf",
"C:\\Windows\\Fonts\\mangal.ttf",
"C:\\Windows\\Fonts\\georgiai.ttf",
"C:\\Windows\\Fonts\\leelawdb.ttf",
"C:\\Windows\\Fonts\\mingliu.ttc",
"C:\\Windows\\Fonts\\mingliub.ttc",
"C:\\Windows\\Fonts\\utsaahi.ttf",
"C:\\Windows\\Fonts\\cambriab.ttf",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-style.css",
"C:\\Windows\\Fonts\\constani.ttf",
"C:\\Windows\\Fonts\\l_10646.ttf",
"C:\\Windows\\Fonts\\simhei.ttf",
"C:\\Windows\\Fonts\\arialbd.ttf",
"C:\\Windows\\Fonts\\himalaya.ttf",
"C:\\Windows\\Fonts\\msyhbd.ttf",
"C:\\Windows\\Fonts\\shruti.ttf",
"C:\\Windows\\Fonts\\calibrib.ttf",
"C:\\Users\\cuck",
"C:\\Windows\\Fonts\\ebrima.ttf",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-radio-checked.gif",
"C:\\Windows\\Fonts\\upckbi.ttf",
"C:\\Windows\\System32\\msxml3.dll",
"C:\\Windows\\Fonts\\vijaya.ttf",
"C:\\Windows\\Fonts\\trado.ttf",
"C:\\Windows\\Fonts\\lvnm.ttf",
"C:\\Windows\\Fonts\\angsai.ttf",
"C:\\Windows\\Fonts\\upcjl.ttf",
"C:\\Windows\\Fonts\\upcfb.ttf",
"C:\\Windows\\Fonts\\msjh.ttf",
"C:\\Windows\\Fonts\\majalla.ttf",
"C:\\Windows\\Fonts\\comic.ttf",
"C:\\Windows\\Fonts\\tunga.ttf",
"C:\\Windows\\Fonts\\latha.ttf",
"C:\\Windows\\Fonts\\simsunb.ttf",
"C:\\Windows\\Fonts\\monbaiti.ttf",
"C:\\Windows\\Fonts\\upcji.ttf",
"C:\\Windows\\SysWOW64\\mshtml.dll",
"C:\\Windows\\Fonts\\ariali.ttf",
"C:\\Windows\\Fonts\\ariblk.ttf",
"C:\\Windows\\Fonts\\shrutib.ttf",
"C:\\Windows\\Fonts\\mvboli.ttf",
"C:\\Windows\\Fonts\\lvnmbd.ttf",
"C:\\Windows\\Fonts\\gautami.ttf",
"C:\\Windows\\Fonts\\raavib.ttf",
"C:\\Windows\\Fonts\\msyi.ttf",
"C:\\Windows\\Fonts\\cordia.ttf",
"C:\\Windows\\Fonts\\meiryob.ttc",
"C:\\Windows\\Fonts\\timesbd.ttf",
"C:\\Windows\\Fonts\\simpbdo.ttf",
"C:\\Windows\\Fonts\\verdanai.ttf",
"C:\\Windows\\Fonts\\browaz.ttf",
"C:\\Windows\\Fonts\\nrkis.ttf",
"C:\\Windows\\win.ini",
"C:\\Windows\\Fonts\\davidbd.ttf",
"C:\\Windows\\Fonts\\phagspab.ttf",
"C:\\Windows\\Fonts\\moolbor.ttf",
"C:\\Windows\\Fonts\\KhmerUIb.ttf",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Internet Explorer\\MSIMGSIZ.DAT",
"C:\\Windows\\Fonts\\ntailu.ttf",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\MSHist012020112120201122\\index.dat",
"C:\\Windows\\Fonts\\gishabd.ttf",
"C:\\Windows\\Fonts\\msmincho.ttc",
"C:\\Windows\\Fonts\\meiryo.ttc",
"C:\\Windows\\Fonts\\upcdb.ttf",
"C:\\Windows\\Fonts\\upcfl.ttf",
"C:\\Windows\\Fonts\\constan.ttf",
"C:\\Windows\\Fonts\\msgothic.ttc",
"C:\\Windows\\Fonts\\Vanib.ttf",
"C:\\Windows\\Fonts\\upcfbi.ttf",
"C:\\Windows\\Fonts\\angsab.ttf",
"C:\\Windows\\Fonts\\corbeli.ttf",
"C:\\Windows\\Fonts\\browai.ttf",
"C:\\Windows\\SysWOW64\\wdmaud.drv",
"C:\\Windows\\Fonts\\upcebi.ttf",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-logo.png",
"C:\\Windows\\Fonts\\pala.ttf",
"C:\\Windows\\Fonts\\upcll.ttf",
"C:\\Windows\\Fonts\\Candaraz.ttf",
"C:\\Windows\\SysWOW64\\msi.dll",
"C:\\Windows\\Fonts\\upckl.ttf",
"C:\\Windows\\Fonts\\vrindab.ttf",
"C:\\Windows\\Fonts\\consolab.ttf",
"C:\\Windows\\Fonts\\kalingab.ttf",
"C:\\Windows\\Fonts\\estre.ttf",
"C:\\Windows\\Fonts\\calibrii.ttf",
"C:\\Windows\\Fonts\\upcfi.ttf",
"C:\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2",
"C:\\Windows\\Fonts\\palab.ttf",
"C:\\Windows\\Fonts\\framdit.ttf",
"C:\\Windows\\Fonts\\daunpenh.ttf",
"C:\\Windows\\Fonts\\Vani.ttf",
"C:\\Windows\\Fonts\\rod.ttf",
"C:\\Windows\\Fonts\\upcib.ttf",
"C:\\Windows\\Fonts\\tradbdo.ttf",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Caches\\cversions.1.db",
"C:\\Windows\\Media\\Windows Navigation Start.wav",
"C:\\Windows\\Fonts\\kaiu.ttf",
"C:\\Windows\\Fonts\\msuighur.ttf",
"C:\\Windows\\Fonts\\courbd.ttf",
"C:\\Windows\\Fonts\\georgia.ttf",
"C:\\Windows\\Fonts\\trebucbi.ttf",
"C:\\Windows\\Fonts\\timesbi.ttf",
"C:\\Windows\\Fonts\\upcki.ttf",
"C:\\Windows\\Fonts\\lucon.ttf",
"C:\\Windows\\Fonts\\browauz.ttf",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\69f362d1742094a58f6586ebcc457627fce0d560bf5c43bcdd49e941493ff95a.bin",
"C:\\Windows\\Fonts\\aparajb.ttf",
"C:\\Windows\\System32\\dxtrans.dll",
"C:\\Windows\\Fonts\\angsau.ttf",
"C:\\Windows\\Fonts\\courbi.ttf",
"C:\\Windows\\Fonts\\corbelb.ttf",
"C:\\Windows\\Fonts\\georgiab.ttf",
"C:\\Windows\\Fonts\\arabtype.ttf",
"C:\\Windows\\Fonts\\vrinda.ttf",
"C:\\Users",
"C:\\Windows\\Fonts\\Candarai.ttf",
"C:\\Windows\\Fonts\\angsaub.ttf",
"C:\\Windows\\Fonts\\upckb.ttf",
"C:\\Windows\\SysWOW64\\stdole2.tlb",
"C:\\Windows\\Fonts\\palai.ttf",
"C:\\Windows\\Fonts\\LaoUIb.ttf",
"C:\\Windows\\Fonts\\aparajbi.ttf",
"C:\\Windows\\SysWOW64\\en-US\\KERNELBASE.dll.mui",
"C:\\Users\\desktop.ini",
"C:\\Windows\\Fonts\\simpfxo.ttf",
"C:\\Windows\\Fonts\\msjhbd.ttf",
"C:\\Windows\\Fonts\\tungab.ttf",
"C:\\Windows\\Fonts\\segoescb.ttf",
"C:\\Windows\\Fonts\\nyala.ttf",
"C:\\Users\\cuck\\AppData\\Local",
"C:\\Windows\\System32\\ntmarta.dll",
"C:\\Windows\\Fonts\\angsa.ttf",
"C:\\Windows\\Fonts\\georgiaz.ttf",
"C:\\Windows\\Fonts\\trebuc.ttf",
"C:\\Windows\\Fonts\\cordiauz.ttf",
"C:\\Windows\\Fonts\\batang.ttc",
"C:\\Windows\\Fonts\\Shonarb.ttf",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000004.db",
"C:\\Windows\\Fonts\\webdings.ttf",
"C:\\Windows\\System32\\dxtmsft.dll",
"C:\\Windows\\Fonts\\constanz.ttf",
"C:\\Windows\\Fonts\\upceb.ttf",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B",
"C:\\Windows\\Fonts\\consola.ttf",
"C:\\Users\\cuck\\AppData\\Local\\Temp",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\jquery-1.12.4.min.js",
"C:\\Windows\\Fonts\\browau.ttf",
"C:\\Windows\\Fonts\\angsaz.ttf",
"C:\\Windows\\Fonts\\leelawad.ttf",
"C:\\Windows\\Fonts\\taile.ttf",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\select_lang_page.html",
"C:\\Users\\cuck\\AppData",
"C:\\Windows\\Fonts\\browaub.ttf",
"C:\\Windows\\Fonts\\arialbi.ttf",
"C:\\Windows\\Fonts\\seguisym.ttf",
"C:\\Windows\\Fonts\\upclbi.ttf",
"C:\\Windows\\Fonts\\aparaji.ttf",
"C:\\Windows\\Fonts\\andlso.ttf",
"C:\\Windows\\Fonts\\browa.ttf",
"C:\\Windows\\Fonts\\segoeuiz.ttf",
"C:\\Windows\\Fonts\\framd.ttf",
"C:\\Windows\\Fonts\\lathab.ttf",
"C:\\Windows\\Fonts\\cambriai.ttf",
"C:\\Windows\\Fonts\\upcjb.ttf",
"C:\\Windows\\Fonts\\upcdl.ttf",
"C:\\Windows\\Fonts\\calibriz.ttf",
"C:\\Windows\\Fonts\\upcdbi.ttf",
"C:\\Windows\\Fonts\\simfang.ttf",
"C:\\Windows\\Fonts\\browab.ttf",
"C:\\Windows\\Fonts\\cordiaui.ttf",
"C:\\Windows\\Fonts\\phagspa.ttf",
"C:\\Windows\\Fonts\\angsauz.ttf",
"C:\\Windows\\Fonts\\browaui.ttf",
"C:\\Windows\\Fonts\\impact.ttf",
"C:\\Windows\\Fonts\\consolaz.ttf",
"C:\\Windows\\Fonts\\malgun.ttf",
"C:\\Windows\\Fonts\\kokila.ttf",
"C:\\Windows\\Fonts\\verdana.ttf",
"C:\\Windows\\Fonts\\upcei.ttf",
"C:\\Windows\\Fonts\\upcel.ttf",
"C:\\Windows\\Fonts\\wingding.ttf",
"C:\\Windows\\Fonts\\mangalb.ttf",
"C:\\Windows\\Fonts\\kartika.ttf",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\History\\desktop.ini",
"C:\\Windows\\Fonts\\ebrimabd.ttf",
"C:\\Windows\\Fonts\\upclb.ttf",
"C:\\Windows\\Fonts\\ntailub.ttf",
"C:\\Windows\\Fonts\\cordiau.ttf",
"C:\\Windows\\Fonts\\segoeuib.ttf",
"C:\\Windows\\Fonts\\segoeui.ttf",
"C:\\Windows\\Fonts\\angsaui.ttf",
"C:\\Windows\\Fonts\\david.ttf",
"C:\\Windows\\Fonts\\KhmerUI.ttf",
"C:\\Windows\\Fonts\\utsaahbi.ttf",
"C:\\Windows\\Fonts\\corbelz.ttf",
"C:\\Windows\\Fonts\\vijayab.ttf",
"C:\\Windows\\Fonts\\segoepr.ttf",
"C:\\Windows\\Fonts\\Gabriola.ttf",
"C:\\Windows\\Fonts\\plantc.ttf",
"C:\\Windows\\Fonts\\cambria.ttc",
"C:\\Windows\\Fonts\\cordiaub.ttf",
"C:\\Windows\\Fonts\\symbol.ttf",
"C:\\Windows\\Fonts\\upcdi.ttf",
"C:\\Windows\\Fonts\\micross.ttf",
"C:\\Windows\\Fonts\\upcjbi.ttf",
"C:\\Windows\\Fonts\\times.ttf",
"C:\\Windows\\Fonts\\consolai.ttf",
"C:\\Windows\\Fonts\\kokilabi.ttf",
"C:\\Windows\\Fonts\\trebucbd.ttf",
"C:\\Windows\\Fonts\\upcibi.ttf",
"C:\\Windows\\Fonts\\timesi.ttf",
"C:\\Windows\\Fonts\\couri.ttf",
"C:\\Windows\\Fonts\\gisha.ttf"
],
"regkey_opened": [
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\image\/pjpeg\\Bits",
"HKEY_CLASSES_ROOT\\PROTOCOLS\\Name-Space Handler\\about\\",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\image\/tiff\\Bits",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\285499F23409ED14FB4A01230F5DFA91",
"HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Internet Explorer\\Main",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Comdlg32",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\0F4DC93AAA8AD1D448BC4E6A207F4FE0",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Security\\Adv AddrBar Spoof Detection",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\ActiveX Compatibility\\{ADC6CB82-424C-11D2-952A-00C04FA34F05}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\0EF52818FCE3E7B488427C1F8266654E",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\669C9DC1419C0F240B35B36B99AAB50C",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\1E82F31DC0D05AA4CB291B7BAA23FC8E",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache\\feedplat",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Suggested Sites",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\F356843B045CC0A4BA0D83C1D85AAAFD",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\A7E9995902A24964C9C5D461E1C86F19",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_IEDDE_REGISTER_URLECHO",
"HKEY_CLASSES_ROOT\\.js",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\4486F7CE8F022FB4EB0154C5226C27A0",
"HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Internet Explorer\\Suggested Sites",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\DxTrans",
"HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0",
"HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1",
"HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2",
"HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3",
"HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\5E429E5BC27530F4786481EC687D9EC9",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\0411990C889EE9B47BB0B5D356564877",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\CB2182A03B6B11341A1F09A021991CE1",
"HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\7BF7ABF4D25C03F4582D4BC3082FB208",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\CF65AB832507EDB4BB357F9D8E0431BD",
"HKEY_CURRENT_USER\\Software\\KasperskyLab\\IEOverride\\International\\Scripts\\3",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\PROTOCOLS\\Handler\\about",
"HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Internet Explorer\\Main",
"HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1",
"HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0",
"HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3",
"HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2",
"HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\9BA984AD4F03E284382FFBB7A68BEE27",
"HKEY_CURRENT_USER\\SOFTWARE\\Classes\\PROTOCOLS\\Filter\\text\/html",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_IPERSISTMONIKER_LOAD_REDIRECTED_URL_KB976425",
"HKEY_CURRENT_USER\\Software\\Policies",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\B4BBDDC88CEE4DD439E8BB261CE222A8",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_CrossDomain_Fix_KB867801",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Installer\\UpgradeCodes\\F57A0D0910D2A3648B904FB0D98E449E",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\Feeds",
"HKEY_LOCAL_MACHINE\\System\\Setup",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\30FAECE2400494D4FB69207288EB5B73",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_DISABLE_NAVIGATION_SOUNDS",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Url History",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\D1FB8179F9A660439A2936F0E72F1F46",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\A558E619ABC4CE5479C1DA5070EFBF81",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\PageSetup",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_IGNORE_POLICIES_ZONEMAP_IF_ESC_ENABLED_KB918915",
"HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings",
"HKEY_CURRENT_USER\\Software\\KasperskyLabSetup\\Setup21.2.16.590.0.320.0",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\11E2BA15171FE704B98E7505E58D7749",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\E40FDF839772BEB41AC977860DBB4853",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_DISABLE_BEHAVIORS_DRAW_REENTRANCY",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache\\MSHist012019040920190410",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache\\ietld",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_ZONES_CHECK_ZONEMAP_POLICY_KB941001",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\423FE7A87AC0BF940B5796B2F11C80B4",
"HKEY_CURRENT_USER\\Control Panel\\Desktop\\WindowMetrics",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\863CA21BBA4DFCE489FDF96EAB898616",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\TravelLog",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache",
"HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\",
"HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Internet Explorer\\Activities",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\ActiveX Compatibility",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Ftp",
"HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Internet Explorer\\Suggested Sites",
"HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\",
"HKEY_CURRENT_USER\\AppEvents\\Schemes\\Apps\\Explorer\\Navigating\\.current",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_IEDDE_REGISTER_PROTOCOL",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_PROTOCOL_LOCKDOWN",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\D725CB8E57307E64EB574E04214D8B5F",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Ftp",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\18F5DB38C45303843B06B1B5025E4820",
"HKEY_CURRENT_USER\\Software\\KasperskyLab\\IEOverride\\Settings",
"HKEY_CLASSES_ROOT\\.png",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_PROTOCOL_LOCKDOWN",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\C4040CC509FB0DC4886F590DDF6B6132",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\F21868A51A175874BB819DCA5FAA40A3",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\image\/x-png",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_ZONE_ELEVATION",
"HKEY_LOCAL_MACHINE\\Software\\Classes\\Installer\\UpgradeCodes\\F57A0D0910D2A3648B904FB0D98E449E",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\International",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\F41A458014D57E54E8DBD0B0CBC361A2",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\9E40FDB6330EBA242A4BD5F4FDD0B803",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_RESTRICT_ABOUT_PROTOCOL_IE7",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\Low Rights",
"HKEY_CLASSES_ROOT\\.css",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\965742E8F65116F4BB2CB01341464FA7",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\MediaTypeClass",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\335F6F64CD461D9469519574D34757EB",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\17E23EF6C775D324DB90E0E2B7D1CA72",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\55B1C35005E2E8A459498D3F2B477EE7",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_ACTIVEX_INACTIVATE_MODE_REMOVAL_REVERT",
"HKEY_CURRENT_USER\\Software\\KasperskyLab\\IEOverride",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\image\/jpeg\\Bits",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\A76D7C84BF4322E32AF51E3EB60EC63B",
"HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Policies",
"HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Internet Explorer\\Zoom",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\B1D093E8AD3A3A34B89ACD5DB5F7A05B",
"HKEY_CURRENT_USER\\Software\\Microsoft\\windows\\CurrentVersion\\Internet Settings\\Zones",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\3EBAEE5AA284A1D4A9F1CF84FBA7DC11",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\218841810B0E6254C837A7244B6CD4D0",
"HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Internet Explorer\\Services",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\895805CC90C04694887EF6BD140A622D",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\B06071FE021ECB04E8B3BF1E39AD5BB3",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\ActiveDesktop",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\Recovery",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\8020CF43278B2644190F51544810251E",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\Domains\\",
"HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Internet Explorer",
"HKEY_LOCAL_MACHINE\\Software",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_LOCALMACHINE_LOCKDOWN",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows Search",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Url History",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\D3541DFF9B79C584284E8981624C04CB",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_UNC_SAVEDFILECHECK",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\E85E64F0A7FC58E47A87E5AB98A6F2DD",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\B1D5EA6004F809D48B117CE563261011",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_SAFE_BINDTOOBJECT",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\Managed\\S-1-5-21-699399860-4089948139-3198924279-1001\\Installer\\UpgradeCodes\\5A8E9D0E2E6761E45ABC045341450B4D",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache\\MSHist012020112120201122",
"HKEY_CLASSES_ROOT\\PROTOCOLS\\Name-Space Handler\\",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\5B04950B5EC5C924B8F428B5484A2720",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\75B368B60C908BA4E87C31F66B02F3F0",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_SCRIPTURL_MITIGATION",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_BINARY_CALLER_SERVICE_PROVIDER",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_MIME_SNIFFING",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\D9AB5A7ABF894DC42B2A5AFA657107B4",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\63B1AF366905AF641BA514CCBAE803C4",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\5E3DAE67887931944BCD7171908FA775",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\8D0CBB37A94C46943A90AC5008CF1CC9",
"HKEY_CURRENT_USER\\Software\\KasperskyLab\\IEOverride\\International",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\image\/png\\Bits",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\9F5ED6B416EF0A1448D94799D0FF20BA",
"HKEY_CLASSES_ROOT\\MIME\\Database\\Content Type\\text\/html",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\7FEB01D34D0F67E4F9CD810B432C1B91",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\4514EC211C8947C4B9BA24F353AFFD50",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_SHOW_FAILED_CONNECT_CONTENT_KB942615",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Policies",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\7814D91294731FF4DBBB840810BEB3BB",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\67C12EF40671B7342A2F990919031A57",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_READ_ZONE_STRINGS_FROM_REGISTRY",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\F428FE2E5AA63BC34AF10B4BCFD0C047",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\B690B72A999998C47B5F93C94A8D43B2",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_ADDITIONAL_IE8_MEMORY_CLEANUP",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\B71ED456496A76F41BFCC780358434D1",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\7C0477DE66D1A6749864FCE02A6DCB6C",
"HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Internet Explorer\\BrowserEmulation",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\Feature_Enable_Compat_Logging",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\315C767EFC72D8445B1D2D16F72653F0",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_RESTRICT_FILEDOWNLOAD",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\Ranges\\",
"HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Internet Explorer\\International\\Scripts",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\89BBBC8A0D32B014696C4BA3C20CDD34",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\9DD74C0626DC33C479C1929714AB5295",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_BROWSER_EMULATION",
"HKEY_CLASSES_ROOT\\PROTOCOLS\\Name-Space Handler\\*\\",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Nls\\CodePage",
"HKEY_CURRENT_USER\\AppEvents\\Schemes\\Apps\\Explorer\\ActivatingDocument\\.current",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Url History",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\53F08364FFD17F14B8FD7CA7F52FAE76",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_SUBDOWNLOAD_LOCKDOWN",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_IGNORE_LEADING_FILE_SEPARATOR_IN_URI_KB933105",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\0C8C847E8E3D6CF4980241250D83AC18",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\8D04063BE69797D4D8505462827A0D19",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\73964AA699D5B5140ADC41ED3F7DB38A",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\95EE473833000D6409127D1B85882AC9",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\9753E3A35E3BDFB468DF95B5D19C8A04",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Accepted Documents",
"HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\Ranges\\",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_SSLUX",
"HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Internet Explorer\\Restrictions",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\TravelLog",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\Managed\\S-1-5-21-699399860-4089948139-3198924279-1001\\Installer\\UpgradeCodes\\05BC42BE22FC33341B7C78B132D96CE4",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\1C1ED53B8F25FD248955C15232E46886",
"HKEY_LOCAL_MACHINE\\Software\\Policies",
"HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Internet Explorer\\Control Panel",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\AD21E12039BB3BC47B1938BC4ABDFEE2",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_RESTRICT_FILEDOWNLOAD",
"HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Internet Explorer\\Activities",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\84BBAC70FB00B6046881B55CB3122F0F",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Feeds",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\ProtocolDefaults\\",
"HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Internet Explorer\\Infodelivery\\Restrictions",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\D5FD8239A83FE564F97379EA15CE8CB6",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Feed Discovery",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_MIME_HANDLING",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache\\DOMStore",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\7BE19005FBFF82D4C9AC1CD315606D5C",
"HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3",
"HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2",
"HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1",
"HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0",
"HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4",
"HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Internet Explorer\\BrowserEmulation",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\A0256FF64030E0746A4AA95D3FFD0BE4",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\FileSystem",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Feed Discovery",
"HKEY_CURRENT_USER\\Software\\KasperskyLab\\IEOverride\\International\\Scripts",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Ratings",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_DOCUMENT_COMPATIBLE_MODE",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\F05C8358C56DAD54BB81D0A11DD52F41",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_WEBOC_DOCUMENT_ZOOM",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\BE0BD5097A638224EB0DAAE870267F03",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Installer\\UpgradeCodes\\05BC42BE22FC33341B7C78B132D96CE4",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\5B5C8B2FB95B57147954C18085D53ACE",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\040E2A370D6DB2F45AE45A0032BC2179",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\AboutURLs",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\3D197E722531D614AB40C182904D9A31",
"HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Internet Explorer",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_UNC_SAVEDFILECHECK",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\FBEAAA6C37E8AF24B87AAEA0047433BD",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\87C48B95924E3294FBC1766C9225DD0C",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_BLOCK_LMZ_SCRIPT",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\33AB3CD4D27277545B5A93CD4ECB96B4",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\EBCC7F29EA459B945AC92361F803C5BA",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\7FE547D6F0D72534A80F89C4AB727618",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\89DF671CDA74E9D4EB10275B10D5CF3F",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\9D22CD4619F5DBC499A083AAD70FE7B3",
"HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\Domains\\",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_BLOCK_LMZ_IMG",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\CE5B971A0DBB8FD4F83AE0DADC348104",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_Isolate_Named_Windows",
"HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\",
"HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Internet Explorer\\Zoom",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_CUSTOM_IMAGE_MIME_TYPES_KB910561",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\Security",
"HKEY_CLASSES_ROOT\\PROTOCOLS\\Name-Space Handler\\res\\",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\DxTrans",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_XSSFILTER",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\DE5E96135060B6632BBF5FF64015CF72",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\Zoom",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\0F957507B71E16D48AB8F8D24E499BFD",
"HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\Installer",
"HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\0A191B45599EEB74CA305184EA3C2A94",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\Security\\Adv AddrBar Spoof Detection",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Recovery",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\99C330202A8B38A4C82D60ECE5D3A9E9",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\04C56B5D827A9194FA2CBFD014EAD0DA",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_DISABLE_NAVIGATION_SOUNDS",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\18D84E9490A485948A17A1F02CDAA62A",
"HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Policies\\ActiveDesktop",
"HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\Services",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_FEEDS",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\8D38A6F5FC8262149A9FAAE8C621EE3F",
"HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap",
"HKEY_CLASSES_ROOT\\.gif",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\95E2C34402A93A14FA8CB3420B85375C",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\Suggested Sites",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\C1EF68F348457B246A0AD0C18B3079AF",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_SAFE_BINDTOOBJECT",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\Default Behaviors",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\image\/x-jg\\Bits",
"HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Internet Explorer\\Main\\FeatureControl",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache",
"HKEY_CURRENT_USER\\Software",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\31B36E22B03C9944E9E1AA20F6E02DBE",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\MAIN",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\1A0857155A8EF604FA5D1648CF382DC7",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\COM3",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\D45956AB0EB412C44B019BEAEF450F82",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\PROTOCOLS\\Filter\\text\/html",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\BAC5D52BFA9F4614D8C771B1CAC291E3",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1",
"HKEY_CURRENT_USER\\Software\\KasperskyLab\\IEOverride\\Styles",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\WindowsSearch",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_FEEDS",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\034A8F8E06031EF46BCB4C10469098E5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_MIME_SNIFFING",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Zoom",
"HKEY_CURRENT_USER\\SOFTWARE\\Classes\\PROTOCOLS\\Handler\\about",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\Domains\\",
"HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Internet Explorer\\Services",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_ALLOW_REVERSE_SOLIDUS_IN_USERINFO_KB932562",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_SSLUX",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\CDBF699A8F2EAC2438564C3D50E9E638",
"HKEY_CLASSES_ROOT\\.html",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\103857F24A2EDA54A800A41FA570861F",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_ZONE_ELEVATION",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\C435ED7D4D11C54458BBF52D7FE7E7B9",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\958C4A0DE6C8D5C428C6E9D875BC33B6",
"HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\Security\\Floppy Access",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\AE5A0040C41ACA642AF6DB16F4D2F638",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\2FA90A429E82313489DAA2E2C2F0872C",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_USE_WINDOWEDSELECTCONTROL",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_SHIM_MSHELP_COMBINE",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\image\/x-icon\\Bits",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Security",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\62293D511DB84E5489074C5AFA18E882",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\8ECC347096FA78C4E8291F449F71E16E",
"HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\2268E2F45D65B3B4ABBE6378BD9EBC30",
"HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Internet Explorer\\Infodelivery\\Restrictions",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\8691BCC36FF121849A90B085BFAF5E5E",
"HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\Domains\\",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\D613776D85BA57646A2100F5CC8CE339",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\image\/x-wmf\\Bits",
"HKEY_LOCAL_MACHINE\\Software\\Classes\\Installer\\UpgradeCodes\\05BC42BE22FC33341B7C78B132D96CE4",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\4FE19F224928A59468049F045950CB08",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\84C584688CFC74A4E9D36E5EE2E02FA7",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\4FE462B32EFD81040A184ED17E00452B",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\296744B7EBFEB2741A47781AE6E32269",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\92F9143E715DEF045A539256438E41FB",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\16AC40BE991DF1643B2800729063B2F9",
"HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\4",
"HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\0",
"HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\1",
"HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\2",
"HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\3",
"HKEY_CURRENT_USER\\Software\\KasperskyLab\\IEOverride\\MenuExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_ZONES_DEFAULT_DRIVE_INTRANET_KB941000",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Services",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\image\/x-png\\Bits",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\4626147D107665540A84D43A5908E74D",
"HKEY_CURRENT_USER\\SOFTWARE\\Classes\\PROTOCOLS\\Handler\\res",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Low Rights",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\26E80FB920712D74591068281FA765BA",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\Managed\\S-1-5-21-699399860-4089948139-3198924279-1001\\Installer\\UpgradeCodes\\F57A0D0910D2A3648B904FB0D98E449E",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_Cross_Domain_Redirect_Mitigation",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\FF9FDEA72CD9DDC47A6DAB85F9F76B81",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\FE056816E41FD2F4CACD03E7A2CA2E6E",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\image\/bmp\\Bits",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\PROTOCOLS\\Handler\\res",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\E116C831A95AB5B4787CE3086FE83631",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\image\/gif\\Bits",
"HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_BEHAVIORS",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\A0DB900AFB7545D4C8A344F58A17F7C9",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\FFFA6DF7EA9EDFC45A1F02FE6DF8F067",
"HKEY_CLASSES_ROOT\\PROTOCOLS\\Name-Space Handler\\file\\",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_MANAGE_SCRIPT_CIRCULAR_REFS",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\3B6475D6660257440A1F014807F98F15",
"HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Installer\\UpgradeCodes\\5A8E9D0E2E6761E45ABC045341450B4D",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_BEHAVIORS",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\6D8F0E61F693ABE4DA7E1BDC76DC05A7",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\Activities",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Activities",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\38DA7FA63426B513593FBB7BD274256D",
"HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Url History",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Network",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl",
"HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\Ranges\\",
"HKEY_CURRENT_USER\\Software\\KasperskyLab\\IEOverride\\Main",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\3C68656E520593A45925ADFB41F821B5",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\90860AAA7BD3DE34EB32330DD29CAD62",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\002F6EFFA8A0A40498F3035BD153685A",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_MSHTML_AUTOLOAD_IEFRAME",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Policies\\ActiveDesktop",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache\\PrivacIE:",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\F591EF48DE97A00428A5BC1AFFFAA868",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\717591555BCB1604BA9777E8A55D0E41",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_LOCALMACHINE_LOCKDOWN",
"HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Internet Explorer\\Restrictions",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\6E1F5EC53DCCB704BB1223446ED382A9",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\Version Vector",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\0FD387D006FD9734FA65B249F36DE42A",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\7636A94AA21EDBB48B6AFFB17E5907B8",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1",
"HKEY_LOCAL_MACHINE\\Software\\Classes\\Installer\\UpgradeCodes\\5A8E9D0E2E6761E45ABC045341450B4D",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\EEF8AA9EB45B5DB4BBE46B8634C910CD",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Installer\\UserData\\S-1-5-18\\Components\\AB106BB28FBF004489BA8212BF5C075E",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_MIME_HANDLING",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\Main"
],
"file_written": [
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-loading.gif",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-loading-g.gif",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\google-chrome-banner.png",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-error.png",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-about-rtl.png",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\jquery.custom_select.min.js",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-style.css",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-select-bg.png",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\default-slide-style.css",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\share-vkontakte.png",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\select_lang_page.html",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\rtl.css",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-refresh.png",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\yandex-motivation.png",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\share-facebook.png",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\btn.png",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-script-lte-ie8.js",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\remove.png",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-print.css",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-checkbox-unchecked-disabled.gif",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\share-twitter.png",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-loading-h.gif",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-script.js",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\chrome-logo.png",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-information.png",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-win8.png",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\btn_bg.png",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-loading-f.gif",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\product.png",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-progress-bar.png",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-loading-b.gif",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\google-toolbar-banner.png",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\install_programm.png",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-checkbox-checked.gif",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-incompatible-soft-ico.png",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-refresh-disabled.png",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-select-selected.png",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-win8-bg.png",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-select-down.png",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-select-up.png",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\print.png",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-about-disabled.png",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\autorun-bullet.png",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\C7D5F23490C2BE118892800072949DB9\\setup.dll",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-logo.png",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-checkbox-checked-disabled.gif",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-arrows.png",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\kl-setup-2020-11-21-07-53-07_SAAS.21.2.16.590.log",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-checkbox-unchecked.gif",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-radio-checked.gif",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-about.png",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\jquery-1.12.4.min.js",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\tfu.png",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-radio-unchecked.gif",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-icon-ok.png"
],
"regkey_deleted": [
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache\\MSHist012019040920190410",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\ProxyBypass",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\ProxyBypass",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\IntranetName",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\IntranetName"
],
"file_deleted": [
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\MSHist012019040920190410\\index.dat"
],
"directory_removed": [
"",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\MSHist012019040920190410\\"
],
"file_exists": [
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\jquery.custom_select.min.js:Zone.Identifier",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\MSHist012019040920190410\\desktop.ini",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\select_lang_page.html",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-script-lte-ie8.js",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\jquery-1.12.4.min.js:Zone.Identifier",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\jquery.custom_select.min.js",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\select_lang_page.html:Zone.Identifier",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\downloader.ini",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\History\\desktop.ini",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-script-lte-ie8.js:Zone.Identifier",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-print.css",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-script.js",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-style.css:Zone.Identifier",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-print.css:Zone.Identifier",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Internet Explorer",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\MSHist012020112120201122\\",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-script.js:Zone.Identifier",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\C7D5F23490C2BE118892800072949DB9",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-style.css",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-logo.png",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\setup_autotest.dll",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-radio-checked.gif",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\jquery-1.12.4.min.js",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\MSHist012020112120201122\\index.dat",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-radio-unchecked.gif",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\kl-setup-2020-11-21-07-53-07_SAAS.21.2.16.590.log"
],
"mutex": [
"Local\\DDrawDriverObjectListMutex",
"MSIMGSIZECacheMutex",
"Local\\ZonesCounterMutex",
"Local\\ZonesLockedCacheCounterMutex",
"Local\\c:!users!cuck!appdata!local!microsoft!windows!history!history.ie5!mshist012020112120201122!",
"Local\\ZoneAttributeCacheCounterMutex",
"Local\\ZonesCacheCounterMutex",
"Local\\DDrawWindowListMutex",
"Local\\MidiMapper_modLongMessage_RefCnt",
"Kaspersky_Setup_Single_Instance",
"Local\\__DDrawExclMode__",
"Local\\__DDrawCheckExclMode__"
],
"file_failed": [
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\select_lang_page.html",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-script-lte-ie8.js",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\jquery.custom_select.min.js",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-script.js",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\jquery-1.12.4.min.js",
"C:\\Windows\\SysWOW64\\jscript9.dll",
"C:\\Windows\\System32\\msxml3.dll\\1"
],
"guid": [
"{ea1afb91-9e28-4b86-90e9-9e9f8a5eefaf}",
"{275c23e2-3747-11d0-9fea-00aa003f8646}",
"{6a01fda0-30df-11d0-b724-00aa006c1a01}",
"{254dbbc1-f922-11d0-883a-3c8b00c10000}",
"{dccfc164-2b38-11d2-b7ec-00c04f8f5d9a}",
"{30a5fb78-e11f-11d1-9064-00c04fd9189d}",
"{3050f3bc-98b5-11cf-bb82-00aa00bdce0b}",
"{25336920-03f9-11cf-8fd0-00aa00686f13}",
"{a3ccedf7-2de2-11d0-86f4-00a0c913f750}",
"{4fd2a832-86c8-11d0-8fca-00c04fd9189d}",
"{5762f2a7-4658-4c7a-a4ac-bdabfe154e0d}",
"{4ef17940-30e0-11d0-b724-00aa006c1a01}",
"{00000146-0000-0000-c000-000000000046}",
"{6c736dc1-ab0d-11d0-a2ad-00a0c90f27e8}",
"{a7ee7f34-3bd1-427f-9231-f941e9b7e1fe}",
"{4cb26c03-ff93-11d0-817e-0000f87557db}",
"{b39fd73f-e139-11d1-9065-00c04fd9189d}",
"{a3ccedf3-2de2-11d0-86f4-00a0c913f750}",
"{f414c260-6ac0-11cf-b6d1-00aa00bbbb58}",
"{871c5380-42a0-1069-a2ea-08002b30309d}",
"{000214e6-0000-0000-c000-000000000046}",
"{00000001-0000-0000-c000-000000000046}",
"{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}",
"{ff393560-c2a7-11cf-bff4-444553540000}",
"{d9e89500-30fa-11d0-b724-00aa006c1a01}",
"{00000323-0000-0000-c000-000000000046}",
"{56fdf344-fd6d-11d0-958a-006097c9a090}",
"{ed8c108e-4349-11d2-91a4-00c04f7969e8}",
"{e7e4bc40-e76a-11ce-a9bb-00aa004ae837}",
"{3050f429-98b5-11cf-bb82-00aa00bdce0b}",
"{cd773740-b187-4974-a1d5-e0ff91372277}",
"{8856f961-340a-11d0-a96b-00c04fd705a2}",
"{81397204-f51a-4571-8d7b-dc030521aabd}",
"{50d5107a-d278-4871-8989-f4ceaaf59cfc}",
"{6187e5a2-a445-4608-8fc0-be7a6c8db386}",
"{385a91bc-1e8a-4e4a-a7a6-f4fc1e6ca1bd}",
"{bb1a2ae1-a4f9-11cf-8f20-00805f2cd064}",
"{adc6cb82-424c-11d2-952a-00c04fa34f05}",
"{30a99515-1527-4451-af9f-00c5f0234daf}",
"{30c3b080-30fb-11d0-b724-00aa006c1a01}",
"{0e890f83-5f79-11d1-9043-00c04fd9189d}",
"{4fd2a833-86c8-11d0-8fca-00c04fd9189d}",
"{22b07b33-8bfb-49d4-9b90-0938370c9019}",
"{6c736db1-bd94-11d0-8a23-00aa00b58e10}",
"{3050f406-98b5-11cf-bb82-00aa00bdce0b}",
"{08c0e040-62d1-11d1-9326-0060b067b86e}"
],
"file_read": [
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\select_lang_page.html",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-script-lte-ie8.js",
"C:\\Windows\\Media\\Windows Navigation Start.wav",
"C:\\Windows\\System32\\msxml3.dll",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\History\\desktop.ini",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\69f362d1742094a58f6586ebcc457627fce0d560bf5c43bcdd49e941493ff95a.bin",
"C:\\Windows\\SysWOW64\\mshtml.dll",
"C:\\Windows\\System32\\dxtrans.dll",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-print.css",
"C:\\Windows\\System32\\dxtmsft.dll",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-script.js",
"C:\\Windows\\SysWOW64\\stdole2.tlb",
"C:\\Windows\\SysWOW64\\ieframe.dll",
"C:\\Users\\desktop.ini",
"C:\\Windows\\win.ini",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\jquery.custom_select.min.js",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-style.css",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-logo.png",
"C:\\Windows\\SysWOW64\\msi.dll",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-radio-checked.gif",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\jquery-1.12.4.min.js",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-radio-unchecked.gif"
],
"regkey_read": [
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\DirectDraw\\Compatibility\\StarCraft100\\ID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder\\HideFolderVerbs",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Rpc\\MaxRpcSize",
"HKEY_CURRENT_USER\\.html\\Content Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\image\/x-png\\Image Filter CLSID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\Version Vector\\VML",
"HKEY_CURRENT_USER\\FirefoxHTML-E7CF176E110C211B\\IsShortcut",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_BLOCK_LMZ_IMG\\69f362d1742094a58f6586ebcc457627fce0d560bf5c43bcdd49e941493ff95a.bin",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_XSSFILTER\\69f362d1742094a58f6586ebcc457627fce0d560bf5c43bcdd49e941493ff95a.bin",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoSetFolders",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_SAFE_BINDTOOBJECT\\69f362d1742094a58f6586ebcc457627fce0d560bf5c43bcdd49e941493ff95a.bin",
"HKEY_CURRENT_USER\\Software\\KasperskyLab\\IEOverride\\Main\\Print_Background",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoFileUrl",
"HKEY_CURRENT_USER\\Software\\KasperskyLab\\IEOverride\\Main\\SmoothScroll",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache\\ietld\\CachePrefix",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows NT\\CurrentVersion\\DRIVERS32\\wave",
"HKEY_CURRENT_USER\\AppEvents\\Schemes\\Apps\\Explorer\\Navigating\\.Current\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Rpc\\Extensions\\RemoteRpcDll",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows NT\\CurrentVersion\\DRIVERS32\\wavemapper",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\DirectDraw\\Compatibility\\MortalKombat3\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\DirectDraw\\DisableDDSCAPSInDDSD",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\DisableImprovedZoneCheck",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_SHIM_MSHELP_COMBINE\\*",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_BEHAVIORS\\*",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache\\MSHist012019040920190410\\CacheRepair",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\CreateUriCacheSize",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\Feed Discovery\\Sound",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{ED8C108E-4349-11D2-91A4-00C04F7969E8}\\InProcServer32\\ThreadingModel",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\HideIcons",
"HKEY_CURRENT_USER\\Control Panel\\Desktop\\WindowMetrics\\AppliedDPI",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\DirectDraw\\Compatibility\\Terracide\\Flags",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\DirectDraw\\DisableMMX",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\AutoCheckSelect",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2\\MinLevel",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\Attributes",
"HKEY_CURRENT_USER\\Software\\KasperskyLab\\IEOverride\\Main\\Use_DlgBox_Colors",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\DirectDraw\\OWNDC",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\DirectDraw\\Compatibility\\Bug!\\ID",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ProxyEnable",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder\\WantsFORPARSING",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.gif\\Content Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder\\MapNetDriveVerbs",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\DirectDraw\\Compatibility\\ThirdDimension\\Flags",
"HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\DisableCachingOfSSLPages",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\DirectDraw\\Compatibility\\MsGolf98\\ID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\IsShortcut",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\WantsAliasedNotifications",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\EMPTY",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0\\MinLevel",
"HKEY_CURRENT_USER\\System\\CurrentControlSet\\Control\\MediaProperties\\PrivateProperties\\Joystick\\Winmm\\wheel",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_LOCALMACHINE_LOCKDOWN\\*",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Zoom\\ZoomDisabled",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0\\Flags",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\PROTOCOLS\\Handler\\about\\CLSID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\DocObject",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_FEEDS\\*",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\CoInternetCombineIUriCacheSize",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\IsTextPlainHonored",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_BROWSER_EMULATION\\69f362d1742094a58f6586ebcc457627fce0d560bf5c43bcdd49e941493ff95a.bin",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_ZONE_ELEVATION\\69f362d1742094a58f6586ebcc457627fce0d560bf5c43bcdd49e941493ff95a.bin",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_USE_WINDOWEDSELECTCONTROL\\*",
"HKEY_CURRENT_USER\\Software\\KasperskyLab\\IEOverride\\Main\\Cleanup HTCs",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\AboutURLs\\blank",
"HKEY_CURRENT_USER\\Software\\KasperskyLab\\IEOverride\\Main\\CSS_Compat",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}\\InProcServer32\\LoadWithoutCOM",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\DontPrettyPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\DirectDraw\\Compatibility\\NortonSystemInfo\\Flags",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\AllowFileCLSIDJunctions",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}\\InProcServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_UNC_SAVEDFILECHECK\\69f362d1742094a58f6586ebcc457627fce0d560bf5c43bcdd49e941493ff95a.bin",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\WebView",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\DirectDraw\\Compatibility\\Savage\\Flags",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.js\\Content Type",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache\\MSHist012019040920190410\\CachePrefix",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\DirectDraw\\Compatibility\\Rogue Squadron\\Flags",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder\\QueryForOverlay",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\Low Rights\\ProtectedModeOffForAllZones",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache\\MSHist012019040920190410\\CacheLimit",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.html\\AlwaysShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{00020424-0000-0000-C000-000000000046}\\InprocServer32\\ThreadingModel",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\MapNetDrvBtn",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\FileSystem\\Win31FileSystem",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\DirectDraw\\EnablePrintScreen",
"HKEY_CURRENT_USER\\Software\\KasperskyLab\\IEOverride\\Main\\DOMStorage",
"HKEY_CURRENT_USER\\Software\\KasperskyLab\\IEOverride\\Main\\UseClearType",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2\\Flags",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CodePage\\950",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\CoInternetCombineIUriCacheSize",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_MSHTML_AUTOLOAD_IEFRAME\\69f362d1742094a58f6586ebcc457627fce0d560bf5c43bcdd49e941493ff95a.bin",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3\\2106",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\MMDevices\\Audio\\Render\\{c8ce7349-e519-42ea-bfb7-698f1844ee25}\\Properties\\{a45c254e-df1c-4efd-8020-67d146a850e0},2",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\TabProcGrowth",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\en",
"HKEY_CURRENT_USER\\Software\\KasperskyLab\\IEOverride\\Main\\Enable AutoImageResize",
"HKEY_CURRENT_USER\\Software\\KasperskyLab\\IEOverride\\Main\\UseThemes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\DevicePath",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache\\PrivacIE:\\CacheOptions",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\SpecialFoldersCacheSize",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\ShowTypeOverlay",
"HKEY_CURRENT_USER\\Software\\KasperskyLab\\IEOverride\\Main\\Anchor Underline",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{3f5cc1b5-70f9-11e8-b07b-806e6f6e6963}\\Data",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\HideFileExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\DirectDraw\\Compatibility\\DemolitionDerby2\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum\\{871C5380-42A0-1069-A2EA-08002B30309D}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\image\/jpeg\\Bits\\0",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache\\feedplat\\CacheRepair",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache\\MSHist012020112120201122\\CachePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\DirectDraw\\Compatibility\\ThirdDimension\\Name",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1\\2500",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4\\CurrentLevel",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.html\\NeverShowExt",
"HKEY_CURRENT_USER\\Software\\KasperskyLab\\IEOverride\\Main\\Page_Transitions",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\DirectDraw\\Compatibility\\ScorchedPlanet\\Flags",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder\\CallForAttributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\DirectDraw\\Compatibility\\MortalKombat3\\Flags",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\DirectDraw\\Compatibility\\Diablo\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\DirectDraw\\Compatibility\\ThirdDimension\\ID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoWebView",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache\\DOMStore\\CachePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder\\RestrictedAttributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\OLE\\MaximumAllowedAllocationSize",
"HKEY_CURRENT_USER\\Software\\KasperskyLab\\IEOverride\\Main\\Q300829",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows NT\\CurrentVersion\\DRIVERS32\\wdmaud.drv",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_SUBDOWNLOAD_LOCKDOWN\\69f362d1742094a58f6586ebcc457627fce0d560bf5c43bcdd49e941493ff95a.bin",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\MMDevices\\Audio\\Render\\{c8ce7349-e519-42ea-bfb7-698f1844ee25}\\DeviceState",
"HKEY_CURRENT_USER\\Software\\KasperskyLab\\IEOverride\\Main\\Use Stylesheets",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\DirectDraw\\ForceRefreshRate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0\\2000",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\DirectDraw\\Compatibility\\Savage\\Name",
"HKEY_CURRENT_USER\\Software\\KasperskyLab\\IEOverride\\Main\\Force Offscreen Composition",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{0000897b-83df-4b96-be07-0fb58b01c4a4}\\LanguageProfile\\0x00000000\\{0001bea3-ed56-483d-a2e2-aeae25577436}\\Enable",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\International\\AcceptLanguage",
"HKEY_LOCAL_MACHINE\\SYSTEM\\Setup\\SystemSetupInProgress",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\FrameTabWindow",
"HKEY_CURRENT_USER\\Software\\KasperskyLabSetup\\Setup21.2.16.590.0.320.0\\AppCommandLine",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\InProcServer32\\(Default)",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\WindowsSearch\\EnabledScopes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0\\RecommendedLevel",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\SourcePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\image\/pjpeg\\Bits\\0",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\RestrictedAttributes",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\LDAP\\UseOldHostResolutionOrder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\NeverShowExt",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\ShowInfoTip",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache\\PrivacIE:\\CachePrefix",
"HKEY_CURRENT_USER\\Software\\KasperskyLab\\IEOverride\\Main\\DisableScriptDebuggerIE",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\SeparateProcess",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4\\2500",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\MMDevices\\Audio\\Capture\\{d87a0b1a-8975-43e7-9879-c2912b61be65}\\Properties\\{1da5d803-d492-4edd-8c23-e0c0ffee7f0e},0",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\AdminTabProcs",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache\\DOMStore\\CachePrefix",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\SessionMerging",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\image\/x-wmf\\Bits\\0",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2\\RecommendedLevel",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_SHIM_MSHELP_COMBINE\\69f362d1742094a58f6586ebcc457627fce0d560bf5c43bcdd49e941493ff95a.bin",
"HKEY_CURRENT_USER\\AppEvents\\Schemes\\Apps\\Explorer\\ActivatingDocument\\.Current\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3\\RecommendedLevel",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\NoFileFolderJunction",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\AlwaysShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\DirectDraw\\Compatibility\\StarCraftDemo\\Flags",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_SSLUX\\*",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2\\2500",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Language\\InstallLanguageFallback",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\SecuritySafe",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Locale\\00000409",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_MIME_SNIFFING\\*",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\SpecialFoldersCacheSize",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\WarnOnIntranet",
"HKEY_CURRENT_USER\\Software\\KasperskyLab\\IEOverride\\Main\\XDomainRequest",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\en",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.html\\IsShortcut",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoCommonGroups",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\DirectDraw\\Compatibility\\StarCraftDemo\\ID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\TypeLib\\{00020430-0000-0000-C000-000000000046}\\2.0\\0\\win32\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\FirefoxHTML-E7CF176E110C211B\\DocObject",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\PinToNameSpaceTree",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SQMClient\\Windows\\DisabledSessions\\MachineThrottling",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache\\feedplat\\CacheOptions",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\COM3\\COM+Enabled",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows NT\\CurrentVersion\\DRIVERS32\\wave6",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows NT\\CurrentVersion\\DRIVERS32\\wave7",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows NT\\CurrentVersion\\DRIVERS32\\wave4",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows NT\\CurrentVersion\\DRIVERS32\\wave5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows NT\\CurrentVersion\\DRIVERS32\\wave2",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows NT\\CurrentVersion\\DRIVERS32\\wave3",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows NT\\CurrentVersion\\DRIVERS32\\wave1",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\WantsFORPARSING",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows NT\\CurrentVersion\\DRIVERS32\\wave8",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows NT\\CurrentVersion\\DRIVERS32\\wave9",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\DisableCachingOfSSLPages",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\BrowseInPlace",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\MUI\\UILanguages\\en-US\\Type",
"HKEY_CURRENT_USER\\Software\\KasperskyLab\\IEOverride\\RtfConverterFlags",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\DirectDraw\\Compatibility\\StarCraftDemo\\Name",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3\\2000",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0\\2000",
"HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\UrlEncoding",
"HKEY_CURRENT_USER\\FirefoxHTML-E7CF176E110C211B\\AlwaysShowExt",
"HKEY_CURRENT_USER\\FirefoxHTML-E7CF176E110C211B\\BrowseInPlace",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_MIME_SNIFFING\\69f362d1742094a58f6586ebcc457627fce0d560bf5c43bcdd49e941493ff95a.bin",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE\\*",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\ShowCompColor",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder\\HasNavigationEnum",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\MMDevices\\Audio\\Capture\\{d87a0b1a-8975-43e7-9879-c2912b61be65}\\Properties\\{b3f8fa53-0004-438e-9003-51a46e139bfc},1",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\MMDevices\\Audio\\Capture\\{d87a0b1a-8975-43e7-9879-c2912b61be65}\\Properties\\{b3f8fa53-0004-438e-9003-51a46e139bfc},2",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\MMDevices\\Audio\\Capture\\{d87a0b1a-8975-43e7-9879-c2912b61be65}\\Properties\\{b3f8fa53-0004-438e-9003-51a46e139bfc},6",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Services\\SelectionActivityButtonDisable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\IsShortcut",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache\\feedplat\\CacheLimit",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoPropertiesRecycleBin",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\QueryForInfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoPropertiesMyComputer",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\image\/x-png\\Bits\\0",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache\\MSHist012020112120201122\\CacheRepair",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\DirectDraw\\Compatibility\\Rogue Squadron\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{00020424-0000-0000-C000-000000000046}\\InprocServer32\\InprocServer32",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\SessionMerging",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3\\MinLevel",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\InProcServer32\\LoadWithoutCOM",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShellState",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\DirectDraw\\Compatibility\\NHLPowerPlay\\Flags",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_MIME_HANDLING\\69f362d1742094a58f6586ebcc457627fce0d560bf5c43bcdd49e941493ff95a.bin",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.css\\Content Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_BLOCK_LMZ_IMG\\*",
"HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\CoInternetCombineIUriCacheSize",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder\\WantsUniversalDelegate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\UrlEncoding",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows NT\\CurrentVersion\\DRIVERS32\\midi",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\UrlEncoding",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\MMDevices\\Audio\\Render\\{c8ce7349-e519-42ea-bfb7-698f1844ee25}\\Properties\\{b3f8fa53-0004-438e-9003-51a46e139bfc},2",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\MMDevices\\Audio\\Render\\{c8ce7349-e519-42ea-bfb7-698f1844ee25}\\Properties\\{b3f8fa53-0004-438e-9003-51a46e139bfc},1",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\MMDevices\\Audio\\Render\\{c8ce7349-e519-42ea-bfb7-698f1844ee25}\\Properties\\{b3f8fa53-0004-438e-9003-51a46e139bfc},6",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Direct3D\\FlipNoVsync",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\DirectDraw\\Compatibility\\Diablo\\ID",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0\\CurrentLevel",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\NeverShowExt",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2\\Icon",
"HKEY_CURRENT_USER\\Software\\KasperskyLab\\IEOverride\\Main\\Move System Caret",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Drive\\shellex\\FolderExtensions\\{fbeb8a05-beee-4442-804e-409d6c4515e9}\\DriveMask",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\DirectDraw\\Compatibility\\SilentThunder\\Flags",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache\\MSHist012020112120201122\\CacheLimit",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{3f5cc1b6-70f9-11e8-b07b-806e6f6e6963}\\Generation",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_SAFE_BINDTOOBJECT\\*",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoControlPanel",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\DirectDraw\\UseNonLocalVidMem",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\DirectDraw\\EmulationOnly",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_BLOCK_LMZ_SCRIPT\\69f362d1742094a58f6586ebcc457627fce0d560bf5c43bcdd49e941493ff95a.bin",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Cached\\{FF393560-C2A7-11CF-BFF4-444553540000} {000214E6-0000-0000-C000-000000000046} 0xFFFF",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\Interface\\{00000134-0000-0000-C000-000000000046}\\ProxyStubClsid32\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\DirectDraw\\Compatibility\\StarCraft115\\Flags",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1\\2500",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1\\Flags",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\Interface\\{332C4425-26CB-11D0-B483-00C04FD90119}\\ProxyStubClsid32\\(Default)",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FrameTabWindow",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\DirectDraw\\Compatibility\\ScorchedPlanet\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\TypeLib\\{54314D1D-35FE-11D1-81A1-0000F87557DB}\\1.1\\0\\win32\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder\\UseDropHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE\\69f362d1742094a58f6586ebcc457627fce0d560bf5c43bcdd49e941493ff95a.bin",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.html\\UserChoice\\Progid",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_ZONE_ELEVATION\\*",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\DirectDraw\\Compatibility\\StarCraft100\\Name",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Filter",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\DirectDraw\\Compatibility\\Rogue Squadron\\ID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\WantsFORDISPLAY",
"HKEY_CURRENT_USER\\.html\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\DirectDraw\\Compatibility\\SilentThunder\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\CTF\\EnableAnchorContext",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{3f5cc1b5-70f9-11e8-b07b-806e6f6e6963}\\Generation",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache\\ietld\\CacheLimit",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache\\DOMStore\\CacheLimit",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Rpc\\Extensions\\NdrOleExtDLL",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\DirectDraw\\Compatibility\\MsGolf98\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\DirectDraw\\Compatibility\\ZiffDavisQualityBenchmark\\ID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoInternetIcon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DontShowSuperHidden",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder\\WantsFORDISPLAY",
"HKEY_CURRENT_USER\\Software\\KasperskyLab\\IEOverride\\SmartDithering",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\No3DBorder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\Default Behaviors\\DXTFilterBehavior",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\Version Vector\\WindowsEdition",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\SQMServiceList\\SQMServiceList",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Url History\\DaysToKeep",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\MapNetDriveVerbs",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder\\WantsParseDisplayName",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Cached\\{E7E4BC40-E76A-11CE-A9BB-00AA004AE837} {000214E6-0000-0000-C000-000000000046} 0xFFFF",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache\\ietld\\CacheRepair",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Security\\DisableSecuritySettingsCheck",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{FF393560-C2A7-11CF-BFF4-444553540000}\\InProcServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\crypt32\\DebugHeapFlags",
"HKEY_CURRENT_USER\\Keyboard Layout\\Toggle\\Layout Hotkey",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1\\CurrentLevel",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\FirefoxHTML-E7CF176E110C211B\\BrowseInPlace",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{ED8C108E-4349-11D2-91A4-00C04F7969E8}\\InProcServer32\\(Default)",
"HKEY_CURRENT_USER\\Software\\KasperskyLab\\IEOverride\\Main\\UseHR",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_PROTOCOL_LOCKDOWN\\*",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4\\2500",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\DirectDraw\\Compatibility\\NortonSystemInfo\\ID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\DirectDraw\\Compatibility\\StarCraft115\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4\\MinLevel",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{3f5cc1b6-70f9-11e8-b07b-806e6f6e6963}\\Data",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\UseDropHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\DirectDraw\\Compatibility\\Terracide\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\DirectDraw\\Compatibility\\MsGolf98\\Flags",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{ED8C108E-4349-11D2-91A4-00C04F7969E8}\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.html\\BrowseInPlace",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache\\ietld\\CachePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\DirectDraw\\Compatibility\\Terracide\\ID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder\\WantsAliasedNotifications",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3\\CurrentLevel",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder\\QueryForInfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\DirectDraw\\ShowFrameRate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\FirefoxHTML-E7CF176E110C211B\\AlwaysShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder\\Attributes",
"HKEY_CURRENT_USER\\FirefoxHTML-E7CF176E110C211B\\NeverShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_RESTRICT_ABOUT_PROTOCOL_IE7\\69f362d1742094a58f6586ebcc457627fce0d560bf5c43bcdd49e941493ff95a.bin",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Suggested Sites\\Enabled",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\DisableCachingOfSSLPages",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache\\feedplat\\CachePrefix",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{ED8C108E-4349-11D2-91A4-00C04F7969E8}\\InProcServer32\\InprocServer32",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\HideFolderVerbs",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_RESTRICT_FILEDOWNLOAD\\*",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoNetCrawling",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\DirectDraw\\Compatibility\\MortalKombat3\\ID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\MMDevices\\Audio\\Capture\\{d87a0b1a-8975-43e7-9879-c2912b61be65}\\Properties\\{a45c254e-df1c-4efd-8020-67d146a850e0},2",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache\\MSHist012020112120201122\\CacheOptions",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache\\MSHist012019040920190410\\CacheOptions",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache\\MSHist012020112120201122\\CachePrefix",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\DirectDraw\\Compatibility\\Bug!\\Flags",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\TabProcGrowth",
"HKEY_LOCAL_MACHINE\\SYSTEM\\Setup\\OOBEInProgress",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\DirectDraw\\Compatibility\\StarCraft100\\Flags",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\CreateUriCacheSize",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows NT\\CurrentVersion\\DRIVERS32\\midi6",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows NT\\CurrentVersion\\DRIVERS32\\midi7",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\HideInWebView",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows NT\\CurrentVersion\\DRIVERS32\\midi5",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows NT\\CurrentVersion\\DRIVERS32\\midi2",
"HKEY_CURRENT_USER\\Software\\KasperskyLab\\IEOverride\\Main\\Display Inline Videos",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows NT\\CurrentVersion\\DRIVERS32\\midi1",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows NT\\CurrentVersion\\DRIVERS32\\midi8",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows NT\\CurrentVersion\\DRIVERS32\\midi9",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\MaxRenderLine",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\CallForAttributes",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Recovery\\AutoRecover",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_RESTRICT_FILEDOWNLOAD\\69f362d1742094a58f6586ebcc457627fce0d560bf5c43bcdd49e941493ff95a.bin",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\No3DBorder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder\\NoFileFolderJunction",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows Script\\Settings\\JITDebug",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows\\DragDelay",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\FirefoxHTML-E7CF176E110C211B\\NeverShowExt",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\AdminTabProcs",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\CreateUriCacheSize",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\DirectDraw\\ModeXOnly",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder\\HideOnDesktopPerUser",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\DirectDraw\\Compatibility\\ZiffDavisWinMarkBenchmark\\ID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\OLE\\PageAllocatorUseSystemHeap",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\EnablePunycode",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{ED8C108E-4349-11D2-91A4-00C04F7969E8}\\ProgID\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.png\\Content Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\DirectDraw\\Compatibility\\DemolitionDerby2\\ID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\NavigationDelay",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder\\PinToNameSpaceTree",
"HKEY_CURRENT_USER\\Software\\KasperskyLab\\IEOverride\\Main\\Display Inline Images",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.html\\Content Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{00020424-0000-0000-C000-000000000046}\\InprocServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\HasNavigationEnum",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\DirectDraw\\Compatibility\\DemolitionDerby2\\Flags",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SQMClient\\Windows\\DisabledSessions\\GlobalSession",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\MMDevices\\Audio\\Render\\{c8ce7349-e519-42ea-bfb7-698f1844ee25}\\Properties\\{026e516e-b814-414b-83cd-856d6fef4822},2",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\DocObject",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3\\2500",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\DirectDraw\\Compatibility\\ZiffDavisQualityBenchmark\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4\\RecommendedLevel",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\ShowSuperHidden",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\LocalizedString",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache\\DOMStore\\CacheOptions",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_BLOCK_LMZ_SCRIPT\\*",
"HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\EnablePunycode",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache\\PrivacIE:\\CacheRepair",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\DirectDraw\\Compatibility\\NHLPowerPlay\\ID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_MSHTML_AUTOLOAD_IEFRAME\\*",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoFileMenu",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\DirectDraw\\ForceAGPSupport",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2\\CurrentLevel",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\DirectDraw\\Compatibility\\Bug!\\Name",
"HKEY_CURRENT_USER\\Keyboard Layout\\Toggle\\Language Hotkey",
"HKEY_CURRENT_USER\\AppEvents\\Schemes\\Apps\\Explorer\\Navigating\\.Current\\Default Flags",
"HKEY_CURRENT_USER\\Software\\KasperskyLab\\IEOverride\\Main\\Play_Background_Sounds",
"HKEY_CURRENT_USER\\Keyboard Layout\\Toggle\\Hotkey",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache\\DOMStore\\CacheRepair",
"HKEY_CURRENT_USER\\Software\\KasperskyLab\\IEOverride\\Main\\Disable Script Debugger",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\LDAP\\UseHostnameAsAlias",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\NoNetCrawling",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_XSSFILTER\\*",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache\\PrivacIE:\\CachePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\Interface\\{618736E0-3C3D-11CF-810C-00AA00389B71}\\ProxyStubClsid32\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\DirectDraw\\Compatibility\\ScorchedPlanet\\ID",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache\\MSHist012019040920190410\\CachePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\DirectDraw\\Compatibility\\ZiffDavisQualityBenchmark\\Flags",
"HKEY_CURRENT_USER\\Software\\KasperskyLab\\IEOverride\\Main\\XMLHTTP",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\WarnOnIntranet",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Language Groups\\1",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows NT\\CurrentVersion\\Windows\\LoadAppInit_DLLs",
"HKEY_CURRENT_USER\\FirefoxHTML-E7CF176E110C211B\\DocObject",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_MIME_HANDLING\\*",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\DirectDraw\\DisableWiderSurfaces",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\Version Vector\\IE",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows NT\\CurrentVersion\\DRIVERS32\\midimapper",
"HKEY_CURRENT_USER\\Software\\KasperskyLab\\IEOverride\\Main\\Expand Alt Text",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_BEHAVIORS\\69f362d1742094a58f6586ebcc457627fce0d560bf5c43bcdd49e941493ff95a.bin",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\WantsUniversalDelegate",
"HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\SpecialFoldersCacheSize",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\QueryForOverlay",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\CoInternetCombineIUriCacheSize",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\ClassicShell",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\WantsParseDisplayName",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\EnablePunycode",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Allow Programmatic Cut_Copy_Paste",
"HKEY_CURRENT_USER\\Software\\Microsoft\\FTP\\Use Web Based FTP",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3\\2500",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Microsoft.XMLHTTP\\CLSID\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\BrowseInPlace",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\IconsOnly",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.html\\DocObject",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\DirectDraw\\Compatibility\\ZiffDavisWinMarkBenchmark\\Flags",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\2\\2500",
"HKEY_CURRENT_USER\\Software\\KasperskyLab\\IEOverride\\Main\\Show image placeholders",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\FrameMerging",
"HKEY_CURRENT_USER\\Control Panel\\Desktop\\MuiCached\\MachinePreferredUILanguages",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\3\\Flags",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\LDAP\\LdapClientIntegrity",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\Security\\DisableSecuritySettingsCheck",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\AutoDetect",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache\\feedplat\\CachePath",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows\\DragScrollInterval",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\SeparateProcess",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SQMClient\\Windows\\CEIPEnable",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows\\DragScrollInset",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache\\ietld\\CacheOptions",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1\\Icon",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache\\PrivacIE:\\CacheLimit",
"HKEY_CURRENT_USER\\Software\\KasperskyLab\\IEOverride\\Main\\Play_Animations",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1\\RecommendedLevel",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\DocObject",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_SUBDOWNLOAD_LOCKDOWN\\*",
"HKEY_CURRENT_USER\\Control Panel\\Desktop\\PreferredUILanguages",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_UNC_SAVEDFILECHECK\\*",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows\\DragScrollDelay",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\MUI\\UILanguages\\en-US\\AlternateCodePage",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\image\/bmp\\Bits\\0",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\DirectDraw\\DisableAGPSupport",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SQMClient\\Windows\\DisabledProcesses\\2F2BE9FF",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\DirectDraw\\Compatibility\\StarCraft115\\ID",
"HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\CreateUriCacheSize",
"HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\WarnOnIntranet",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\ComputerName\\ActiveComputerName\\ComputerName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{FF393560-C2A7-11CF-BFF4-444553540000}\\InProcServer32\\LoadWithoutCOM",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\MMDevices\\Audio\\Render\\{c8ce7349-e519-42ea-bfb7-698f1844ee25}\\Properties\\{1da5d803-d492-4edd-8c23-e0c0ffee7f0e},0",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_BROWSER_EMULATION\\*",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_SSLUX\\69f362d1742094a58f6586ebcc457627fce0d560bf5c43bcdd49e941493ff95a.bin",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\DirectDraw\\Compatibility\\ZiffDavisWinMarkBenchmark\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\OLE\\PageAllocatorSystemHeapIsPrivate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\DirectDraw\\Compatibility\\Savage\\ID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\DirectDraw\\Compatibility\\SilentThunder\\ID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\DirectDraw\\Compatibility\\Diablo\\Flags",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_PROTOCOL_LOCKDOWN\\69f362d1742094a58f6586ebcc457627fce0d560bf5c43bcdd49e941493ff95a.bin",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_RESTRICT_ABOUT_PROTOCOL_IE7\\*",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\1\\MinLevel",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\image\/png\\Bits\\0",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{00020424-0000-0000-C000-000000000046}\\(Default)",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FrameMerging",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Security_HKLM_only",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\TypeLib\\{5E77EB03-937C-11D1-B047-00AA003B6061}\\1.1\\0\\win32\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows Search\\CurrentVersion",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows NT\\CurrentVersion\\DRIVERS32\\midi4",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_FEEDS\\69f362d1742094a58f6586ebcc457627fce0d560bf5c43bcdd49e941493ff95a.bin",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\MIME\\Database\\Content Type\\image\/gif\\Bits\\0",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\DirectDraw\\Compatibility\\NortonSystemInfo\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\EnablePunycode",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\PageSetup\\Print_Background",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows NT\\CurrentVersion\\DRIVERS32\\midi3",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\PROTOCOLS\\Handler\\res\\CLSID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\GRE_Initialize\\DisableMetaFiles",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\4\\Flags",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\FirefoxHTML-E7CF176E110C211B\\IsShortcut",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Hidden",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\HideOnDesktopPerUser",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\NeverShowExt",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Cached\\{871C5380-42A0-1069-A2EA-08002B30309D} {000214E6-0000-0000-C000-000000000046} 0xFFFF",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\IsShortcut",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_USE_WINDOWEDSELECTCONTROL\\69f362d1742094a58f6586ebcc457627fce0d560bf5c43bcdd49e941493ff95a.bin",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D}\\ShellFolder\\HideInWebView",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\NoProtectedModeBanner",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\MMDevices\\Audio\\Capture\\{d87a0b1a-8975-43e7-9879-c2912b61be65}\\Properties\\{026e516e-b814-414b-83cd-856d6fef4822},2",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoSimpleStartMenu",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\SpecialFoldersCacheSize",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\BrowseInPlace",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_LOCALMACHINE_LOCKDOWN\\69f362d1742094a58f6586ebcc457627fce0d560bf5c43bcdd49e941493ff95a.bin",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\DirectDraw\\Compatibility\\NHLPowerPlay\\Name",
"HKEY_CURRENT_USER\\AppEvents\\Schemes\\(Default)"
],
"directory_enumerated": [
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\MSHist012019040920190410\\*.*",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\select_lang_page.html",
"C:\\Users\\cuck\\AppData",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-script-lte-ie8.js",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-style.css",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\jquery.custom_select.min.js",
"C:\\Users\\cuck\\AppData\\Local\\Temp",
"C:\\Users\\cuck",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-print.css",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-logo.png",
"C:\\Users",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-radio-checked.gif",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-script.js",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\jquery-1.12.4.min.js",
"C:\\Users\\cuck\\AppData\\Local",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\432F5D7D-2C09-11EB-8829-08002749D99B\\kis-radio-unchecked.gif"
],
"regkey_written": [
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache\\MSHist012020112120201122\\CacheRepair",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache\\MSHist012020112120201122\\CacheOptions",
"HKEY_CURRENT_USER\\Software\\KasperskyLab\\IEOverride\\Main\\UseSWRender",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\AutoDetect",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\DirectDraw\\MostRecentApplication\\Name",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache\\MSHist012020112120201122\\CachePrefix",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Cached\\{E7E4BC40-E76A-11CE-A9BB-00AA004AE837} {000214E6-0000-0000-C000-000000000046} 0xFFFF",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\DirectDraw\\MostRecentApplication\\ID",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache\\MSHist012020112120201122\\CachePath",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\UNCAsIntranet",
"HKEY_CURRENT_USER\\Software\\KasperskyLab\\IEOverride\\Main\\Enable Browser Extensions",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache\\MSHist012020112120201122\\CacheLimit"
]
},
"first_seen": 1605973986.71875,
"ppid": 3040
},
{
"process_path": "C:\\Windows\\explorer.exe",
"process_name": "explorer.exe",
"pid": 1788,
"summary": {
"regkey_written": [
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Shell\\Bags\\1\\Desktop\\FFlags",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Shell\\Bags\\1\\Desktop\\GroupByDirection",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Shell\\BagMRU\\MRUListEx",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StuckRects2\\Settings",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Shell\\Bags\\1\\Desktop\\Sort",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Shell\\Bags\\1\\Desktop\\LogicalViewMode",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Shell\\Bags\\1\\Desktop\\Mode",
"HKEY_CURRENT_USER\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\TrayNotify\\UserStartTime",
"HKEY_CURRENT_USER\\Local Settings\\MuiCache\\2\\52C64B7E\\LanguageList",
"HKEY_CURRENT_USER\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\TrayNotify\\LastAdvertisement",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Shell\\Bags\\1\\Desktop\\GroupView",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Shell\\Bags\\1\\Desktop\\ColInfo",
"HKEY_CURRENT_USER\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\TrayNotify\\IconStreams",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Shell\\Bags\\1\\Desktop\\GroupByKey:FMTID",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Shell\\BagMRU\\NodeSlots",
"HKEY_CURRENT_USER\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\TrayNotify\\PastIconsStream",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Streams\\Desktop\\TaskbarWinXP",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Shell\\Bags\\1\\Desktop\\IconSize",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Shell\\Bags\\1\\Desktop\\GroupByKey:PID"
],
"file_failed": [
"C:\\cuckoo_1788.ini",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\MSHist012019040920190410\\"
],
"regkey_opened": [
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache\\MSHist012020112120201122",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache\\DOMStore",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache\\ietld",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\StuckRects2",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache\\feedplat",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache\\PrivacIE:",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache"
],
"regkey_deleted": [
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Shell\\Bags\\1\\Desktop\\GroupCollapseState",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Shell\\Bags\\1\\Desktop\\ItemOrder",
"HKEY_CURRENT_USER\\System\\CurrentControlSet\\Control\\Network\\ShowWirelessConnectingOnStart",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Shell\\Bags\\1\\Desktop\\ItemPos800x600x96(1)"
],
"file_exists": [
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\MSHist012019040920190410\\desktop.ini",
"C:\\cuckoo_1788.ini",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\69f362d1742094a58f6586ebcc457627fce0d560bf5c43bcdd49e941493ff95a.bin",
"C:\\Users\\cuck\\Desktop"
],
"mutex": [
"Local\\Shell.CMruPidlList"
],
"file_opened": [
"C:\\"
],
"guid": [
"{ff393560-c2a7-11cf-bff4-444553540000}",
"{1a1f4206-0688-4e7f-be03-d82ec69df9a5}",
"{00000003-0000-0000-c000-000000000046}",
"{42aedc87-2188-41fd-b9a3-0c966feabec1}",
"{9b63616c-36b2-46bc-959f-c1593952d19b}",
"{a47979d2-c419-11d9-a5b4-001185ad2b89}",
"{46a6eeff-908e-4dc6-92a6-64be9177b41c}",
"{00000339-0000-0000-c000-000000000046}",
"{7007acc7-3202-11d1-aad2-00805fc1270e}",
"{d0074ffd-570f-4a9b-8d69-199fdba5723b}",
"{2fb499a3-cfce-480f-a5f3-2453db7a2b7a}",
"{ba126ad1-2166-11d1-b1d0-00805fc1270e}",
"{faedcf69-31fe-11d1-aad2-00805fc1270e}",
"{ba126ae5-2166-11d1-b1d0-00805fc1270e}",
"{660b90c8-73a9-4b58-8cae-355b7f55341b}",
"{c08956a2-1cd3-11d1-b1c5-00805fc1270e}",
"{000214e6-0000-0000-c000-000000000046}"
],
"regkey_read": [
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{7007ACC7-3202-11D1-AAD2-00805FC1270E}\\{B725F130-47EF-101A-A5F1-02608C9EEBAC} 10",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache\\MSHist012020112120201122\\CachePrefix",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{7007ACC7-3202-11D1-AAD2-00805FC1270E}\\System.ItemNameDisplay",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2227A280-3AEA-1069-A2DE-08002B30309D}\\{B725F130-47EF-101A-A5F1-02608C9EEBAC} 10",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache\\feedplat\\CachePrefix",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{21EC2020-3AEA-1069-A2DD-08002B30309D}\\SortOrderIndex",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{FF393560-C2A7-11CF-BFF4-444553540000}\\InProcServer32\\(Default)",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Shell\\BagMRU\\NodeSlots",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{645FF040-5081-101B-9F08-00AA002F954E}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\ClearRecentDocsOnExit",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Shell\\BagMRU\\NodeSlot",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache\\MSHist012020112120201122\\CacheOptions",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Shell\\BagMRU\\MRUListEx",
"HKEY_CURRENT_USER\\Local Settings\\MuiCache\\2\\52C64B7E\\@C:\\Windows\\system32\\netshell.dll,-1200",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache\\PrivacIE:\\CacheLimit",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache\\PrivacIE:\\CacheOptions",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache\\feedplat\\CacheRepair",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache\\MSHist012020112120201122\\CachePath",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache\\ietld\\CachePrefix",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache\\MSHist012020112120201122\\CacheLimit",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache\\MSHist012020112120201122\\CacheRepair",
"HKEY_CURRENT_USER\\Local Settings\\MuiCache\\2\\52C64B7E\\@C:\\Windows\\system32\\prnfldr.dll,-8036",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache\\ietld\\CacheLimit",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache\\DOMStore\\CacheLimit",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache\\ietld\\CachePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2227A280-3AEA-1069-A2DE-08002B30309D}\\System.ItemNameDisplay",
"HKEY_CURRENT_USER\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\TrayNotify\\PromotedIconCache",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{7007ACC7-3202-11D1-AAD2-00805FC1270E}\\InProcServer32\\(Default)",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache\\PrivacIE:\\CachePrefix",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache\\feedplat\\CacheOptions",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache\\PrivacIE:\\CachePath",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache\\DOMStore\\CacheOptions",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Shell\\BagMRU Size",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2227A280-3AEA-1069-A2DE-08002B30309D}\\LocalizedString",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache\\feedplat\\CacheLimit",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{7007ACC7-3202-11D1-AAD2-00805FC1270E}\\SortOrderIndex",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache\\PrivacIE:\\CacheRepair",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache\\DOMStore\\CachePath",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache\\feedplat\\CachePath",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache\\DOMStore\\CachePrefix",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache\\ietld\\CacheRepair",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{7007ACC7-3202-11D1-AAD2-00805FC1270E}\\InProcServer32\\LoadWithoutCOM",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\MUI\\StringCacheSettings\\StringCacheGeneration",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{FF393560-C2A7-11CF-BFF4-444553540000}\\InProcServer32\\LoadWithoutCOM",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache\\ietld\\CacheOptions",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{7007ACC7-3202-11D1-AAD2-00805FC1270E}\\LocalizedString",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\5.0\\Cache\\Extensible Cache\\DOMStore\\CacheRepair"
]
},
"first_seen": 1605973988.331158,
"ppid": 1740
},
{
"process_path": "C:\\Windows\\System32\\lsass.exe",
"process_name": "lsass.exe",
"pid": 476,
"summary": {},
"first_seen": 1605973986.5,
"ppid": 376
}
]Signatures
[
{
"markcount": 1,
"families": [],
"description": "Queries for the computername",
"severity": 1,
"marks": [
{
"call": {
"category": "misc",
"status": 1,
"stacktrace": [],
"api": "GetComputerNameA",
"return_value": 1,
"arguments": {
"computer_name": "CUCKPC"
},
"time": 1605973987.81175,
"tid": 2096,
"flags": {}
},
"pid": 2308,
"type": "call",
"cid": 6772
}
],
"references": [],
"name": "antivm_queries_computername"
},
{
"markcount": 1,
"families": [],
"description": "This executable has a PDB path",
"severity": 1,
"marks": [
{
"category": "pdb_path",
"ioc": "C:\\a\\b\\d_00000000_\\b\\out\\Win32\\Release\\starter.pdb",
"type": "ioc",
"description": null
}
],
"references": [],
"name": "has_pdb"
},
{
"markcount": 1,
"families": [],
"description": "Checks amount of memory in system, this can be used to detect virtual machines that have a low amount of memory available",
"severity": 1,
"marks": [
{
"call": {
"category": "system",
"status": 1,
"stacktrace": [],
"api": "GlobalMemoryStatusEx",
"return_value": 1,
"arguments": {},
"time": 1605973986.84375,
"tid": 1664,
"flags": {}
},
"pid": 2308,
"type": "call",
"cid": 133
}
],
"references": [],
"name": "antivm_memory_available"
},
{
"markcount": 3,
"families": [],
"description": "The file contains an unknown PE resource name possibly indicative of a packer",
"severity": 1,
"marks": [
{
"category": "resource name",
"ioc": "DOWNLOADER.INI",
"type": "ioc",
"description": null
},
{
"category": "resource name",
"ioc": "SZIP",
"type": "ioc",
"description": null
},
{
"category": "resource name",
"ioc": "WEVT_TEMPLATE",
"type": "ioc",
"description": null
}
],
"references": [],
"name": "pe_unknown_resource_name"
},
{
"markcount": 4,
"families": [],
"description": "Allocates read-write-execute memory (usually to unpack itself)",
"severity": 2,
"marks": [
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtAllocateVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2308,
"region_size": 65536,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 1,
"protection": 64,
"process_handle": "0xffffffff",
"allocation_type": 12288,
"base_address": "0x77d40000"
},
"time": 1605973986.78075,
"tid": 1664,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE",
"allocation_type": "MEM_COMMIT|MEM_RESERVE"
}
},
"pid": 2308,
"type": "call",
"cid": 8
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2308,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 1,
"length": 4096,
"protection": 64,
"process_handle": "0xffffffff",
"base_address": "0x77d40000"
},
"time": 1605973986.78075,
"tid": 1664,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE"
}
},
"pid": 2308,
"type": "call",
"cid": 10
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2308,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 1,
"length": 4096,
"protection": 64,
"process_handle": "0xffffffff",
"base_address": "0x77d40000"
},
"time": 1605973986.78075,
"tid": 1664,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE"
}
},
"pid": 2308,
"type": "call",
"cid": 12
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "NtProtectVirtualMemory",
"return_value": 0,
"arguments": {
"process_identifier": 2308,
"stack_dep_bypass": 0,
"stack_pivoted": 0,
"heap_dep_bypass": 0,
"length": 4096,
"protection": 64,
"process_handle": "0xffffffff",
"base_address": "0x77baf000"
},
"time": 1605973986.78075,
"tid": 1664,
"flags": {
"protection": "PAGE_EXECUTE_READWRITE"
}
},
"pid": 2308,
"type": "call",
"cid": 14
}
],
"references": [],
"name": "allocates_rwx"
},
{
"markcount": 0,
"families": [],
"description": "Checks whether any human activity is being performed by constantly checking whether the foreground window changed",
"severity": 2,
"marks": [],
"references": [
"https:\/\/www.virusbtn.com\/virusbulletin\/archive\/2015\/09\/vb201509-custom-packer.dkb"
],
"name": "antisandbox_foregroundwindows"
},
{
"markcount": 1,
"families": [],
"description": "Drops an executable to the user AppData folder",
"severity": 2,
"marks": [
{
"category": "file",
"ioc": "C:\\Users\\cuck\\AppData\\Local\\Temp\\C7D5F23490C2BE118892800072949DB9\\setup.dll",
"type": "ioc",
"description": null
}
],
"references": [],
"name": "exe_appdata"
},
{
"markcount": 2,
"families": [],
"description": "The binary likely contains encrypted or compressed data indicative of a packer",
"severity": 2,
"marks": [
{
"entropy": 7.693554012384815,
"section": {
"size_of_data": "0x00257a00",
"virtual_address": "0x00067000",
"entropy": 7.693554012384815,
"name": ".rsrc",
"virtual_size": "0x00257994"
},
"type": "generic",
"description": "A section with a high entropy has been found"
},
{
"entropy": 0.854775481111903,
"type": "generic",
"description": "Overall entropy of this PE file is high"
}
],
"references": [
"http:\/\/www.forensickb.com\/2013\/03\/file-entropy-explained.html",
"http:\/\/virii.es\/U\/Using%20Entropy%20Analysis%20to%20Find%20Encrypted%20and%20Packed%20Malware.pdf"
],
"name": "packer_entropy"
},
{
"markcount": 38,
"families": [],
"description": "Attempts to identify installed AV products by registry key",
"severity": 3,
"marks": [
{
"category": "registry",
"ioc": "HKEY_CURRENT_USER\\Software\\KasperskyLab\\IEOverride\\Main\\UseThemes",
"type": "ioc",
"description": null
},
{
"category": "registry",
"ioc": "HKEY_CURRENT_USER\\Software\\KasperskyLab\\IEOverride\\Main\\Play_Background_Sounds",
"type": "ioc",
"description": null
},
{
"category": "registry",
"ioc": "HKEY_CURRENT_USER\\Software\\KasperskyLab\\IEOverride\\Main\\Play_Animations",
"type": "ioc",
"description": null
},
{
"category": "registry",
"ioc": "HKEY_CURRENT_USER\\Software\\KasperskyLab\\IEOverride\\Main\\CSS_Compat",
"type": "ioc",
"description": null
},
{
"category": "registry",
"ioc": "HKEY_CURRENT_USER\\Software\\KasperskyLab\\IEOverride\\Main\\Use_DlgBox_Colors",
"type": "ioc",
"description": null
},
{
"category": "registry",
"ioc": "HKEY_CURRENT_USER\\Software\\KasperskyLab\\IEOverride\\Main\\Force Offscreen Composition",
"type": "ioc",
"description": null
},
{
"category": "registry",
"ioc": "HKEY_CURRENT_USER\\Software\\KasperskyLab\\IEOverride\\Main\\Anchor Underline",
"type": "ioc",
"description": null
},
{
"category": "registry",
"ioc": "HKEY_CURRENT_USER\\Software\\KasperskyLab\\IEOverride\\Settings",
"type": "ioc",
"description": null
},
{
"category": "registry",
"ioc": "HKEY_CURRENT_USER\\Software\\KasperskyLab\\IEOverride\\Main\\Disable Script Debugger",
"type": "ioc",
"description": null
},
{
"category": "registry",
"ioc": "HKEY_CURRENT_USER\\Software\\KasperskyLab\\IEOverride\\International\\Scripts\\3",
"type": "ioc",
"description": null
},
{
"category": "registry",
"ioc": "HKEY_CURRENT_USER\\Software\\KasperskyLab\\IEOverride\\Main\\UseHR",
"type": "ioc",
"description": null
},
{
"category": "registry",
"ioc": "HKEY_CURRENT_USER\\Software\\KasperskyLab\\IEOverride\\Main\\Display Inline Images",
"type": "ioc",
"description": null
},
{
"category": "registry",
"ioc": "HKEY_CURRENT_USER\\Software\\KasperskyLab\\IEOverride\\Main\\Print_Background",
"type": "ioc",
"description": null
},
{
"category": "registry",
"ioc": "HKEY_CURRENT_USER\\Software\\KasperskyLab\\IEOverride\\Main\\SmoothScroll",
"type": "ioc",
"description": null
},
{
"category": "registry",
"ioc": "HKEY_CURRENT_USER\\Software\\KasperskyLab\\IEOverride\\Main\\XMLHTTP",
"type": "ioc",
"description": null
},
{
"category": "registry",
"ioc": "HKEY_CURRENT_USER\\Software\\KasperskyLab\\IEOverride\\Main\\XDomainRequest",
"type": "ioc",
"description": null
},
{
"category": "registry",
"ioc": "HKEY_CURRENT_USER\\Software\\KasperskyLab\\IEOverride\\International",
"type": "ioc",
"description": null
},
{
"category": "registry",
"ioc": "HKEY_CURRENT_USER\\Software\\KasperskyLab\\IEOverride\\Main\\DisableScriptDebuggerIE",
"type": "ioc",
"description": null
},
{
"category": "registry",
"ioc": "HKEY_CURRENT_USER\\Software\\KasperskyLab\\IEOverride\\Styles",
"type": "ioc",
"description": null
},
{
"category": "registry",
"ioc": "HKEY_CURRENT_USER\\Software\\KasperskyLab\\IEOverride\\Main\\Display Inline Videos",
"type": "ioc",
"description": null
},
{
"category": "registry",
"ioc": "HKEY_CURRENT_USER\\Software\\KasperskyLab\\IEOverride\\Main\\UseSWRender",
"type": "ioc",
"description": null
},
{
"category": "registry",
"ioc": "HKEY_CURRENT_USER\\Software\\KasperskyLab\\IEOverride\\Main",
"type": "ioc",
"description": null
},
{
"category": "registry",
"ioc": "HKEY_CURRENT_USER\\Software\\KasperskyLab\\IEOverride\\Main\\Page_Transitions",
"type": "ioc",
"description": null
},
{
"category": "registry",
"ioc": "HKEY_CURRENT_USER\\Software\\KasperskyLab\\IEOverride\\Main\\DOMStorage",
"type": "ioc",
"description": null
},
{
"category": "registry",
"ioc": "HKEY_CURRENT_USER\\Software\\KasperskyLab\\IEOverride\\Main\\UseClearType",
"type": "ioc",
"description": null
},
{
"category": "registry",
"ioc": "HKEY_CURRENT_USER\\Software\\KasperskyLab\\IEOverride\\Main\\Show image placeholders",
"type": "ioc",
"description": null
},
{
"category": "registry",
"ioc": "HKEY_CURRENT_USER\\Software\\KasperskyLab\\IEOverride\\Main\\Move System Caret",
"type": "ioc",
"description": null
},
{
"category": "registry",
"ioc": "HKEY_CURRENT_USER\\Software\\KasperskyLab\\IEOverride\\Main\\Enable Browser Extensions",
"type": "ioc",
"description": null
},
{
"category": "registry",
"ioc": "HKEY_CURRENT_USER\\Software\\KasperskyLab\\IEOverride",
"type": "ioc",
"description": null
},
{
"category": "registry",
"ioc": "HKEY_CURRENT_USER\\Software\\KasperskyLab\\IEOverride\\Main\\Expand Alt Text",
"type": "ioc",
"description": null
},
{
"category": "registry",
"ioc": "HKEY_CURRENT_USER\\Software\\KasperskyLab\\IEOverride\\Main\\Q300829",
"type": "ioc",
"description": null
},
{
"category": "registry",
"ioc": "HKEY_CURRENT_USER\\Software\\KasperskyLab\\IEOverride\\SmartDithering",
"type": "ioc",
"description": null
},
{
"category": "registry",
"ioc": "HKEY_CURRENT_USER\\Software\\KasperskyLab\\IEOverride\\MenuExt",
"type": "ioc",
"description": null
},
{
"category": "registry",
"ioc": "HKEY_CURRENT_USER\\Software\\KasperskyLab\\IEOverride\\Main\\Cleanup HTCs",
"type": "ioc",
"description": null
},
{
"category": "registry",
"ioc": "HKEY_CURRENT_USER\\Software\\KasperskyLab\\IEOverride\\International\\Scripts",
"type": "ioc",
"description": null
},
{
"category": "registry",
"ioc": "HKEY_CURRENT_USER\\Software\\KasperskyLab\\IEOverride\\RtfConverterFlags",
"type": "ioc",
"description": null
},
{
"category": "registry",
"ioc": "HKEY_CURRENT_USER\\Software\\KasperskyLab\\IEOverride\\Main\\Use Stylesheets",
"type": "ioc",
"description": null
},
{
"category": "registry",
"ioc": "HKEY_CURRENT_USER\\Software\\KasperskyLab\\IEOverride\\Main\\Enable AutoImageResize",
"type": "ioc",
"description": null
}
],
"references": [],
"name": "antiav_detectreg"
},
{
"markcount": 2,
"families": [],
"description": "Creates or sets a registry key to a long series of bytes, possibly to store a binary or malware config",
"severity": 3,
"marks": [
{
"call": {
"category": "registry",
"status": 1,
"stacktrace": [],
"api": "NtSetValueKey",
"return_value": 0,
"arguments": {
"index": 0,
"key_handle": "0x0000000000000f84",
"value": "\u0014\u0000\u0000\u0000\u0005\u0000\u0000\u0000\u0001\u0000\u0001\u0000\u0010\u0000\u0000\u0000\u0014\u0000\u0000\u0000IL \u0006\u0010\u0000$\u0000\u0018\u0000\u0010\u0000\u0010\u0000\u00ff\u00ff\u00ff\u00ff!\u0010\u00ff\u00ff\u00ff\u00ff\u00ff\u00ff\u00ff\u00ffBM6\u0000\u0000\u0000\u0000\u0000\u0000\u00006\u0000\u0000\u0000(\u0000\u0000\u0000\u0010\u0000\u0000\u0000@\u0002\u0000\u0000\u0001\u0000 \u0000\u0000\u0000\u0000\u0000\u0000\u0090\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000",
"reg_type": 3,
"regkey": "HKEY_CURRENT_USER\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\TrayNotify\\PastIconsStream"
},
"time": 1605973996.878158,
"tid": 1828,
"flags": {
"reg_type": "REG_BINARY"
}
},
"pid": 1788,
"type": "call",
"cid": 2333
},
{
"call": {
"category": "registry",
"status": 1,
"stacktrace": [],
"api": "NtSetValueKey",
"return_value": 0,
"arguments": {
"index": 0,
"key_handle": "0x00000000000001e0",
"value": "\u0014\u0000\u0000\u0000\u0007\u0000\u0000\u0000\u0001\u0000\u0001\u0000\u0004\u0000\u0000\u0000\u0014\u0000\u0000\u0000{\u0000S\u00003\u00008\u0000O\u0000S\u00004\u00000\u00004\u0000-\u00001\u0000Q\u00004\u00003\u0000-\u00004\u00002\u0000S\u00002\u0000-\u00009\u00003\u00000\u00005\u0000-\u00006\u00007\u0000Q\u0000R\u00000\u0000O\u00002\u00008\u0000S\u0000P\u00002\u00003\u0000}\u0000\\\u0000r\u0000k\u0000c\u0000y\u0000b\u0000e\u0000r\u0000e\u0000.\u0000r\u0000k\u0000r\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000{\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0002\u0000\u0000\u0000\u00e4\u0007\u000b\u0000F\u0000b\u0000y\u0000i\u0000r\u0000 \u0000C\u0000P\u0000 \u0000v\u0000f\u0000f\u0000h\u0000r\u0000f\u0000:\u0000 \u00001\u0000 \u0000z\u0000r\u0000f\u0000f\u0000n\u0000t\u0000r\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u000e\u0000\u0000\u0000v\u00ae x\u00e3#)B\u0082\u00c1\u00e4\u001c\u00b6}[\u009c\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u00b3\u0086;4\u00e6\u00ee\u00d4\u0001\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\r !\u008f\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000{\u0000S\u00003\u00008\u0000O\u0000S\u00004\u00000\u00004\u0000-\u00001\u0000Q\u00004\u00003\u0000-\u00004\u00002\u0000S\u00002\u0000-\u00009\u00003\u00000\u00005\u0000-\u00006\u00007\u0000Q\u0000R\u00000\u0000O\u00002\u00008\u0000S\u0000P\u00002\u00003\u0000}\u0000\\\u0000r\u0000k\u0000c\u0000y\u0000b\u0000e\u0000r\u0000e\u0000.\u0000r\u0000k\u0000r\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000d\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0002\u0000\u0000\u0000\u00e4\u0007\u000b\u0000F\u0000c\u0000r\u0000n\u0000x\u0000r\u0000e\u0000f\u0000:\u0000 \u00006\u00007\u0000%\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u000f\u0000\u0000\u0000s\u00ae x\u00e3#)B\u0082\u00c1\u00e4\u001c\u00b6}[\u009c\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0086\u00e2\u009e\u00956\u0005\u00d4\u0001\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\r !\u008f\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0002\u0000\u0000\u0000{\u0000S\u00003\u00008\u0000O\u0000S\u00004\u00000\u00004\u0000-\u00001\u0000Q\u00004\u00003\u0000-\u00004\u00002\u0000S\u00002\u0000-\u00009\u00003\u00000\u00005\u0000-\u00006\u00007\u0000Q\u0000R\u00000\u0000O\u00002\u00008\u0000S\u0000P\u00002\u00003\u0000}\u0000\\\u0000r\u0000k\u0000c\u0000y\u0000b\u0000e\u0000r\u0000e\u0000.\u0000r\u0000k\u0000r\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000}\u00c0\u0000\u0000\u0000\u0000\u0000\u0000\u0001\u0000\u0000\u0000\u00e4\u0007\u000b\u0000H\u0000a\u0000v\u0000q\u0000r\u0000a\u0000g\u0000v\u0000s\u0000v\u0000r\u0000q\u0000 \u0000a\u0000r\u0000g\u0000j\u0000b\u0000e\u0000x\u0000 \u0000A\u0000b\u0000 \u0000V\u0000a\u0000g\u0000r\u0000e\u0000a\u0000r\u0000g\u0000 \u0000n\u0000p\u0000p\u0000r\u0000f\u0000f\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000\u0000",
"reg_type": 3,
"regkey": "HKEY_CURRENT_USER\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\TrayNotify\\IconStreams"
},
"time": 1605973996.878158,
"tid": 1828,
"flags": {
"reg_type": "REG_BINARY"
}
},
"pid": 1788,
"type": "call",
"cid": 2335
}
],
"references": [],
"name": "creates_largekey"
},
{
"markcount": 1,
"families": [],
"description": "Creates a windows hook that monitors keyboard input (keylogger)",
"severity": 3,
"marks": [
{
"call": {
"category": "system",
"status": 1,
"stacktrace": [],
"api": "SetWindowsHookExW",
"return_value": 34996739,
"arguments": {
"thread_identifier": 0,
"callback_function": "0x00000000ffe9ae10",
"module_address": "0x00000000ffdf0000",
"hook_identifier": 13
},
"time": 1605973992.753158,
"tid": 1828,
"flags": {
"hook_identifier": "WH_KEYBOARD_LL"
}
},
"pid": 1788,
"type": "call",
"cid": 1554
}
],
"references": [],
"name": "infostealer_keylogger"
}
]Yara
The Yara rules did not detect anything in the file.
Network
{
"tls": [],
"udp": [
{
"src": "192.168.56.101",
"dst": "192.168.56.255",
"offset": 546,
"time": 3.12473201751709,
"dport": 137,
"sport": 137
},
{
"src": "192.168.56.101",
"dst": "192.168.56.255",
"offset": 5226,
"time": 9.141235113143921,
"dport": 138,
"sport": 138
},
{
"src": "192.168.56.101",
"dst": "224.0.0.252",
"offset": 7070,
"time": 3.1268720626831055,
"dport": 5355,
"sport": 51001
},
{
"src": "192.168.56.101",
"dst": "224.0.0.252",
"offset": 7398,
"time": 1.0094020366668701,
"dport": 5355,
"sport": 53595
},
{
"src": "192.168.56.101",
"dst": "224.0.0.252",
"offset": 7726,
"time": 3.14857816696167,
"dport": 5355,
"sport": 53848
},
{
"src": "192.168.56.101",
"dst": "224.0.0.252",
"offset": 8054,
"time": 1.6028170585632324,
"dport": 5355,
"sport": 54255
},
{
"src": "192.168.56.101",
"dst": "224.0.0.252",
"offset": 8382,
"time": -0.10486197471618652,
"dport": 5355,
"sport": 55314
},
{
"src": "192.168.56.101",
"dst": "239.255.255.250",
"offset": 8710,
"time": 1.5470950603485107,
"dport": 1900,
"sport": 1900
},
{
"src": "192.168.56.101",
"dst": "239.255.255.250",
"offset": 28120,
"time": 1.0445201396942139,
"dport": 3702,
"sport": 49152
},
{
"src": "192.168.56.101",
"dst": "239.255.255.250",
"offset": 36504,
"time": 3.1295840740203857,
"dport": 1900,
"sport": 53598
}
],
"dns_servers": [],
"http": [],
"icmp": [],
"smtp": [],
"tcp": [],
"smtp_ex": [],
"mitm": [],
"hosts": [],
"pcap_sha256": "761249660837dabbc524ed4879964e295b6715faa16337e5420c723ba707fa0e",
"dns": [],
"http_ex": [],
"domains": [],
"dead_hosts": [],
"sorted_pcap_sha256": "eaf64308c5d27d7be9a02cace51ecb84cd2c31bee2157cb2edc178fac9fd74db",
"irc": [],
"https_ex": []
}Screenshots
Filename variants
f_00479c may also use other filenames. The most common variants are listed below:
- ks4.021.2.16.590en_es_25350.exe
Folder name variants
f_00479c may also be located in other folders than c:\users\%USERNAME%\appdata\local\microsoft\edge\user data\default\cache\. The most common variants are listed below:
- c:\users\%USERNAME%\downloads\
Hashes [?]
| Property | Value |
|---|---|
| MD5 | 17fc5ca2f2c75b245e28c8b9dcd75617 |
| SHA256 | 69f362d1742094a58f6586ebcc457627fce0d560bf5c43bcdd49e941493ff95a |
What will you do with f_00479c?
To help other users, please let us know what you will do with f_00479c:
Malware or legitimate?
If you feel that you need more information to determine if your should keep this file or remove it, please read this guide.
And now some shameless self promotion ;)
Hi, my name is Roger Karlsson. I've been running this website since 2006. I want to let you know about the FreeFixer program. FreeFixer is a freeware tool that analyzes your system and let you manually identify unwanted programs. Once you've identified some malware files, FreeFixer is pretty good at removing them. You can download FreeFixer here. It runs on Windows 2000/XP/2003/2008/2016/2019/Vista/7/8/8.1/10. Supports both 32- and 64-bit Windows.
If you have questions, feedback on FreeFixer or the freefixer.com website, need help analyzing FreeFixer's scan result or just want to say hello, please contact me. You can find my email address at the contact page.
Comments
Please share with the other users what you think about this file. What does this file do? Is it legitimate or something that your computer is better without? Do you know how it was installed on your system? Did you install it yourself or did it come bundled with some other software? Is it running smoothly or do you get some error message? Any information that will help to document this file is welcome. Thank you for your contributions.
I'm reading all new comments so don't hesitate to post a question about the file. If I don't have the answer perhaps another user can help you.
No comments posted yet.