What is f_03df08?
f_03df08 is developed by Farbar according to the f_03df08 version information.
f_03df08's description is "Farbar Recovery Scan Tool"
f_03df08 is usually located in the 'c:\users\%USERNAME%\appdata\local\google\chrome\user data\default\cache\' folder.
Some of the anti-virus scanners at VirusTotal detected f_03df08.
If you have additional information about the file, please share it with the FreeFixer users by posting a comment at the bottom of this page.
Vendor and version information [?]
The following is the available information on f_03df08:
| Property | Value |
|---|---|
| Company name | Farbar |
| File description | Farbar Recovery Scan Tool |
| Comments | http://www.autoitscript.com/autoit3/ |
| Legal copyright | ©1999-2018 Jonathan Bennett & AutoIt Team |
| Product version | 3.3.14.5 |
| File version | 26.2.2020.0 |
Here's a screenshot of the file properties when displayed by Windows Explorer:
| Company name | Farbar |
| File description | Farbar Recovery Scan Tool |
| Comments | http://www.autoitscript.com/autoit3/ |
| Legal copyright | ©1999-2018 Jonathan Bennett & AutoI.. |
| Product version | 3.3.14.5 |
| File version | 26.2.2020.0 |
Digital signatures [?]
f_03df08 is not signed.
VirusTotal report
1 of the 72 anti-virus programs at VirusTotal detected the f_03df08 file. That's a 1% detection rate.
| Scanner | Detection Name |
|---|---|
| Sangfor | Malware |
Sandbox Report
The following information was gathered by executing the file inside Cuckoo Sandbox.
Summary
Successfully executed process in sandbox.
Summary
{
"file_opened": [
"",
"C:\\Windows\\SysWOW64\\es.dll",
"C:\\Windows\\System32\\wdc.dll",
"C:\\Windows\\System32\\drivers\\amdk8.sys",
"C:\\Program Files\\Windows Media Player\\wmpnetwk.exe",
"C:\\Windows\\System32\\svchost.exe",
"C:\\Windows\\System32\\catroot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\Microsoft-Windows-MediaPlayer-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat",
"C:\\FRST\\",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Media Center\\RegisterSearch",
"C:\\Windows\\System32\\certprop.dll",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\",
"C:\\Windows\\SysWOW64\\winrnr.dll",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\",
"C:\\Windows\\ehome\\ehrec.exe",
"C:\\Windows\\SysWOW64\\iedkcs32.dll",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Media Center\\MediaCenterRecoveryTask",
"C:\\Windows\\System32\\BioCredProv.dll",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\DiskDiagnostic\\Microsoft-Windows-DiskDiagnosticResolver",
"C:\\Windows\\System32\\drivers\\blbdrive.sys",
"C:\\Windows\\SysWOW64\\dllhost.exe",
"C:\\Windows\\System32\\clfs.sys",
"C:\\Program Files\\Windows Sidebar\\",
"C:\\Windows\\System32\\en-US\\KERNELBASE.dll.mui",
"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\",
"C:\\FRST\\m3Hu8Ft2L\\ntuser.dat.LOG1",
"C:\\FRST\\m3Hu8Ft2L\\ntuser.dat.LOG2",
"C:\\Windows\\System32\\drivers\\hidir.sys",
"C:\\Windows\\System32\\catroot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\Microsoft-Windows-Tuner-Drivers-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat",
"C:\\Windows\\Globalization\\Sorting\\sortdefault.nls",
"C:\\Windows\\System32\\polstore.dll",
"C:\\Windows\\System32\\drivers\\asyncmac.sys",
"C:\\Windows\\System32\\KMSVC.DLL",
"C:\\Windows\\System32\\ieframe.dll",
"C:\\Windows\\System32\\drivers\\flpydisk.sys",
"C:\\Windows\\System32\\catroot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\Microsoft-Windows-ICM-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Active Directory Rights Management Services Client\\AD RMS Rights Policy Template Management (Manual)",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\",
"C:\\Users\\cuck\\AppData\\Roaming\\Media Center Programs\\",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\MobilePC\\HotStart",
"C:\\Windows\\System32\\FDResPub.dll",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\MUI\\LPRemove",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\default\\",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\temporary\\",
"C:\\Windows\\System32\\drivers\\circlass.sys",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Media Center\\ConfigureInternetTimeService",
"C:\\Windows\\System32\\drivers\\CompositeBus.sys",
"C:\\Users\\cuck\\AppData\\Local",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\AppID\\VerifiedPublisherCertStoreCheck",
"C:\\Windows\\System32\\gpprefcl.dll",
"C:\\Windows\\System32\\drivers\\fdc.sys",
"C:\\Windows\\SysWOW64\\dhcpcore.dll",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\SystemRestore\\SR",
"C:\\Windows\\System32\\drivers\\bthmodem.sys",
"C:\\Windows\\System32\\drivers\\compbatt.sys",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Extensions\\",
"C:\\Windows\\System32\\RacEngn.dll",
"C:\\Windows\\System32\\itss.dll",
"C:\\Windows\\SysWOW64\\userinit.exe",
"C:\\Windows\\System32\\catroot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\Microsoft-Windows-MobilePC-Client-Sensors-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\1338591tmp000.zip",
"C:\\Windows\\System32\\wevtsvc.dll",
"C:\\Program Files (x86)\\mozilla firefox\\",
"C:\\Windows\\System32\\iedkcs32.dll",
"C:\\Windows\\System32\\stdole2.tlb",
"D:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\",
"C:\\Users\\cuck\\AppData\\",
"C:\\Windows\\System32\\urlmon.dll",
"C:\\Windows\\System32\\drivers\\filetrace.sys",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows Defender\\MpIdleTask",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Media Center\\PBDADiscoveryW2",
"C:\\Windows\\System32\\ras\\",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Media Center\\PBDADiscovery",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Location\\Notifications",
"C:\\Windows\\System32\\inetpp.dll",
"C:\\Windows\\System32\\rasmbmgr.dll",
"C:\\Windows\\SysWOW64\\mswsock.dll",
"C:\\Windows\\System32\\drivers\\BrUsbSer.sys",
"C:\\Windows\\System32\\rasplap.dll",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CRLs\\",
"C:\\Windows\\System32\\drivers\\BrFiltUp.sys",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\NetTrace\\GatherNetworkInfo",
"C:\\Windows\\System32\\mshtml.dll",
"C:\\Windows\\System32\\dhcpcore.dll",
"C:\\Windows\\ehome\\ehrecvr.exe",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Application Experience\\AitAgent",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Media Center\\PeriodicScanRetry",
"C:\\Windows\\System32\\drivers\\HpSAMD.sys",
"C:\\Users\\cuck\\AppData\\Roaming\\Identities\\{183045C5-6B41-4C94-A7FA-BE70B5E7A9D3}\\",
"C:\\Windows\\System32\\drivers\\E1G6032E.sys",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\permissions.sqlite",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\",
"C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\",
"C:\\Windows\\System32\\TsUsbRedirectionGroupPolicyExtension.dll",
"C:\\Windows\\System32\\dwm.exe",
"C:\\Windows\\System32\\drivers\\fltMgr.sys",
"C:\\Windows\\System32\\rpcss.dll",
"C:\\Windows\\System32\\catroot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\Microsoft-Windows-Gadget-Platform-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat",
"C:\\Program Files (x86)\\mozilla firefox\\defaults\\pref\\channel-prefs.js",
"C:\\Windows\\System32\\raserver.exe",
"C:\\Windows\\SysWOW64\\ie4uinit.exe",
"\\\\?\\PIPE\\srvsvc",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows Defender\\MP Scheduled Scan",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\winsock",
"C:\\Windows\\System32\\drivers\\ipfltdrv.sys",
"C:\\Windows\\System32\\drivers\\hwpolicy.sys",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Multimedia\\SystemSoundsService",
"C:\\FRST\\z8Fn3Cz4",
"C:\\Windows\\System32\\bthserv.dll",
"C:\\FRST\\z8Fn3Cz4\\SYSTEM{016888cd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms",
"C:\\Program Files\\Windows Mail\\",
"C:\\Windows\\System32\\iphlpsvc.dll",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Ras\\MobilityManager",
"C:\\Program Files\\Windows Media Player\\",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\hndlr0",
"C:\\Users\\cuck\\AppData",
"C:\\Windows\\SysWOW64\\",
"C:\\Windows\\System32\\drivers\\iaStorV.sys",
"C:\\Windows\\System32\\cmd.exe",
"C:\\Windows\\ehome\\mcupdate.exe",
"C:\\Windows\\SysWOW64\\inetcomm.dll",
"C:\\Windows\\System32\\drivers\\dmvsc.sys",
"C:\\Windows\\System32\\catroot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\Microsoft-Windows-InternetExplorer-Package~31bf3856ad364e35~amd64~~8.0.7601.17514.cat",
"C:\\Windows\\System32\\catroot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\Microsoft-Windows-MediaCenter-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat",
"C:\\Windows\\System32\\drivers\\adpu320.sys",
"D:\\Users\\cuck\\",
"C:\\Windows\\System32\\AuxiliaryDisplayServices.dll",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Task Manager\\Interactive",
"C:\\Windows\\System32\\MsCtfMonitor.dll",
"C:\\Windows\\System32\\drivers\\cdrom.sys",
"C:\\Windows\\SysWOW64\\NapiNSP.dll",
"C:\\Windows\\System32\\lpremove.exe",
"C:\\Users\\cuck\\AppData\\Local\\",
"C:\\Windows\\System32\\AxInstSv.dll",
"C:\\Program Files\\Windows Sidebar\\sidebar.exe",
"C:\\Windows\\SysWOW64\\mscories.dll",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\SideShow\\SystemDataProviders",
"C:\\Windows\\AppPatch\\AppPatch64\\sysmain.sdb",
"C:\\Windows\\SysWOW64\\provsvc.dll",
"C:\\Windows\\System32\\cscobj.dll",
"C:\\Windows\\System32\\Defrag.exe",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Registry\\RegIdleBackup",
"C:\\Windows\\Tasks\\",
"C:\\Windows\\System32\\catroot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\Microsoft-Hyper-V-Guest-Integration-Drivers-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat",
"C:\\Windows\\System32\\unregmp2.exe",
"C:\\Windows\\System32\\drivers\\adp94xx.sys",
"C:\\Windows\\System32\\catroot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\Microsoft-Windows-Shell-HomeGroup-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat",
"C:\\Windows\\System32\\drivers\\iirsp.sys",
"C:\\Windows\\System32\\userinit.exe",
"C:\\Windows\\System32\\drivers\\hdaudbus.sys",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\",
"C:\\",
"C:\\Windows\\System32\\mscoree.dll",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\UPnP\\UPnPHostConfig",
"C:\\Windows\\System32\\bdesvc.dll",
"C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorsvw.exe",
"C:\\Windows\\System32\\wpcmig.dll",
"C:\\Windows\\System32\\auditcse.dll",
"C:\\Windows\\System32\\drivers\\FsDepends.sys",
"C:\\Windows\\System32\\kernelceip.dll",
"C:\\Windows\\System32\\wbem\\wbemdisp.tlb",
"C:\\FRST\\z8Fn3Cz4\\SYSTEM{016888cd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms",
"C:\\Windows\\System32\\conhost.exe",
"C:\\Windows\\System32\\appidpolicyconverter.exe",
"C:\\FRST\\m3Hu8Ft2L\\",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Media Center\\RecordingRestart",
"C:\\FRST\\z8Fn3Cz4\\",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Maintenance\\WinSAT",
"C:\\Windows\\System32\\drivers\\fastfat.sys",
"C:\\Windows\\System32\\msdrm.dll",
"C:\\Windows\\System32\\NapiNSP.dll",
"C:\\Windows\\System32\\drivers\\hcw85cir.sys",
"C:\\Windows\\System32\\inetcomm.dll",
"C:\\Windows\\System32\\drivers\\cng.sys",
"C:\\Program Files\\Windows Defender\\MsMpLics.dll",
"C:\\Windows\\System32\\mscories.dll",
"C:\\Windows\\ehome\\ehPrivJob.exe",
"C:\\FRST\\Logs\\",
"C:\\Windows\\System32\\GroupPolicyUsers\\",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\RAC\\RacTask",
"C:\\Windows\\SysWOW64\\unregmp2.exe",
"C:\\Windows\\System32\\catroot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\nt5.cat",
"C:\\Users\\cuck\\",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\",
"C:\\Windows\\System32\\drivers\\HdAudio.sys",
"C:\\Windows\\System32\\smss.exe",
"C:\\Windows\\System32\\catroot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\Microsoft-Windows-Client-Drivers-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat",
"C:\\Windows\\System32\\SmartcardCredentialProvider.dll",
"C:\\Windows\\SysWOW64\\cryptsvc.dll",
"C:\\Windows\\System32\\drivers\\CmBatt.sys",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\aut5F4A.tmp",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\WindowsBackup\\ConfigNotification",
"C:\\Windows\\SysWOW64\\explorer.exe",
"C:\\Windows\\System32\\catroot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\Microsoft-Windows-GroupPolicy-ClientExtensions-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat",
"C:\\Windows\\System32\\sdiagschd.dll",
"C:\\Windows\\System32\\catroot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\ntexe.cat",
"C:\\Windows\\System32\\drivers\\afd.sys",
"C:\\Windows\\System32\\drivers\\drmkaud.sys",
"C:\\Windows\\System32\\appidsvc.dll",
"C:\\Python27\\python.exe",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Media Center\\ObjectStoreRecoveryTask",
"C:\\Windows\\System32\\es.dll",
"C:\\Windows\\System32\\wlgpclnt.dll",
"C:\\Windows\\System32\\alg.exe",
"C:\\Windows\\System32\\catroot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\Microsoft-Windows-Disk-Diagnosis-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Media Center\\PvrScheduleTask",
"C:\\Windows\\System32\\drivers\\disk.sys",
"C:\\Windows\\System32\\drivers\\BrFiltLo.sys",
"C:\\Windows\\System32\\lsass.exe",
"C:\\Windows\\System32\\ntshrui.dll",
"C:\\Windows\\System32\\usbceip.dll",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\CertificateServicesClient\\UserTask-Roam",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\Temp1_1338591tmp000.zip\\install.rdf",
"C:\\Windows\\System32\\drivers\\amdsbs.sys",
"C:\\Windows\\System32\\lsm.exe",
"C:\\Windows\\System32\\catroot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\Microsoft-Windows-WMPNetworkSharingService-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Media Center\\UpdateRecordPath",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Autochk\\Proxy",
"C:\\Windows\\System32\\drivers\\appid.sys",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Caches\\cversions.1.db",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Offline Files\\Background Synchronization",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\saved-telemetry-pings\\",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\DiskDiagnostic\\Microsoft-Windows-DiskDiagnosticDataCollector",
"C:\\Windows\\System32\\wbem\\en-US\\wmiutils.dll.mui",
"C:\\Windows\\System32\\gpsvc.dll",
"C:\\Windows\\System32\\catroot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\Microsoft-Windows-Backup-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\minidumps\\",
"C:\\Windows\\System32\\services.exe",
"C:\\Windows\\System32\\dot3svc.dll",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\2918063365piupsah.files\\",
"C:\\Windows\\System32\\fdPHost.dll",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Media Center\\PvrRecoveryTask",
"C:\\Windows\\System32\\catroot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\Microsoft-Windows-MobilePC-Client-SideShow-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat",
"C:\\Windows\\System32\\drivers\\BrSerWdm.sys",
"C:\\Windows\\System32\\drivers\\beep.sys",
"C:\\Users\\cuck",
"C:\\Windows\\System32\\DFDWiz.exe",
"C:\\Windows\\System32\\drivers\\dxgkrnl.sys",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\prefs.js",
"C:\\Windows\\System32\\catroot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\Microsoft-Windows-PeerToPeer-Full-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat",
"C:\\Windows\\System32\\LocationNotifications.exe",
"C:\\Windows\\System32\\FXSSVC.exe",
"C:\\Windows\\System32\\gpprnext.dll",
"C:\\Windows\\System32\\catroot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat",
"C:\\Windows\\System32\\drivers\\intelppm.sys",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\WDI\\ResolutionHost",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Media Center\\ehDRMInit",
"C:\\Windows\\System32\\IKEEXT.DLL",
"C:\\Windows\\System32\\wpcumi.dll",
"C:\\Windows\\System32\\catroot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\Microsoft-Windows-Common-Drivers-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat",
"C:\\Windows\\System32\\drivers\\csc.sys",
"C:\\Windows\\System32\\drivers\\i8042prt.sys",
"C:\\Windows\\System32\\gatherNetworkInfo.vbs",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\profiles.ini",
"C:\\Program Files\\Windows Media Player\\wmpnscfg.exe",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\",
"C:\\Windows\\System32\\ipbusenum.dll",
"C:\\Windows\\System32\\winlogon.exe",
"C:\\Windows\\System32\\wbem\\",
"C:\\Windows\\System32\\catroot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\Microsoft-Windows-Common-Modem-Drivers-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat",
"C:\\FRST\\m3Hu8Ft2L\\NTUSER.DAT",
"C:\\Windows\\System32\\drivers\\fvevol.sys",
"C:\\Windows\\Microsoft.NET\\Framework64\\v3.0\\Windows Communication Foundation\\infocard.exe",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Media Center\\ReindexSearchRoot",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\1657114595AmcateirvtiSty.files\\",
"C:\\Windows\\Microsoft.Net\\Framework64\\v3.0\\WPF\\",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Customer Experience Improvement Program\\Consolidator",
"C:\\Windows\\System32\\catroot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\Microsoft-Windows-SecureStartup-Basic-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat",
"C:\\Windows\\System32\\drivers\\hidusb.sys",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\CertificateServicesClient\\SystemTask",
"C:\\Windows\\System32\\win32spl.dll",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\AppID\\PolicyConverter",
"C:\\Windows\\System32\\",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Windows Error Reporting\\QueueReporting",
"C:\\Users\\cuck\\AppData\\Roaming\\Identities\\",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Pending Pings\\",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\PerfTrack\\BackgroundConfigSurveyor",
"C:\\Windows\\System32\\drivers\\amdxata.sys",
"C:\\Windows\\System32\\regidle.dll",
"C:\\FRST\\users00",
"C:\\Windows\\System32\\scecli.dll",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\default\\moz-safe-about+home\\idb\\3312185054sbndi_pspte.files\\",
"C:\\Windows\\System32\\nlaapi.dll",
"C:\\Windows\\System32\\wininit.exe",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\",
"C:\\Windows\\System32\\aelupsvc.dll",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\Certificates\\",
"C:\\Windows\\System32\\BFE.DLL",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\",
"C:\\Windows\\explorer.exe",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\MemoryDiagnostic\\CorruptionDetector",
"c:\\program files\\windows defender\\",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Application Experience\\ProgramDataUpdater",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Power Efficiency Diagnostics\\AnalyzeSystem",
"C:\\Windows\\System32\\drivers\\atapi.sys",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Media Center\\SqlLiteRecoveryTask",
"C:\\Windows\\System32\\audiosrv.dll",
"C:\\Program Files\\Windows Mail\\WinMail.exe",
"C:\\Windows\\System32\\drivers\\fileinfo.sys",
"C:\\Windows\\System32\\drivers\\dfsc.sys",
"C:\\Windows\\System32\\catroot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\Microsoft-Windows-ParentalControls-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat",
"C:\\Windows\\System32\\catroot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\Microsoft-Windows-MobilePC-Client-Basic-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\crashes\\",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\sessionstore-backups\\",
"C:\\Windows\\System32\\srchadmin.dll",
"C:\\Windows\\System32\\cscsvc.dll",
"C:\\Windows\\System32\\aitagent.exe",
"C:\\Windows\\System32\\appidcertstorecheck.exe",
"C:\\Windows\\System32\\provsvc.dll",
"C:\\Windows\\System32\\catroot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\Microsoft-Windows-SearchEngine-Client-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Customer Experience Improvement Program\\KernelCeipTask",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\WindowsColorSystem\\Calibration Loader",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\default\\about+newtab\\idb\\",
"C:\\Windows\\System32\\gpscript.dll",
"C:\\Windows\\System32\\appmgmts.dll",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\SystemExtensionsDev\\",
"C:\\Windows\\Microsoft.Net\\Framework64\\v3.0\\WPF\\PresentationFontCache.exe",
"C:\\Windows\\System32\\drivers\\b57nd60a.sys",
"C:\\Windows\\System32\\wdi.dll",
"C:\\Program Files (x86)\\Windows Mail\\",
"C:\\Program Files (x86)\\Windows Mail\\WinMail.exe",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Windows Filtering Platform\\BfeOnServiceStartTypeChange",
"C:\\Program Files (x86)\\mozilla firefox\\browser\\",
"C:\\Windows\\SysWOW64\\urlmon.dll",
"C:\\Windows\\SysWOW64\\itss.dll",
"C:\\Windows\\System32\\drivers\\acpi.sys",
"C:\\Windows\\System32\\catroot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\ntph.cat",
"C:\\Users\\Default User\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\",
"C:\\Windows\\System32\\wbem\\WmiPrvSE.exe",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\SideShow\\AutoWake",
"C:\\Windows\\SysWOW64\\hidserv.dll",
"C:\\Windows\\System32\\catroot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\Microsoft-Windows-RemoteAssistance-Package-Client~31bf3856ad364e35~amd64~~6.1.7601.17514.cat",
"C:\\Windows\\System32\\drivers\\hidbth.sys",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\8bea8c84332f5eaf85be32a3d67134efc603314efc297afe87b72d47bc03b79c.bin",
"C:\\Windows\\System32\\VaultCredProvider.dll",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\default\\about+newtab\\idb\\3312185054sbndi_pspte.files\\",
"C:\\Windows\\System32\\audiodg.exe",
"C:\\Windows\\System32\\SearchIndexer.exe",
"C:\\Windows\\System32\\dllhost.exe",
"C:\\Windows\\System32\\drivers\\bowser.sys",
"C:\\Windows\\System32\\drivers\\BrSerId.sys",
"C:\\Python27\\Scripts\\",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\RemoteAssistance\\RemoteAssistanceTask",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\gmp\\",
"C:\\Users\\",
"C:\\Windows\\System32\\drivers\\cdfs.sys",
"C:\\Windows\\System32\\pnrpnsp.dll",
"C:\\Users",
"C:\\Program Files\\Windows Defender\\",
"C:\\Windows\\System32\\drivers\\amdppm.sys",
"C:\\FRST",
"C:\\Windows\\System32\\fdeploy.dll",
"C:\\Windows\\System32\\hidserv.dll",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\bookmarkbackups\\",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\",
"C:\\Windows\\System32\\drivers\\etc\\hosts",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Shell\\WindowsParentalControls",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\SideShow\\SessionAgent",
"C:\\FRST\\bin\\sqlite3_x64.dll",
"C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Diagnosis\\Scheduled",
"C:\\FRST\\Hives\\",
"C:\\Windows\\System32\\catroot",
"C:\\Windows\\System32\\catroot2",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Time Synchronization\\SynchronizeTime",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Windows Media Sharing\\UpdateLibrary",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000004.db",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Defrag\\ScheduledDefrag",
"C:\\Windows\\System32\\rundll32.exe",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Media Center\\DispatchRecoveryTasks",
"C:\\Windows\\System32\\dnsrslvr.dll",
"C:\\Windows\\System32\\ListSvc.dll",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\extensions\\",
"C:\\Windows\\System32\\eapsvc.dll",
"C:\\Windows\\System32\\WinSATAPI.dll",
"C:\\FRST\\m3Hu8Ft2L",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Offline Files\\Logon Synchronization",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\",
"C:\\FRST\\bin\\",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Customer Experience Improvement Program\\UsbCeip",
"C:\\Program Files\\Windows Defender\\MpOAV.dll",
"C:\\Windows\\System32\\SearchProtocolHost.exe",
"C:\\Windows\\System32\\ie4uinit.exe",
"C:\\Windows\\System32\\MSVidCtl.dll",
"C:\\Windows\\System32\\drivers\\arcsas.sys",
"C:\\Windows\\System32\\dskquota.dll",
"C:\\Windows\\System32\\drivers\\amdide.sys",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Media Center\\PBDADiscoveryW1",
"C:\\Windows\\System32\\browser.dll",
"C:\\Windows\\System32\\mscms.dll",
"C:\\Windows\\System32\\powercfg.exe",
"C:\\Windows\\System32\\winrnr.dll",
"C:\\Windows\\System32\\taskhost.exe",
"C:\\Windows\\System32\\drivers\\intelide.sys",
"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorsvw.exe",
"C:\\Windows\\System32\\BthUdTask.exe",
"C:\\Windows\\System32\\dps.dll",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Bluetooth\\UninstallDeviceTask",
"C:\\Windows\\SysWOW64\\MSVidCtl.dll",
"C:\\Windows\\System32\\drivers\\hidbatt.sys",
"C:\\Program Files (x86)\\mozilla firefox\\defaults\\pref\\",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\TextServicesFramework\\MsCtfMonitor",
"C:\\Windows\\System32\\catroot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\Microsoft-Windows-Client-Features-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat",
"C:\\Windows\\System32\\drivers\\errdev.sys",
"C:\\Program Files\\",
"C:\\Users\\cuck\\AppData\\Local\\Temp",
"C:\\Windows\\ehome\\",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\MemoryDiagnostic\\DecompressionFailureDetector",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\default\\moz-safe-about+home\\idb\\",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Media Center\\OCURActivate",
"C:\\Windows\\System32\\cryptsvc.dll",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\install1338591",
"C:\\Windows\\SysWOW64\\mscoree.dll",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\CertificateServicesClient\\UserTask",
"C:\\FRST\\m3Hu8Ft2L\\UsrClass.dat.LOG1",
"C:\\FRST\\m3Hu8Ft2L\\UsrClass.dat.LOG2",
"C:\\Windows\\System32\\drivers\\discache.sys",
"C:\\Windows\\System32\\perftrack.dll",
"C:\\Windows\\SysWOW64\\ieframe.dll",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\3561288849sdhlie.files\\",
"C:\\Windows\\System32\\mswsock.dll",
"C:\\Windows\\System32\\catroot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\Microsoft-Windows-RemoteFX-RemoteClient-Setup-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat",
"C:\\Windows\\System32\\authui.dll",
"C:\\Windows\\System32\\drivers\\aliide.sys",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Tcpip\\IpAddressConflict1",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Tcpip\\IpAddressConflict2",
"C:\\Windows\\System32\\drivers\\evbda.sys",
"C:\\Windows\\Microsoft.NET\\Framework64\\v3.0\\Windows Communication Foundation\\",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\events\\",
"C:\\Users\\cuck\\AppData\\Roaming\\",
"C:\\Windows\\System32\\defragsvc.dll",
"C:\\Windows\\System32\\wermgr.exe",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\archived\\2018-06\\",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Active Directory Rights Management Services Client\\AD RMS Rights Policy Template Management (Automated)",
"C:\\Windows\\System32\\dimsjob.dll",
"C:\\Windows\\System32\\catroot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\ntpe.cat",
"C:\\Windows\\SysWOW64\\appmgmts.dll",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\archived\\",
"C:\\Windows\\SysWOW64\\mshtml.dll",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Media Center\\OCURDiscovery",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\gmp\\WINNT_x86-msvc\\",
"C:\\Windows\\System32\\FntCache.dll",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Media Center\\ActivateWindowsSearch",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Media Center\\mcupdate",
"C:\\Windows\\System32\\drivers\\acpipmi.sys",
"C:\\Windows\\System32\\mctadmin.exe",
"C:\\Windows\\System32\\SearchFilterHost.exe",
"C:\\Windows\\System32\\drivers\\adpahci.sys",
"C:\\FRST\\Hives\\cuck\\",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Media Center\\InstallPlayReady",
"C:\\Windows\\System32\\drivers\\arc.sys",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\User Profile Service\\HiveUploadTask",
"C:\\Windows\\System32\\drivers\\elxstor.sys",
"C:\\Windows\\System32\\VSSVC.exe",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\default\\moz-safe-about+home\\",
"C:\\Python27\\",
"C:\\Windows\\System32\\certCredProvider.dll",
"C:\\FRST\\z8Fn3Cz4\\SYSTEM{016888cd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf",
"\\Device\\NamedPipe\\",
"C:\\Windows\\System32\\qmgr.dll",
"C:\\Windows\\System32\\drivers\\cmdide.sys",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\reg101",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Shell\\WindowsParentalControlsMigration",
"D:\\Windows\\System32\\config\\",
"C:\\Windows\\System32\\drivers\\GAGP30KX.SYS",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\crashes\\events\\",
"C:\\Windows\\SysWOW64\\pnrpnsp.dll",
"C:\\Windows\\ehome\\ehsched.exe",
"C:\\Windows\\System32\\csrss.exe",
"c:\\program files\\windows defender\\MpCmdRun.exe",
"C:\\Windows\\System32\\drivers\\1394ohci.sys",
"C:\\Windows\\System32\\dot3gpclnt.dll",
"C:\\Windows\\SysWOW64\\nlaapi.dll",
"C:\\Windows\\SysWOW64\\GroupPolicyUsers\\",
"C:\\Windows\\System32\\HotStartUserAgent.dll",
"C:\\Users\\desktop.ini",
"C:\\Windows\\System32\\drivers\\amdsata.sys",
"C:\\Windows\\System32\\drivers\\fs_rec.sys",
"C:\\Windows\\System32\\gptext.dll",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\SideShow\\GadgetManager",
"C:\\Windows\\System32\\drivers\\bxvbda.sys",
"C:\\Windows\\SysWOW64\\drivers\\",
"C:\\Windows\\System32\\drivers\\crcdisk.sys",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\",
"C:\\Windows\\System32\\drivers\\BrUsbMdm.sys",
"C:\\Windows\\System32\\drivers\\battc.sys",
"C:\\Windows\\System32\\catroot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\Microsoft-Windows-OfflineFiles-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat",
"C:\\Windows\\System32\\catroot2\\",
"C:\\Windows\\System32\\spoolsv.exe",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CTLs\\",
"C:\\Windows\\System32\\sdclt.exe",
"C:\\Windows\\System32\\cscui.dll",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\default\\about+newtab\\",
"C:\\Windows\\",
"C:\\Windows\\System32\\drivers\\http.sys",
"C:\\Windows\\System32\\drivers\\",
"C:\\Windows\\System32\\appinfo.dll",
"C:\\FRST\\b4Ye2Sa8E",
"C:\\Windows\\System32\\memdiag.dll",
"C:\\Windows\\System32\\catroot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\Microsoft-Windows-Printing-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat",
"C:\\Windows\\System32\\drivers\\AGP440.sys",
"C:\\Windows\\System32\\wsqmcons.exe",
"C:\\Windows\\System32\\catroot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\Microsoft-Windows-Client-Wired-Network-Drivers-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\FRST.txt",
"C:\\Windows\\System32\\drivers\\exfat.sys",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\SoftwareProtectionPlatform\\SvcRestartTask",
"C:\\Windows\\System32\\PlaySndSrv.dll"
],
"regkey_opened": [
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\clr_optimization_v2.0.50727_32",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\BTHMODEM",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Disk",
"HKEY_CURRENT_USER\\SOFTWARE\\Policies\\Microsoft\\Internet Explorer",
"HKEY_LOCAL_MACHINE\\Software\\Wow6432Node\\Microsoft\\Internet Explorer\\URLSearchHooks",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\URL\\Prefixes",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\AudioEndpointBuilder\\parameters",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\FileInfo",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\arcsas",
"HKEY_LOCAL_MACHINE\\Software\\Wow6432Node\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags\\InstalledSDB",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_INITIALIZE_URLACTION_SHELLEXECUTE_TO_ALLOW_KB936610",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GPExtensions\\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\agp440",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\vds",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\IKEEXT",
"HKEY_CLASSES_ROOT\\CLSID\\{79eac9e7-baf9-11ce-8c82-00aa004ba90b}\\InprocServer32",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\udfs",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\DPS",
"HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\\InprocServer32",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GPExtensions\\{91FBB303-0CD5-4055-BF42-E512A681B325}",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\ehRecvr",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\App Paths\\fdeploy.dll",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\idsvc",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\FontCache\\parameters",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\rdyboost",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Authentication\\Credential Providers",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\AudioEndpointBuilder",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\SamSs",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\NativeWifiP",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\scfilter",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\WIMMount",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\App Paths\\gpprefcl.dll",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\Dnscache\\parameters",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\rdbss",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\{AEFD33F3-CC73-4821-AD44-6915063E7FB1}",
"HKEY_CLASSES_ROOT\\CLSID\\{05300401-BCBC-11d0-85E3-00C04FD85AB4}\\InprocServer32",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\adp94xx",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\fdPHost",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{CEE64558-E1A7-4D9D-80A7-2001912BE5B5}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\WdiSystemHost",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\BITS",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\amdsbs",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Wd",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\App Paths\\gpscript.dll",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GPExtensions\\",
"HKEY_LOCAL_MACHINE\\Software\\Wow6432Node\\Mozilla\\Firefox",
"HKEY_LOCAL_MACHINE\\Software\\Wow6432Node\\Microsoft\\Active Setup\\Installed Components\\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\TsUsbGD",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries64",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\intelppm",
"HKEY_CLASSES_ROOT\\CLSID\\{12D51199-0DB5-46FE-A120-47A3D7D937CC}\\InprocServer32",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\iphlpsvc",
"HKEY_USERS\\Software\\Classes\\ActivatableClasses\\Package",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\iaStorV",
"HKEY_USERS\\.DEFAULT\\SOFTWARE\\Policies\\Google",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\DPS\\parameters",
"HKEY_LOCAL_MACHINE\\Software\\microsoft\\internet explorer",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries64\\000000000002",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries64\\000000000003",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries64\\000000000004",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries64\\000000000005",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries64\\000000000006",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries64\\000000000007",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries64\\000000000008",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries64\\000000000009",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\lmhosts",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\BattC",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags\\Custom",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\MozillaMaintenance",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\megasas",
"HKEY_CLASSES_ROOT\\CLSID\\{94596c7e-3744-41ce-893e-bbf09122f76a}\\InprocServer32",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\defragsvc\\parameters",
"HKEY_USERS\\.DEFAULT\\SOFTWARE\\Policies\\Mozilla\\Firefox",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{4FDEA3B5-7CDE-48F7-940C-43CDBB18FB20}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\xmlprov",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries64\\000000000001",
"HKEY_USERS\\.DEFAULT\\Software\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppContainer\\Storage",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\BrUsbMdm",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\HidIr",
"HKEY_CLASSES_ROOT\\CLSID\\{B210D694-C8DF-490d-9576-9E20CDBC20BD}\\InprocServer32",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\ServiceModelService 3.0.0.0",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Active Setup\\Installed Components\\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\IPMIDRV",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\HDAudBus",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\UGatherer",
"HKEY_USERS\\.DEFAULT\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\BDESVC\\parameters",
"HKEY_USERS\\.DEFAULT\\Software\\Microsoft\\Internet Explorer\\ContinuousBrowsing",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\clr_optimization_v2.0.50727_64",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\BattC",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\QWAVEdrv",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Npfs",
"HKEY_CLASSES_ROOT\\CLSID\\{1E66F26B-79EE-11D2-8710-00C04F79ED0D}\\InprocServer32",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\b57nd60a",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\RasAuto",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\sppuinotify",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\volmgrx",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\TrustedInstaller",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\Tcpip\\Parameters\\Interfaces\\{EF381EA0-4D07-418D-A490-68AF67CE948B}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\ServiceModelEndpoint 3.0.0.0",
"HKEY_CURRENT_USER\\Environment",
"HKEY_CLASSES_ROOT\\CLSID\\{3050F3B2-98B5-11CF-BB82-00AA00BDCE0B}\\InprocServer32",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\CNG",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\HomeGroupListener\\parameters",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\RemovalTools\\MRT",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GPExtensions\\{6232C319-91AC-4931-9385-E70C2B099F0E}",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\.NET Data Provider for Oracle",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Authentication\\PLAP Providers",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{EB02381F-D652-4B1C-894A-712498C62C51}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Fax",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\RDPCDD",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\LanmanServer",
"HKEY_LOCAL_MACHINE\\Software\\Wow6432Node\\Microsoft\\Active Setup\\Installed Components\\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\App Paths\\inetpp.dll",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\eventlog\\parameters",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{D018DE2F-F02A-4BDB-BA74-56BCD427BE40}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GPExtensions\\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Active Setup\\Installed Components\\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Smb",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{28011108-68DF-4C73-B91B-57427D501BBA}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\s3cap",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\BrSerWdm",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{B0CBAB43-44FC-469B-A4CE-87426761FDCE}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GPExtensions\\{7933F41E-56F8-41d6-A31C-4148A711EE93}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\iirsp",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\hidserv",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Print\\Providers",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\crcdisk",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\secdrv",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\FltMgr",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\FontCache",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\UI0Detect",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Serial",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\crypt32",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Dnscache",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GPExtensions\\{C418DD9D-0D14-4efb-8FBF-CFE535C8FAC7}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\WSearch",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\HidBth",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\CLFS",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\kbdhid",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\.NET Data Provider for Oracle",
"HKEY_CLASSES_ROOT\\CLSID\\{BA677074-762C-444b-94C8-8C83F93F6605}\\localserver32",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Active Setup\\Installed Components\\{3af36230-a269-11d1-b5bf-0000f8051515}",
"HKEY_CURRENT_USER\\SOFTWARE\\Clients\\StartMenuInternet\\shell\\open\\command",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\PolicyAgent",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\AmdK8",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GPExtensions\\{E62688F0-25FD-4c90-BFF5-F508B9D2E31F}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Null",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\Dnscache",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Active Setup\\Installed Components\\{C9E9A340-D1F1-11D0-821E-444553540600}",
"HKEY_CLASSES_ROOT\\CLSID\\{06DA0625-9701-43da-BFD7-FBEEA2180A1E}\\InprocServer32",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EFS",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\wercplsupport",
"HKEY_CLASSES_ROOT\\CLSID\\{c1f85ef8-bcc2-4606-bb39-70c523715eb3}\\InprocServer32",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GPExtensions\\{cdeafc3d-948d-49dd-ab12-e578ba4af7aa}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GPExtensions\\{c6dc5466-785a-11d2-84d0-00c04fb169f7}",
"HKEY_CLASSES_ROOT\\Wow6432Node\\CLSID\\{8f6b0360-b80d-11d0-a9b3-006097942311}\\InprocServer32",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\LanmanWorkstation",
"HKEY_CURRENT_USER\\Software\\AutoIt v3\\AutoIt",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\NetBT",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\SearchScopes",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\adpu320",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\storflt",
"HKEY_CLASSES_ROOT\\CLSID\\{3050F3BC-98B5-11CF-BB82-00AA00BDCE0B}\\InprocServer32",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\EapHost\\parameters",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\App Paths\\appmgmts.dll",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\MsRPC",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\App Paths\\inetpp.dll",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Active Setup\\Installed Components\\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}",
"HKEY_CLASSES_ROOT\\CLSID\\{42060D27-CA53-41f5-96E4-B1E8169308A6}\\InprocServer32",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\HomeGroupListener",
"HKEY_LOCAL_MACHINE\\Software\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\RunOnceEx",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Active Setup\\Installed Components\\{89B4C1CD-B018-4511-B0A1-5476DBF70820}",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\AmdPPM",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\sppsvc",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\HTTP",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\adpahci",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{3307E641-F5EE-49E6-A1FE-BFB5D671441C}",
"HKEY_CLASSES_ROOT\\CLSID\\{190BA3F6-0205-4f46-B589-95C6822899D2}\\InprocServer32",
"HKEY_USERS\\.DEFAULT\\SOFTWARE\\Policies\\Microsoft\\Internet Explorer",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\hwpolicy",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{1F7B7221-AE8F-44F3-BA82-F7D260F51964}",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\gagp30kx",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\SessionEnv",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\COMSysApp\\parameters",
"HKEY_CLASSES_ROOT\\PROTOCOLS\\Filter\\deflate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{17F5B0DE-8DA9-4280-8CB8-91422B9A8CE1}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\ws2ifsl",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\WinHttpAutoProxySvc",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\AudioSrv",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\COMSysApp",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\Fax",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\wcncsvc",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\UmPass",
"HKEY_CLASSES_ROOT\\PROTOCOLS\\Filter\\application\/x-complus",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\mrxsmb20",
"HKEY_LOCAL_MACHINE\\Software\\Wow6432Node\\Microsoft\\Active Setup\\Installed Components\\{630b1da0-b465-11d1-9948-00c04f98bbc9}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\WinSock2",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\iScsiPrt",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_PROTOCOL_LOCKDOWN",
"HKEY_CLASSES_ROOT\\Wow6432Node\\CLSID\\{05300401-BCBC-11d0-85E3-00C04FD85AB4}\\InprocServer32",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GPExtensions\\{7150F9BF-48AD-4da4-A49C-29EF4A8369BA}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters\\PersistentRoutes",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\CryptSvc",
"HKEY_USERS\\.DEFAULT\\Software\\Mozilla",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\PropertySystem\\PropertyHandlers\\.",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\policies\\Explorer\\Run",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\wuauserv",
"HKEY_CLASSES_ROOT\\CLSID\\{2781761E-28E0-4109-99FE-B9D127C57AFE}\\Hosts\\SHDOCVW\\8bea8c84332f5eaf85be32a3d67134efc603314efc297afe87b72d47bc03b79c.bin",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Lsa",
"HKEY_CURRENT_USER\\Control Panel\\Desktop",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\AppIDSvc",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\DcomLaunch",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GPExtensions\\{42B5FAAE-6536-11d2-AE5A-0000F87571E3}",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\AudioEndpointBuilder",
"HKEY_CLASSES_ROOT\\Wow6432Node\\CLSID\\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.exe",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Processor",
"HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Run",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\App Paths\\BthUdTask.exe",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\arcsas",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\BTHMODEM",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Wlansvc",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\CertPropSvc\\parameters",
"HKEY_CLASSES_ROOT\\CLSID\\{58fb76b9-ac85-4e55-ac04-427593b1d060}\\InprocServer32",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries",
"HKEY_CLASSES_ROOT\\Wow6432Node\\CLSID\\{79eac9e5-baf9-11ce-8c82-00aa004ba90b}\\InprocServer32",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\LSI_SAS",
"HKEY_CLASSES_ROOT\\Wow6432Node\\CLSID\\{9D148291-B9C8-11D0-A4CC-0000F80149F6}\\InprocServer32",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\HidBatt",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{09F06BFE-A3C8-40E3-846A-6E6F4000C238}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\App Paths\\wlgpclnt.dll",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\ServiceModelOperation 3.0.0.0",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GPExtensions\\{FB2CA36D-0B40-4307-821B-A13B252DE56C}",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\hidserv\\parameters",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Active Setup\\Installed Components\\{89820200-ECBD-11cf-8B85-00AA005B4383}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\isapnp",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GPExtensions\\{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\volsnap",
"HKEY_LOCAL_MACHINE\\Software\\Wow6432Node\\Microsoft\\Active Setup\\Installed Components\\{7C028AF8-F614-47B3-82DA-BA94E41B1089}",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\flpydisk",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\ldap",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\E1G60",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\netprofm",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Session Manager",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\sffp_sd",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\usbprint",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\RasAgileVpn",
"HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows NT\\SystemRestore",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\flpydisk",
"HKEY_CLASSES_ROOT\\PROTOCOLS\\Handler\\http",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{874CFED9-D01D-4D16-9775-B8A7A05004BF}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\App Paths\\win32spl.dll",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\DfsC",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\ehRecvr\\parameters",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\Tcpip\\Parameters\\Interfaces\\{AEFD33F3-CC73-4821-AD44-6915063E7FB1}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{5C0AEEEA-C154-45BE-8499-BEA5F11BAFF6}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\i8042prt",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\pcmcia",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries64",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\MSDTC",
"HKEY_USERS\\.DEFAULT\\Software\\Policies\\Microsoft\\Windows\\safer\\codeidentifiers",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\gpsvc",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\circlass",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\amdsbs",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\PropertySystem\\PropertyHandlers\\.LOG",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{DA41DE71-8431-42FB-9DB0-EB64A961DEAD}",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\blbdrive",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\RemoteRegistry",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\W32Time",
"HKEY_LOCAL_MACHINE\\Software\\MozillaPlugins",
"HKEY_CLASSES_ROOT\\CLSID\\{3dd6bec0-8193-4ffe-ae25-e08e39ea4063}\\InprocServer32",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Ndisuio",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\atapi",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\AmdPPM",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\ALG",
"HKEY_CLASSES_ROOT\\CLSID\\{79eac9e6-baf9-11ce-8c82-00aa004ba90b}\\InprocServer32",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Themes",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\pla",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Clients\\StartMenuInternet\\IEXPLORE.EXE\\shell\\open\\command",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{5BE46CE1-CA9B-4CAD-B2E9-8C3F7716AF90}",
"HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\System",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\fastfat",
"HKEY_LOCAL_MACHINE\\Software\\Wow6432Node\\Microsoft\\Active Setup\\Installed Components\\{4f645220-306d-11d2-995d-00c04f98bbc9}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GPExtensions\\{74EE6C03-5363-4554-B161-627540339CAB}",
"HKEY_CLASSES_ROOT\\CLSID\\{e7ed314f-2816-4c26-aeb5-54a34d02404c}\\InprocServer32",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\seclogon",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\LSI_SAS2",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\mrxsmb",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GPExtensions\\{F9C77450-3A41-477E-9310-9ACD617BD9E3}",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\IPBusEnum\\parameters",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\clr_optimization_v2.0.50727_32",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\SecurityProviders",
"HKEY_USERS\\Software\\Microsoft\\Windows\\CurrentVersion\\PackagedAppXDebug",
"HKEY_CLASSES_ROOT\\PROTOCOLS\\Handler\\mailto",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GPExtensions\\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\PeerDistSvc",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\nsiproxy",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\.NET CLR Data",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\CSC",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Toolbar\\WebBrowser",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\AxInstSV",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\monitor",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\atapi",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GPExtensions\\{5794DAFD-BE60-433f-88A2-1A31939AC01F}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\BFE",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\DXGKrnl",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{CA4B8FF2-A4D2-4D88-A52E-3A5BDAF7F56E}",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\Browser",
"HKEY_LOCAL_MACHINE\\Software\\Wow6432Node\\Microsoft\\Internet Explorer\\Main",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\ProtectedStorage",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\Appinfo\\parameters",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\WebClient",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\eventlog",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\idsvc",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\HidUsb",
"HKEY_CLASSES_ROOT\\PROTOCOLS\\Handler\\dvd",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\AmdK8",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\mouhid",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\App Paths\\dot3gpclnt.dll",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\SCardSvr",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Active Setup\\Installed Components\\{89820200-ECBD-11cf-8B85-00AA005B4340}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\FDResPub",
"HKEY_CURRENT_USER\\Control Panel\\Mouse",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\aliide",
"HKEY_CLASSES_ROOT\\CLSID\\{79eac9e3-baf9-11ce-8c82-00aa004ba90b}\\InprocServer32",
"HKEY_LOCAL_MACHINE\\Software\\Wow6432Node\\Microsoft\\Active Setup\\Installed Components\\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\Fs_Rec",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{CD962721-73F1-4649-85D7-6884C1EF28D9}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\App Paths\\scecli.dll",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\RDPDR",
"HKEY_CLASSES_ROOT\\PROTOCOLS\\Handler\\mhtml",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows Defender",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\nv_agp",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Command Processor",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Active Setup\\Installed Components\\{7790769C-0471-11d2-AF11-00C04FA35D02}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects",
"HKEY_CLASSES_ROOT\\PROTOCOLS\\Filter",
"HKEY_USERS\\.DEFAULT\\Software\\Microsoft\\Internet Explorer\\Toolbar\\WebBrowser",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries64\\000000000010",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\RDPDD",
"HKEY_USERS\\.DEFAULT\\SOFTWARE\\Clients\\StartMenuInternet\\ChromeHTML",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\ACPI",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\BrFiltLo",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\App Paths\\SmartcardCredentialProvider.dll",
"HKEY_CLASSES_ROOT\\CLSID\\{25CBB996-92ED-457e-B28C-4774084BD562}\\InprocServer32",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\fdPHost",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\Run",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\PerfOS",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GPExtensions\\{E47248BA-94CC-49c4-BBB5-9EB7F05183D0}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\App Paths\\mscoree.dll",
"HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\SystemCertificates\\Disallowed\\Certificates",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\exfat",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\CertPropSvc",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\App Paths\\explorer.exe",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\FontCache3.0.0.0",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\Security",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EapHost",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\SearchScopes\\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\RDPENCDD",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\system",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\ErrDev",
"HKEY_CLASSES_ROOT\\CLSID\\{E51DFD48-AA36-4B45-BB52-E831F02E8316}\\InprocServer32",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\MRxDAV",
"HKEY_CLASSES_ROOT\\Wow6432Node\\CLSID\\{CBD30858-AF45-11D2-B6D6-00C04FBBDE6E}\\InprocServer32",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Active Setup\\Installed Components\\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}",
"HKEY_CLASSES_ROOT\\CLSID\\{45F26E9E-6199-477F-85DA-AF1EDfE067B1}\\InprocServer32",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\nvstor",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\AppMgmt",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Wpad\\{E34DF837-3A38-4E8C-83F4-ABF8AB3FB4A6}",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\inetaccs",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Active Setup\\Installed Components",
"HKEY_CLASSES_ROOT\\Wow6432Node\\CLSID\\{3dd53d40-7b8b-11D0-b013-00aa0059ce02}\\InprocServer32",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Shell\\AutoRun\\command",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\SensrSvc",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\DfsC",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Active Setup\\Installed Components\\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}",
"HKEY_CLASSES_ROOT\\CLSID\\{1E66F26B-79EE-11D2-8710-00C04F79ED0D}\\InprocServer32\\2.0.50727",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows Defender\\Real-Time Protection",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\WdiServiceHost",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\arc",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\SearchScopes",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\VaultSvc",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\amdxata",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\fvevol",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\EFS",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{753C47AE-EC5E-44B3-95A9-2C8E553F0E39}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\wmiApSrv",
"HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon",
"HKEY_CLASSES_ROOT\\Wow6432Node\\CLSID\\{3050F3BC-98B5-11CF-BB82-00AA00BDCE0B}\\InprocServer32",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Active Setup\\Installed Components\\>{26923b43-4d38-484f-9b9e-de460746276c}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\WinDefend",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\intelide",
"HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\RunOnce",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\.NETFramework",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\i8042prt",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{A6AF9377-77CE-47AB-AD7D-EC32CAD0C82D}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\arc",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\AeLookupSvc\\parameters",
"HKEY_CLASSES_ROOT\\FirefoxURL-E7CF176E110C211B\\shell\\open\\command",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{CDA5F4EE-8293-4A5D-8564-04CD067D1A85}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Brserid",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{AC4E5ACF-89F7-4220-BA21-81EE183975E2}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{7AFCC0CA-7121-422A-AB45-B0E8D599FF08}",
"HKEY_CLASSES_ROOT\\Wow6432Node\\CLSID\\{1E66F26B-79EE-11D2-8710-00C04F79ED0D}\\InprocServer32",
"HKEY_LOCAL_MACHINE\\Software\\Wow6432Node\\Microsoft\\Active Setup\\Installed Components\\{7790769C-0471-11d2-AF11-00C04FA35D02}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\MpsSvc",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\EapHost",
"HKEY_LOCAL_MACHINE\\Software\\Wow6432Node\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\PerfDisk",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\WerSvc",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\MMCSS",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\AcpiPmi",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\sffp_mmc",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\Tcpip\\Parameters",
"HKEY_USERS\\.DEFAULT\\SOFTWARE\\Google\\Chrome\\Extensions",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GPExtensions\\{A3F3E39B-5D83-4940-B954-28315B82F0A8}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\intelppm",
"HKEY_LOCAL_MACHINE\\Software\\Wow6432Node\\Microsoft\\Command Processor",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\ehRecvr",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\tunnel",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Appinfo",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\App Paths\\BthUdTask.exe",
"HKEY_CLASSES_ROOT\\Wow6432Node\\CLSID\\{79eac9e3-baf9-11ce-8c82-00aa004ba90b}\\InprocServer32",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GPExtensions\\{0E28E245-9368-4853-AD84-6DA3BA35BB75}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GPExtensions\\{B087BE9D-ED37-454f-AF9C-04291E351182}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\SDRSVC",
"HKEY_CURRENT_USER\\SOFTWARE\\Policies\\Google",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{72DB7465-BC54-491B-A92A-4637A28C9BBF}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\FontCache3.0.0.0",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\hcw85cir",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags\\Custom",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Modem",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\AxInstSV",
"HKEY_LOCAL_MACHINE\\Software\\Wow6432Node\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags\\Custom",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Netman",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\amdxata",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\eventlog",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\PerfProc",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\.NET Data Provider for SqlServer",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\App Paths\\gptext.dll",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\CompositeBus",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\FltMgr",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\EventSystem\\parameters",
"HKEY_LOCAL_MACHINE\\HARDWARE\\DESCRIPTION\\System\\BIOS",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\AppMgmt\\parameters",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\ACPI",
"HKEY_CURRENT_USER\\SOFTWARE\\Clients\\StartMenuInternet\\ChromeHTML",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\AsyncMac",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\KeyIso",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\uliagpkx",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\NdisWan",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\PropertySystem\\PropertyHandlers\\.regtrans-ms",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\KindMap",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Nls\\Language",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Schedule",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\.NET Data Provider for SqlServer",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\MegaSR",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\TCPIPTUNNEL",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Power",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\URL\\DefaultPrefix",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\dmvsc",
"HKEY_LOCAL_MACHINE\\Software\\Wow6432Node\\Microsoft\\Active Setup\\Installed Components\\{89820200-ECBD-11cf-8B85-00AA005B4340}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\sffdisk",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\MSSCNTRS",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Active Setup\\Installed Components\\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\HDAudBus",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\FDResPub\\parameters",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries64\\000000000002",
"HKEY_CLASSES_ROOT\\CLSID\\{ca767aa8-9157-4604-b64b-40747123d5f2}\\InprocServer32",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\upnphost",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GPExtensions\\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries64\\000000000006",
"HKEY_LOCAL_MACHINE\\Software\\Wow6432Node\\Microsoft\\Active Setup\\Installed Components\\{C9E9A340-D1F1-11D0-821E-444553540600}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries64\\000000000004",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries64\\000000000005",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\WinRM",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\RpcEptMapper",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings",
"HKEY_LOCAL_MACHINE\\Software\\Wow6432Node\\Mozilla",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\vdrvroot",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\cmdide",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\WANARP",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\IKEEXT\\parameters",
"HKEY_CLASSES_ROOT\\PROTOCOLS\\Handler",
"HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\SearchScopes",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\UmRdpService",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\bowser",
"HKEY_CLASSES_ROOT\\CLSID\\{8f6b0360-b80d-11d0-a9b3-006097942311}\\InprocServer32",
"HKEY_LOCAL_MACHINE\\Software\\Wow6432Node\\Microsoft\\Active Setup\\Installed Components\\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}",
"HKEY_CLASSES_ROOT\\Wow6432Node\\CLSID\\{3050f3DA-98B5-11CF-BB82-00AA00BDCE0B}\\InprocServer32",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\000000000010",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{FDD56C73-F0D5-41B6-B767-6EFFD7966428}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\ALG",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\tdx",
"HKEY_CURRENT_USER\\Software\\Mozilla",
"HKEY_CLASSES_ROOT\\CLSID\\{FF87090D-4A9A-4f47-879B-29A80C355D61}\\InprocServer32",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\1394ohci",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\ksthunk",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\TCPIP6",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\PNRPsvc",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{FB3C354D-297A-4EB2-9B58-090F6361906B}",
"HKEY_LOCAL_MACHINE\\Software\\Wow6432Node\\Mozilla\\Mozilla Firefox 60.0.2\\extensions",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\mssmbios",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\PropertySystem\\PropertyHandlers\\.blf",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Run",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GPExtensions\\{AADCED64-746C-4633-A97C-D61349046527}",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\HomeGroupProvider\\parameters",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{5B42DD9C-5A26-4F27-BB95-34603F0997E5}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\USBSTOR",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\CLFS",
"HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppContainer\\Storage\\microsoft.microsoftedge_8wekyb3d8bbwe\\MicrosoftEdge\\Notifications\\Domains",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{A48CABBF-24C8-4B87-B00F-9261807C3B43}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Active Setup\\Installed Components\\{FEBEF00C-046D-438D-8A88-BF94A6C9E703}",
"HKEY_LOCAL_MACHINE\\Software\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\RpcSs",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\BrUsbSer",
"HKEY_CLASSES_ROOT\\CLSID\\{900be39d-6be8-461a-bc4d-b0fa71f5ecb1}\\InprocServer32",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\ehSched",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\WinSock2\\Parameters\\NameSpace_Catalog5",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{486D715E-6AA2-44CF-BC48-B6990CBB53C6}",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\hwpolicy",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\App Paths\\auditcse.dll",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\Toolbar",
"HKEY_CLASSES_ROOT\\CLSID\\{503739d0-4c5e-4cfd-b3ba-d881334f0df2}\\InprocServer32",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\ContinuousBrowsing",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\iphlpsvc",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{044A6734-E90E-4F8F-B357-B2DC8AB3B5EC}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\TCPIP6TUNNEL",
"HKEY_CLASSES_ROOT\\CLSID\\{AC3AC249-E820-4343-A65B-377AC634DC09}\\InprocServer32",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\CscService",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\bthserv",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Compbatt",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\BrFiltUp",
"HKEY_CURRENT_USER\\Software\\Microsoft\\SystemCertificates\\Disallowed\\Certificates",
"HKEY_USERS\\.DEFAULT\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\App Paths\\appmgmts.dll",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{2E941CB2-1B33-47C4-905B-8B4278819513}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\cmdide",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\BFE",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{FA2BC0A6-8D4B-458A-85C8-2B8C72487513}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries\\000000000002",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries\\000000000003",
"HKEY_CLASSES_ROOT\\PROTOCOLS\\Filter\\application\/octet-stream",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries\\000000000001",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries\\000000000006",
"HKEY_USERS\\.DEFAULT\\SOFTWARE\\Microsoft\\Internet Explorer\\SearchScopes",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries\\000000000004",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries\\000000000005",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\BTHPORT",
"HKEY_CLASSES_ROOT\\PROTOCOLS\\Filter\\application\/x-msdownload",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{CC35D2E9-B9E1-4ADC-9DA5-71487D9E9EB5}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Netlogon",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\HidUsb",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\RDPWD",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\vsmraid",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\storvsc",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{B81A55E6-C03C-4EF0-B86F-A80A89DF468D}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Tcpip",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{A7C73732-9F11-4281-8D19-764D4EC9D94D}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Code Store Database\\Distribution Units",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\TermDD",
"HKEY_CLASSES_ROOT\\PROTOCOLS\\Handler\\https",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\aliide",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Wanarpv6",
"HKEY_LOCAL_MACHINE\\Software\\Wow6432Node\\Microsoft\\Active Setup\\Installed Components\\{3af36230-a269-11d1-b5bf-0000f8051515}",
"HKEY_CLASSES_ROOT\\PROTOCOLS\\Handler\\javascript",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\idsvc\\parameters",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\DcomLaunch",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\CryptSvc",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\iaStorV",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\Compbatt",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\PerfNet",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Winmgmt",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\circlass",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\WacomPen",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\amdide",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\rdpbus",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\ehSched",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\cdfs",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\RDPREFMP",
"HKEY_CLASSES_ROOT\\CLSID\\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\UGTHRSVC",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\drmkaud",
"HKEY_CLASSES_ROOT\\PROTOCOLS\\Handler\\mk",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\Disk",
"HKEY_CLASSES_ROOT\\CLSID\\{BF5CB148-7C77-4d8a-A53E-D81C70CF743C}\\InprocServer32",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\AppID",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\blbdrive",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\RasSstp",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\fastfat",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\1394ohci",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\sermouse",
"HKEY_LOCAL_MACHINE\\Software\\Wow6432Node\\Microsoft\\Active Setup\\Installed Components\\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\crcdisk",
"HKEY_LOCAL_MACHINE\\i2Os6As7Bx\\Select",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{B43033E6-1453-4AD6-AFBA-C03CFC178286}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GPExtensions\\{4bcd6cde-777b-48b6-9804-43568e23545d}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GPExtensions\\{fbf687e6-f063-4d9f-9f4f-fd9a26acdd5f}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\msdsm",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\MSiSCSI",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\MSKSSRV",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\ohci1394",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{81540B9F-B5BF-47EB-9C95-BE195BF2C664}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Active Setup\\Installed Components\\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\Beep",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\CmBatt",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C}",
"HKEY_LOCAL_MACHINE\\Software\\Wow6432Node\\Microsoft\\Active Setup\\Installed Components\\{9381D8F2-0288-11D0-9501-00AA00B911A5}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\stisvc",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Windows Workflow Foundation 3.0.0.0",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\ebdrv",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\HomeGroupProvider",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\App Paths\\aitagent.exe",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\sfloppy",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\msahci",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\WudfPf",
"HKEY_CLASSES_ROOT\\PROTOCOLS\\Handler\\local",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\b06bdrv",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\AudioSrv\\parameters",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\NTDS",
"HKEY_CLASSES_ROOT\\Wow6432Node\\CLSID\\{79eac9e2-baf9-11ce-8c82-00aa004ba90b}\\InprocServer32",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\{3f5cc1b6-70f9-11e8-b07b-806e6f6e6963}\\Shell\\AutoRun\\command",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\UxSms",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries64\\000000000003",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GPExtensions\\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{C016366B-7126-46CA-B36B-592A3D95A60B}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\KtmRm",
"HKEY_CLASSES_ROOT\\PROTOCOLS\\Handler\\its",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\mshidkmdf",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\KSecDD",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries64\\000000000001",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\SENS",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Lsa",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Authentication\\Credential Provider Filters",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{D0250F3F-6480-484F-B719-42F659AC64D5}",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\App Paths\\wlgpclnt.dll",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\WmiAcpi",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\LanmanServer\\DefaultSecurity",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\srvnet",
"HKEY_CLASSES_ROOT\\CLSID\\{c27f6b1d-fe0b-45e4-9257-38799fa69bc8}\\InprocServer32",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\elxstor",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\TsUsbFlt",
"HKEY_CLASSES_ROOT\\Wow6432Node\\CLSID\\{12D51199-0DB5-46FE-A120-47A3D7D937CC}\\InprocServer32",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\RunServicesOnce",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{96137355-BC34-4BA7-81B7-47C87B556E7D}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{DD9F510C-95F4-499A-90C8-BAC5BC372FF4}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\RasPppoe",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Active Setup\\Installed Components\\{6BF52A52-394A-11d3-B153-00C04F79FAA6}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\RemoteAccess",
"HKEY_LOCAL_MACHINE\\Software\\Wow6432Node\\Microsoft\\Active Setup\\Installed Components\\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Fs_Rec",
"HKEY_CLASSES_ROOT\\PROTOCOLS\\Handler\\vbscript",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\pciide",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\dot3svc",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\elxstor",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\AppIDSvc\\parameters",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\dmvsc",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\spldr",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\LSI_SCSI",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\NdisTapi",
"HKEY_CURRENT_USER\\SOFTWARE\\Google\\Chrome\\Extensions",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\PptpMiniport",
"HKEY_LOCAL_MACHINE\\Software\\Wow6432Node\\Microsoft\\Windows NT\\CurrentVersion\\Windows",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\Browser\\parameters",
"HKEY_CURRENT_USER\\SOFTWARE\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppContainer\\Storage\\microsoft.microsoftedge_8wekyb3d8bbwe\\MicrosoftEdge\\ExtensionsStore\\datastore\\Config\\",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Active Setup\\Installed Components\\{E92B03AB-B707-11d2-9CBD-0000F87A369E}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\URL\\DefaultPrefix",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\dot3svc\\parameters",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{82676C49-21A7-4605-AA06-E04A067FB611}",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\.NET CLR Networking",
"HKEY_CLASSES_ROOT\\Wow6432Node\\CLSID\\{1E66F26B-79EE-11D2-8710-00C04F79ED0D}\\InprocServer32\\2.0.50727",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\b57nd60a",
"HKEY_LOCAL_MACHINE\\Software\\microsoft\\windows nt\\currentversion\\Image File Execution Options\\IEInstal.exe",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\CertPropSvc",
"HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppContainer\\Storage\\microsoft.microsoftedge_8wekyb3d8bbwe\\MicrosoftEdge\\Main",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GPExtensions\\{8A28E2C5-8D06-49A4-A08C-632DAA493E17}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Active Setup\\Installed Components\\{630b1da0-b465-11d1-9948-00c04f98bbc9}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\gpsvc",
"HKEY_CURRENT_USER\\Software\\Microsoft\\windows\\CurrentVersion\\Internet Settings\\Wpad",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\wbengine",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\PortProxy",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Winsock",
"HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\\InprocServer32",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{F18ED8A5-C696-4951-B068-CA8E83634C04}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\tcpipreg",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\SysMain",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\mpio",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GPExtensions\\{C631DF4C-088F-4156-B058-4375F0853CD8}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\NDProxy",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\W3SVC",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\agp440",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Session Manager\\Environment",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\adp94xx",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\amdsata",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\{EF381EA0-4D07-418D-A490-68AF67CE948B}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventSystem",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Active Setup\\Installed Components\\{4f645220-306d-11d2-995d-00c04f98bbc9}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\mrxsmb10",
"HKEY_CLASSES_ROOT\\CLSID\\{343D770D-7788-47c2-B62A-B7C4CED925CB}\\InprocServer32",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\ehSched\\parameters",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{6738BA6E-EA75-4B6B-B8B8-71F0336DD8EF}",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\BTHPORT",
"HKEY_CLASSES_ROOT\\CLSID\\{DFA14C43-F385-4170-99CC-1B7765FA0E4A}\\InprocServer32",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\TSDDD",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{1BB08CFD-C6AD-44C7-BD0B-8F23035A5731}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\RasMan",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GPExtensions\\{f3ccc681-b74c-4060-9f26-cd84525dca2a}",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\Dhcp\\parameters",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GPExtensions\\{BC75B1ED-5833-4858-9BB8-CBF0B166DF9D}",
"HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\safer\\codeidentifiers",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Session Manager\\Environment",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\ShellHWDetection",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Spooler",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Browser",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\ql40xx",
"HKEY_CLASSES_ROOT\\Wow6432Node\\CLSID\\{79eac9e6-baf9-11ce-8c82-00aa004ba90b}\\InprocServer32",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\AeLookupSvc",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\BFE\\parameters",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Google",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\lltdio",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\ESENT",
"HKEY_CLASSES_ROOT\\PROTOCOLS\\Handler\\res",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\bthserv",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\AFD",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{47536D45-EEEC-4BDC-8183-A4DC1F8DA9E4}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\ql2300",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\hkmsvc",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Rasl2tp",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\napagent",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Ntfs",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\BrFiltUp",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\ErrDev",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\PerfHost",
"HKEY_USERS\\.DEFAULT\\Software\\MozillaPlugins",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\adsi",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\pcw",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\usbcir",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\FsDepends",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\AeLookupSvc",
"HKEY_CLASSES_ROOT\\CLSID\\{79eac9e5-baf9-11ce-8c82-00aa004ba90b}\\InprocServer32",
"HKEY_CLASSES_ROOT\\Wow6432Node\\CLSID\\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\\InprocServer32",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\AudioSrv",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\AppIDSvc",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\amdide",
"HKEY_CLASSES_ROOT\\CLSID\\{6f45dc1e-5384-457a-bc13-2cd81b0d28ed}\\InprocServer32",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\fdPHost\\parameters",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GPExtensions\\{25537BA6-77A8-11D2-9B6C-0000F8080861}",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\BDESVC",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\SNMPTRAP",
"HKEY_LOCAL_MACHINE\\Software\\Wow6432Node\\Microsoft\\Active Setup\\Installed Components\\{6BF52A52-394A-11d3-B153-00C04F79FAA6}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\KSecPkg",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\p2pimsvc",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\DcomLaunch\\parameters",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\usbohci",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Shell\\Associations\\UrlAssociations\\http\\UserChoice",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Active Setup\\Installed Components\\{45ea75a0-a269-11d1-b5bf-0000f8051515}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{A35BB7A6-5F0C-4C9F-8450-2B3BED532D51}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\PcaSvc",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\DCLocator",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\HTTP",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\ebdrv",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\TBS",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{B78DBF96-841E-4336-BFE9-1C4975F9DA60}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\gagp30kx",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\App Paths\\dot3gpclnt.dll",
"HKEY_CLASSES_ROOT\\CLSID\\{CBD30858-AF45-11D2-B6D6-00C04FBBDE6E}\\InprocServer32",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\cdrom",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{088482FA-65B8-4E17-9ABF-1DCD48E8D373}",
"HKEY_CLASSES_ROOT\\CLSID\\{5537E283-B1E7-4EF8-9C6E-7AB0AFE5056D}\\InprocServer32",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags\\InstalledSDB",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\QWAVE",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\SiSRaid2",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{5F5A18EB-DC73-4E45-A11C-B59043598412}",
"HKEY_CLASSES_ROOT\\PROTOCOLS\\Handler\\tv",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\HpSAMD",
"HKEY_LOCAL_MACHINE\\Software\\Wow6432Node\\Microsoft\\Active Setup\\Installed Components\\{45ea75a0-a269-11d1-b5bf-0000f8051515}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\partmgr",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\sbp2port",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\SiSRaid4",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\wudfsvc",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\Brserid",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\BITS",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\000000000009",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{9979CB83-103A-4105-9E5D-C74B0AF6D198}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\defragsvc",
"HKEY_CLASSES_ROOT\\CLSID\\{DDC0EED2-ADBE-40b6-A217-EDE16A79A0DE}\\InprocServer32",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\Filetrace",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{06308A56-69E7-4844-A784-8509C25B6C62}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\mpsdrv",
"HKEY_USERS\\.DEFAULT\\Software\\Policies\\Microsoft\\SystemCertificates\\Disallowed\\Certificates",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GPExtensions\\{17D89FEC-5C44-4972-B12D-241CAEF74509}",
"HKEY_LOCAL_MACHINE\\Software\\Mozilla\\MaintenanceService",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\fvevol",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\HomeGroupListener",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\AppID",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\b06bdrv",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\App Paths\\gpprefcl.dll",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\SearchScopes\\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\COMSysApp",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{9435F817-FED2-454E-88CD-7F78FDA62C48}",
"HKEY_USERS\\Environment",
"HKEY_CLASSES_ROOT\\CLSID\\{FA3F3DD9-4C1A-456B-A8FA-C76EF3ED83B8}\\InprocServer32",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\LSI_FC",
"HKEY_CLASSES_ROOT\\CLSID\\{EA9155A3-8A39-40b4-8963-D3C761B18371}\\InprocServer32",
"HKEY_USERS\\.DEFAULT\\Environment",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\NetTcpPortSharing",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\wscsvc",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\exfat",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\PackagedAppXDebug",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\pci",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\IPNAT",
"HKEY_LOCAL_MACHINE\\Software\\Wow6432Node\\Mozilla\\Mozilla Firefox",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\TDTCP",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\stexstor",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\NDIS",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\clr_optimization_v2.0.50727_64\\parameters",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\000000000002",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\pcw",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\iphlpsvc\\parameters",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\BITS\\parameters",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\TabletInputService",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\000000000003",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\SharedAccess",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\WinSock2\\Parameters\\Protocol_Catalog9",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\AsyncMac",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags\\InstalledSDB",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Dhcp",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Clients\\StartMenuInternet",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\MSTEE",
"HKEY_LOCAL_MACHINE\\Software\\Wow6432Node\\Mozilla\\Mozilla Firefox 60.0.2",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\cdrom",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\IKEEXT",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\IpFilterDriver",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{87F56B34-044E-4A48-8FDD-087BFABD5ECF}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\msiserver",
"HKEY_LOCAL_MACHINE\\Software\\Wow6432Node\\Microsoft\\Active Setup\\Installed Components\\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{BE669C13-8165-4536-96D0-6D6C39292AAE}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\nsi",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\rspndr",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\clr_optimization_v2.0.50727_32\\parameters",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\WbioSrvc",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\RpcLocator",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\RunOnceEx",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\.NET CLR Data",
"HKEY_USERS\\.DEFAULT\\Software\\Microsoft\\SystemCertificates\\Disallowed\\Certificates",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Filetrace",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\RunServices",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{AC668097-4D6B-4093-AC14-014C09DBF820}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\srv",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\PropertySystem\\PropertyHandlers\\.LOG1",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\PropertySystem\\PropertyHandlers\\.LOG2",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\StorSvc",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\fdc",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\mountmgr",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{5A40E926-9E86-4B89-9CFD-B12311724371}",
"HKEY_CLASSES_ROOT\\CLSID\\{c463a0fc-794f-4fdf-9201-01938ceacafa}\\InprocServer32",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\intelide",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{CB3D64BF-C0C9-45FF-BFB0-FF1A8F680186}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\AcpiPmi",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\EventSystem",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\bthserv\\parameters",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Clients\\StartMenuInternet\\Firefox-E7CF176E110C211B\\shell\\open\\command",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\Tcpip\\Parameters\\Interfaces",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Wdf01000",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Psched",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\App Paths\\mscoree.dll",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Session Manager\\SubSystems",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\App Paths\\win32spl.dll",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\vhdmp",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\FileInfo",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\App Paths\\auditcse.dll",
"HKEY_CLASSES_ROOT\\CLSID\\{7CCA6768-8373-4D28-8876-83E8B4E3A969}\\InprocServer32",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\App Paths\\SmartcardCredentialProvider.dll",
"HKEY_LOCAL_MACHINE\\Software\\microsoft\\windows nt\\currentversion\\Image File Execution Options\\DllNXOptions",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\E1G60",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\umbus",
"HKEY_CLASSES_ROOT\\Wow6432Node\\CLSID\\{3050F3B2-98B5-11CF-BB82-00AA00BDCE0B}\\InprocServer32",
"HKEY_LOCAL_MACHINE\\Software\\Wow6432Node\\Microsoft\\Active Setup\\Installed Components\\{89820200-ECBD-11cf-8B85-00AA005B4383}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{EB07F7B4-BB95-4B74-9D32-4533D566453C}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\dot3svc",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{8C5ED038-CFAD-48A0-BB2F-D128286E49B3}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{994C86AD-A929-4B2C-88A0-4E25A107A029}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\PropertySystem\\PropertyHandlers\\.DAT",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Command Processor",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\000000000008",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{D7B6E81D-3CF4-432C-84D2-24213F4316E6}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\MSDTC Bridge 3.0.0.0",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\WmiApRpl",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\000000000004",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\000000000005",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\000000000006",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\000000000007",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\000000000001",
"HKEY_LOCAL_MACHINE\\Software\\Wow6432Node\\Microsoft\\Active Setup\\Installed Components\\{89B4C1CD-B018-4511-B0A1-5476DBF70820}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Print\\Providers\\LanMan Print Services",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\CompositeBus",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\THREADORDER",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\vwifibus",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Google\\Chrome\\Extensions",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\vga",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\usbehci",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\FsDepends",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\CryptSvc\\parameters",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{40DD7C5E-DA67-4A78-B96C-582A4CBAEDF3}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows Defender",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\usbhub",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.exe\\OpenWithProgids",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\FontCache3.0.0.0\\parameters",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\nfrd960",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GPExtensions\\{728EE579-943C-4519-9EF7-AB56765798ED}",
"HKEY_USERS\\.DEFAULT\\Software\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppContainer\\Storage\\microsoft.microsoftedge_8wekyb3d8bbwe\\MicrosoftEdge\\Notifications\\Domains",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\.NET CLR Networking",
"HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\SystemCertificates\\Disallowed\\Certificates",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Active Setup\\Installed Components\\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}",
"HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppContainer\\Storage",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\hkmsvc",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Active Setup\\Installed Components\\{9381D8F2-0288-11D0-9501-00AA00B911A5}",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\fdc",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\adpahci",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\WfpLwf",
"HKEY_CURRENT_USER\\Software\\Classes\\ActivatableClasses\\Package",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\HomeGroupProvider",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\volmgr",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GPExtensions\\{6A4C88C6-C502-4f74-8F60-2CB23EDC24E2}",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\.NETFramework",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\Dhcp",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\HidIr",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\ALG\\parameters",
"HKEY_LOCAL_MACHINE\\Software\\Wow6432Node\\MozillaPlugins",
"HKEY_CLASSES_ROOT\\PROTOCOLS\\Handler\\about",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\TrkWks",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\AppMgmt",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Beep",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\HidBatt",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\clr_optimization_v2.0.50727_64",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Print\\Providers\\Internet Print Provider",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\srv2",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\BrUsbSer",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{2470470F-2634-478E-B181-571E98A789BB}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Msfs",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\swprv",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\services\\NlaSvc\\Parameters\\Internet\\ManualProxies",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\tssecsrv",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\AxInstSV\\parameters",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\SMSvcHost 3.0.0.0",
"HKEY_CLASSES_ROOT\\CLSID\\{01575cfe-9a55-4003-a5e1-f38d1ebdcbe1}\\InprocServer32",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\MSPQM",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\msisadrv",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\drmkaud",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\SstpSvc",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Security",
"HKEY_CURRENT_USER\\Software\\Microsoft\\windows\\CurrentVersion\\Internet Settings\\Connections",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\BrUsbMdm",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\HpSAMD",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{A8B18D02-60CD-4305-90CC-7DAAC028BDCD}",
"HKEY_LOCAL_MACHINE\\system\\currentcontrolset\\control\\safeboot\\option",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GPExtensions\\{E4F48E54-F38D-4884-BFB9-D4D2E5729C18}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\WSearchIdxPi",
"HKEY_CLASSES_ROOT\\CLSID\\{3050f3DA-98B5-11CF-BB82-00AA00BDCE0B}\\InprocServer32",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\IPBusEnum",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\usbccgp",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\FontCache",
"HKEY_LOCAL_MACHINE\\Software\\Wow6432Node\\Microsoft\\Active Setup\\Installed Components\\{E92B03AB-B707-11d2-9CBD-0000F87A369E}",
"HKEY_CLASSES_ROOT\\PROTOCOLS\\Handler\\ms-its",
"HKEY_CLASSES_ROOT\\CLSID\\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\\InprocServer32",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\BrSerWdm",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\SCPolicySvc",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MpDebug\\DebugValues\\MsMpEng.exe",
"HKEY_CLASSES_ROOT\\PROTOCOLS\\Handler\\ftp",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\AFD",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Google\\Chrome\\Extensions",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\adsi",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\bowser",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{E3163C33-301D-4730-A266-5518C5ED3967}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\URLSearchHooks",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{EACA24FF-236C-401D-A1E7-B3D5267B8A50}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\MTConfig",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\FDResPub",
"HKEY_CLASSES_ROOT\\CLSID\\{2781761E-28E0-4109-99FE-B9D127C57AFE}\\Hosts\\SHDOCVW",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{4DE0CAB9-ECFE-4AA9-B95A-FE815A2EAA4E}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Mcx2Svc",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows Defender\\Real-Time Protection",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GPExtensions\\{3A0DBA37-F8B2-4356-83DE-3E90BD5C261F}",
"HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\safer\\codeidentifiers",
"HKEY_CLASSES_ROOT\\Wow6432Node\\CLSID\\{79eac9e7-baf9-11ce-8c82-00aa004ba90b}\\InprocServer32",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\App Paths\\aitagent.exe",
"HKEY_LOCAL_MACHINE\\Software\\microsoft\\windows nt\\currentversion\\Image File Execution Options",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_PROTOCOL_LOCKDOWN",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\p2psvc",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\WwanSvc",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\CscService\\parameters",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\TDPIPE",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\inetaccs",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\hcw85cir",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\WPCSvc",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\viaide",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{551B3807-871F-4E48-A943-2330449F0615}",
"HKEY_CLASSES_ROOT\\CLSID\\{9D148291-B9C8-11D0-A4CC-0000F80149F6}\\InprocServer32",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Serenum",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\WPDBusEnum",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Wecsvc",
"HKEY_CLASSES_ROOT\\Wow6432Node\\CLSID\\{3050F406-98B5-11CF-BB82-00AA00BDCE0B}\\InprocServer32",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\CSC",
"HKEY_CLASSES_ROOT\\CLSID\\{3050F406-98B5-11CF-BB82-00AA00BDCE0B}\\InprocServer32",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{448186F9-75B9-4FB7-A6E0-B19A2BADC1BE}",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\discache",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\uagp35",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\DXGKrnl",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\PlugPlay",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\CmBatt",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\VSS",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\SafeBoot",
"HKEY_LOCAL_MACHINE\\Software\\Wow6432Node\\Microsoft\\Active Setup\\Installed Components\\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\App Paths\\gptext.dll",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\usbuhci",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\CNG",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Session Manager\\AppCertDlls",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\ProfSvc",
"HKEY_CLASSES_ROOT\\PROTOCOLS\\Handler\\file",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\SystemCertificates\\Disallowed\\Certificates",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GPExtensions\\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\gpsvc\\parameters",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\TapiSrv",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\vmbus",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GPExtensions\\{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\NetBIOS",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce",
"HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\SearchScopes\\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\HdAudAddService",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\DCLocator",
"HKEY_LOCAL_MACHINE\\Software\\Wow6432Node\\Microsoft\\Active Setup\\Installed Components\\>{26923b43-4d38-484f-9b9e-de460746276c}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Active Setup\\Installed Components\\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\IPSec\\Policy\\Local",
"HKEY_CURRENT_USER\\SOFTWARE\\Policies\\Mozilla\\Firefox",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\lltdsvc",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\TermService",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\PEAUTH",
"HKEY_CLASSES_ROOT\\CLSID\\{e74e57b0-6c6d-44d5-9cda-fb2df5ed7435}\\InprocServer32",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\nvraid",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\luafv",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\NlaSvc",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\VgaSave",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Code Store Database\\Distribution Units",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\PNRPAutoReg",
"HKEY_CLASSES_ROOT\\PROTOCOLS\\Handler\\cdl",
"HKEY_CLASSES_ROOT\\CLSID\\{2DEA658F-54C1-4227-AF9B-260AB5FC3543}\\InprocServer32",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{4C8B01A2-11FF-4C41-848F-508EF4F00CF7}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{A656BBE1-4E3E-4C8A-BD79-A8CA56782753}",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\App Paths\\fdeploy.dll",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\HdAudAddService",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\CscService",
"HKEY_CURRENT_USER\\Software\\MozillaPlugins",
"HKEY_USERS\\.DEFAULT\\Software\\Classes\\ActivatableClasses\\Package",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\App Paths\\gpscript.dll",
"HKEY_LOCAL_MACHINE\\Software\\Wow6432Node\\Microsoft\\Active Setup\\Installed Components",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\Appinfo",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GPExtensions\\{1A6364EB-776B-4120-ADE1-B63A406A76B5}",
"HKEY_LOCAL_MACHINE\\Software\\Wow6432Node\\Microsoft\\Active Setup\\Installed Components\\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\NdisCap",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\DPS",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\swenum",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\defragsvc",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows Defender\\",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\RasAcd",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\App Paths\\explorer.exe",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\IRENUM",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Mozilla\\Firefox",
"HKEY_CLASSES_ROOT\\CLSID\\{79eac9e2-baf9-11ce-8c82-00aa004ba90b}\\InprocServer32",
"HKEY_CLASSES_ROOT\\CLSID\\{CF2CF428-325B-48D3-8CA8-7633E36E5A32}\\InprocServer32",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\amdsata",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{613612BA-897D-44CE-8DC1-8FC283F9FD51}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\discache",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\URL\\Prefixes",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\ESENT",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\IPBusEnum",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\BrFiltLo",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{4D19A151-A712-4920-AC6D-6C6FD81C8CDB}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\kbdclass",
"HKEY_LOCAL_MACHINE\\Software\\Mozilla",
"HKEY_CLASSES_ROOT\\CLSID\\{BA677074-762C-444b-94C8-8C83F93F6605}\\InprocServer32",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\WcsPlugInService",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\BDESVC",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\WMPNetworkSvc",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\mouclass",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\IpFilterDriver",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects",
"HKEY_USERS\\.DEFAULT\\Software\\Microsoft\\Internet Explorer\\Main",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{7DC691A2-CB15-44DB-853C-19938051BB22}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\VMBusHID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GPExtensions\\{7B849a69-220F-451E-B3FE-2CB811AF94AE}",
"HKEY_CLASSES_ROOT\\PROTOCOLS\\Filter\\gzip",
"HKEY_CLASSES_ROOT\\CLSID\\{3dd53d40-7b8b-11D0-b013-00aa0059ce02}\\InprocServer32",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\Toolbar",
"HKEY_CLASSES_ROOT\\CLSID\\{855fec53-d2e4-4999-9e87-3414e9cf0ff4}\\InprocServer32",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Internet Explorer",
"HKEY_CLASSES_ROOT\\CLSID\\{A9A33436-678B-4c9c-A211-7CC38785E79D}\\InprocServer32",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\crypt32",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\MSPCLOCK",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Parport",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\EFS\\parameters",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{F6B1AFFE-48F0-4340-9F59-C73DDA17C17D}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\cdfs",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\iirsp",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\Fax\\parameters",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{06CD2154-751E-469F-8E4A-C3F118356423}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_ZONES_DEFAULT_DRIVE_INTRANET_KB941000",
"HKEY_CLASSES_ROOT\\CLSID\\{8bf9a910-a8ff-457f-999f-a5ca10b4a885}\\InprocServer32",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\PropertySystem\\PropertyHandlers\\.dat",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{268014E7-A27E-4FD7-89A6-A481DA222EC8}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GPExtensions\\{E5094040-C46C-4115-B030-04FB2E545B00}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Run",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\adpu320",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\hidserv",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{E22A8667-F75B-4BA9-BA46-067ED4429DE8}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GPExtensions\\{e437bc1c-aa7d-11d2-a382-00c04f991e27}",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\HidBth",
"HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\URLSearchHooks",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GPExtensions\\{426031c0-0b47-4852-b0ca-ac3d37bfcb39}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\SSDPSRV",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Mup",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\App Paths\\scecli.dll",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\hkmsvc\\parameters",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\RDPNP",
"HKEY_USERS\\.DEFAULT\\Software\\Microsoft\\Windows\\CurrentVersion\\PackagedAppXDebug"
],
"guid": [
"{56ffcc30-d398-11d0-b2ae-00a0c908fa49}",
"{00000003-0000-0000-c000-000000000046}",
"{688c934d-0c26-40f6-8d29-d56d72c76b48}",
"{eb87e1bd-3233-11d2-aec9-00c04fb68820}",
"{559b1911-d3af-486e-b8bc-242b24df0114}",
"{eb87e1bc-3233-11d2-aec9-00c04fb68820}",
"{8bc3f05e-d86b-11d0-a075-00c04fb68820}",
"{660b90c8-73a9-4b58-8cae-355b7f55341b}",
"{00020400-0000-0000-c000-000000000046}",
"{0002e013-0000-0000-c000-000000000046}",
"{dcb00c01-570f-4a9b-8d69-199fdba5723b}",
"{5762f2a7-4658-4c7a-a4ac-bdabfe154e0d}",
"{0000011a-0000-0000-c000-000000000046}",
"{00000000-0000-0000-c000-000000000046}",
"{4590f811-1d3a-11d0-891f-00aa004b2e24}",
"{73db1241-1e85-4581-8e4f-a81e1d0f8c57}",
"{9e175b6d-f52a-11d8-b9a5-505054503030}",
"{d0074ffd-570f-4a9b-8d69-199fdba5723b}",
"{76765b11-3f95-4af2-ac9d-ea55d8994f1a}",
"{3bc15af2-736c-477e-9e51-238af8667dcc}",
"{79eac9ee-baf9-11ce-8c82-00aa004ba90b}",
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}",
"{000214fc-0000-0000-c000-000000000046}",
"{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}",
"{0002e005-0000-0000-c000-000000000046}",
"{172bddf8-ceea-11d1-8b05-00600806d9b6}",
"{cf4cc405-e2c5-4ddd-b3ce-5e7582d8c9fa}",
"{3e24a11c-15b2-4f71-b81e-008f77998e9f}",
"{603d3801-bd81-11d0-a3a5-00c04fd706ec}",
"{57ced8a7-3f4a-432c-9350-30f24483f74f}",
"{d5f569d0-593b-101a-b569-08002b2dbf7a}",
"{ee09b103-97e0-11cf-978f-00a02463e06f}",
"{72eb61e0-8672-4303-9175-f2e4c68b2e7c}",
"{f309ad18-d86a-11d0-a075-00c04fb68820}",
"{dcb00000-570f-4a9b-8d69-199fdba5723b}",
"{4125dd96-e03a-4103-8f70-e0597d803b9c}",
"{2781761e-28e0-4109-99fe-b9d127c57afe}",
"{a47979d2-c419-11d9-a5b4-001185ad2b89}",
"{06290bd1-48aa-11d2-8432-006008c3fbfc}",
"{46a6eeff-908e-4dc6-92a6-64be9177b41c}",
"{6311429e-2f1a-4777-880f-c7289fd10169}",
"{edb5f444-cb8d-445a-a523-ec5ab6ea33c7}",
"{e4d1c9b0-46e8-11d4-a2a6-00104bd35090}",
"{7c857801-7381-11cf-884d-00aa004b2e24}",
"{7b8a2d94-0ac9-11d1-896c-00c04fb6bfc4}",
"{dc12a687-737f-11cf-884d-00aa004b2e24}",
"{b056521a-9b10-425e-b616-1fcd828db3b1}",
"{4590f812-1d3a-11d0-891f-00aa004b2e24}"
],
"regkey_written": [
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Tracing\\RASMANCS\\FileTracingMask",
"HKEY_LOCAL_MACHINE\\BCD00000001\\Objects\\{9431d582-7101-11e8-ab61-bbe2f5b369b3}\\Elements\\46000010\\Element",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Tracing\\RASAPI32\\EnableConsoleTracing",
"HKEY_LOCAL_MACHINE\\BCD00000001\\Objects\\{b2721d73-1db4-4c62-bf78-c548a880142d}\\Elements\\14000006\\Element",
"HKEY_LOCAL_MACHINE\\BCD00000001\\Objects\\{9dea862c-5cdd-4e70-acc1-f32b344d4795}\\Elements\\24000010\\Element",
"HKEY_LOCAL_MACHINE\\BCD00000001\\Objects\\{9dea862c-5cdd-4e70-acc1-f32b344d4795}\\Elements\\23000006\\Element",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Tracing\\RASAPI32\\FileTracingMask",
"HKEY_LOCAL_MACHINE\\BCD00000001\\Objects\\{9431d580-7101-11e8-ab61-bbe2f5b369b3}\\Elements\\14000006\\Element",
"HKEY_LOCAL_MACHINE\\BCD00000001\\Objects\\{9dea862c-5cdd-4e70-acc1-f32b344d4795}\\Elements\\24000001\\Element",
"HKEY_LOCAL_MACHINE\\BCD00000001\\Objects\\{9431d581-7101-11e8-ab61-bbe2f5b369b3}\\Elements\\21000001\\Element",
"HKEY_LOCAL_MACHINE\\BCD00000001\\Objects\\{4636856e-540f-4170-a130-a84776f4c654}\\Description\\Type",
"HKEY_LOCAL_MACHINE\\BCD00000001\\Objects\\{7ff607e0-4395-11db-b0de-0800200c9a66}\\Elements\\250000f4\\Element",
"HKEY_LOCAL_MACHINE\\BCD00000001\\Objects\\{9431d581-7101-11e8-ab61-bbe2f5b369b3}\\Elements\\23000003\\Element",
"HKEY_LOCAL_MACHINE\\BCD00000001\\Objects\\{9431d581-7101-11e8-ab61-bbe2f5b369b3}\\Elements\\14000006\\Element",
"HKEY_LOCAL_MACHINE\\BCD00000001\\Objects\\{9431d581-7101-11e8-ab61-bbe2f5b369b3}\\Description\\Type",
"HKEY_LOCAL_MACHINE\\BCD00000001\\Objects\\{b2721d73-1db4-4c62-bf78-c548a880142d}\\Elements\\11000001\\Element",
"HKEY_LOCAL_MACHINE\\BCD00000001\\Objects\\{6efb52bf-1766-41db-a6b3-0ee5eff72bd7}\\Description\\Type",
"HKEY_LOCAL_MACHINE\\BCD00000001\\Objects\\{4636856e-540f-4170-a130-a84776f4c654}\\Elements\\15000011\\Element",
"HKEY_LOCAL_MACHINE\\BCD00000001\\Objects\\{7ff607e0-4395-11db-b0de-0800200c9a66}\\Elements\\250000f5\\Element",
"HKEY_LOCAL_MACHINE\\BCD00000001\\Objects\\{9431d583-7101-11e8-ab61-bbe2f5b369b3}\\Elements\\12000004\\Element",
"HKEY_LOCAL_MACHINE\\BCD00000001\\Objects\\{9431d580-7101-11e8-ab61-bbe2f5b369b3}\\Elements\\22000002\\Element",
"HKEY_LOCAL_MACHINE\\BCD00000001\\Objects\\{9431d582-7101-11e8-ab61-bbe2f5b369b3}\\Elements\\12000002\\Element",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Wpad\\{E34DF837-3A38-4E8C-83F4-ABF8AB3FB4A6}\\WpadDecision",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Tracing\\RASAPI32\\ConsoleTracingMask",
"HKEY_LOCAL_MACHINE\\BCD00000001\\Objects\\{9dea862c-5cdd-4e70-acc1-f32b344d4795}\\Elements\\11000001\\Element",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Discardable\\PostSetup\\Component Categories64\\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}\\Enum\\Implementing",
"HKEY_LOCAL_MACHINE\\BCD00000001\\Objects\\{9dea862c-5cdd-4e70-acc1-f32b344d4795}\\Elements\\14000006\\Element",
"HKEY_LOCAL_MACHINE\\BCD00000001\\Objects\\{9431d582-7101-11e8-ab61-bbe2f5b369b3}\\Elements\\14000006\\Element",
"HKEY_LOCAL_MACHINE\\BCD00000001\\Objects\\{9dea862c-5cdd-4e70-acc1-f32b344d4795}\\Description\\Type",
"HKEY_LOCAL_MACHINE\\BCD00000001\\Objects\\{6efb52bf-1766-41db-a6b3-0ee5eff72bd7}\\Elements\\14000006\\Element",
"HKEY_LOCAL_MACHINE\\BCD00000001\\Objects\\{9431d582-7101-11e8-ab61-bbe2f5b369b3}\\Description\\Type",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections\\DefaultConnectionSettings",
"HKEY_LOCAL_MACHINE\\BCD00000001\\Objects\\{9431d580-7101-11e8-ab61-bbe2f5b369b3}\\Elements\\11000001\\Element",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Tracing\\RASMANCS\\EnableConsoleTracing",
"HKEY_LOCAL_MACHINE\\BCD00000001\\Objects\\{9431d580-7101-11e8-ab61-bbe2f5b369b3}\\Description\\Type",
"HKEY_LOCAL_MACHINE\\BCD00000001\\Objects\\{9431d581-7101-11e8-ab61-bbe2f5b369b3}\\Elements\\12000002\\Element",
"HKEY_LOCAL_MACHINE\\BCD00000001\\Objects\\{9431d582-7101-11e8-ab61-bbe2f5b369b3}\\Elements\\11000001\\Element",
"HKEY_LOCAL_MACHINE\\BCD00000001\\Objects\\{9431d583-7101-11e8-ab61-bbe2f5b369b3}\\Elements\\31000003\\Element",
"HKEY_LOCAL_MACHINE\\BCD00000001\\Objects\\{9dea862c-5cdd-4e70-acc1-f32b344d4795}\\Elements\\12000004\\Element",
"HKEY_LOCAL_MACHINE\\BCD00000001\\Objects\\{9431d583-7101-11e8-ab61-bbe2f5b369b3}\\Description\\Type",
"HKEY_CURRENT_USER\\Local Settings\\MuiCache\\2\\52C64B7E\\LanguageList",
"HKEY_LOCAL_MACHINE\\BCD00000001\\Objects\\{9431d582-7101-11e8-ab61-bbe2f5b369b3}\\Elements\\25000020\\Element",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Cached\\{2781761E-28E0-4109-99FE-B9D127C57AFE} {56FFCC30-D398-11D0-B2AE-00A0C908FA49} 0xFFFF",
"HKEY_LOCAL_MACHINE\\BCD00000001\\Description\\KeyName",
"HKEY_LOCAL_MACHINE\\BCD00000001\\Objects\\{5189b25c-5558-4bf2-bca4-289b11bd29e2}\\Description\\Type",
"HKEY_LOCAL_MACHINE\\BCD00000001\\Objects\\{7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}\\Elements\\14000006\\Element",
"HKEY_LOCAL_MACHINE\\BCD00000001\\Objects\\{1afa9c49-16ab-4a5c-901b-212802da9460}\\Description\\Type",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Wpad\\{E34DF837-3A38-4E8C-83F4-ABF8AB3FB4A6}\\WpadDecisionTime",
"HKEY_LOCAL_MACHINE\\BCD00000001\\Objects\\{9431d581-7101-11e8-ab61-bbe2f5b369b3}\\Elements\\11000001\\Element",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Tracing\\RASMANCS\\EnableFileTracing",
"HKEY_LOCAL_MACHINE\\BCD00000001\\Objects\\{9431d581-7101-11e8-ab61-bbe2f5b369b3}\\Elements\\16000009\\Element",
"HKEY_LOCAL_MACHINE\\BCD00000001\\Objects\\{9431d580-7101-11e8-ab61-bbe2f5b369b3}\\Elements\\21000001\\Element",
"HKEY_LOCAL_MACHINE\\BCD00000001\\Objects\\{9431d583-7101-11e8-ab61-bbe2f5b369b3}\\Elements\\32000004\\Element",
"HKEY_LOCAL_MACHINE\\BCD00000001\\Objects\\{9dea862c-5cdd-4e70-acc1-f32b344d4795}\\Elements\\23000003\\Element",
"HKEY_LOCAL_MACHINE\\BCD00000001\\Objects\\{9431d582-7101-11e8-ab61-bbe2f5b369b3}\\Elements\\22000002\\Element",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Wpad\\{E34DF837-3A38-4E8C-83F4-ABF8AB3FB4A6}\\WpadNetworkName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Tracing\\RASMANCS\\ConsoleTracingMask",
"HKEY_LOCAL_MACHINE\\BCD00000001\\Objects\\{7ff607e0-4395-11db-b0de-0800200c9a66}\\Description\\Type",
"HKEY_LOCAL_MACHINE\\BCD00000001\\Objects\\{b2721d73-1db4-4c62-bf78-c548a880142d}\\Description\\Type",
"HKEY_LOCAL_MACHINE\\BCD00000001\\Objects\\{9431d581-7101-11e8-ab61-bbe2f5b369b3}\\Elements\\12000005\\Element",
"HKEY_LOCAL_MACHINE\\BCD00000001\\Objects\\{9dea862c-5cdd-4e70-acc1-f32b344d4795}\\Elements\\25000004\\Element",
"HKEY_LOCAL_MACHINE\\BCD00000001\\Objects\\{9431d582-7101-11e8-ab61-bbe2f5b369b3}\\Elements\\12000004\\Element",
"HKEY_LOCAL_MACHINE\\BCD00000001\\Objects\\{0ce4991b-e6b3-4b16-b23c-5e0d9250e5d9}\\Description\\Type",
"HKEY_LOCAL_MACHINE\\BCD00000001\\Objects\\{0ce4991b-e6b3-4b16-b23c-5e0d9250e5d9}\\Elements\\16000020\\Element",
"HKEY_LOCAL_MACHINE\\BCD00000001\\Objects\\{9dea862c-5cdd-4e70-acc1-f32b344d4795}\\Elements\\12000005\\Element",
"HKEY_LOCAL_MACHINE\\BCD00000001\\Objects\\{9431d580-7101-11e8-ab61-bbe2f5b369b3}\\Elements\\26000006\\Element",
"HKEY_LOCAL_MACHINE\\BCD00000001\\Objects\\{9431d580-7101-11e8-ab61-bbe2f5b369b3}\\Elements\\12000004\\Element",
"HKEY_LOCAL_MACHINE\\BCD00000001\\Objects\\{b2721d73-1db4-4c62-bf78-c548a880142d}\\Elements\\12000002\\Element",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Wpad\\{E34DF837-3A38-4E8C-83F4-ABF8AB3FB4A6}\\WpadDecisionReason",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Tracing\\RASMANCS\\MaxFileSize",
"HKEY_LOCAL_MACHINE\\BCD00000001\\Objects\\{1afa9c49-16ab-4a5c-901b-212802da9460}\\Elements\\14000006\\Element",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Wpad\\WpadLastNetwork",
"HKEY_LOCAL_MACHINE\\BCD00000001\\Objects\\{4636856e-540f-4170-a130-a84776f4c654}\\Elements\\15000014\\Element",
"HKEY_LOCAL_MACHINE\\BCD00000001\\Objects\\{9431d580-7101-11e8-ab61-bbe2f5b369b3}\\Elements\\12000005\\Element",
"HKEY_LOCAL_MACHINE\\BCD00000001\\Objects\\{9431d582-7101-11e8-ab61-bbe2f5b369b3}\\Elements\\21000001\\Element",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Tracing\\RASMANCS\\FileDirectory",
"HKEY_LOCAL_MACHINE\\BCD00000001\\Objects\\{9431d581-7101-11e8-ab61-bbe2f5b369b3}\\Elements\\12000004\\Element",
"HKEY_LOCAL_MACHINE\\BCD00000001\\Objects\\{9431d581-7101-11e8-ab61-bbe2f5b369b3}\\Elements\\25000020\\Element",
"HKEY_LOCAL_MACHINE\\BCD00000001\\Objects\\{b2721d73-1db4-4c62-bf78-c548a880142d}\\Elements\\1600000b\\Element",
"HKEY_LOCAL_MACHINE\\BCD00000001\\Objects\\{7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}\\Description\\Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Tracing\\RASAPI32\\EnableFileTracing",
"HKEY_LOCAL_MACHINE\\BCD00000001\\Objects\\{4636856e-540f-4170-a130-a84776f4c654}\\Elements\\15000013\\Element",
"HKEY_LOCAL_MACHINE\\BCD00000001\\Objects\\{9431d582-7101-11e8-ab61-bbe2f5b369b3}\\Elements\\26000022\\Element",
"HKEY_LOCAL_MACHINE\\BCD00000001\\Objects\\{7ff607e0-4395-11db-b0de-0800200c9a66}\\Elements\\250000f3\\Element",
"HKEY_LOCAL_MACHINE\\BCD00000001\\Objects\\{9431d581-7101-11e8-ab61-bbe2f5b369b3}\\Elements\\14000008\\Element",
"HKEY_LOCAL_MACHINE\\BCD00000001\\Objects\\{b2721d73-1db4-4c62-bf78-c548a880142d}\\Elements\\12000005\\Element",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Tracing\\RASAPI32\\MaxFileSize",
"HKEY_LOCAL_MACHINE\\BCD00000001\\Objects\\{9431d580-7101-11e8-ab61-bbe2f5b369b3}\\Elements\\12000002\\Element",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Tracing\\RASAPI32\\FileDirectory",
"HKEY_LOCAL_MACHINE\\BCD00000001\\Objects\\{b2721d73-1db4-4c62-bf78-c548a880142d}\\Elements\\12000004\\Element",
"HKEY_LOCAL_MACHINE\\BCD00000001\\Objects\\{9431d581-7101-11e8-ab61-bbe2f5b369b3}\\Elements\\22000002\\Element",
"HKEY_LOCAL_MACHINE\\BCD00000001\\Description\\System"
],
"file_copied": [
[
"D:\\Windows\\System32\\config\\SAM",
"C:\\FRST\\m3Hu8Ft2L\\SAM"
],
[
"D:\\Windows\\System32\\config\\SECURITY.LOG1",
"C:\\FRST\\m3Hu8Ft2L\\SECURITY.LOG1"
],
[
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\extensions\\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\1338591tmp000.zip"
],
[
"D:\\Windows\\System32\\config\\SECURITY.LOG",
"C:\\FRST\\m3Hu8Ft2L\\SECURITY.LOG"
],
[
"D:\\Windows\\System32\\config\\SAM.LOG1",
"C:\\FRST\\m3Hu8Ft2L\\SAM.LOG1"
],
[
"C:\\FRST\\m3Hu8Ft2L\\SAM",
"C:\\FRST\\Hives\\SAM"
],
[
"C:\\FRST\\m3Hu8Ft2L\\NTUSER.DAT",
"C:\\FRST\\Hives\\cuck\\NTUSER.DAT"
],
[
"C:\\FRST\\m3Hu8Ft2L\\SYSTEM",
"C:\\FRST\\Hives\\SYSTEM"
],
[
"D:\\Windows\\System32\\config\\SYSTEM.LOG",
"C:\\FRST\\z8Fn3Cz4\\SYSTEM.LOG"
],
[
"D:\\Users\\cuck\\ntuser.dat.LOG2",
"C:\\FRST\\m3Hu8Ft2L\\ntuser.dat.LOG2"
],
[
"D:\\Windows\\System32\\config\\SYSTEM",
"C:\\FRST\\m3Hu8Ft2L\\SYSTEM"
],
[
"C:\\FRST\\m3Hu8Ft2L\\SECURITY",
"C:\\FRST\\Hives\\SECURITY"
],
[
"D:\\Users\\cuck\\NTUSER.DAT",
"C:\\FRST\\m3Hu8Ft2L\\NTUSER.DAT"
],
[
"D:\\Windows\\System32\\config\\DEFAULT.LOG",
"C:\\FRST\\m3Hu8Ft2L\\DEFAULT.LOG"
],
[
"C:\\FRST\\m3Hu8Ft2L\\SOFTWARE",
"C:\\FRST\\Hives\\SOFTWARE"
],
[
"D:\\Windows\\System32\\config\\SOFTWARE.LOG",
"C:\\FRST\\m3Hu8Ft2L\\SOFTWARE.LOG"
],
[
"D:\\Windows\\System32\\config\\SYSTEM.LOG2",
"C:\\FRST\\z8Fn3Cz4\\SYSTEM.LOG2"
],
[
"D:\\Windows\\System32\\config\\SYSTEM",
"C:\\FRST\\z8Fn3Cz4\\SYSTEM"
],
[
"D:\\Windows\\System32\\config\\SECURITY.LOG2",
"C:\\FRST\\m3Hu8Ft2L\\SECURITY.LOG2"
],
[
"D:\\Windows\\System32\\config\\SOFTWARE",
"C:\\FRST\\m3Hu8Ft2L\\SOFTWARE"
],
[
"D:\\Windows\\System32\\config\\DEFAULT.LOG1",
"C:\\FRST\\m3Hu8Ft2L\\DEFAULT.LOG1"
],
[
"D:\\Users\\cuck\\ntuser.dat.LOG1",
"C:\\FRST\\m3Hu8Ft2L\\ntuser.dat.LOG1"
],
[
"D:\\Windows\\System32\\config\\SECURITY",
"C:\\FRST\\m3Hu8Ft2L\\SECURITY"
],
[
"D:\\Windows\\System32\\config\\DEFAULT.LOG2",
"C:\\FRST\\m3Hu8Ft2L\\DEFAULT.LOG2"
],
[
"D:\\Windows\\System32\\config\\SYSTEM.LOG2",
"C:\\FRST\\m3Hu8Ft2L\\SYSTEM.LOG2"
],
[
"D:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\UsrClass.dat.LOG1",
"C:\\FRST\\m3Hu8Ft2L\\UsrClass.dat.LOG1"
],
[
"C:\\FRST\\m3Hu8Ft2L\\UsrClass.dat",
"C:\\FRST\\Hives\\cuck\\UsrClass.dat"
],
[
"D:\\Windows\\System32\\config\\SYSTEM.LOG1",
"C:\\FRST\\z8Fn3Cz4\\SYSTEM.LOG1"
],
[
"D:\\Windows\\System32\\config\\SAM.LOG",
"C:\\FRST\\m3Hu8Ft2L\\SAM.LOG"
],
[
"D:\\Windows\\System32\\config\\SOFTWARE.LOG1",
"C:\\FRST\\m3Hu8Ft2L\\SOFTWARE.LOG1"
],
[
"D:\\Windows\\System32\\config\\DEFAULT",
"C:\\FRST\\m3Hu8Ft2L\\DEFAULT"
],
[
"D:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\UsrClass.dat",
"C:\\FRST\\m3Hu8Ft2L\\UsrClass.dat"
],
[
"D:\\Windows\\System32\\config\\SYSTEM.LOG1",
"C:\\FRST\\m3Hu8Ft2L\\SYSTEM.LOG1"
],
[
"D:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\UsrClass.dat.LOG2",
"C:\\FRST\\m3Hu8Ft2L\\UsrClass.dat.LOG2"
],
[
"D:\\Windows\\System32\\config\\SAM.LOG2",
"C:\\FRST\\m3Hu8Ft2L\\SAM.LOG2"
],
[
"D:\\Windows\\System32\\config\\SYSTEM.LOG",
"C:\\FRST\\m3Hu8Ft2L\\SYSTEM.LOG"
],
[
"D:\\Windows\\System32\\config\\SOFTWARE.LOG2",
"C:\\FRST\\m3Hu8Ft2L\\SOFTWARE.LOG2"
],
[
"C:\\FRST\\m3Hu8Ft2L\\DEFAULT",
"C:\\FRST\\Hives\\DEFAULT"
]
],
"connects_host": [
"download.bleepingcomputer.com"
],
"command_line": [
"C:\\Windows\\system32\\bcdedit \/export C:\\FRST\\Hives\\BCD",
"C:\\Windows\\system32\\cmd.exe \/c echo 2",
"\"C:\\Windows\\system32\\rundll32.exe\" \"C:\\Windows\\system32\\WININET.dll\",DispatchAPICall 1 ",
"C:\\Windows\\system32\\cmd.exe \/c C:\\Windows\\system32\\bcdedit \/export C:\\FRST\\Hives\\BCD"
],
"mutex": [
"IESQMMUTEX_0_208",
"RasPbFile"
],
"wmi_query": [
"SELECT * FROM Win32_ComputerSystem",
"SELECT * FROM Win32_ShadowCopy"
],
"file_read": [
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\PerfTrack\\BackgroundConfigSurveyor",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\TextServicesFramework\\MsCtfMonitor",
"C:\\FRST\\users00",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\UPnP\\UPnPHostConfig",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\MemoryDiagnostic\\DecompressionFailureDetector",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Media Center\\OCURActivate",
"C:\\Windows\\System32\\wbem\\wbemdisp.tlb",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\install1338591",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Media Center\\RegisterSearch",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\User Profile Service\\HiveUploadTask",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Media Center\\PeriodicScanRetry",
"C:\\Program Files (x86)\\mozilla firefox\\defaults\\pref\\channel-prefs.js",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Media Center\\MediaCenterRecoveryTask",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\CertificateServicesClient\\UserTask",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Diagnosis\\Scheduled",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\DiskDiagnostic\\Microsoft-Windows-DiskDiagnosticResolver",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\MemoryDiagnostic\\CorruptionDetector",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Application Experience\\ProgramDataUpdater",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Power Efficiency Diagnostics\\AnalyzeSystem",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Tcpip\\IpAddressConflict1",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Tcpip\\IpAddressConflict2",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Media Center\\ActivateWindowsSearch",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Media Center\\PBDADiscovery",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Media Center\\mcupdate",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Active Directory Rights Management Services Client\\AD RMS Rights Policy Template Management (Manual)",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\aut5F4A.tmp",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\WindowsBackup\\ConfigNotification",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Active Directory Rights Management Services Client\\AD RMS Rights Policy Template Management (Automated)",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\MobilePC\\HotStart",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\MUI\\LPRemove",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Media Center\\ConfigureInternetTimeService",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Customer Experience Improvement Program\\KernelCeipTask",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\WindowsColorSystem\\Calibration Loader",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\AppID\\VerifiedPublisherCertStoreCheck",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Application Experience\\AitAgent",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Media Center\\OCURDiscovery",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Media Center\\ObjectStoreRecoveryTask",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\SystemRestore\\SR",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Windows Filtering Platform\\BfeOnServiceStartTypeChange",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Media Center\\PvrScheduleTask",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows Defender\\MpIdleTask",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\1338591tmp000.zip",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\SideShow\\AutoWake",
"C:\\Windows\\System32\\stdole2.tlb",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\CertificateServicesClient\\UserTask-Roam",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\Temp1_1338591tmp000.zip\\install.rdf",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Windows Media Sharing\\UpdateLibrary",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Media Center\\InstallPlayReady",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Media Center\\PBDADiscoveryW2",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Media Center\\PBDADiscoveryW1",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Location\\Notifications",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Media Center\\UpdateRecordPath",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Autochk\\Proxy",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Media Center\\RecordingRestart",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\RAC\\RacTask",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\NetTrace\\GatherNetworkInfo",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\reg101",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Shell\\WindowsParentalControlsMigration",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Offline Files\\Background Synchronization",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\DiskDiagnostic\\Microsoft-Windows-DiskDiagnosticDataCollector",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Maintenance\\WinSAT",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\RemoteAssistance\\RemoteAssistanceTask",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\permissions.sqlite",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Media Center\\PvrRecoveryTask",
"C:\\Users\\desktop.ini",
"\\\\?\\PIPE\\srvsvc",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows Defender\\MP Scheduled Scan",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\winsock",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\prefs.js",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Shell\\WindowsParentalControls",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\SideShow\\SessionAgent",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\SideShow\\GadgetManager",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Multimedia\\SystemSoundsService",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Media Center\\SqlLiteRecoveryTask",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Ras\\MobilityManager",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\WDI\\ResolutionHost",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Time Synchronization\\SynchronizeTime",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Media Center\\ehDRMInit",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Defrag\\ScheduledDefrag",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Media Center\\DispatchRecoveryTasks",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\hndlr0",
"C:\\Windows\\System32\\drivers\\etc\\hosts",
"C:\\Windows\\System32\\gatherNetworkInfo.vbs",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\profiles.ini",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Offline Files\\Logon Synchronization",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Customer Experience Improvement Program\\UsbCeip",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Task Manager\\Interactive",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Media Center\\ReindexSearchRoot",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Customer Experience Improvement Program\\Consolidator",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\SideShow\\SystemDataProviders",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\CertificateServicesClient\\SystemTask",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Registry\\RegIdleBackup",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Windows Error Reporting\\QueueReporting",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\FRST.txt",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Bluetooth\\UninstallDeviceTask",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\AppID\\PolicyConverter",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\SoftwareProtectionPlatform\\SvcRestartTask"
],
"regkey_read": [
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GPExtensions\\{6A4C88C6-C502-4f74-8F60-2CB23EDC24E2}\\DllName",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\bthserv\\type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{753C47AE-EC5E-44B3-95A9-2C8E553F0E39}\\(Default)",
"HKEY_CURRENT_USER\\Control Panel\\Desktop\\SCRNSAVE.EXE",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries\\000000000003\\ProviderId",
"\\REGISTRY\\USER\\.DEFAULT\\SOFTWARE\\Microsoft\\Command Processor\\AutoRun",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Active Setup\\Installed Components\\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}\\ShellComponent",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\flpydisk\\Start",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\Userinit",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444B-8957-A3773F02200E}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\eventlog\\Imagepath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GPExtensions\\{0E28E245-9368-4853-AD84-6DA3BA35BB75}\\DllName",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\elxstor\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\gpsvc\\Parameters\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinHttpAutoProxySvc\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\fdPHost\\Start",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\BDESVC\\Imagepath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{25CBB996-92ED-457e-B28C-4774084BD562}\\InProcServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\KindMap\\.rdf",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{96137355-BC34-4BA7-81B7-47C87B556E7D}\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\mouclass\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\amdsbs\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\amdsbs\\Start",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\ALG\\Imagepath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\PinToNameSpaceTree",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\SensrSvc\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\HomeGroupListener\\type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Active Setup\\Installed Components\\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}\\ShellComponent",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Wd\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CompressedFolder\\NeverShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{94596c7e-3744-41ce-893e-bbf09122f76a}\\InProcServer32\\(Default)",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\Show_URLToolBar",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{EB02381F-D652-4B1C-894A-712498C62C51}\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\SESSION MANAGER\\BootExecute",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\CryptSvc\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GPExtensions\\{1A6364EB-776B-4120-ADE1-B63A406A76B5}\\DllName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\RestrictedAttributes",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\SearchScopes\\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\url",
"HKEY_LOCAL_MACHINE\\BCD00000000\\Objects\\{6efb52bf-1766-41db-a6b3-0ee5eff72bd7}\\Elements\\14000006\\Element",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\bthserv\\Parameters\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{B196B286-BAB4-101A-B69C-00AA00341D07}\\InprocServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_PROTOCOL_LOCKDOWN\\8bea8c84332f5eaf85be32a3d67134efc603314efc297afe87b72d47bc03b79c.bin",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{FDD56C73-F0D5-41B6-B767-6EFFD7966428}\\Path",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\SearchScopes\\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\intelppm\\Imagepath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\DocObject",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\PROTOCOLS\\Filter\\application\/x-msdownload\\clsid",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\FontCache3.0.0.0\\type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{D7B6E81D-3CF4-432C-84D2-24213F4316E6}\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\defragsvc\\Parameters\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\ALG\\type",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\AmdPPM\\Imagepath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\PolicyAgent\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\PROTOCOLS\\Handler\\vbscript\\clsid",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\cmdide\\type",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Command Processor\\DefaultColor",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\SiSRaid4\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\iaStorV\\type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31}\\ShellFolder\\HideFolderVerbs",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WbioSrvc\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{423EC01E-2E35-11D2-B604-00104B703EFD}\\ProxyStubClsid32\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\SDRSVC\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Active Setup\\Installed Components\\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}\\StubPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\AutoConfigURL",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\hidserv\\Imagepath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\fvevol\\type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Tracing\\RASMANCS\\ConsoleTracingMask",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\nvraid\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c1f85ef8-bcc2-4606-bb39-70c523715eb3}\\InprocServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Fs_Rec\\Start",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\MapNetDrvBtn",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\Providers\\Trust\\Certificate\\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\\$Function",
"HKEY_LOCAL_MACHINE\\BCD00000000\\Objects\\{9dea862c-5cdd-4e70-acc1-f32b344d4795}\\Description\\Type",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\ebdrv\\Imagepath",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\MaxUndoItems",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\PROTOCOLS\\Handler\\mk\\clsid",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\AppIDSvc\\Parameters\\ServiceDLL",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GPExtensions\\{AADCED64-746C-4633-A97C-D61349046527}\\DllName",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\ESENT\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\BrFiltUp\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\Category",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\hkmsvc\\Imagepath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{A8B18D02-60CD-4305-90CC-7DAAC028BDCD}\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Clients\\StartMenuInternet\\Firefox-E7CF176E110C211B\\shell\\open\\command\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{551B3807-871F-4E48-A943-2330449F0615}\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\Providers\\Trust\\FinalPolicy\\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\\$DLL",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\hkmsvc\\(Default)",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\ShowTypeOverlay",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\HideFileExt",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\cdfs\\Start",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\.NET Data Provider for SqlServer\\Imagepath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\FsDepends\\Imagepath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\VSS\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{1F7B7221-AE8F-44F3-BA82-F7D260F51964}\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\clr_optimization_v2.0.50727_32\\Imagepath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\TDPIPE\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\wcncsvc\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Active Setup\\Installed Components\\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}\\ShellComponent",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WcsPlugInService\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Appinfo\\Parameters\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\fastfat\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{E51DFD48-AA36-4B45-BB52-E831F02E8316}\\InprocServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\discache\\Imagepath",
"HKEY_LOCAL_MACHINE\\BCD00000000\\Objects\\{9431d582-7101-11e8-ab61-bbe2f5b369b3}\\Elements\\25000020\\Element",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\arcsas\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Active Setup\\Installed Components\\{89820200-ECBD-11cf-8B85-00AA005B4340}\\StubPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{81540B9F-B5BF-47EB-9C95-BE195BF2C664}\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Appinfo\\Start",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GPExtensions\\{E47248BA-94CC-49c4-BBB5-9EB7F05183D0}\\DllName",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\RDPCDD\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Active Setup\\Installed Components\\{89B4C1CD-B018-4511-B0A1-5476DBF70820}\\ShellComponent",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoWebView",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{2470470F-2634-478E-B181-571E98A789BB}\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\srv\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\QWAVE\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\LegalNoticeCaption",
"HKEY_LOCAL_MACHINE\\BCD00000000\\Objects\\{1afa9c49-16ab-4a5c-901b-212802da9460}\\Elements\\14000006\\Element",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\fvevol\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\KSecPkg\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\crypt32\\Imagepath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CryptDllFindOIDInfo\\1.3.6.1.4.1.311.44.3.4!7\\Name",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Dnscache\\Imagepath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\fdc\\type",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\AppID\\Start",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\CryptSvc\\Start",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\PROTOCOLS\\Handler\\ms-its\\clsid",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\SessionEnv\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\amdsata\\Start",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\atapi\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\.NET Data Provider for Oracle\\Start",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.LOG\\PerceivedType",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\BrFiltLo\\Start",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\W32Time\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\elxstor\\Start",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0\\1806",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0\\1807",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\ProgramData",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{3307E641-F5EE-49E6-A1FE-BFB5D671441C}\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GPExtensions\\{42B5FAAE-6536-11d2-AE5A-0000F87571E3}\\DllName",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WMPNetworkSvc\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\LocalRedirectOnly",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{B196B286-BAB4-101A-B69C-00AA00341D07}\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\Roamable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Active Setup\\Installed Components\\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}\\StubPath",
"HKEY_CURRENT_USER\\FirefoxURL-E7CF176E110C211B\\shell\\open\\command\\(Default)",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\Start Page Redirect Cache_TIMESTAMP",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\exfat\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\amdide\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\hidserv\\Start",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\FontCache\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{4FDEA3B5-7CDE-48F7-940C-43CDBB18FB20}\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Locale\\00000409",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{FB3C354D-297A-4EB2-9B58-090F6361906B}\\Path",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\IPNAT\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\000000000002\\PackedCatalogItem",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\HomeGroupProvider\\ServiceDll",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{ca767aa8-9157-4604-b64b-40747123d5f2}\\InprocServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Roamable",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Dhcp\\ServiceDll",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{B81A55E6-C03C-4EF0-B86F-A80A89DF468D}\\Path",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\.NET Data Provider for Oracle\\Imagepath",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Cached\\{2781761E-28E0-4109-99FE-B9D127C57AFE} {56FFCC30-D398-11D0-B2AE-00A0C908FA49} 0xFFFF",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\PROTOCOLS\\Handler\\tv\\clsid",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{06308A56-69E7-4844-A784-8509C25B6C62}\\Path",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\cmdide\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\isapnp\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\hcw85cir\\type",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\fastfat\\Start",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GPExtensions\\{fbf687e6-f063-4d9f-9f4f-fd9a26acdd5f}\\DllName",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\HomeGroupProvider\\type",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\volmgrx\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\svcversion",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Beep\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Command Processor\\PathCompletionChar",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Tracing\\RASMANCS\\EnableFileTracing",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{7CCA6768-8373-4D28-8876-83E8B4E3A969}\\InprocServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.zip\\IsShortcut",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\PlugPlay\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\AeLookupSvc\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\EapHost\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\QueryForInfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31}\\ShellFolder\\MapNetDriveVerbs",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\mouhid\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.DAT\\DocObject",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Active Setup\\Installed Components\\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}\\StubPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Active Setup\\Installed Components\\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}\\StubPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{DA41DE71-8431-42FB-9DB0-EB64A961DEAD}\\(Default)",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\Cache_Update_Frequency",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Dnscache\\type",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\CompatibilityFlags",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{8A40A45D-055C-4B62-ABD7-6D613E2CEAEC}\\ProxyStubClsid32\\(Default)",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\Enable Browser Extensions",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Command Processor\\DelayedExpansion",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\FontCache\\Parameters\\ServiceDLL",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\TSDDD\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\Start Page",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444B-8957-A3773F02200E}\\Stream",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\StorSvc\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\AppMgmt\\Parameters\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\AccessProviders\\MartaExtension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\hwpolicy\\Imagepath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\NlaSvc\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Active Setup\\Installed Components\\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}\\StubPath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\TrkWks\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries64\\000000000003\\PackedCatalogItem",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\E1G60\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\RasPppoe\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{F18ED8A5-C696-4951-B068-CA8E83634C04}\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{1BB08CFD-C6AD-44C7-BD0B-8F23035A5731}\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\EapHost\\Parameters\\ServiceDLL",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\DXGKrnl\\type",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\COMSysApp\\ServiceDll",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{EB07F7B4-BB95-4B74-9D32-4533D566453C}\\Path",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\AxInstSV\\Parameters\\ServiceDLL",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\Disable Script Debugger",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\TsUsbFlt\\(Default)",
"HKEY_LOCAL_MACHINE\\BCD00000000\\Objects\\{9dea862c-5cdd-4e70-acc1-f32b344d4795}\\Elements\\14000006\\Element",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\DPS\\Parameters\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\LanmanServer\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\BDESVC\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\BrUsbSer\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\NeverShowExt",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\monitor\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GPExtensions\\{7B849a69-220F-451E-B3FE-2CB811AF94AE}\\DllName",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\CmBatt\\Imagepath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\vga\\(Default)",
"HKEY_LOCAL_MACHINE\\BCD00000001\\Description\\TreatAsSystem",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\AudioEndpointBuilder\\ServiceDll",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{09F06BFE-A3C8-40E3-846A-6E6F4000C238}\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Dhcp\\Start",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\CscService\\ServiceDll",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\AppMgmt\\ServiceDll",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\dmvsc\\Start",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\WantsUniversalDelegate",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\SESSION MANAGER\\Environment\\COR_PROFILER",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444B-8957-A3773F02200E}\\Roamable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{5BE46CE1-CA9B-4CAD-B2E9-8C3F7716AF90}\\Path",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Security\\Safety Warning Level",
"HKEY_LOCAL_MACHINE\\BCD00000000\\Objects\\{b2721d73-1db4-4c62-bf78-c548a880142d}\\Elements\\14000006\\Element",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\MAIN\\Default_Page_URL",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\SearchScopes\\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\url",
"HKEY_LOCAL_MACHINE\\BCD00000000\\Objects\\{b2721d73-1db4-4c62-bf78-c548a880142d}\\Elements\\12000004\\Element",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Shell\\Associations\\UrlAssociations\\http\\UserChoice\\Progid",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Description",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{B43033E6-1453-4AD6-AFBA-C03CFC178286}\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\WantsFORPARSING",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum\\{E88DCCE0-B7B3-11D1-A9F0-00AA0060FA31}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Tracing\\RASAPI32\\FileTracingMask",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\IPBusEnum\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\AmdK8\\Imagepath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{05300401-BCBC-11d0-85E3-00C04FD85AB4}\\InprocServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\Userinit",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\DXGKrnl\\Start",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444B-8957-A3773F02200E}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\CryptnetPreFetchTriggerPeriodSeconds",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{79eac9e6-baf9-11ce-8c82-00aa004ba90b}\\InprocServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\IKEEXT\\Start",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\NativeWifiP\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoInternetIcon",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\cdfs\\Imagepath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\BFE\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\rdpbus\\(Default)",
"HKEY_LOCAL_MACHINE\\BCD00000000\\Objects\\{0ce4991b-e6b3-4b16-b23c-5e0d9250e5d9}\\Elements\\16000020\\Element",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\AppID\\Imagepath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Rasl2tp\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\SamSs\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{BE669C13-8165-4536-96D0-6D6C39292AAE}\\Path",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\DcomLaunch\\Imagepath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\URL\\Prefixes\\www",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Discardable\\PostSetup\\Component Categories64\\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}\\Enum\\Implementing",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\HomeGroupProvider\\Start",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\AeLookupSvc\\ServiceDll",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\cdrom\\Imagepath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{AC4E5ACF-89F7-4220-BA21-81EE183975E2}\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\AppID\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\EapHost\\ServiceDll",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Name",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections\\DefaultConnectionSettings",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\E1G60\\type",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\BattC\\Imagepath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\UI0Detect\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\AmdPPM\\type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{753C47AE-EC5E-44B3-95A9-2C8E553F0E39}\\Path",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\Debugger",
"HKEY_LOCAL_MACHINE\\BCD00000000\\Objects\\{7ff607e0-4395-11db-b0de-0800200c9a66}\\Elements\\250000f5\\Element",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2781761E-28E0-4109-99FE-B9D127C57AFE}\\InprocServer32\\LoadWithoutCOM",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\NdisWan\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Themes\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\1394ohci\\type",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\usbhub\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31}\\ShellFolder\\WantsUniversalDelegate",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\AudioSrv\\ServiceDll",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Browser\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\IpFilterDriver\\Start",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\AppIDSvc\\Parameters\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\Stream",
"HKEY_LOCAL_MACHINE\\BCD00000000\\Objects\\{4636856e-540f-4170-a130-a84776f4c654}\\Elements\\15000014\\Element",
"HKEY_LOCAL_MACHINE\\BCD00000000\\Objects\\{9431d582-7101-11e8-ab61-bbe2f5b369b3}\\Description\\Type",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\nsi\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\Security\\DisableSecuritySettingsCheck",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Active Setup\\Installed Components\\{C9E9A340-D1F1-11D0-821E-444553540600}\\StubPath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\ALG\\ServiceDll",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\PROTOCOLS\\Handler\\about\\clsid",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\ebdrv\\Start",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\version",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Stream",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444B-8957-A3773F02200E}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\pciide\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\RemoteAccess\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Active Setup\\Installed Components\\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}\\StubPath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\AeLookupSvc\\Parameters\\ServiceDLL",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444B-8957-A3773F02200E}\\Description",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\PerfOS\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Wlansvc\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\FDResPub\\ServiceDll",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\Providers\\Trust\\Signature\\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\\$Function",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\defragsvc\\Imagepath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\FDResPub\\Imagepath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\BrFiltLo\\Imagepath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{CD962721-73F1-4649-85D7-6884C1EF28D9}\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{B210D694-C8DF-490d-9576-9E20CDBC20BD}\\InprocServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{5C0AEEEA-C154-45BE-8499-BEA5F11BAFF6}\\Path",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\hwpolicy\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\ESENT\\Start",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\secdrv\\(Default)",
"\\REGISTRY\\USER\\.DEFAULT\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\AutoConfigURL",
"HKEY_LOCAL_MACHINE\\BCD00000000\\Objects\\{9431d582-7101-11e8-ab61-bbe2f5b369b3}\\Elements\\12000004\\Element",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2781761E-28E0-4109-99FE-B9D127C57AFE}\\Hosts\\SHDOCVW\\MaxFileSize",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\.NET CLR Data\\Start",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\BITS\\type",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\HidIr\\Start",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\clr_optimization_v2.0.50727_64\\ServiceDll",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Active Setup\\Installed Components\\{630b1da0-b465-11d1-9948-00c04f98bbc9}\\StubPath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\iphlpsvc\\Parameters\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows Defender\\DisableAntiSpyware",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\DPS\\Parameters\\ServiceDLL",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{CA4B8FF2-A4D2-4D88-A52E-3A5BDAF7F56E}\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GPExtensions\\{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}\\DllName",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Filetrace\\Start",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\ACPI\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{4DE0CAB9-ECFE-4AA9-B95A-FE815A2EAA4E}\\Path",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{DDC0EED2-ADBE-40b6-A217-EDE16A79A0DE}\\InProcServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\SCPolicySvc\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\cdfs\\type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Tcpip\\Parameters\\NameServer",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\BTHMODEM\\Imagepath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CryptDllFindOIDInfo\\1.3.6.1.4.1.311.64.1.1!7\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GPExtensions\\{728EE579-943C-4519-9EF7-AB56765798ED}\\DllName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\PROTOCOLS\\Handler\\javascript\\clsid",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\000000000006\\PackedCatalogItem",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\defragsvc\\ServiceDll",
"HKEY_LOCAL_MACHINE\\BCD00000001\\Description\\System",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\atapi\\Start",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444B-8957-A3773F02200E}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\AFD\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Active Setup\\Installed Components\\{6BF52A52-394A-11d3-B153-00C04F79FAA6}\\StubPath",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Shell Folders\\Cache",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{D0250F3F-6480-484F-B719-42F659AC64D5}\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Tracing\\RASMANCS\\FileTracingMask",
"HKEY_LOCAL_MACHINE\\BCD00000000\\Objects\\{9431d580-7101-11e8-ab61-bbe2f5b369b3}\\Description\\FirmwareVariable",
"HKEY_LOCAL_MACHINE\\BCD00000000\\Objects\\{9dea862c-5cdd-4e70-acc1-f32b344d4795}\\Elements\\24000001\\Element",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\viaide\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\storflt\\(Default)",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\NoNetCrawling",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\bthserv\\Start",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\gpsvc\\Start",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Mozilla\\Mozilla Firefox 60.0.2\\extensions\\Components",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\Anchor Underline",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\BITS\\Parameters\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\agp440\\type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\URL\\Prefixes\\home",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\crcdisk\\Start",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\Shell",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{01575CFE-9A55-4003-A5E1-F38D1EBDCBE1}\\InprocServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{B78DBF96-841E-4336-BFE9-1C4975F9DA60}\\Path",
"\\REGISTRY\\USER\\.DEFAULT\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ProxyServer",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Disk\\type",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Dhcp\\Parameters\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\FontCache3.0.0.0\\Imagepath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\i8042prt\\type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.DAT\\IsShortcut",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{4D19A151-A712-4920-AC6D-6C6FD81C8CDB}\\Path",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\BFE\\ServiceDll",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0\\1807",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0\\1806",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WfpLwf\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\AeLookupSvc\\Imagepath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\CompositeBus\\Imagepath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\b06bdrv\\type",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\aliide\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\DfsC\\Start",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\b06bdrv\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\circlass\\type",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Command Processor\\PathCompletionChar",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{40DD7C5E-DA67-4A78-B96C-582A4CBAEDF3}\\Path",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{06308A56-69E7-4844-A784-8509C25B6C62}\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\elxstor\\Imagepath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\PROTOCOLS\\Filter\\application\/octet-stream\\clsid",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\245C97DF7514E7CF2DF8BE72AE957B9E04741E85\\Blob",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\BrowseInPlace",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CompressedFolder\\AlwaysShowExt",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\AeLookupSvc\\Parameters\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{81540B9F-B5BF-47EB-9C95-BE195BF2C664}\\Path",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\\Blob",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{044A6734-E90E-4F8F-B357-B2DC8AB3B5EC}\\Path",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Tcpip\\Parameters\\DhcpNameServer",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{088482FA-65B8-4E17-9ABF-1DCD48E8D373}\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\iirsp\\Start",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\cmdide\\Start",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\URL\\DefaultPrefix\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{79eac9e3-baf9-11ce-8c82-00aa004ba90b}\\InprocServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{5BE46CE1-CA9B-4CAD-B2E9-8C3F7716AF90}\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\SpecialFoldersCacheSize",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\volsnap\\(Default)",
"HKEY_LOCAL_MACHINE\\BCD00000000\\Objects\\{9431d581-7101-11e8-ab61-bbe2f5b369b3}\\Description\\Type",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\DfsC\\type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Unknown\\AlwaysShowExt",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\TDTCP\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\RasAcd\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\AeLookupSvc\\Start",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\usbohci\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{BE669C13-8165-4536-96D0-6D6C39292AAE}\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\AxInstSV\\Imagepath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\vwifibus\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Dnscache\\Parameters\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\CDD4EEAE6000AC7F40C3802C171E30148030C072\\Blob",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{87F56B34-044E-4A48-8FDD-087BFABD5ECF}\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GPExtensions\\{B087BE9D-ED37-454f-AF9C-04291E351182}\\DllName",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\BrSerWdm\\Start",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Command Processor\\EnableExtensions",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\COMSysApp\\Start",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\.NET Data Provider for Oracle\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\FltMgr\\Imagepath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\LocalRedirectOnly",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C}\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{A8B18D02-60CD-4305-90CC-7DAAC028BDCD}\\Path",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\SearchScopes\\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\url",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\exfat\\type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GPExtensions\\{BC75B1ED-5833-4858-9BB8-CBF0B166DF9D}\\DllName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{8f6b0360-b80d-11d0-a9b3-006097942311}\\InprocServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31}\\ShellFolder\\CallForAttributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{7DC691A2-CB15-44DB-853C-19938051BB22}\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\vmbus\\(Default)",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\Default Download Directory",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\MSDTC\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\MaxUrlRetrievalByteCount",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\BTHMODEM\\type",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\AppIDSvc\\Start",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\{EF381EA0-4D07-418D-A490-68AF67CE948B}\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\rdyboost\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\RasAuto\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\000000000007\\PackedCatalogItem",
"HKEY_LOCAL_MACHINE\\BCD00000000\\Objects\\{9431d580-7101-11e8-ab61-bbe2f5b369b3}\\Elements\\12000004\\Element",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\eventlog\\type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{79eac9e6-baf9-11ce-8c82-00aa004ba90b}\\InprocServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{28011108-68DF-4C73-B91B-57427D501BBA}\\Path",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Compbatt\\type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\GRE_Initialize\\DisableMetaFiles",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\napagent\\(Default)",
"HKEY_LOCAL_MACHINE\\BCD00000000\\Objects\\{9431d583-7101-11e8-ab61-bbe2f5b369b3}\\Elements\\31000003\\Element",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Hidden",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\AudioSrv\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\bthserv\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\CLFS\\Imagepath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\PROTOCOLS\\Filter\\gzip\\clsid",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Npfs\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries\\000000000005\\ProviderId",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Tcpip\\Parameters\\Interfaces\\{EF381EA0-4D07-418D-A490-68AF67CE948B}\\DhcpNameServer",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Unknown\\NeverShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Active Setup\\Installed Components\\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}\\StubPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.DAT\\AlwaysShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{45F26E9E-6199-477F-85DA-AF1EDFE067B1}\\InprocServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\LegalNoticeText",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Fax\\Imagepath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries\\000000000001\\ProviderId",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\BTHPORT\\Start",
"HKEY_LOCAL_MACHINE\\BCD00000000\\Objects\\{b2721d73-1db4-4c62-bf78-c548a880142d}\\Description\\FirmwareVariable",
"HKEY_LOCAL_MACHINE\\BCD00000000\\Objects\\{5189b25c-5558-4bf2-bca4-289b11bd29e2}\\Description\\FirmwareVariable",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\EFS\\type",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\gagp30kx\\type",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\PerfHost\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\tunnel\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\sppuinotify\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{79eac9e3-baf9-11ce-8c82-00aa004ba90b}\\InprocServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\AudioEndpointBuilder\\Imagepath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\amdide\\type",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Wdf01000\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Dhcp\\Imagepath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoSetFolders",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\A43489159A520F0D93D032CCAF37E7FE20A8B419\\Blob",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\crypt32\\DiagMatchAnyMask",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\BrUsbSer\\Imagepath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\CscService\\Parameters\\(Default)",
"HKEY_LOCAL_MACHINE\\BCD00000000\\Objects\\{9431d580-7101-11e8-ab61-bbe2f5b369b3}\\Description\\Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\Shell",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\AutoProxyDetectType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\NoFileFolderJunction",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\.NETFramework\\Start",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\URL\\DefaultPrefix\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Fs_Rec\\Imagepath",
"HKEY_LOCAL_MACHINE\\BCD00000000\\Objects\\{9431d581-7101-11e8-ab61-bbe2f5b369b3}\\Elements\\11000001\\Element",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\SstpSvc\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\MegaSR\\(Default)",
"HKEY_LOCAL_MACHINE\\BCD00000000\\Objects\\{9431d581-7101-11e8-ab61-bbe2f5b369b3}\\Elements\\14000008\\Element",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Tracing\\RASAPI32\\ConsoleTracingMask",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{FB3C354D-297A-4EB2-9B58-090F6361906B}\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\txtfile\\IsShortcut",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{17F5B0DE-8DA9-4280-8CB8-91422B9A8CE1}\\Path",
"HKEY_LOCAL_MACHINE\\BCD00000000\\Objects\\{9431d581-7101-11e8-ab61-bbe2f5b369b3}\\Description\\FirmwareVariable",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\EventSystem\\Start",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\crcdisk\\type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1E66F26B-79EE-11D2-8710-00C04F79ED0D}\\InprocServer32\\(Default)",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ProxyEnable",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\MpsSvc\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\BrFiltUp\\Start",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\AmdPPM\\Start",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{C016366B-7126-46CA-B36B-592A3D95A60B}\\Path",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\drmkaud\\Imagepath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Active Setup\\Installed Components\\{45ea75a0-a269-11d1-b5bf-0000f8051515}\\StubPath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries\\000000000006\\LibraryPath",
"HKEY_LOCAL_MACHINE\\BCD00000000\\Objects\\{6efb52bf-1766-41db-a6b3-0ee5eff72bd7}\\Description\\FirmwareVariable",
"HKEY_LOCAL_MACHINE\\BCD00000000\\Objects\\{9dea862c-5cdd-4e70-acc1-f32b344d4795}\\Elements\\23000003\\Element",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.zip\\BrowseInPlace",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\Display Inline Images",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\dot3svc\\Imagepath",
"HKEY_LOCAL_MACHINE\\BCD00000000\\Objects\\{b2721d73-1db4-4c62-bf78-c548a880142d}\\Elements\\11000001\\Element",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Netman\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\elxstor\\type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\DisableUnsupportedCriticalExtensions",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\ProtectedStorage\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\pcw\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\LanmanServer\\DefaultSecurity\\SrvsvcDefaultShareInfo",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\IpFilterDriver\\type",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Fs_Rec\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\amdxata\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\intelide\\Imagepath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\CA\\Certificates\\FEE449EE0E3965A5246F000E87FDE2A065FD89D4\\Blob",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GPExtensions\\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}\\DllName",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\DPS\\(Default)",
"HKEY_LOCAL_MACHINE\\BCD00000000\\Objects\\{0ce4991b-e6b3-4b16-b23c-5e0d9250e5d9}\\Description\\FirmwareVariable",
"HKEY_LOCAL_MACHINE\\BCD00000000\\Objects\\{9dea862c-5cdd-4e70-acc1-f32b344d4795}\\Elements\\23000006\\Element",
"HKEY_LOCAL_MACHINE\\BCD00000000\\Objects\\{b2721d73-1db4-4c62-bf78-c548a880142d}\\Elements\\12000005\\Element",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{12D51199-0DB5-46FE-A120-47A3D7D937CC}\\InprocServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.zip\\NeverShowExt",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\DontPrettyPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\742C3192E607E424EB4549542BE1BBC53E6174E2\\Blob",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\fdc\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\DevicePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Tracing\\RASMANCS\\FileDirectory",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{47536D45-EEEC-4BDC-8183-A4DC1F8DA9E4}\\Path",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GPExtensions\\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}\\DllName",
"HKEY_LOCAL_MACHINE\\BCD00000000\\Objects\\{9431d582-7101-11e8-ab61-bbe2f5b369b3}\\Elements\\11000001\\Element",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Filetrace\\type",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\FontCache\\ServiceDll",
"HKEY_CURRENT_USER\\Local Settings\\MuiCache\\2\\52C64B7E\\@%SystemRoot%\\system32\\p2pcollab.dll,-8042",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\BFE\\type",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\DPS\\Imagepath",
"HKEY_LOCAL_MACHINE\\BCD00000000\\Objects\\{0ce4991b-e6b3-4b16-b23c-5e0d9250e5d9}\\Description\\Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{CDA5F4EE-8293-4A5D-8564-04CD067D1A85}\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\IPSEC\\Policy\\Local\\ActivePolicy",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{D7B6E81D-3CF4-432C-84D2-24213F4316E6}\\Path",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\nvstor\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\en-US",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{AC668097-4D6B-4093-AC14-014C09DBF820}\\Path",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\BrUsbMdm\\type",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\usbehci\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\\InprocServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\hkmsvc\\type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{06CD2154-751E-469F-8E4A-C3F118356423}\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Active Setup\\Installed Components\\{89820200-ECBD-11cf-8B85-00AA005B4340}\\StubPath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\LDAP\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\txtfile\\AlwaysShowExt",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\MTConfig\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{96137355-BC34-4BA7-81B7-47C87B556E7D}\\Path",
"HKEY_LOCAL_MACHINE\\BCD00000000\\Objects\\{9431d581-7101-11e8-ab61-bbe2f5b369b3}\\Elements\\22000002\\Element",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\ehSched\\Imagepath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\gagp30kx\\Imagepath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\FileInfo\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GPExtensions\\{C631DF4C-088F-4156-B058-4375F0853CD8}\\DllName",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Tcpip\\Parameters\\Interfaces\\{AEFD33F3-CC73-4821-AD44-6915063E7FB1}\\NameServer",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\AFD\\Imagepath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\xmlprov\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\AsyncMac\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\CA\\Certificates\\D559A586669B08F46A30A133F8A9ED3D038E2EA8\\Blob",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\\InProcServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\BCD00000000\\Objects\\{9431d581-7101-11e8-ab61-bbe2f5b369b3}\\Elements\\23000003\\Element",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\HomeGroupListener\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\MapNetDriveVerbs",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\SeparateProcess",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\SharedAccess\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2781761E-28E0-4109-99FE-B9D127C57AFE}\\Hosts\\SHDOCVW\\Enable",
"HKEY_LOCAL_MACHINE\\BCD00000000\\Objects\\{9431d582-7101-11e8-ab61-bbe2f5b369b3}\\Elements\\21000001\\Element",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\ProfilesDirectory",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Attributes",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\BrSerWdm\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Tracing\\RASAPI32\\FileDirectory",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\HidUsb\\Imagepath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{06CD2154-751E-469F-8E4A-C3F118356423}\\Path",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Browser\\ServiceDll",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\CryptSvc\\type",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\stisvc\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries64\\000000000001\\ProviderId",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\PcaSvc\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{9D148291-B9C8-11D0-A4CC-0000F80149F6}\\InprocServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Dhcp\\type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\StreamResourceType",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ProxyServer",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{0000897b-83df-4b96-be07-0fb58b01c4a4}\\LanguageProfile\\0x00000000\\{0001bea3-ed56-483d-a2e2-aeae25577436}\\Enable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Active Setup\\Installed Components\\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\\StubPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.zip\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Active Setup\\Installed Components\\{9381D8F2-0288-11D0-9501-00AA00B911A5}\\StubPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ProxyServer",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\crypt32\\DiagLevel",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WudfPf\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Dhcp\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\b06bdrv\\Start",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\97817950D81C9670CC34D809CF794431367EF474\\Blob",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{A7C73732-9F11-4281-8D19-764D4EC9D94D}\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\HdAudAddService\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\BDESVC\\Parameters\\ServiceDLL",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\PeerDistSvc\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\nv_agp\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\TrustedInstaller\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\000000000010\\PackedCatalogItem",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\ehSched\\ServiceDll",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\IKEEXT\\Imagepath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Active Setup\\Installed Components\\{89820200-ECBD-11cf-8B85-00AA005B4340}\\ShellComponent",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\NeverShowExt",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\iaStorV\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\ShellHWDetection\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\agp440\\Imagepath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\PreCreate",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\Shell",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\b57nd60a\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Disk\\Imagepath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\mrxsmb10\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\MSPCLOCK\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{FDD56C73-F0D5-41B6-B767-6EFFD7966428}\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GPExtensions\\{E5094040-C46C-4115-B030-04FB2E545B00}\\DllName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{5F5A18EB-DC73-4E45-A11C-B59043598412}\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{8f6b0360-b80d-11d0-a9b3-006097942311}\\InprocServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Active Setup\\Installed Components\\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}\\StubPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{4C8B01A2-11FF-4C41-848F-508EF4F00CF7}\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\HidUsb\\type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{72DB7465-BC54-491B-A92A-4637A28C9BBF}\\Path",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\AmdK8\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{FF87090D-4A9A-4f47-879B-29A80C355D61}\\InprocServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{4FDEA3B5-7CDE-48F7-940C-43CDBB18FB20}\\Path",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\000000000008\\PackedCatalogItem",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\IPBusEnum\\Parameters\\(Default)",
"HKEY_LOCAL_MACHINE\\BCD00000000\\Objects\\{1afa9c49-16ab-4a5c-901b-212802da9460}\\Description\\Type",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\BrFiltLo\\type",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\RDPREFMP\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31}\\ShellFolder\\HasNavigationEnum",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\SpecialFoldersCacheSize",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\SiSRaid2\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\DfsC\\Imagepath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\discache\\(Default)",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\Show_StatusBar",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\TermService\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\idsvc\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\UGatherer\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GPExtensions\\{f3ccc681-b74c-4060-9f26-cd84525dca2a}\\DllName",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\CryptSvc\\Parameters\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\.NETFramework\\(Default)",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\SearchScopes\\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\ConfirmFileDelete",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\BrFiltLo\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\HidBth\\type",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\clr_optimization_v2.0.50727_64\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\BrowseInPlace",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\msahci\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\PerfProc\\(Default)",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Command Processor\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31}\\ShellFolder\\QueryForInfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Tracing\\EnableConsoleTracing",
"HKEY_LOCAL_MACHINE\\BCD00000000\\Objects\\{9431d582-7101-11e8-ab61-bbe2f5b369b3}\\Elements\\12000002\\Element",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{82676C49-21A7-4605-AA06-E04A067FB611}\\Path",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\MSTEE\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\CryptSvc\\ServiceDll",
"\\REGISTRY\\USER\\.DEFAULT\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Windows\\Run",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\wercplsupport\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\CNG\\Start",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\adpahci\\type",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\ServiceModelEndpoint 3.0.0.0\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\spldr\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\BattC\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\BE36A4562FB2EE05DBB3D32323ADF445084ED656\\Blob",
"HKEY_LOCAL_MACHINE\\BCD00000000\\Objects\\{4636856e-540f-4170-a130-a84776f4c654}\\Description\\FirmwareVariable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444B-8957-A3773F02200E}\\Category",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\mpio\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\NDIS\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\amdxata\\Start",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{268014E7-A27E-4FD7-89A6-A481DA222EC8}\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\dot3svc\\ServiceDll",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{C016366B-7126-46CA-B36B-592A3D95A60B}\\(Default)",
"HKEY_LOCAL_MACHINE\\BCD00000000\\Objects\\{9dea862c-5cdd-4e70-acc1-f32b344d4795}\\Elements\\25000004\\Element",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ProgramFilesDir (x86)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\IsShortcut",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoPropertiesRecycleBin",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\crcdisk\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoPropertiesMyComputer",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\SearchScopes\\DefaultScope",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{17F5B0DE-8DA9-4280-8CB8-91422B9A8CE1}\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\ACPI\\Imagepath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries64\\000000000009\\PackedCatalogItem",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\HasNavigationEnum",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\iphlpsvc\\ServiceDll",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{CB3D64BF-C0C9-45FF-BFB0-FF1A8F680186}\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{55272A00-42CB-11CE-8135-00AA004BB851}\\ProxyStubClsid32\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\CryptSvc\\Imagepath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{CB3D64BF-C0C9-45FF-BFB0-FF1A8F680186}\\Path",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShellState",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Active Setup\\Installed Components\\{89820200-ECBD-11cf-8B85-00AA005B4383}\\StubPath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Winsock\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{EACA24FF-236C-401D-A1E7-B3D5267B8A50}\\Path",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.DAT\\NeverShowExt",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\dot3svc\\Parameters\\ServiceDLL",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Schedule\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\srv2\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\VaultSvc\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\CertPropSvc\\type",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\FontCache\\Parameters\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\Providers\\Trust\\Cleanup\\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\\$Function",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\HidBatt\\type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\PreCreate",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\storvsc\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\AmdK8\\type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Drive\\shellex\\FolderExtensions\\{fbeb8a05-beee-4442-804e-409d6c4515e9}\\DriveMask",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\IPBusEnum\\type",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\aliide\\type",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\COMSysApp\\(Default)",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{3f5cc1b6-70f9-11e8-b07b-806e6f6e6963}\\Generation",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Active Setup\\Installed Components\\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\\StubPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444B-8957-A3773F02200E}\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\shellex\\CopyHookHandlers\\FileSystem\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoControlPanel",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\IEInstal.exe\\GlobalFlag",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\HdAudAddService\\Start",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{BF5CB148-7C77-4d8a-A53E-D81C70CF743C}\\InprocServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\BDESVC\\type",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\UseClearType",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\ohci1394\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\HTTP\\Imagepath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\URL\\Prefixes\\home",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Active Setup\\Installed Components\\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\\ShellComponent",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\1394ohci\\Start",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\Play_Animations",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\Save_Session_History_On_Exit",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\kbdhid\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\BrSerWdm\\type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Active Setup\\Installed Components\\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}\\StubPath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\ErrDev\\type",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\CertPropSvc\\Parameters\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\NetBT\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5537E283-B1E7-4EF8-9C6E-7AB0AFE5056D}\\InProcServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\ehRecvr\\Start",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\AmdK8\\Start",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\QueryForOverlay",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444B-8957-A3773F02200E}\\Attributes",
"HKEY_LOCAL_MACHINE\\BCD00000000\\Objects\\{9431d581-7101-11e8-ab61-bbe2f5b369b3}\\Elements\\16000009\\Element",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{A35BB7A6-5F0C-4C9F-8450-2B3BED532D51}\\Path",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\TBS\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{EE09B103-97E0-11CF-978F-00A02463E06F}\\InprocServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\fastfat\\type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\UseDropHandler",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Num_Catalog_Entries",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\MaxAIAUrlRetrievalCountPerChain",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\NoUpdateCheck",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GPExtensions\\{74EE6C03-5363-4554-B161-627540339CAB}\\DllName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GPExtensions\\{8A28E2C5-8D06-49A4-A08C-632DAA493E17}\\DllName",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries\\000000000004\\ProviderId",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\HpSAMD\\Start",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\PROTOCOLS\\Filter\\deflate\\clsid",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\000000000003\\PackedCatalogItem",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GPExtensions\\{3A0DBA37-F8B2-4356-83DE-3E90BD5C261F}\\DllName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Active Setup\\Installed Components\\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}\\StubPath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\dot3svc\\Start",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{3dd6bec0-8193-4ffe-ae25-e08e39ea4063}\\InProcServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\sbp2port\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\Enabled",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries64\\000000000006\\LibraryPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\Providers\\Trust\\Initialization\\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\\$DLL",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WSearchIdxPi\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Wecsvc\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\gpsvc\\type",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\exfat\\Imagepath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\Providers\\Trust\\CertCheck\\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\\$Function",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\msdsm\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Active Setup\\Installed Components\\>{26923b43-4d38-484f-9b9e-de460746276c}\\StubPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\HideOnDesktopPerUser",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Command Processor\\CompletionChar",
"HKEY_LOCAL_MACHINE\\BCD00000000\\Objects\\{7ff607e0-4395-11db-b0de-0800200c9a66}\\Elements\\250000f4\\Element",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\Play_Background_Sounds",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\tcpipreg\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\FDResPub\\Start",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WebClient\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\FltMgr\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Active Setup\\Installed Components\\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}\\StubPath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\EventSystem\\Parameters\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{CBD30858-AF45-11D2-B6D6-00C04FBBDE6E}\\InprocServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\BDESVC\\ServiceDll",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\AudioSrv\\Parameters\\ServiceDLL",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{088482FA-65B8-4E17-9ABF-1DCD48E8D373}\\Path",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\crypt32\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\CompositeBus\\type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{B0CBAB43-44FC-469B-A4CE-87426761FDCE}\\Path",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\cdfs\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\RemovalTools\\MRT\\GUID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProductName",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\AeLookupSvc\\type",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\CertPropSvc\\Parameters\\ServiceDLL",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoNetCrawling",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\FileInfo\\type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{CEE64558-E1A7-4D9D-80A7-2001912BE5B5}\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\HidUsb\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\eventlog\\Start",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\adp94xx\\type",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\agp440\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\CscService\\type",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\adp94xx\\Start",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\lltdio\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{09F06BFE-A3C8-40E3-846A-6E6F4000C238}\\Path",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\b06bdrv\\Imagepath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\DCLocator\\Start",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\AFD\\type",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\RpcEptMapper\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31}\\ShellFolder\\HideInWebView",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{8C5ED038-CFAD-48A0-BB2F-D128286E49B3}\\Path",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\CmBatt\\Start",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\Providers\\Trust\\FinalPolicy\\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\\$Function",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\StreamResourceType",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Wpad\\WpadLastNetwork",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\mrxsmb20\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Active Setup\\Installed Components\\{FEBEF00C-046D-438D-8A88-BF94A6C9E703}\\StubPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Roamable",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\NlaSvc\\Parameters\\Internet\\ManualProxies\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\EventSystem\\ServiceDll",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\ALG\\Start",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Fax\\Start",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Unknown\\BrowseInPlace",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\dot3svc\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\RDPENCDD\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\PortProxy\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\clr_optimization_v2.0.50727_64\\type",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WwanSvc\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\amdsata\\type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GPExtensions\\{7933F41E-56F8-41d6-A31C-4148A711EE93}\\DllName",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries64\\000000000006\\PackedCatalogItem",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\seclogon\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Serenum\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\LDAP\\UseOldHostResolutionOrder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{B78DBF96-841E-4336-BFE9-1C4975F9DA60}\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{486D715E-6AA2-44CF-BC48-B6990CBB53C6}\\(Default)",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\ShowSuperHidden",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\ehRecvr\\ServiceDll",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\megasas\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\AFD\\Start",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\PROTOCOLS\\Handler\\res\\clsid",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\gpsvc\\Parameters\\ServiceDLL",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\FontCache3.0.0.0\\ServiceDll",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Tcpip\\Parameters\\Interfaces\\{AEFD33F3-CC73-4821-AD44-6915063E7FB1}\\DhcpNameServer",
"HKEY_LOCAL_MACHINE\\BCD00000000\\Objects\\{b2721d73-1db4-4c62-bf78-c548a880142d}\\Elements\\1600000b\\Element",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\adsi\\(Default)",
"HKEY_CURRENT_USER\\Keyboard Layout\\Toggle\\Hotkey",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\PROTOCOLS\\Handler\\local\\clsid",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{40DD7C5E-DA67-4A78-B96C-582A4CBAEDF3}\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\b57nd60a\\Imagepath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\WantsFORDISPLAY",
"HKEY_LOCAL_MACHINE\\BCD00000000\\Objects\\{7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}\\Description\\FirmwareVariable",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\CSC\\Imagepath",
"HKEY_LOCAL_MACHINE\\BCD00000000\\Objects\\{4636856e-540f-4170-a130-a84776f4c654}\\Elements\\15000013\\Element",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\EFS\\Start",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{D018DE2F-F02A-4BDB-BA74-56BCD427BE40}\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Num_Catalog_Entries64",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\vsmraid\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\iirsp\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Filetrace\\Imagepath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows Defender\\Real-Time Protection\\IOAVMaxSize",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\Search Page",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{6738BA6E-EA75-4B6B-B8B8-71F0336DD8EF}\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\EventSystem\\Parameters\\ServiceDLL",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\Use_DlgBox_Colors",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\fvevol\\Imagepath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\FontCache3.0.0.0\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\SearchScopes\\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL",
"HKEY_LOCAL_MACHINE\\BCD00000000\\Objects\\{9431d583-7101-11e8-ab61-bbe2f5b369b3}\\Elements\\12000004\\Element",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Parport\\(Default)",
"HKEY_CURRENT_USER\\Control Panel\\Mouse\\SwapMouseButtons",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\IpFilterDriver\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\BrUsbMdm\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\RDPDD\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\hcw85cir\\Start",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\ClassicShell",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Browser\\Parameters\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\IKEEXT\\type",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Null\\(Default)",
"HKEY_LOCAL_MACHINE\\BCD00000000\\Objects\\{9431d582-7101-11e8-ab61-bbe2f5b369b3}\\Elements\\26000022\\Element",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\THREADORDER\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GPExtensions\\{cdeafc3d-948d-49dd-ab12-e578ba4af7aa}\\DllName",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Browser\\Imagepath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{994C86AD-A929-4B2C-88A0-4E25A107A029}\\Path",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries64\\000000000007\\PackedCatalogItem",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\RasSstp\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\blbdrive\\Imagepath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Unknown\\DocObject",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\HidUsb\\Start",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\IconsOnly",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\HDAudBus\\Start",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\mrxsmb\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\hwpolicy\\Start",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\MSKSSRV\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\blbdrive\\(Default)",
"HKEY_CURRENT_USER\\Software\\Microsoft\\SystemCertificates\\Root\\ProtectedRoots\\Certificates",
"HKEY_LOCAL_MACHINE\\HARDWARE\\DESCRIPTION\\System\\BIOS\\SystemProductName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ProgramFilesDir",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CryptDllFindOIDInfo\\1.3.6.1.4.1.311.67.1.1!7\\Name",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\SCardSvr\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\dmvsc\\Imagepath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\\InProcServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Modem\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\IPBusEnum\\ServiceDll",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\PptpMiniport\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CompressedFolder\\IsShortcut",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries64\\000000000006\\ProviderId",
"HKEY_CURRENT_USER\\Control Panel\\Desktop\\PreferredUILanguages",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\hkmsvc\\Start",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{79eac9e2-baf9-11ce-8c82-00aa004ba90b}\\InprocServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\HDAudBus\\type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\DisableCANameConstraints",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Active Setup\\Installed Components\\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}\\ShellComponent",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\HomeGroupListener\\Imagepath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\safer\\codeidentifiers\\ExecutableTypes",
"\\REGISTRY\\USER\\.DEFAULT\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ProxyEnable",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\gpsvc\\Imagepath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries\\000000000002\\ProviderId",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries64\\000000000005\\PackedCatalogItem",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2781761E-28E0-4109-99FE-B9D127C57AFE}\\InprocServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\RasAgileVpn\\(Default)",
"HKEY_LOCAL_MACHINE\\BCD00000000\\Objects\\{9dea862c-5cdd-4e70-acc1-f32b344d4795}\\Elements\\12000004\\Element",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{855fec53-d2e4-4999-9e87-3414e9cf0ff4}\\InProcServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\rdbss\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\FontCache\\Start",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\stexstor\\(Default)",
"\\REGISTRY\\USER\\.DEFAULT\\Environment\\UserInitMprLogonScript",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\IPBusEnum\\Imagepath",
"HKEY_LOCAL_MACHINE\\I2OS6AS7BX\\Select\\Default",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{8bf9a910-a8ff-457f-999f-a5ca10b4a885}\\InProcServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\BCD00000000\\Objects\\{9431d580-7101-11e8-ab61-bbe2f5b369b3}\\Elements\\14000006\\Element",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\DcomLaunch\\Parameters\\ServiceDLL",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\EnableWeakSignatureFlags",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\wmiApSrv\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\AxInstSV\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\LSI_SAS2\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\IKEEXT\\ServiceDll",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries\\000000000002\\LibraryPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{A6AF9377-77CE-47AB-AD7D-EC32CAD0C82D}\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\netprofm\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\DcomLaunch\\ServiceDll",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Beep\\Imagepath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\bowser\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\HomeGroupListener\\ServiceDll",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{82676C49-21A7-4605-AA06-E04A067FB611}\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{E22A8667-F75B-4BA9-BA46-067ED4429DE8}\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{448186F9-75B9-4FB7-A6E0-B19A2BADC1BE}\\Path",
"HKEY_LOCAL_MACHINE\\HARDWARE\\DESCRIPTION\\System\\BIOS\\SystemManufacturer",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries64\\000000000004\\LibraryPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\Providers\\Trust\\Message\\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\\$DLL",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\SearchScopes\\DefaultScope",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\arc\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\.NET CLR Data\\Imagepath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\IsShortcut",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\CscService\\Parameters\\ServiceDLL",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\SESSION MANAGER\\Environment\\COR_PROFILER_PATH",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Processor\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\txtfile\\DocObject",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Active Setup\\Installed Components\\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}\\StubPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\BrowseInPlace",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WSearch\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\ql40xx\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\intelide\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\BTHPORT\\Imagepath",
"HKEY_LOCAL_MACHINE\\BCD00000000\\Objects\\{7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}\\Elements\\14000006\\Element",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\HpSAMD\\type",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Netlogon\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\FileInfo\\Imagepath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31}\\ShellFolder\\RestrictedAttributes",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\HidBth\\Imagepath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\DfsC\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\PROTOCOLS\\Handler\\mhtml\\clsid",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\PROTOCOLS\\Handler\\https\\clsid",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{7DC691A2-CB15-44DB-853C-19938051BB22}\\Path",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GPExtensions\\{e437bc1c-aa7d-11d2-a382-00c04f991e27}\\DllName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{613612BA-897D-44CE-8DC1-8FC283F9FD51}\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{EB02381F-D652-4B1C-894A-712498C62C51}\\Path",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\SESSION MANAGER\\SubSystems\\Windows",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\hidserv\\Parameters\\ServiceDLL",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\RemoteRegistry\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\PNRPsvc\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Num_Catalog_Entries",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\amdxata\\type",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Tcpip\\Parameters\\Domain",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{FA2BC0A6-8D4B-458A-85C8-2B8C72487513}\\Path",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\IPMIDRV\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{3050F3BC-98B5-11CF-BB82-00AA00BDCE0B}\\InProcServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\PEAUTH\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\DCLocator\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{268014E7-A27E-4FD7-89A6-A481DA222EC8}\\Path",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\.NET CLR Data\\(Default)",
"HKEY_LOCAL_MACHINE\\BCD00000000\\Objects\\{9dea862c-5cdd-4e70-acc1-f32b344d4795}\\Elements\\12000005\\Element",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\FileInfo\\Start",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Tracing\\RASMANCS\\MaxFileSize",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\E1G60\\Imagepath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WerSvc\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\gagp30kx\\Start",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\Attributes",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Compbatt\\Start",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\fdPHost\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{EA9155A3-8A39-40b4-8963-D3C761B18371}\\InprocServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\iphlpsvc\\type",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\cdrom\\type",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\HidBth\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\RDPWD\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\MaxAIAUrlRetrievalCertCount",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\atapi\\Imagepath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Unknown\\shell\\openas\\NeverDefault",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\b57nd60a\\type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\txtfile\\BrowseInPlace",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GPExtensions\\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}\\DllName",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\adpahci\\Start",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Active Setup\\Installed Components\\{89B4C1CD-B018-4511-B0A1-5476DBF70820}\\ShellComponent",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Disk\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GPExtensions\\{7150F9BF-48AD-4da4-A49C-29EF4A8369BA}\\DllName",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\SMSvcHost 3.0.0.0\\(Default)",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\IE8TourShown",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\FsDepends\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\amdsata\\Imagepath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\umbus\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\Authentication Packages",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\Defaults\\Provider\\Microsoft Enhanced RSA and AES Cryptographic Provider\\Type",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\drmkaud\\type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{217FC9C0-3AEA-1069-A2DB-08002B30309D}\\InProcServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{2E941CB2-1B33-47C4-905B-8B4278819513}\\Path",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries64\\000000000002\\ProviderId",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\DPS\\ServiceDll",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Appinfo\\ServiceDll",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\ql2300\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\AllowFileCLSIDJunctions",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\cmdide\\Imagepath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{CC35D2E9-B9E1-4ADC-9DA5-71487D9E9EB5}\\Path",
"HKEY_LOCAL_MACHINE\\BCD00000000\\Objects\\{9431d580-7101-11e8-ab61-bbe2f5b369b3}\\Elements\\11000001\\Element",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Stream",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\dot3svc\\type",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\usbcir\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\AutoConfigURL",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\iphlpsvc\\Parameters\\ServiceDLL",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\EditFlags",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GPExtensions\\{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}\\DllName",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries\\000000000004\\LibraryPath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\E1G60\\Start",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\p2pimsvc\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GPExtensions\\{A3F3E39B-5D83-4940-B954-28315B82F0A8}\\DllName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Active Setup\\Installed Components\\{89820200-ECBD-11cf-8B85-00AA005B4340}\\ShellComponent",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{A7C73732-9F11-4281-8D19-764D4EC9D94D}\\Path",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Active Setup\\Installed Components\\{3af36230-a269-11d1-b5bf-0000f8051515}\\StubPath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Fax\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\msisadrv\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.zip\\AlwaysShowExt",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\FsDepends\\type",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\clr_optimization_v2.0.50727_64\\Imagepath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\BrUsbMdm\\Imagepath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\\Blob",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\nfrd960\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\wuauserv\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{874CFED9-D01D-4D16-9775-B8A7A05004BF}\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows Defender\\Real-Time Protection\\DisableIOAVProtection",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\NetBIOS\\(Default)",
"HKEY_CURRENT_USER\\Environment\\UserInitMprLogonScript",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{F6B1AFFE-48F0-4340-9F59-C73DDA17C17D}\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Brserid\\Imagepath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\Security",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\CLFS\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{AC668097-4D6B-4093-AC14-014C09DBF820}\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\amdide\\Start",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\lltdsvc\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\adpu320\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\SNMPTRAP\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{1F7B7221-AE8F-44F3-BA82-F7D260F51964}\\Path",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\fdPHost\\ServiceDll",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\MSDTC Bridge 3.0.0.0\\(Default)",
"\\REGISTRY\\USER\\.DEFAULT\\Environment\\COR_PROFILER",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\TapiSrv\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Msfs\\(Default)",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Command Processor\\AutoRun",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\CLFS\\Start",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Active Setup\\Installed Components\\{630b1da0-b465-11d1-9948-00c04f98bbc9}\\StubPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{900be39d-6be8-461a-bc4d-b0fa71f5ecb1}\\InprocServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\defragsvc\\Start",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\ws2ifsl\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{79eac9e7-baf9-11ce-8c82-00aa004ba90b}\\InprocServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\fdc\\Imagepath",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\NoFileFolderConnection",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\iScsiPrt\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\AppIDSvc\\type",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\AxInstSV\\Start",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{3050F3B2-98B5-11CF-BB82-00AA00BDCE0B}\\InProcServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{4C8B01A2-11FF-4C41-848F-508EF4F00CF7}\\Path",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31}\\ShellFolder\\WantsFORDISPLAY",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\AudioSrv\\Start",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\.NET CLR Networking\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\ErrDev\\Imagepath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\Name",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\BrFiltUp\\type",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\HpSAMD\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries64\\000000000002\\PackedCatalogItem",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{FA2BC0A6-8D4B-458A-85C8-2B8C72487513}\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Command Processor\\DefaultColor",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{DD9F510C-95F4-499A-90C8-BAC5BC372FF4}\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\AudioEndpointBuilder\\Parameters\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries\\000000000005\\LibraryPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31}\\ShellFolder\\WantsFORPARSING",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\vdrvroot\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\iphlpsvc\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{2A1C9EB2-DF62-4154-B800-63278FCB8037}\\ProxyStubClsid32\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Windows\\AppInit_DLLs",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Active Setup\\Installed Components\\{89820200-ECBD-11cf-8B85-00AA005B4383}\\ShellComponent",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\fastfat\\Imagepath",
"HKEY_LOCAL_MACHINE\\BCD00000000\\Description\\TreatAsSystem",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Dnscache\\ServiceDll",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\scfilter\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{B196B286-BAB4-101A-B69C-00AA00341D07}\\InprocServer32\\InprocServer32",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\AlwaysShowExt",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\adpahci\\Imagepath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Print\\Providers\\LanMan Print Services\\Name",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\.NET CLR Networking\\Start",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\defragsvc\\Parameters\\ServiceDLL",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\{AEFD33F3-CC73-4821-AD44-6915063E7FB1}\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444B-8957-A3773F02200E}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\idsvc\\Imagepath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Print\\Providers\\Internet Print Provider\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoCommonGroups",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\inetaccs\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\dmvsc\\type",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\i8042prt\\Start",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\NetTcpPortSharing\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{8C5ED038-CFAD-48A0-BB2F-D128286E49B3}\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GPExtensions\\{E62688F0-25FD-4c90-BFF5-F508B9D2E31F}\\DllName",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\fvevol\\Start",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\CSC\\Start",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\vhdmp\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\idsvc\\ServiceDll",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\defragsvc\\type",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\ErrDev\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Browser\\type",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Brserid\\Start",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WPDBusEnum\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\BrSerWdm\\Imagepath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31}\\ShellFolder\\QueryForOverlay",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\Show_FullURL",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\AcpiPmi\\Start",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\DcomLaunch\\Parameters\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Active Setup\\Installed Components\\>{26923b43-4d38-484f-9b9e-de460746276c}\\ShellComponent",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{CA4B8FF2-A4D2-4D88-A52E-3A5BDAF7F56E}\\Path",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{CBD30858-AF45-11D2-B6D6-00C04FBBDE6E}\\InprocServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\000000000009\\PackedCatalogItem",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{2E941CB2-1B33-47C4-905B-8B4278819513}\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\BDESVC\\Parameters\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{1C1C45EE-4395-11D2-B60B-00104B703EFD}\\ProxyStubClsid32\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\QWAVEdrv\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Wanarpv6\\(Default)",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\ShowCompColor",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Active Setup\\Installed Components\\{7790769C-0471-11d2-AF11-00C04FA35D02}\\StubPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A9A33436-678B-4c9c-A211-7CC38785E79D}\\InProcServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\ehRecvr\\type",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\intelppm\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\FontCache\\Imagepath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Ntfs\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Active Setup\\Installed Components\\{89B4C1CD-B018-4511-B0A1-5476DBF70820}\\StubPath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\pla\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\000000000004\\PackedCatalogItem",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\swenum\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\amdsata\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{6738BA6E-EA75-4B6B-B8B8-71F0336DD8EF}\\Path",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\.NET Data Provider for SqlServer\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{7AFCC0CA-7121-422A-AB45-B0E8D599FF08}\\Path",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.zip\\DocObject",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{40DD6E20-7C17-11CE-A804-00AA003CA9F6}\\InProcServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Tcpip\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\MAIN\\Search Page",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\ehSched\\type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\MaxAIAUrlCountInCert",
"HKEY_LOCAL_MACHINE\\BCD00000000\\Objects\\{1afa9c49-16ab-4a5c-901b-212802da9460}\\Description\\FirmwareVariable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\BCD00000000\\Objects\\{9431d580-7101-11e8-ab61-bbe2f5b369b3}\\Elements\\21000001\\Element",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\PreCreate",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows\\Run",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Active Setup\\Installed Components\\{3af36230-a269-11d1-b5bf-0000f8051515}\\StubPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\PROTOCOLS\\Handler\\http\\clsid",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\inetaccs\\Imagepath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\TabletInputService\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\COMSysApp\\Imagepath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{87F56B34-044E-4A48-8FDD-087BFABD5ECF}\\Path",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\7F88CD7223F3C813818C994614A89C99FA3B5247\\Blob",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\gagp30kx\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\1394ohci\\Imagepath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\FDResPub\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\AsyncMac\\type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\Providers\\Trust\\Certificate\\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\\$DLL",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.zip\\Content Type",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\TCPIP6TUNNEL\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\VgaSave\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\MUI\\StringCacheSettings\\StringCacheGeneration",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\sffdisk\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{551B3807-871F-4E48-A943-2330449F0615}\\Path",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{3307E641-F5EE-49E6-A1FE-BFB5D671441C}\\Path",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\amdsbs\\Imagepath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Unknown\\shell\\openas\\command\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Appinfo\\type",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\IE8RunOnceLastShown_TIMESTAMP",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{5A40E926-9E86-4B89-9CFD-B12311724371}\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{e7ed314f-2816-4c26-aeb5-54a34d02404c}\\InprocServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\MMCSS\\(Default)",
"HKEY_LOCAL_MACHINE\\BCD00000000\\Objects\\{9431d580-7101-11e8-ab61-bbe2f5b369b3}\\Elements\\12000005\\Element",
"HKEY_LOCAL_MACHINE\\BCD00000000\\Objects\\{9431d581-7101-11e8-ab61-bbe2f5b369b3}\\Elements\\14000006\\Element",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\arcsas\\type",
"HKEY_LOCAL_MACHINE\\BCD00000000\\Objects\\{9431d583-7101-11e8-ab61-bbe2f5b369b3}\\Description\\FirmwareVariable",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\AppIDSvc\\ServiceDll",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\IKEEXT\\Parameters\\ServiceDLL",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{3f5cc1b5-70f9-11e8-b07b-806e6f6e6963}\\Generation",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\DcomLaunch\\type",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\BITS\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\Taskman",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\UxSms\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\BTHMODEM\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\EnableAnchorContext",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries64\\000000000001\\PackedCatalogItem",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\NdisCap\\(Default)",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.exe\\OpenWithProgids\\exefile",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\inetaccs\\Start",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\KeyIso\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{DA41DE71-8431-42FB-9DB0-EB64A961DEAD}\\Path",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ProxySettingsPerUser",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CompressedFolder\\DocObject",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\BITS\\Parameters\\ServiceDLL",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\flpydisk\\type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\WantsAliasedNotifications",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Mup\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\sffp_mmc\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31}\\ShellFolder\\NoFileFolderJunction",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FullScreen",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\Providers\\Trust\\Signature\\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\\$DLL",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GPExtensions\\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}\\DllName",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WPCSvc\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\UmPass\\(Default)",
"HKEY_LOCAL_MACHINE\\BCD00000000\\Objects\\{9431d581-7101-11e8-ab61-bbe2f5b369b3}\\Elements\\25000020\\Element",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ProxyEnable",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries64\\000000000002\\LibraryPath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\KSecDD\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\HomeGroupProvider\\Parameters\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\DllNXOptions\\GlobalFlag",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DontShowSuperHidden",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GPExtensions\\{FB2CA36D-0B40-4307-821B-A13B252DE56C}\\DllName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CompressedFolder\\CLSID\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\FDResPub\\Parameters\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\udfs\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Fax\\type",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WmiAcpi\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Active Setup\\Installed Components\\{C9E9A340-D1F1-11D0-821E-444553540600}\\StubPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GPExtensions\\{17D89FEC-5C44-4972-B12D-241CAEF74509}\\DllName",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\BITS\\Start",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\idsvc\\type",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Compbatt\\Imagepath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\IKEEXT\\Parameters\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Security",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\CscService\\Start",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\b57nd60a\\Start",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Appinfo\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\FontCache3.0.0.0\\Start",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Spooler\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\Disallowed\\Certificates\\637162CC59A3A1E25956FA5FA8F60D2E1C52EAC6\\Blob",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\Defaults\\Provider\\Microsoft Enhanced RSA and AES Cryptographic Provider\\Image Path",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{DFA14C43-F385-4170-99CC-1B7765FA0E4A}\\InProcServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\Providers\\Trust\\Cleanup\\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\\$DLL",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\intelide\\Start",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\Userinit",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\UGTHRSVC\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Clients\\StartMenuInternet\\IEXPLORE.EXE\\shell\\open\\command\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\HomeGroupProvider\\Imagepath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{79eac9e2-baf9-11ce-8c82-00aa004ba90b}\\InprocServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\AppIDSvc\\Imagepath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\fdc\\Start",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\sfloppy\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444B-8957-A3773F02200E}\\Icon",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\AudioSrv\\Imagepath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CryptDllFindOIDInfo\\1.3.6.1.4.1.311.67.1.2!7\\Name",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries64\\000000000003\\ProviderId",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{26656EAA-54EB-4E6F-8F85-4F0EF901A406}\\ProxyStubClsid32\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\clr_optimization_v2.0.50727_32\\Start",
"HKEY_LOCAL_MACHINE\\BCD00000000\\Objects\\{9431d583-7101-11e8-ab61-bbe2f5b369b3}\\Elements\\32000004\\Element",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\DCLocator\\Imagepath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\CscService\\Imagepath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\.NETFramework\\Imagepath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\hidserv\\ServiceDll",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{AC4E5ACF-89F7-4220-BA21-81EE183975E2}\\Path",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{06DA0625-9701-43da-BFD7-FBEEA2180A1E}\\InProcServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\18F7C1FCC3090203FD5BAA2F861A754976C8DD25\\Blob",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\AsyncMac\\Start",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\adp94xx\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31}\\ShellFolder\\UseDropHandler",
"HKEY_LOCAL_MACHINE\\BCD00000000\\Objects\\{9dea862c-5cdd-4e70-acc1-f32b344d4795}\\Elements\\24000010\\Element",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Compbatt\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{F6B1AFFE-48F0-4340-9F59-C73DDA17C17D}\\Path",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\CryptSvc\\Parameters\\ServiceDLL",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{9435F817-FED2-454E-88CD-7F78FDA62C48}\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\LocalizedName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{A656BBE1-4E3E-4C8A-BD79-A8CA56782753}\\Path",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\Window_Placement",
"HKEY_CURRENT_USER\\Local Settings\\MuiCache\\2\\52C64B7E\\@%SystemRoot%\\System32\\fveui.dll,-844",
"HKEY_CURRENT_USER\\Local Settings\\MuiCache\\2\\52C64B7E\\@%SystemRoot%\\System32\\fveui.dll,-843",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{D0250F3F-6480-484F-B719-42F659AC64D5}\\Path",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Active Setup\\Installed Components\\{89B4C1CD-B018-4511-B0A1-5476DBF70820}\\StubPath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\IPBusEnum\\Parameters\\ServiceDLL",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\AppMgmt\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\CLFS\\type",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\AudioEndpointBuilder\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{CDA5F4EE-8293-4A5D-8564-04CD067D1A85}\\Path",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Command Processor\\AutoRun",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\fdPHost\\type",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\intelide\\type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\\Blob",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Active Setup\\Installed Components\\>{26923b43-4d38-484f-9b9e-de460746276c}\\StubPath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\ServiceModelService 3.0.0.0\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\UmRdpService\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{5F5A18EB-DC73-4E45-A11C-B59043598412}\\Path",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444B-8957-A3773F02200E}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Tracing\\RASAPI32\\MaxFileSize",
"\\REGISTRY\\USER\\.DEFAULT\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Windows\\Load",
"HKEY_LOCAL_MACHINE\\BCD00000000\\Objects\\{4636856e-540f-4170-a130-a84776f4c654}\\Elements\\15000011\\Element",
"HKEY_CURRENT_USER\\Environment\\COR_PROFILER",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\PerfDisk\\(Default)",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\AppData",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\HomeGroupListener\\Parameters\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\000000000005\\PackedCatalogItem",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31}\\ShellFolder\\WantsParseDisplayName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\System",
"HKEY_LOCAL_MACHINE\\BCD00000000\\Objects\\{5189b25c-5558-4bf2-bca4-289b11bd29e2}\\Description\\Type",
"\\REGISTRY\\USER\\.DEFAULT\\Control Panel\\Desktop\\SCRNSAVE.EXE",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\HidIr\\Imagepath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{3050f3DA-98B5-11CF-BB82-00AA00BDCE0B}\\InProcServer32\\(Default)",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\Local Page",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GPExtensions\\{6232C319-91AC-4931-9385-E70C2B099F0E}\\DllName",
"\\REGISTRY\\USER\\.DEFAULT\\SOFTWARE\\Microsoft\\Command Processor\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\bowser\\Imagepath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\AxInstSV\\ServiceDll",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\LDAP\\UseHostnameAsAlias",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Active Setup\\Installed Components\\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\\ShellComponent",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1E66F26B-79EE-11D2-8710-00C04F79ED0D}\\InprocServer32\\2.0.50727\\CodeBase",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\FDResPub\\type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{5C0AEEEA-C154-45BE-8499-BEA5F11BAFF6}\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\UIHost",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\RDPDR\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C}\\Path",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GPExtensions\\{25537BA6-77A8-11D2-9B6C-0000F8080861}\\DllName",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\DcomLaunch\\Start",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\IEInstal.exe\\(Default)",
"HKEY_LOCAL_MACHINE\\BCD00000000\\Objects\\{7ff607e0-4395-11db-b0de-0800200c9a66}\\Elements\\250000f3\\Element",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CryptDllFindOIDInfo\\1.3.6.1.4.1.311.47.1.1!7\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444B-8957-A3773F02200E}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\NDProxy\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\TCPIP6\\(Default)",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Cached\\{40DD6E20-7C17-11CE-A804-00AA003CA9F6} {000214FC-0000-0000-C000-000000000046} 0xFFFF",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\Default_Page_URL",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{DD9F510C-95F4-499A-90C8-BAC5BC372FF4}\\Path",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\bowser\\Start",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GPExtensions\\{C418DD9D-0D14-4efb-8FBF-CFE535C8FAC7}\\DllName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\CertPropSvc\\Imagepath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\AcpiPmi\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Command Processor\\DisableUNCCheck",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\shellex\\CopyHookHandlers\\Sharing\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\gpsvc\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\SpecialFoldersCacheSize",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\hwpolicy\\type",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\000000000001\\PackedCatalogItem",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\MAIN\\Local Page",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\defragsvc\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\dmvsc\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\MachineGuid",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.DAT\\PerceivedType",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\EventSystem\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\SystemStartOptions",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Winmgmt\\(Default)",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Command Processor\\EnableExtensions",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\EapHost\\type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1E66F26B-79EE-11D2-8710-00C04F79ED0D}\\InprocServer32\\CodeBase",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{A656BBE1-4E3E-4C8A-BD79-A8CA56782753}\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\LDAP\\LdapClientIntegrity",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\ServiceModelOperation 3.0.0.0\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\adpu320\\Start",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\sermouse\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\cdrom\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Active Setup\\Installed Components\\{45ea75a0-a269-11d1-b5bf-0000f8051515}\\StubPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\\Blob",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\ehRecvr\\Imagepath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\DocObject",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444B-8957-A3773F02200E}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{5B42DD9C-5A26-4F27-BB95-34603F0997E5}\\Path",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\MAIN\\Default_Search_URL",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\AcpiPmi\\Imagepath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\CertPropSvc\\ServiceDll",
"HKEY_LOCAL_MACHINE\\BCD00000000\\Objects\\{9431d582-7101-11e8-ab61-bbe2f5b369b3}\\Elements\\22000002\\Element",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\1394ohci\\(Default)",
"HKEY_LOCAL_MACHINE\\BCD00000000\\Objects\\{9431d580-7101-11e8-ab61-bbe2f5b369b3}\\Elements\\26000006\\Element",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{5A40E926-9E86-4B89-9CFD-B12311724371}\\Path",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{9D148291-B9C8-11D0-A4CC-0000F80149F6}\\InprocServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\amdsbs\\type",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\HdAudAddService\\type",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\iirsp\\type",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\drmkaud\\Start",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\s3cap\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\BrUsbSer\\Start",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\HidBatt\\Imagepath",
"HKEY_CURRENT_USER\\Local Settings\\MuiCache\\2\\52C64B7E\\@%SystemRoot%\\system32\\dnsapi.dll,-103",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{FA3F3DD9-4C1A-456B-A8FA-C76EF3ED83B8}\\InProcServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\MozillaMaintenance\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\bthserv\\Imagepath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries64\\000000000001\\LibraryPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{EACA24FF-236C-401D-A1E7-B3D5267B8A50}\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GPExtensions\\{91FBB303-0CD5-4055-BF42-E512A681B325}\\DllName",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\hcw85cir\\Imagepath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{448186F9-75B9-4FB7-A6E0-B19A2BADC1BE}\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\HideFolderVerbs",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Lsa\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{12D51199-0DB5-46FE-A120-47A3D7D937CC}\\InprocServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{D018DE2F-F02A-4BDB-BA74-56BCD427BE40}\\Path",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\upnphost\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\SSDPSRV\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries64\\000000000004\\ProviderId",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\CallForAttributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SQMClient\\Windows\\CEIPEnable",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\AudioSrv\\type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\Local Page",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\AppID\\type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\PROTOCOLS\\Handler\\mailto\\clsid",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\MSPQM\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\DisableMandatoryBasicConstraints",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\fdPHost\\Parameters\\ServiceDLL",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{EB07F7B4-BB95-4B74-9D32-4533D566453C}\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\ehSched\\Start",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\Providers\\Trust\\Initialization\\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\\$Function",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Command Processor\\DisableUNCCheck",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\BrUsbSer\\type",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\uagp35\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444B-8957-A3773F02200E}\\LocalRedirectOnly",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\clr_optimization_v2.0.50727_32\\type",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\SecurityProviders\\SecurityProviders",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-699399860-4089948139-3198924279-1001\\ProfileImagePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\Stream",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\Providers\\Trust\\CertCheck\\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\\$DLL",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\IRENUM\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ProxyServer",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\AsyncMac\\Imagepath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\DXGKrnl\\Imagepath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31}\\ShellFolder\\PinToNameSpaceTree",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Active Setup\\Installed Components\\{6BF52A52-394A-11d3-B153-00C04F79FAA6}\\ShellComponent",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\arc\\Start",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{BCD1DE7E-2DB1-418B-B047-4A74E101F8C1}\\ProxyStubClsid32\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\lmhosts\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\luafv\\(Default)",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\Start Page Redirect Cache",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\NTDS\\(Default)",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\HideIcons",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\BITS\\ServiceDll",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{72DB7465-BC54-491B-A92A-4637A28C9BBF}\\(Default)",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\Start Page",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{A48CABBF-24C8-4B87-B00F-9261807C3B43}\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.LOG\\(Default)",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\AutoCheckSelect",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.DAT\\Content Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\MaxUndoItems",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\Name",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\FltMgr\\type",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\HomeGroupListener\\Start",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\Category",
"HKEY_LOCAL_MACHINE\\BCD00000000\\Objects\\{9431d582-7101-11e8-ab61-bbe2f5b369b3}\\Elements\\14000006\\Element",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{4D19A151-A712-4920-AC6D-6C6FD81C8CDB}\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{F18ED8A5-C696-4951-B068-CA8E83634C04}\\Path",
"HKEY_LOCAL_MACHINE\\BCD00000000\\Objects\\{9431d581-7101-11e8-ab61-bbe2f5b369b3}\\Elements\\21000001\\Element",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Brserid\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\IsShortcut",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\URLSearchHooks\\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\DcomLaunch\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\crcdisk\\Imagepath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\arcsas\\Imagepath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\pcmcia\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{6f45dc1e-5384-457a-bc13-2cd81b0d28ed}\\InProcServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\i8042prt\\(Default)",
"HKEY_LOCAL_MACHINE\\BCD00000000\\Objects\\{7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}\\Description\\Type",
"HKEY_LOCAL_MACHINE\\BCD00000001\\Description\\KeyName",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Language\\InstallLanguage",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\CA\\Certificates\\109F1CAED645BB78B3EA2B94C0697C740733031C\\Blob",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\adp94xx\\Imagepath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\EapHost\\Parameters\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\usbprint\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{3050F3B2-98B5-11CF-BB82-00AA00BDCE0B}\\InProcServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Unknown\\shell\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{5B42DD9C-5A26-4F27-BB95-34603F0997E5}\\(Default)",
"HKEY_LOCAL_MACHINE\\BCD00000000\\Objects\\{b2721d73-1db4-4c62-bf78-c548a880142d}\\Description\\Type",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Disk\\Start",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\Description",
"HKEY_LOCAL_MACHINE\\BCD00000000\\Objects\\{9431d582-7101-11e8-ab61-bbe2f5b369b3}\\Elements\\46000010\\Element",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\SESSION MANAGER\\Environment\\UserInitMprLogonScript",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\Disallowed\\Certificates\\7D7F4414CCEF168ADF6BF40753B5BECD78375931\\Blob",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.LOG\\Content Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{E22A8667-F75B-4BA9-BA46-067ED4429DE8}\\Path",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\WebView",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{A6AF9377-77CE-47AB-AD7D-EC32CAD0C82D}\\Path",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\RasMan\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\adpahci\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\SafeBoot\\AlternateShell",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\NotifyDownloadComplete",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\hkmsvc\\Parameters\\ServiceDLL",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.DAT\\BrowseInPlace",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{B196B286-BAB4-101A-B69C-00AA00341D07}\\InprocServer32\\ThreadingModel",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\uliagpkx\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\LocalizedName",
"HKEY_CURRENT_USER\\Environment\\COR_PROFILER_PATH",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\amdxata\\Imagepath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\LocalRedirectOnly",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\CA\\CRLs\\A377D1B1C0538833035211F4083D00FECC414DAB\\Blob",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\SysMain\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\hidserv\\type",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\HTTP\\Start",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\MAIN\\Start Page",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\iphlpsvc\\Start",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\atapi\\type",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\mountmgr\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GPExtensions\\{F9C77450-3A41-477E-9310-9ACD617BD9E3}\\DllName",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WacomPen\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AC3AC249-E820-4343-A65B-377AC634DC09}\\InProcServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\fdPHost\\Imagepath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\HomeGroupProvider\\Parameters\\ServiceDLL",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Active Setup\\Installed Components\\{9381D8F2-0288-11D0-9501-00AA00B911A5}\\StubPath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\bowser\\type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{C27F6B1D-FE0B-45E4-9257-38799FA69BC8}\\InprocServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\RelativePath",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{3f5cc1b5-70f9-11e8-b07b-806e6f6e6963}\\Data",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\hidserv\\Parameters\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Active Setup\\Installed Components\\{89820200-ECBD-11cf-8B85-00AA005B4383}\\ShellComponent",
"\\REGISTRY\\USER\\.DEFAULT\\Environment\\COR_PROFILER_PATH",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Beep\\type",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\ksthunk\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\iaStorV\\Imagepath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\PreCreate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Security",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\USBSTOR\\(Default)",
"HKEY_LOCAL_MACHINE\\BCD00000000\\Objects\\{9431d580-7101-11e8-ab61-bbe2f5b369b3}\\Elements\\22000002\\Element",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Unknown\\IsShortcut",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\clr_optimization_v2.0.50727_32\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\circlass\\Imagepath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\EFS\\Imagepath",
"HKEY_LOCAL_MACHINE\\BCD00000000\\Objects\\{9431d581-7101-11e8-ab61-bbe2f5b369b3}\\Elements\\12000004\\Element",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\iphlpsvc\\Imagepath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\BFE\\Parameters\\ServiceDLL",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{A48CABBF-24C8-4B87-B00F-9261807C3B43}\\Path",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\EventSystem\\type",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\crypt32\\Start",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\BrFiltUp\\Imagepath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\TypeLib\\{420B2830-E718-11CF-893D-00A0C9054228}\\1.0\\0\\win64\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WdiServiceHost\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Tracing\\RASAPI32\\EnableConsoleTracing",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\blbdrive\\type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\TypeLib\\{00020430-0000-0000-C000-000000000046}\\2.0\\0\\win64\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Num_Catalog_Entries64",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WdiSystemHost\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\TermDD\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\Notification Packages",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31}\\ShellFolder\\WantsAliasedNotifications",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\CertPropSvc\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\CSC\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\rspndr\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{1E66F26B-79EE-11D2-8710-00C04F79ED0D}\\InprocServer32\\CodeBase",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\SourcePath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\HidBth\\Start",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\aliide\\Imagepath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\IEInstal.exe\\Debugger",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{3dd53d40-7b8b-11D0-b013-00aa0059ce02}\\InprocServer32\\(Default)",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\ShowInfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\WantsParseDisplayName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{58fb76b9-ac85-4e55-ac04-427593b1d060}\\InprocServer32\\(Default)",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\AutoConfigURL",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\.NET Data Provider for SqlServer\\Start",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Serial\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2DEA658F-54C1-4227-AF9B-260AB5FC3543}\\InprocServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\Description",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\HidIr\\type",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\LSI_SCSI\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Dnscache\\Start",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{EE09B103-97E0-11CF-978F-00A02463E06F}\\InprocServer32\\ThreadingModel",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{3050F406-98B5-11CF-BB82-00AA00BDCE0B}\\InProcServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\PerfNet\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Appinfo\\Parameters\\ServiceDLL",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries64\\000000000008\\PackedCatalogItem",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\arcsas\\Start",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\circlass\\Start",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\DllNXOptions\\Debugger",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Active Setup\\Installed Components\\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}\\StubPath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WIMMount\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\nsiproxy\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{343D770D-7788-47c2-B62A-B7C4CED925CB}\\InProcServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\MSiSCSI\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\MRxDAV\\(Default)",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\Start Page Redirect Cache AcceptLangs",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.DAT\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Active Setup\\Installed Components\\{E92B03AB-B707-11d2-9CBD-0000F87A369E}\\StubPath",
"HKEY_LOCAL_MACHINE\\BCD00000000\\Objects\\{4636856e-540f-4170-a130-a84776f4c654}\\Description\\Type",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\IKEEXT\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\CertPropSvc\\Start",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\Do404Search",
"HKEY_LOCAL_MACHINE\\BCD00000000\\Objects\\{9431d580-7101-11e8-ab61-bbe2f5b369b3}\\Elements\\12000002\\Element",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\CNG\\type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{79eac9e7-baf9-11ce-8c82-00aa004ba90b}\\InprocServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\bthserv\\ServiceDll",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\mshidkmdf\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{B0CBAB43-44FC-469B-A4CE-87426761FDCE}\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\srvnet\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\PROTOCOLS\\Handler\\file\\clsid",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\BTHPORT\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Appinfo\\Imagepath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\AppMgmt\\Parameters\\ServiceDLL",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{3050F3BC-98B5-11CF-BB82-00AA00BDCE0B}\\InProcServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\AudioEndpointBuilder\\Parameters\\ServiceDLL",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{40DD6E20-7C17-11CE-A804-00AA003CA9F6}\\InProcServer32\\LoadWithoutCOM",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\hidserv\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\FltMgr\\Start",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444B-8957-A3773F02200E}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\cdrom\\Start",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Tcpip\\Parameters\\Hostname",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\hkmsvc\\Parameters\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Active Setup\\Installed Components\\{4f645220-306d-11d2-995d-00c04f98bbc9}\\StubPath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\tssecsrv\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\adpu320\\Imagepath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\HpSAMD\\Imagepath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\NdisTapi\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\CSC\\type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{CD962721-73F1-4649-85D7-6884C1EF28D9}\\Path",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\WinTrust\\Trust Providers\\Software Publishing\\State",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Active Setup\\Installed Components\\{6BF52A52-394A-11d3-B153-00C04F79FAA6}\\ShellComponent",
"HKEY_LOCAL_MACHINE\\BCD00000000\\Objects\\{9431d581-7101-11e8-ab61-bbe2f5b369b3}\\Elements\\12000002\\Element",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{79eac9e5-baf9-11ce-8c82-00aa004ba90b}\\InprocServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows NT\\CurrentVersion\\Windows\\AppInit_DLLs",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries\\000000000001\\LibraryPath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\AppMgmt\\type",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Fax\\ServiceDll",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\HdAudAddService\\Imagepath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Active Setup\\Installed Components\\{E92B03AB-B707-11d2-9CBD-0000F87A369E}\\StubPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\usbuhci\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\BFE\\Start",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\TsUsbGD\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\sffp_sd\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\LSI_SAS\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Fs_Rec\\type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\TypeLib\\{565783C6-CB41-11D1-8B02-00600806D9B6}\\1.2\\0\\win32\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\Roamable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\DllNXOptions\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Command Processor\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\iirsp\\Imagepath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\KtmRm\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Scripting.Dictionary\\CLSID\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\EFS\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\iaStorV\\Start",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinRM\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\intelppm\\Start",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CompressedFolder\\BrowseInPlace",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Icon",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\AmdPPM\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Browser\\Parameters\\ServiceDLL",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\AudioEndpointBuilder\\type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{E3163C33-301D-4730-A266-5518C5ED3967}\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{7AFCC0CA-7121-422A-AB45-B0E8D599FF08}\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\AxInstSV\\Parameters\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Mcx2Svc\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\AudioEndpointBuilder\\Start",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\HDAudBus\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\adpu320\\type",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\AppMgmt\\Imagepath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\SearchScopes\\DefaultScope",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\URL\\Prefixes\\www",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Command Processor\\DelayedExpansion",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Active Setup\\Installed Components\\{4f645220-306d-11d2-995d-00c04f98bbc9}\\StubPath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\arc\\Imagepath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{28011108-68DF-4C73-B91B-57427D501BBA}\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_PROTOCOL_LOCKDOWN\\*",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\ACPI\\type",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\.NET CLR Networking\\Imagepath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\ebdrv\\type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{A35BB7A6-5F0C-4C9F-8450-2B3BED532D51}\\(Default)",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Filter",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{3050f3DA-98B5-11CF-BB82-00AA00BDCE0B}\\InProcServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\volmgr\\(Default)",
"HKEY_LOCAL_MACHINE\\BCD00000000\\Description\\System",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\LocalizedName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Description",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\AcpiPmi\\type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\PROTOCOLS\\Handler\\dvd\\clsid",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\IE8RunOnceLastShown",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Beep\\Start",
"HKEY_LOCAL_MACHINE\\BCD00000000\\Objects\\{6efb52bf-1766-41db-a6b3-0ee5eff72bd7}\\Description\\Type",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{3f5cc1b6-70f9-11e8-b07b-806e6f6e6963}\\Data",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\RDPNP\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\agp440\\Start",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\AppMgmt\\Start",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\HomeGroupListener\\Parameters\\ServiceDLL",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\HTTP\\type",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\ALG\\(Default)",
"HKEY_CURRENT_USER\\Local Settings\\MuiCache\\2\\52C64B7E\\@%SystemRoot%\\system32\\qagentrt.dll,-10",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Power\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\ehRecvr\\(Default)",
"HKEY_LOCAL_MACHINE\\BCD00000000\\Objects\\{9431d582-7101-11e8-ab61-bbe2f5b369b3}\\Description\\FirmwareVariable",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\RpcSs\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\75E0ABB6138512271C04F85FDDDE38E4B7242EFE\\Blob",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\msiserver\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\PROTOCOLS\\Handler\\its\\clsid",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Tracing\\RASMANCS\\EnableConsoleTracing",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\Show_ToolBar",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{42060D27-CA53-41F5-96E4-B1E8169308A6}\\InprocServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Active Setup\\Installed Components\\{6BF52A52-394A-11d3-B153-00C04F79FAA6}\\StubPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Active Setup\\Installed Components\\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}\\ShellComponent",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\FontCache\\type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{CF2CF428-325B-48D3-8CA8-7633E36E5A32}\\InprocServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WANARP\\(Default)",
"HKEY_CURRENT_USER\\Keyboard Layout\\Toggle\\Layout Hotkey",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Active Setup\\Installed Components\\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\\StubPath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\FDResPub\\Parameters\\ServiceDLL",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444B-8957-A3773F02200E}\\Security",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\PROTOCOLS\\Filter\\application\/x-complus\\clsid",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries64\\000000000003\\LibraryPath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\wbengine\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{79eac9e5-baf9-11ce-8c82-00aa004ba90b}\\InprocServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\BFE\\Parameters\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{486D715E-6AA2-44CF-BC48-B6990CBB53C6}\\Path",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\swprv\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\BFE\\Imagepath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\Search Page",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ProxyEnable",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\ProfSvc\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\bthserv\\Parameters\\ServiceDLL",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Filetrace\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\CscService\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{2470470F-2634-478E-B181-571E98A789BB}\\Path",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.exe\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries\\000000000006\\ProviderId",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Command Processor\\AutoRun",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Active Setup\\Installed Components\\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}\\StubPath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\CmBatt\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\VMBusHID\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\CNG\\Imagepath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{1BB08CFD-C6AD-44C7-BD0B-8F23035A5731}\\Path",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\DXGKrnl\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\HTTP\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\CompositeBus\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\HDAudBus\\Imagepath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries64\\000000000005\\LibraryPath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\circlass\\(Default)",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Command Processor\\CompletionChar",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\AudioSrv\\Parameters\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\BDESVC\\Start",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\FsDepends\\Start",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Active Setup\\Installed Components\\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\\StubPath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\BattC\\Start",
"HKEY_LOCAL_MACHINE\\BCD00000000\\Objects\\{9dea862c-5cdd-4e70-acc1-f32b344d4795}\\Description\\FirmwareVariable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\TurnOffSPIAnimations",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GPExtensions\\{5794DAFD-BE60-433f-88A2-1A31939AC01F}\\DllName",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Browser\\Start",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\arc\\type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Active Setup\\Installed Components\\>{26923b43-4d38-484f-9b9e-de460746276c}\\ShellComponent",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{994C86AD-A929-4B2C-88A0-4E25A107A029}\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{B81A55E6-C03C-4EF0-B86F-A80A89DF468D}\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{1E66F26B-79EE-11D2-8710-00C04F79ED0D}\\InprocServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries64\\000000000005\\ProviderId",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\CmBatt\\type",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\EapHost\\Imagepath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Unknown\\EditFlags",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WINMGMTS\\CLSID\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\Security",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\clr_optimization_v2.0.50727_64\\Start",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Tracing\\RASAPI32\\EnableFileTracing",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\ebdrv\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\LanmanWorkstation\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\en-US",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries64\\000000000010\\PackedCatalogItem",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\SENS\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries64\\000000000004\\PackedCatalogItem",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\p2psvc\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\AxInstSV\\type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WBEM\\CIMOM\\EnableObjectValidation",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\amdide\\Imagepath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\fdPHost\\Parameters\\(Default)",
"HKEY_LOCAL_MACHINE\\BCD00000000\\Objects\\{7ff607e0-4395-11db-b0de-0800200c9a66}\\Description\\Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\DocObject",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\LocalRedirectOnly",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{EE09B103-97E0-11CF-978F-00A02463E06F}\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{3050F406-98B5-11CF-BB82-00AA00BDCE0B}\\InProcServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Unknown\\NoStaticDefaultVerb",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{EE09B103-97E0-11CF-978F-00A02463E06F}\\ProgID\\(Default)",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows\\Load",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{9979CB83-103A-4105-9E5D-C74B0AF6D198}\\Path",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\pci\\(Default)",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\XMLHTTP",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\CNG\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\dot3svc\\Parameters\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{4DE0CAB9-ECFE-4AA9-B95A-FE815A2EAA4E}\\(Default)",
"HKEY_CURRENT_USER\\Keyboard Layout\\Toggle\\Language Hotkey",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\flpydisk\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{503739d0-4c5e-4cfd-b3ba-d881334f0df2}\\InProcServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\tdx\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\adsi\\Imagepath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{3dd53d40-7b8b-11D0-b013-00aa0059ce02}\\InprocServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\discache\\type",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\exfat\\Start",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\8F43288AD272F3103B6FB1428485EA3014C0BCFE\\Blob",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\EFS\\ServiceDll",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\hcw85cir\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WmiApRpl\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\HidIr\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Active Setup\\Installed Components\\{7790769C-0471-11d2-AF11-00C04FA35D02}\\StubPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{1E66F26B-79EE-11D2-8710-00C04F79ED0D}\\InprocServer32\\2.0.50727\\CodeBase",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\partmgr\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Mozilla\\Mozilla Firefox 60.0.2\\extensions\\Plugins",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\Providers\\Trust\\Message\\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\\$Function",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GPExtensions\\{4bcd6cde-777b-48b6-9804-43568e23545d}\\DllName",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\kbdclass\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{874CFED9-D01D-4D16-9775-B8A7A05004BF}\\Path",
"HKEY_LOCAL_MACHINE\\BCD00000000\\Objects\\{9431d581-7101-11e8-ab61-bbe2f5b369b3}\\Elements\\12000005\\Element",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{EE09B103-97E0-11CF-978F-00A02463E06F}\\InprocServer32\\InprocServer32",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Language Groups\\1",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Windows Workflow Foundation 3.0.0.0\\(Default)",
"HKEY_LOCAL_MACHINE\\BCD00000000\\Objects\\{9dea862c-5cdd-4e70-acc1-f32b344d4795}\\Elements\\11000001\\Element",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\BITS\\Imagepath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\intelppm\\type",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Dnscache\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\gpsvc\\ServiceDll",
"HKEY_LOCAL_MACHINE\\BCD00000000\\Objects\\{b2721d73-1db4-4c62-bf78-c548a880142d}\\Elements\\12000002\\Element",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\aliide\\Start",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{e74e57b0-6c6d-44d5-9cda-fb2df5ed7435}\\InprocServer32\\(Default)",
"HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\SpecialFoldersCacheSize",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\COMSysApp\\type",
"HKEY_LOCAL_MACHINE\\BCD00000000\\Objects\\{7ff607e0-4395-11db-b0de-0800200c9a66}\\Description\\FirmwareVariable",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\wudfsvc\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\idsvc\\Start",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Ndisuio\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{044A6734-E90E-4F8F-B357-B2DC8AB3B5EC}\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\MSSCNTRS\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444B-8957-A3773F02200E}\\LocalizedName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GPExtensions\\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}\\DllName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\\InprocServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\mpsdrv\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\W3SVC\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\MaxAIAUrlRetrievalByteCount",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\drmkaud\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\txtfile\\NeverShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{B43033E6-1453-4AD6-AFBA-C03CFC178286}\\Path",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\MsRPC\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\eventlog\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{9979CB83-103A-4105-9E5D-C74B0AF6D198}\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\discache\\Start",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\mssmbios\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444B-8957-A3773F02200E}\\PreCreate",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\ehSched\\(Default)",
"HKEY_CURRENT_USER\\Control Panel\\Desktop\\MuiCached\\MachinePreferredUILanguages",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\ErrDev\\Start",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\flpydisk\\Imagepath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Smb\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{05300401-BCBC-11d0-85E3-00C04FD85AB4}\\InprocServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\HideInWebView",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\ACPI\\Start",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\SeparateProcess",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\DPS\\type",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\hkmsvc\\ServiceDll",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{E3163C33-301D-4730-A266-5518C5ED3967}\\Path",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\wscsvc\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\PROTOCOLS\\Handler\\ftp\\clsid",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.exe\\OpenWithProgids\\secfile",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Active Setup\\Installed Components\\{7C028AF8-F614-47B3-82DA-BA94E41B1089}\\StubPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\*\\EditFlags",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\vds\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\Windows Error Reporting\\WMR\\Disable",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\Show_URLinStatusBar",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Psched\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c463a0fc-794f-4fdf-9201-01938ceacafa}\\InProcServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows Defender\\Real-Time Protection\\DisableRealtimeMonitoring",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{CEE64558-E1A7-4D9D-80A7-2001912BE5B5}\\Path",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{47536D45-EEEC-4BDC-8183-A4DC1F8DA9E4}\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Active Setup\\Installed Components\\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}\\ShellComponent",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\CompositeBus\\Start",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\HomeGroupProvider\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\AppIDSvc\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\RpcLocator\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\HidBatt\\Start",
"HKEY_LOCAL_MACHINE\\BCD00000000\\Objects\\{9431d583-7101-11e8-ab61-bbe2f5b369b3}\\Description\\Type",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\HidBatt\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Active Setup\\Installed Components\\{89820200-ECBD-11cf-8B85-00AA005B4383}\\StubPath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\IpFilterDriver\\Imagepath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\ChainCacheResyncFiletime",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Brserid\\type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GPExtensions\\{E4F48E54-F38D-4884-BFB9-D4D2E5729C18}\\DllName",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Security\\DisableSecuritySettingsCheck",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\ESENT\\Imagepath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31}\\ShellFolder\\HideOnDesktopPerUser",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\eventlog\\ServiceDll",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\EapHost\\Start",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{CC35D2E9-B9E1-4ADC-9DA5-71487D9E9EB5}\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GPExtensions\\{426031c0-0b47-4852-b0ca-ac3d37bfcb39}\\DllName",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Tcpip\\Parameters\\Interfaces\\{EF381EA0-4D07-418D-A490-68AF67CE948B}\\NameServer",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\usbccgp\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{9435F817-FED2-454E-88CD-7F78FDA62C48}\\Path",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GPExtensions\\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}\\DllName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{613612BA-897D-44CE-8DC1-8FC283F9FD51}\\Path",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\Default_Search_URL",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\IE8TourShownTime",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\URLSearchHooks\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinDefend\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GPExtensions\\{c6dc5466-785a-11d2-84d0-00c04fb169f7}\\DllName",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\LSI_FC\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\LocalizedName",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\sppsvc\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\PNRPAutoReg\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\PROTOCOLS\\Handler\\cdl\\clsid",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Dnscache\\Parameters\\ServiceDLL",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\adsi\\Start",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\TCPIPTUNNEL\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\BrUsbMdm\\Start",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\i8042prt\\Imagepath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\NeverShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31}\\ShellFolder\\Attributes",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\EventSystem\\Imagepath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\IPBusEnum\\Start",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoSimpleStartMenu",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\blbdrive\\Start",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\DPS\\Start",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries\\000000000003\\LibraryPath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\clr_optimization_v2.0.50727_32\\ServiceDll",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\BTHMODEM\\Start",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\pcw\\start",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{190BA3F6-0205-4f46-B589-95C6822899D2}\\InprocServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Command Processor\\(Default)"
],
"file_created": [
"C:\\Users\\cuck\\AppData\\Local\\Temp\\hndlr0",
"C:\\FRST\\bin\\sqlite3_x64.dll",
"C:\\FRST\\users00",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\Temp1_1338591tmp000.zip\\install.rdf",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\aut5F4A.tmp",
"C:\\FRST\\Logs\\ct.ini",
"C:\\FRST\\Hives\\BCD",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\reg101",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\winsock",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\install1338591",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\FRST.txt"
],
"dll_loaded": [
"C:\\Windows\\system32\\ntshrui.dll",
"ncrypt.dll",
"C:\\Windows\\system32\\pnrpnsp.dll",
"imagehlp.dll",
"kernel32",
"api-ms-win-core-localization-l1-2-1",
"C:\\Windows\\system32\\wshext.dll",
"C:\\Windows\\System32\\mswsock.dll",
"apphelp.dll",
"Crypt32.dll",
"DNSAPI.dll",
"zipfldr.dll",
"kernel32.dll",
"UxTheme.dll",
"Wintrust.dll",
"C:\\Windows\\system32\\ole32.dll",
"dwmapi.dll",
"ntdll.dll",
"C:\\Windows\\system32\\napinsp.dll",
"api-ms-win-core-synch-l1-2-0",
"ntmarta.dll",
"bcrypt.dll",
"API-MS-WIN-Service-Management-L1-1-0.dll",
"C:\\Windows\\system32\\MSCTF.dll",
"PROPSYS.dll",
"C:\\Windows\\system32\\kernel32.dll",
"MSISIP.DLL",
"Advapi32.dll",
"API-MS-Win-Core-LocalRegistry-L1-1-0.dll",
"DHCPCSVC.DLL",
"RASMAN.DLL",
"advapi32.dll",
"comctl32",
"ole32.dll",
"USERENV.dll",
"CRYPTSP.dll",
"USER32.dll",
"IMM32.dll",
"API-MS-Win-Security-SDDL-L1-1-0.dll",
"API-MS-WIN-Service-winsvc-L1-1-0.dll",
"wintrust.dll",
"rtutils.dll",
"IPHLPAPI.DLL",
"wininet.dll",
"C:\\Windows\\system32\\CRYPT32.dll",
"RASAPI32.dll",
"OLEAUT32.dll",
"netutils.dll",
"SHELL32.dll",
"C:\\Windows\\system32\\winshfhc.dll",
"C:\\Windows\\System32\\winrnr.dll",
"comctl32.dll",
"C:\\Windows\\system32\\oleaut32.dll",
"C:\\Windows\\system32\\user32.dll",
"C:\\Windows\\system32\\shell32.dll",
"C:\\FRST\\bin\\sqlite3_x64.dll",
"C:\\Program Files\\Windows Defender\\MPCLIENT.DLL",
"SXS.DLL",
"api-ms-win-core-fibers-l1-1-1",
"WINTRUST.DLL",
"C:\\Windows\\system32\\bcryptprimitives.dll",
"ADVAPI32.dll",
"advapi32",
"SETUPAPI.dll",
"WS2_32.dll",
"userenv.dll"
],
"file_written": [
"C:\\Users\\cuck\\AppData\\Local\\Temp\\hndlr0",
"C:\\FRST\\bin\\sqlite3_x64.dll",
"C:\\FRST\\users00",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\Temp1_1338591tmp000.zip\\install.rdf",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\aut5F4A.tmp",
"\\\\?\\PIPE\\srvsvc",
"C:\\FRST\\Logs\\ct.ini",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\FRST.txt",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\reg101",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\winsock",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\install1338591"
],
"file_recreated": [
"\\??\\nul",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\aut5F4A.tmp",
"\\Device\\KsecDD"
],
"directory_created": [
"C:\\FRST\\bin",
"C:\\FRST\\z8Fn3Cz4",
"C:\\FRST",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Caches",
"C:\\Windows\\System32\\catroot",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\Temp1_1338591tmp000.zip\\",
"C:\\Windows\\System32\\catroot2",
"C:\\FRST\\Logs",
"C:\\FRST\\Hives",
"C:\\FRST\\Quarantine",
"C:\\FRST\\b4Ye2Sa8E",
"C:\\FRST\\m3Hu8Ft2L",
"C:\\FRST\\Hives\\cuck"
],
"file_failed": [
"C:\\Windows\\SysWOW64\\drivers\\fdc.sys",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\features\\",
"C:\\Windows\\SysWOW64\\drivers\\arcsas.sys",
"C:\\Windows\\SysWOW64\\drivers\\circlass.sys",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%systemroot%\\system32\\",
"C:\\Windows\\SysWOW64\\drivers\\cng.sys",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%ProgramFiles%\\Windows Mail\\",
"C:\\Windows\\SysWOW64\\drivers\\disk.sys",
"C:\\Windows\\SysWOW64\\defragsvc.dll",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\system32\\DRIVERS\\",
"C:\\Windows\\SysWOW64\\drivers\\BrFiltLo.sys",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\System32\\drivers\\",
"\\??\\D:",
"C:\\Windows\\SysWOW64\\qmgr.dll",
"C:\\Windows\\SysWOW64\\dnsrslvr.dll",
"C:\\Windows\\SysWOW64\\drivers\\errdev.sys",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%systemroot%\\System32\\",
"C:\\Windows\\SysWOW64\\drivers\\amdxata.sys",
"C:\\FRST\\m3Hu8Ft2L\\desktop.ini",
"C:\\Windows\\SysWOW64\\drivers\\BrUsbMdm.sys",
"C:\\Program Files (x86)\\mozilla firefox\\browser\\defaults\\",
"C:\\Windows\\SysWOW64\\drivers\\b57nd60a.sys",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Edge\\",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%Systemroot%\\System32\\",
"C:\\ProgramData\\Microsoft\\Network\\Connections\\Pbk\\",
"C:\\Windows\\SysWOW64\\drivers\\ipfltdrv.sys",
"C:\\Windows\\SysWOW64\\drivers\\amdide.sys",
"C:\\Windows\\SysWOW64\\drivers\\hidir.sys",
"C:\\SystemRoot\\System32\\drivers\\",
"C:\\Windows\\SysWOW64\\drivers\\blbdrive.sys",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%systemroot%\\Microsoft.NET\\Framework\\v2.0.50727\\",
"C:\\Windows\\SysWOW64\\drivers\\amdk8.sys",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%windir%\\System32\\",
"C:\\Windows\\SysWOW64\\drivers\\iaStorV.sys",
"C:\\Windows\\SysWOW64\\drivers\\agp440.sys",
"C:\\Windows\\SysWOW64\\wevtsvc.dll",
"C:\\Windows\\SysWOW64\\drivers\\bowser.sys",
"C:\\Windows\\SysWOW64\\eapsvc.dll",
"C:\\Windows\\SysWOW64\\drivers\\Fs_Rec.sys",
"C:\\Windows\\SysWOW64\\dps.dll",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\System32\\DRIVERS\\",
"C:\\Windows\\SysWOW64\\drivers\\intelide.sys",
"C:\\Windows\\SysWOW64\\drivers\\afd.sys",
"C:\\Windows\\SysWOW64\\bdesvc.dll",
"C:\\Program Files (x86)\\Google\\Chrome\\",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\system32\\drivers\\",
"C:\\Windows\\SysWOW64\\drivers\\ACPI.sys",
"C:\\Windows\\SysWOW64\\drivers\\CmBatt.sys",
"C:\\Windows\\SysWOW64\\browser.dll",
"C:\\Windows\\SysWOW64\\drivers\\fileinfo.sys",
"C:\\Windows\\SysWOW64\\drivers\\filetrace.sys",
"C:\\Windows\\SysWOW64\\drivers\\BrSerWdm.sys",
"C:\\Windows\\SysWOW64\\fdrespub.dll",
"C:\\Windows\\SysWOW64\\GroupPolicy\\User\\Scripts\\",
"C:\\Windows\\SysWOW64\\drivers\\cdrom.sys",
"C:\\Windows\\SysWOW64\\drivers\\E1G6032E.sys",
"C:\\Users\\cuck\\AppData\\Local\\Google\\Chrome\\",
"C:\\Windows\\SysWOW64\\drivers\\drmkaud.sys",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%SystemRoot%\\system32\\unregmp2.exe \\FirstLogon \\Shortcuts \\RegBrowsers \\",
"C:\\Windows\\System32\\GroupPolicy\\User\\",
"C:\\Program Files\\mozilla firefox\\browser\\",
"C:\\Windows\\SysWOW64\\Rundll32.exe C:\\Windows\\SysWOW64\\",
"C:\\Windows\\SysWOW64\\drivers\\HidBatt.sys",
"C:\\FRST\\",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%windir%\\system32\\",
"C:\\Users\\cuck\\AppData\\Roaming\\Opera Software\\Opera Stable\\preferences",
"C:\\Users\\cuck\\AppData\\Roaming\\Opera Software\\Opera Stable\\",
"C:\\Windows\\SysWOW64\\drivers\\atapi.sys",
"C:\\System Volume Information\\desktop.ini",
"C:\\Windows\\System32\\GroupPolicy\\Machine\\Scripts\\",
"C:\\Windows\\SysWOW64\\drivers\\cdfs.sys",
"C:\\Windows\\SysWOW64\\drivers\\hidbth.sys",
"C:\\Windows\\SysWOW64\\rundll32.exe C:\\Windows\\SysWOW64\\",
"C:\\Windows\\SysWOW64\\Audiosrv.dll",
"C:\\Windows\\SysWOW64\\FntCache.dll",
"C:\\Windows\\SysWOW64\\ikeext.dll",
"C:\\Windows\\SysWOW64\\drivers\\crcdisk.sys",
"C:\\Windows\\SysWOW64\\drivers\\amdppm.sys",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\Temp1_1338591tmp000.zip\\install.rdf",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%systemroot%\\ehome\\",
"C:\\Windows\\SysWOW64\\drivers\\FsDepends.sys",
"C:\\Windows\\SysWOW64\\drivers\\HTTP.sys",
"C:\\Windows\\SysWOW64\\drivers\\csc.sys",
"C:\\Windows\\SysWOW64\\drivers\\HDAudBus.sys",
"C:\\Windows\\SysWOW64\\drivers\\1394ohci.sys",
"C:\\Windows\\SysWOW64\\drivers\\exfat.sys",
"C:\\Windows\\SysWOW64\\AxInstSV.dll",
"C:\\Windows\\SysWOW64\\ipbusenum.dll",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\System32\\",
"C:\\Windows\\SysWOW64\\drivers\\elxstor.sys",
"C:\\Program Files\\mozilla firefox\\defaults\\",
"C:\\Windows\\SysWOW64\\drivers\\i8042prt.sys",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%systemroot%\\Microsoft.NET\\Framework64\\v3.0\\Windows Communication Foundation\\",
"C:\\frst\\",
"C:\\Windows\\SysWOW64\\drivers\\adpahci.sys",
"C:\\Windows\\SysWOW64\\drivers\\fvevol.sys",
"C:\\Windows\\SysWOW64\\drivers\\amdsbs.sys",
"C:\\Windows\\SysWOW64\\kmsvc.dll",
"C:\\Windows\\SysWOW64\\bthserv.dll",
"C:\\cuckoo_1788.ini",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\winmgmts:{impersonationLevel=impersonate}!\\root\\cimv2",
"C:\\Windows\\SysWOW64\\ListSvc.dll",
"C:\\Program Files\\mozilla firefox\\browser\\defaults\\",
"C:\\Windows\\SysWOW64\\drivers\\bxvbda.sys",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%SystemRoot%\\system32\\",
"C:\\Windows\\SysWOW64\\certprop.dll",
"C:\\Windows\\System32\\rundll32.exe C:\\Windows\\System32\\",
"C:\\Windows\\SysWOW64\\drivers\\dmvsc.sys",
"C:\\Windows\\SysWOW64\\drivers\\HpSAMD.sys",
"C:\\Windows\\SysWOW64\\drivers\\Beep.sys",
"C:\\Windows\\SysWOW64\\drivers\\fastfat.sys",
"C:\\Windows\\SysWOW64\\drivers\\iirsp.sys",
"C:\\Windows\\SysWOW64\\fdPHost.dll",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%ProgramFiles(x86)%\\Windows Mail\\",
"C:\\Windows\\SysWOW64\\drivers\\adp94xx.sys",
"C:\\Program Files (x86)\\Mozilla Firefox\\distribution\\",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%SystemRoot%\\system32\\unregmp2.exe \\",
"C:\\Windows\\SysWOW64\\drivers\\evbda.sys",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%ProgramFiles%\\Windows Sidebar\\Sidebar.exe \\",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%SystemRoot%\\System32\\",
"C:\\Windows\\SysWOW64\\rpcss.dll",
"C:\\Windows\\SysWOW64\\drivers\\dxgkrnl.sys",
"C:\\Windows\\SysWOW64\\bfe.dll",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%systemroot%\\Microsoft.Net\\Framework64\\v3.0\\WPF\\",
"C:\\Windows\\SysWOW64\\drivers\\fltmgr.sys",
"C:\\Windows\\System32\\unregmp2.exe \\",
"C:\\Windows\\SysWOW64\\drivers\\asyncmac.sys",
"C:\\Windows\\SysWOW64\\dot3svc.dll",
"C:\\Windows\\SysWOW64\\drivers\\bthmodem.sys",
"C:\\Windows\\System32\\GroupPolicy\\Machine\\",
"C:\\Windows\\SysWOW64\\drivers\\appid.sys",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%systemroot%\\Microsoft.NET\\Framework64\\v2.0.50727\\",
"C:\\Windows\\System32\\Rundll32.exe C:\\Windows\\system32\\",
"C:\\Windows\\SysWOW64\\GroupPolicy\\Machine\\",
"C:\\Windows\\SysWOW64\\drivers\\gagp30kx.sys",
"C:\\SystemRoot\\system32\\drivers\\",
"C:\\Windows\\SysWOW64\\drivers\\BrUsbSer.sys",
"C:\\FRST\\z8Fn3Cz4\\desktop.ini",
"C:\\Users\\Public\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\",
"C:\\Windows\\SysWOW64\\drivers\\cmdide.sys",
"C:\\Program Files\\Windows Sidebar\\Sidebar.exe \\",
"C:\\Windows\\SysWOW64\\drivers\\hidusb.sys",
"C:\\Windows\\SysWOW64\\drivers\\Brserid.sys",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%windir%\\ehome\\",
"C:\\Windows\\SysWOW64\\drivers\\acpipmi.sys",
"C:\\Windows\\SysWOW64\\appinfo.dll",
"C:\\Windows\\SysWOW64\\drivers\\flpydisk.sys",
"C:\\Program Files\\Mozilla Firefox\\browser\\",
"C:\\Windows\\SysWOW64\\drivers\\discache.sys",
"C:\\Windows\\SysWOW64\\cscsvc.dll",
"C:\\FRST\\bin\\",
"C:\\Windows\\SysWOW64\\GroupPolicy\\Machine\\Scripts\\",
"C:\\Windows\\SysWOW64\\drivers\\aliide.sys",
"C:\\Windows\\SysWOW64\\drivers\\CompositeBus.sys",
"C:\\Users\\cuck\\AppData\\Local\\Google\\Chrome\\User Data\\Local State",
"C:\\Windows\\SysWOW64\\drivers\\HdAudio.sys",
"C:\\Windows\\SysWOW64\\drivers\\dfsc.sys",
"C:\\Windows\\SysWOW64\\CLFS.sys",
"C:\\Windows\\SysWOW64\\x32\\Data\\",
"C:\\Windows\\System32\\unregmp2.exe \\FirstLogon \\Shortcuts \\RegBrowsers \\",
"C:\\Windows\\SysWOW64\\drivers\\arc.sys",
"C:\\Windows\\SysWOW64\\drivers\\compbatt.sys",
"C:\\Windows\\SysWOW64\\drivers\\hcw85cir.sys",
"C:\\SystemRoot\\System32\\Drivers\\",
"C:\\Windows\\SysWOW64\\drivers\\intelppm.sys",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%ProgramFiles%\\Windows Media Player\\",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\winmgmts:{impersonationLevel=impersonate}!\\root\\cimv2:Win32_ShadowCopy",
"C:\\Windows\\SysWOW64\\drivers\\amdsata.sys",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\System32\\Drivers\\",
"C:\\Windows\\SysWOW64\\gpsvc.dll",
"C:\\Windows\\SysWOW64\\aelupsvc.dll",
"C:\\FRST\\b4Ye2Sa8E\\desktop.ini",
"C:\\Windows\\SysWOW64\\GroupPolicy\\User\\",
"C:\\Windows\\SysWOW64\\drivers\\hwpolicy.sys",
"C:\\Windows\\SysWOW64\\drivers\\adpu320.sys",
"C:\\Windows\\SysWOW64\\drivers\\BrFiltUp.sys",
"C:\\Windows\\SysWOW64\\appidsvc.dll",
"C:\\Windows\\System32\\GroupPolicy\\User\\Scripts\\",
"C:\\Program Files\\Mozilla Firefox\\distribution\\",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%SystemRoot%\\ehome\\"
],
"resolves_host": [
"wpad",
"cuckpc"
],
"file_deleted": [
"C:\\FRST\\z8Fn3Cz4\\SYSTEM{016888cd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\hndlr0",
"C:\\FRST\\z8Fn3Cz4\\SYSTEM{016888cd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms",
"C:\\FRST\\z8Fn3Cz4\\SYSTEM{016888cd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\aut5F4A.tmp",
"C:\\FRST\\m3Hu8Ft2L\\SAM.LOG1",
"C:\\FRST\\m3Hu8Ft2L\\SAM.LOG2",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\winsock",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\reg101",
"C:\\FRST\\m3Hu8Ft2L\\SECURITY",
"C:\\FRST\\Hives\\BCD.LOG2",
"C:\\FRST\\m3Hu8Ft2L\\SYSTEM.LOG2",
"C:\\FRST\\m3Hu8Ft2L\\SYSTEM.LOG1",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\1338591tmp000.zip",
"C:\\FRST\\m3Hu8Ft2L\\SYSTEM",
"C:\\FRST\\z8Fn3Cz4\\SYSTEM.LOG2",
"C:\\FRST\\z8Fn3Cz4\\SYSTEM.LOG1",
"C:\\FRST\\Hives\\BCD.LOG",
"C:\\FRST\\Hives\\BCD.LOG1",
"C:\\FRST\\m3Hu8Ft2L\\SECURITY.LOG",
"C:\\FRST\\m3Hu8Ft2L\\SOFTWARE.LOG2",
"C:\\FRST\\z8Fn3Cz4\\SYSTEM",
"C:\\FRST\\m3Hu8Ft2L\\NTUSER.DAT",
"C:\\FRST\\m3Hu8Ft2L\\UsrClass.dat.LOG1",
"C:\\FRST\\m3Hu8Ft2L\\UsrClass.dat.LOG2",
"C:\\FRST\\m3Hu8Ft2L\\UsrClass.dat",
"C:\\FRST\\m3Hu8Ft2L\\SYSTEM.LOG",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\Temp1_1338591tmp000.zip\\install.rdf",
"C:\\FRST\\m3Hu8Ft2L\\SOFTWARE.LOG",
"C:\\FRST\\m3Hu8Ft2L\\DEFAULT",
"C:\\FRST\\m3Hu8Ft2L\\ntuser.dat.LOG1",
"C:\\FRST\\m3Hu8Ft2L\\ntuser.dat.LOG2",
"C:\\FRST\\m3Hu8Ft2L\\SAM",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\install1338591",
"C:\\FRST\\m3Hu8Ft2L\\SECURITY.LOG2",
"C:\\FRST\\m3Hu8Ft2L\\SECURITY.LOG1",
"C:\\FRST\\m3Hu8Ft2L\\DEFAULT.LOG2",
"C:\\FRST\\m3Hu8Ft2L\\DEFAULT.LOG1",
"C:\\FRST\\m3Hu8Ft2L\\SOFTWARE.LOG1",
"C:\\FRST\\m3Hu8Ft2L\\DEFAULT.LOG",
"C:\\FRST\\m3Hu8Ft2L\\SAM.LOG",
"C:\\FRST\\m3Hu8Ft2L\\SOFTWARE",
"C:\\FRST\\z8Fn3Cz4\\SYSTEM.LOG"
],
"directory_removed": [
"C:\\Users\\cuck\\AppData\\Local\\Temp\\Temp1_1338591tmp000.zip\\",
"C:\\FRST\\b4Ye2Sa8E",
"C:\\FRST\\z8Fn3Cz4",
"C:\\FRST\\m3Hu8Ft2L",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\Temp1_1338591tmp000.zip"
],
"file_exists": [
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\user.js",
"C:\\Windows\\SysWOW64\\GroupPolicyUsers\\scripts.ini",
"C:\\Windows\\System32\\hidserv.dll",
"C:\\Windows\\SysWOW64\\drivers\\circlass.sys",
"C:\\Windows\\SysWOW64\\es.dll",
"C:\\Windows\\SysWOW64\\drivers\\cng.sys",
"C:\\Windows\\System32\\wdc.dll",
"C:\\Windows\\System32\\drivers\\amdk8.sys",
"C:\\Program Files\\Windows Media Player\\wmpnetwk.exe",
"C:\\Windows\\SysWOW64\\drivers\\BrUsbSer.sys",
"C:\\Windows\\System32\\catroot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\Microsoft-Windows-MediaPlayer-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat",
"C:\\Windows\\SysWOW64\\drivers\\HidBatt.sys",
"C:\\Windows\\SysWOW64\\drivers\\arcsas.sys",
"C:\\Python27\\python.exe",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\default",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%systemroot%\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorsvw.exe",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Media Center\\RegisterSearch",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Shell\\WindowsParentalControls",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\SoftwareProtectionPlatform\\SvcRestartTask",
"C:\\Windows\\System32\\drivers\\crypt32.sys",
"C:\\Python27\\Scripts\\mscoree.dll",
"C:\\Python27\\Scripts\\SmartcardCredentialProvider.dll",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%SystemRoot%\\System32\\kernelceip.dll",
"C:\\Windows\\ehome\\ehrec.exe",
"C:\\Windows\\SysWOW64\\iedkcs32.dll",
"C:\\Windows\\SysWOW64\\GroupPolicy\\User\\Registry.pol",
"C:\\Windows\\SysWOW64\\fxssvc.exe",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\gmp\\WINNT_x86-msvc",
"C:\\Windows\\System32\\BioCredProv.dll",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\DiskDiagnostic\\Microsoft-Windows-DiskDiagnosticResolver",
"C:\\Windows\\System32\\drivers\\blbdrive.sys",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%ProgramFiles%\\Windows Sidebar\\Sidebar.exe \\autoRun",
"C:\\Windows\\SysWOW64\\drivers\\blbdrive.sys",
"C:\\Windows\\System32\\clfs.sys",
"C:\\Windows\\SysWOW64\\drivers\\amdk8.sys",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\default\\about+newtab\\idb\\3312185054sbndi_pspte.files",
"C:\\Windows\\System32\\es.dll",
"D:\\Windows\\System32\\config\\SECURITY",
"C:\\FRST\\m3Hu8Ft2L\\ntuser.dat.LOG1",
"C:\\FRST\\m3Hu8Ft2L\\ntuser.dat.LOG2",
"C:\\Windows\\SysWOW64\\wevtsvc.dll",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\sessionstore-backups",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%SystemRoot%\\System32\\HotStartUserAgent.dll",
"C:\\Windows\\SysWOW64\\drivers\\BrSerWdm.sys",
"C:\\Windows\\System32\\catroot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\Microsoft-Windows-Tuner-Drivers-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat",
"C:\\Windows\\System32\\drivers\\ipfltdrv.sys",
"C:\\Windows\\System32\\polstore.dll",
"C:\\Python27\\Scripts\\dot3gpclnt.dll",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%systemroot%\\Microsoft.NET\\Framework64\\v3.0\\Windows Communication Foundation\\infocard.exe",
"C:\\Python27\\BthUdTask.exe",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome",
"C:\\Windows\\System32\\drivers\\asyncmac.sys",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\System32\\drivers\\FsDepends.sys",
"C:\\Windows\\System32\\ieframe.dll",
"C:\\Windows\\SysWOW64\\drivers\\ACPI.sys",
"C:\\Windows\\System32\\drivers\\flpydisk.sys",
"C:\\FRST\\m3Hu8Ft2L\\UsrClass.dat",
"C:\\Windows\\System32\\catroot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\Microsoft-Windows-ICM-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat",
"C:\\Windows\\SysWOW64\\drivers\\i8042prt.sys",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Active Directory Rights Management Services Client\\AD RMS Rights Policy Template Management (Manual)",
"C:\\Windows\\SysWOW64\\GroupPolicyUsers\\psscripts.ini",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\MobilePC\\HotStart",
"C:\\Windows\\SysWOW64\\drivers\\cdrom.sys",
"C:\\Windows\\System32\\FDResPub.dll",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\MUI\\LPRemove",
"C:\\Windows\\System32\\iphlpsvc.dll",
"C:\\Windows\\System32\\drivers\\circlass.sys",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Media Center\\ConfigureInternetTimeService",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%SystemRoot%\\System32\\PlaySndSrv.dll",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\AppID\\VerifiedPublisherCertStoreCheck",
"C:\\Windows\\SysWOW64\\drivers\\fileinfo.sys",
"C:\\Windows\\System32\\gpprefcl.dll",
"C:\\Windows\\System32\\drivers\\fdc.sys",
"C:\\Windows\\SysWOW64\\gpsvc.dll",
"C:\\Users\\cuck\\AppData\\Roaming\\Opera Software\\Opera Stable\\preferences",
"C:\\frst\\filesRem",
"C:\\Windows\\SysWOW64\\dhcpcore.dll",
"C:\\Windows\\SysWOW64\\drivers\\BrFiltUp.sys",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%SystemRoot%\\System32\\srchadmin.dll",
"C:\\FRST\\tmphives",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\SystemRestore\\SR",
"C:\\Windows\\System32\\drivers\\bthmodem.sys",
"C:\\Windows\\System32\\drivers\\compbatt.sys",
"C:\\Users\\cuck\\NTUSER.DAT",
"C:\\Program Files\\Windows Sidebar\\Sidebar.exe \\autoRun",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%SystemRoot%\\System32\\iphlpsvc.dll",
"C:\\Python27\\Scripts\\win32spl.dll",
"C:\\Windows\\SysWOW64\\drivers\\cdfs.sys",
"C:\\Windows\\System32\\wpcmig.dll",
"C:\\Windows\\SysWOW64\\GroupPolicy\\User\\Scripts\\psscripts.ini",
"C:\\Windows\\System32\\itss.dll",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%SystemRoot%\\system32\\ipbusenum.dll",
"C:\\Windows\\SysWOW64\\userinit.exe",
"C:\\Windows\\System32\\catroot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\Microsoft-Windows-MobilePC-Client-Sensors-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\default\\moz-safe-about+home\\idb\\3312185054sbndi_pspte.files",
"C:\\Windows\\SysWOW64\\drivers\\crcdisk.sys",
"C:\\Windows\\SysWOW64\\drivers\\amdppm.sys",
"D:\\Windows\\System32\\config\\SECURITY.LOG*",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\2918063365piupsah.files",
"C:\\Windows\\System32\\iedkcs32.dll",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\System32\\DRIVERS\\fvevol.sys",
"C:\\Windows\\SysWOW64\\Audiosrv.dll",
"C:\\Windows\\System32\\urlmon.dll",
"C:\\Windows\\SysWOW64\\drivers\\FsDepends.sys",
"C:\\Windows\\SysWOW64\\drivers\\errdev.sys",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows Defender\\MpIdleTask",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Media Center\\PBDADiscoveryW2",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\1338591tmp000.zip",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\User Profile Service\\HiveUploadTask",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Location\\Notifications",
"C:\\Windows\\System32\\inetpp.dll",
"C:\\Windows\\System32\\rasmbmgr.dll",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\system32\\drivers\\amdxata.sys",
"C:\\Windows\\SysWOW64\\mswsock.dll",
"C:\\Windows\\SysWOW64\\drivers\\amdxata.sys",
"C:\\Windows\\System32\\drivers\\BrUsbSer.sys",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\default\\moz-safe-about+home\\idb",
"C:\\Windows\\System32\\rasplap.dll",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default",
"C:\\Windows\\System32\\drivers\\BrFiltUp.sys",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\NetTrace\\GatherNetworkInfo",
"C:\\Windows\\SysWOW64\\winrnr.dll",
"C:\\Windows\\System32\\Rundll32.exe C:\\Windows\\system32\\mscories.dll,Install",
"C:\\Program Files (x86)\\mozilla firefox\\browser\\plugins",
"C:\\Windows\\System32\\dhcpcore.dll",
"C:\\Windows\\ehome\\ehrecvr.exe",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Application Experience\\AitAgent",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb",
"C:\\Windows\\System32\\drivers\\HpSAMD.sys",
"C:\\Windows\\System32\\drivers\\E1G6032E.sys",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\permissions.sqlite",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%SystemRoot%\\System32\\itss.dll",
"C:\\Python27\\Scripts\\BthUdTask.exe",
"C:\\Windows\\System32\\p2pcollab.dll",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\system32\\DRIVERS\\bowser.sys",
"C:\\Windows\\System32\\TsUsbRedirectionGroupPolicyExtension.dll",
"C:\\Windows\\System32\\dwm.exe",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%SystemRoot%\\system32\\FntCache.dll",
"C:\\Windows\\System32\\drivers\\discache.sys",
"C:\\Windows\\System32\\rpcss.dll",
"C:\\Windows\\System32\\catroot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\Microsoft-Windows-Gadget-Platform-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat",
"C:\\Program Files (x86)\\mozilla firefox\\defaults\\pref\\channel-prefs.js",
"D:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\UsrClass.dat",
"C:\\Windows\\SysWOW64\\ie4uinit.exe",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\Temp1_1338591tmp000.zip\\",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\onboarding@mozilla.org.xpi",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows Defender\\MP Scheduled Scan",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Media Center\\MediaCenterRecoveryTask",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\winsock",
"C:\\Windows\\System32\\drivers\\hwpolicy.sys",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Multimedia\\SystemSoundsService",
"C:\\FRST\\z8Fn3Cz4",
"C:\\Windows\\System32\\bthserv.dll",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%SystemRoot%\\System32\\dnsrslvr.dll",
"C:\\Windows\\SysWOW64\\rpcss.dll",
"C:\\Windows\\SysWOW64\\drivers\\dxgkrnl.sys",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%windir%\\System32\\LocationNotifications.exe",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Ras\\MobilityManager",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\Temp1_1338591tmp000.zip\\install.rdf",
"C:\\FRST\\Hives\\SOFTWARE",
"C:\\Windows\\System32\\mctadmin.exe",
"C:\\Python27\\Scripts\\scecli.dll",
"C:\\Windows\\SysWOW64\\drivers\\fltmgr.sys",
"C:\\Windows\\SysWOW64\\dllhost.exe",
"C:\\Windows\\System32\\drivers\\CompositeBus.sys",
"C:\\FRST\\Hives\\cuck\\UsrClass.dat",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\System32\\Drivers\\dfsc.sys",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\hndlr0",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\system32\\DRIVERS\\hidusb.sys",
"C:\\Windows\\SysWOW64\\drivers\\fastfat.sys",
"C:\\Windows\\System32\\unregmp2.exe \\ShowWMP",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%SystemRoot%\\system32\\rpcss.dll",
"C:\\Windows\\System32\\BFE.DLL",
"C:\\FRST\\Quarantine",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%SystemRoot%\\System32\\browser.dll",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%systemroot%\\system32\\msdrm.dll",
"C:\\Windows\\SysWOW64\\drivers\\Brserid.sys",
"C:\\Windows\\System32\\cmd.exe",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%SystemRoot%\\system32\\dllhost.exe",
"C:\\Windows\\SysWOW64\\drivers\\acpipmi.sys",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%SystemRoot%\\System32\\eapsvc.dll",
"C:\\FRST\\m3Hu8Ft2L\\SYSTEM",
"C:\\Windows\\System32\\lsm.exe",
"C:\\Windows\\SysWOW64\\drivers\\BrUsbMdm.sys",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%systemroot%\\system32\\certCredProvider.dll",
"C:\\Windows\\ehome\\mcupdate.exe",
"C:\\Windows\\SysWOW64\\inetcomm.dll",
"C:\\Windows\\SysWOW64\\drivers\\discache.sys",
"C:\\Windows\\System32\\catroot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\Microsoft-Windows-InternetExplorer-Package~31bf3856ad364e35~amd64~~8.0.7601.17514.cat",
"C:\\Windows\\System32\\catroot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\Microsoft-Windows-MediaCenter-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat",
"C:\\Windows\\System32\\drivers\\arc.sys",
"C:\\Windows\\SysWOW64\\drivers\\CompositeBus.sys",
"C:\\Windows\\System32\\drivers\\adpu320.sys",
"C:\\Windows\\System32\\AuxiliaryDisplayServices.dll",
"C:\\Windows\\SysWOW64\\drivers\\drmkaud.sys",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Task Manager\\Interactive",
"C:\\Windows\\System32\\MsCtfMonitor.dll",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\system32\\drivers\\HdAudio.sys",
"C:\\Windows\\System32\\drivers\\cdrom.sys",
"C:\\Windows\\SysWOW64\\NapiNSP.dll",
"D:\\Windows\\System32\\config\\SOFTWARE.LOG*",
"C:\\Windows\\SysWOW64\\drivers\\E1G6032E.sys",
"C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup",
"C:\\Users\\cuck\\AppData\\Roaming\\Identities",
"C:\\FRST\\m3Hu8Ft2L\\SOFTWARE.LOG",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\saved-telemetry-pings",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll",
"C:\\Windows\\SysWOW64\\drivers\\amdsata.sys",
"C:\\Program Files\\Windows Sidebar\\sidebar.exe",
"C:\\Windows\\SysWOW64\\mscories.dll",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\SideShow\\SystemDataProviders",
"C:\\Windows\\SysWOW64\\provsvc.dll",
"C:\\Windows\\System32\\cscobj.dll",
"C:\\Windows\\System32\\Defrag.exe",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Registry\\RegIdleBackup",
"C:\\Windows\\Tasks\\",
"C:\\Program Files\\Windows Mail\\WinMail.exe OCInstallUserConfigOE",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\extension-settings.json",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%SystemRoot%\\System32\\certprop.dll",
"C:\\Windows\\System32\\unregmp2.exe",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\system32\\drivers\\atapi.sys",
"C:\\Windows\\SysWOW64\\appidsvc.dll",
"C:\\Windows\\System32\\drivers\\adp94xx.sys",
"C:\\Windows\\System32\\catroot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\Microsoft-Windows-Shell-HomeGroup-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat",
"C:\\Windows\\System32\\drivers\\iirsp.sys",
"C:\\Windows\\System32\\userinit.exe",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\temporary",
"C:\\Windows\\System32\\drivers\\hdaudbus.sys",
"C:\\Python27\\inetpp.dll",
"C:\\Windows\\SysWOW64\\qmgr.dll",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%SystemRoot%\\system32\\rasplap.dll",
"C:\\Windows\\System32\\drivers\\http.sys",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\UPnP\\UPnPHostConfig",
"C:\\Windows\\System32\\unregmp2.exe \\FirstLogon \\Shortcuts \\RegBrowsers \\ResetMUI",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%windir%\\system32\\lpremove.exe",
"C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorsvw.exe",
"C:\\FRST\\m3Hu8Ft2L\\SAM.LOG1",
"C:\\FRST\\m3Hu8Ft2L\\SAM.LOG2",
"C:\\Windows\\System32\\drivers\\FsDepends.sys",
"C:\\Windows\\System32\\kernelceip.dll",
"C:\\Windows\\SysWOW64\\AxInstSV.dll",
"C:\\Windows\\SysWOW64\\cscsvc.dll",
"C:\\Windows\\SysWOW64\\drivers\\agp440.sys",
"C:\\Windows\\System32\\conhost.exe",
"C:\\Windows\\SysWOW64\\drivers\\.NET Data Provider for SqlServer.sys",
"C:\\FRST\\m3Hu8Ft2L\\SYSTEM.LOG2",
"C:\\FRST\\m3Hu8Ft2L\\SYSTEM.LOG1",
"C:\\Windows\\System32\\drivers\\hidir.sys",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\minidumps",
"C:\\Python27\\mscoree.dll",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\System32\\Drivers\\cng.sys",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Media Center\\RecordingRestart",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\system32\\DRIVERS\\CmBatt.sys",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%SystemRoot%\\System32\\ikeext.dll",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Maintenance\\WinSAT",
"C:\\Windows\\System32\\msdrm.dll",
"C:\\Windows\\System32\\NapiNSP.dll",
"C:\\Windows\\System32\\drivers\\hcw85cir.sys",
"C:\\Windows\\SysWOW64\\drivers\\amdide.sys",
"C:\\Windows\\SysWOW64\\drivers\\hidir.sys",
"C:\\Windows\\System32\\inetcomm.dll",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%SystemRoot%\\System32\\VaultCredProvider.dll",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%SystemRoot%\\System32\\memdiag.dll",
"C:\\Program Files\\Windows Defender\\MsMpLics.dll",
"C:\\Windows\\SysWOW64\\drivers\\iaStorV.sys",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%systemroot%\\System32\\sdclt.exe",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\plugins",
"C:\\Windows\\System32\\mscories.dll",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\system32\\DRIVERS\\E1G6032E.sys",
"C:\\Windows\\Microsoft.NET\\Framework64\\v3.0\\Windows Communication Foundation\\infocard.exe",
"C:\\Windows\\SysWOW64\\drivers\\Fs_Rec.sys",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\default\\moz-safe-about+home",
"C:\\Windows\\SysWOW64\\drivers\\csc.sys",
"C:\\Windows\\SysWOW64\\unregmp2.exe",
"C:\\Windows\\SysWOW64\\bdesvc.dll",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Media Center\\ActivateWindowsSearch",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%windir%\\system32\\wermgr.exe",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\system32\\drivers\\ACPI.sys",
"C:\\Windows\\System32\\smss.exe",
"C:\\Windows\\System32\\catroot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\Microsoft-Windows-Client-Drivers-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat",
"C:\\Windows\\SysWOW64\\drivers\\afd.sys",
"C:\\Windows\\SysWOW64\\browser.dll",
"C:\\Windows\\System32\\SmartcardCredentialProvider.dll",
"C:\\Windows\\System32\\propsys.dll",
"C:\\Windows\\System32\\drivers\\CmBatt.sys",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\WindowsBackup\\ConfigNotification",
"C:\\Python27\\Scripts\\inetpp.dll",
"C:\\Windows\\SysWOW64\\explorer.exe",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%systemroot%\\ehome\\ehRecvr.exe",
"C:\\Windows\\SysWOW64\\x32\\Data\\profile",
"C:\\Windows\\System32\\catroot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\Microsoft-Windows-GroupPolicy-ClientExtensions-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat",
"C:\\Windows\\SysWOW64\\drivers\\BrFiltLo.sys",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%SystemRoot%\\system32\\wdc.dll",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Offline Files\\Background Synchronization",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%windir%\\system32\\DFDWiz.exe",
"C:\\Windows\\System32\\catroot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\ntexe.cat",
"C:\\Windows\\System32\\GroupPolicyUsers\\psscripts.ini",
"C:\\Windows\\System32\\drivers\\arcsas.sys",
"C:\\FRST\\Hives\\SYSTEM",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%SystemRoot%\\System32\\Audiosrv.dll",
"C:\\Windows\\System32\\appidsvc.dll",
"C:\\FRST\\",
"C:\\Windows\\SysWOW64\\drivers\\exfat.sys",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Media Center\\ObjectStoreRecoveryTask",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%ProgramFiles%\\Windows Mail\\WinMail.exe OCInstallUserConfigOE",
"C:\\Windows\\System32\\drivers\\intelide.sys",
"C:\\Windows\\SysWOW64\\drivers\\ipfltdrv.sys",
"C:\\FRST\\z8Fn3Cz4\\SYSTEM",
"C:\\Windows\\SysWOW64\\Rundll32.exe C:\\Windows\\SysWOW64\\mscories.dll,Install",
"C:\\Windows\\System32\\drivers\\BrFiltLo.sys",
"C:\\Windows\\System32\\wlgpclnt.dll",
"C:\\Windows\\SysWOW64\\drivers\\atapi.sys",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%SystemRoot%\\System32\\appinfo.dll",
"C:\\Windows\\SysWOW64\\drivers\\disk.sys",
"D:\\Windows\\System32\\config\\SAM",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%SystemRoot%\\system32\\ListSvc.dll",
"C:\\Windows\\System32\\alg.exe",
"C:\\Windows\\System32\\catroot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\Microsoft-Windows-Disk-Diagnosis-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Media Center\\PvrScheduleTask",
"C:\\Windows\\SysWOW64\\drivers\\HdAudio.sys",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%SystemRoot%\\System32\\gpsvc.dll",
"C:\\Windows\\System32\\drivers\\disk.sys",
"C:\\Program Files (x86)",
"C:\\Windows\\System32\\lpremove.exe",
"C:\\Windows\\System32\\KMSVC.DLL",
"C:\\Windows\\System32\\lsass.exe",
"D:\\Windows\\System32\\config\\DEFAULT",
"C:\\Windows\\System32\\drivers\\fltMgr.sys",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%SystemRoot%\\system32\\dps.dll",
"C:\\Windows\\System32\\usbceip.dll",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\CertificateServicesClient\\UserTask-Roam",
"C:\\Windows\\System32\\browser.dll",
"C:\\FRST\\m3Hu8Ft2L\\DEFAULT.LOG2",
"C:\\FRST\\m3Hu8Ft2L\\DEFAULT.LOG1",
"C:\\Windows\\System32\\catroot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\Microsoft-Hyper-V-Guest-Integration-Drivers-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat",
"C:\\Windows\\System32\\drivers\\amdsbs.sys",
"C:\\FRST\\Logs\\ct.ini",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%SystemRoot%\\System32\\bdesvc.dll",
"C:\\Windows\\System32\\catroot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\Microsoft-Windows-WMPNetworkSharingService-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%windir%\\system32\\gatherNetworkInfo.vbs",
"C:\\Windows\\System32\\drivers\\filetrace.sys",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Media Center\\UpdateRecordPath",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Autochk\\Proxy",
"C:\\FRST\\Hives\\cuck\\NTUSER.DAT",
"C:\\Windows\\SysWOW64\\kmsvc.dll",
"C:\\Windows\\System32\\drivers\\DCLocator.sys",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\system32\\DRIVERS\\HDAudBus.sys",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%SystemRoot%\\System32\\polstore.dll",
"C:\\Windows\\SysWOW64\\ipbusenum.dll",
"C:\\Windows\\System32\\drivers\\appid.sys",
"C:\\Windows\\System32\\drivers\\.NET Data Provider for Oracle.sys",
"C:\\Windows\\System32\\drivers\\cng.sys",
"C:\\Windows\\System32\\ie4uinit.exe -UserIconConfig",
"C:\\Python27\\dot3gpclnt.dll",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%SystemRoot%\\system32\\unregmp2.exe \\FirstLogon \\Shortcuts \\RegBrowsers \\ResetMUI",
"C:\\Windows\\SysWOW64\\drivers\\BTHPORT.sys",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%windir%\\system32\\appidcertstorecheck.exe",
"C:\\Windows\\System32\\drivers\\afd.sys",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\DiskDiagnostic\\Microsoft-Windows-DiskDiagnosticDataCollector",
"C:\\Windows\\SysWOW64\\ie4uinit.exe -BaseSettings",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\Temp1_1338591tmp000.zip",
"C:\\Windows\\System32\\gpsvc.dll",
"C:\\Windows\\System32\\drivers\\elxstor.sys",
"C:\\Windows\\SysWOW64\\bthserv.dll",
"C:\\Windows\\System32\\catroot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\Microsoft-Windows-Backup-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat",
"C:\\Windows\\SysWOW64\\aelupsvc.dll",
"C:\\Windows\\SysWOW64\\drivers\\amdsbs.sys",
"C:\\Windows\\System32\\srchadmin.dll",
"C:\\Windows\\System32\\services.exe",
"C:\\Windows\\System32\\dot3svc.dll",
"C:\\FRST\\Logs",
"C:\\Windows\\System32\\catroot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\Microsoft-Windows-MobilePC-Client-SideShow-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\winmgmts:{impersonationLevel=impersonate}!\\root\\cimv2",
"C:\\Windows\\System32\\fdPHost.dll",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Media Center\\PvrRecoveryTask",
"C:\\Windows\\SysWOW64\\MSVidCtl.dll",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\3561288849sdhlie.files",
"C:\\Windows\\SysWOW64\\drivers\\hidusb.sys",
"C:\\Windows\\System32\\drivers\\BrSerWdm.sys",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%SystemRoot%\\System32\\mscms.dll",
"C:\\Windows\\System32\\catroot2\\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\\",
"C:\\Users\\cuck",
"C:\\Windows\\SysWOW64\\fdPHost.dll",
"C:\\Windows\\System32\\DFDWiz.exe",
"C:\\Windows\\System32\\drivers\\dxgkrnl.sys",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\prefs.js",
"C:\\Windows\\System32\\aitagent.exe",
"C:\\Windows\\System32\\catroot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\Microsoft-Windows-PeerToPeer-Full-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat",
"C:\\Windows\\SysWOW64\\drivers\\adp94xx.sys",
"C:\\Windows\\System32\\LocationNotifications.exe",
"C:\\Windows\\System32\\rundll32.exe C:\\Windows\\System32\\iedkcs32.dll,BrandIEActiveSetup SIGNUP",
"C:\\Windows\\System32\\FXSSVC.exe",
"C:\\Windows\\System32\\gpprnext.dll",
"C:\\Windows\\System32\\catroot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\extensions",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%SystemRoot%\\system32\\fdPHost.dll",
"C:\\FRST\\Hives\\DEFAULT",
"C:\\Windows\\System32\\drivers\\intelppm.sys",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\WDI\\ResolutionHost",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\1657114595AmcateirvtiSty.files",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Media Center\\ehDRMInit",
"C:\\cuckoo_2236.ini",
"C:\\Windows\\System32\\IKEEXT.DLL",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%Systemroot%\\System32\\defragsvc.dll",
"C:\\Windows\\System32\\GroupPolicy\\User\\Registry.pol",
"C:\\Windows\\System32\\wpcumi.dll",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%systemroot%\\system32\\rasmbmgr.dll",
"C:\\Windows\\System32\\catroot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\Microsoft-Windows-Common-Drivers-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat",
"C:\\Windows\\System32\\drivers\\inetaccs.sys",
"C:\\Windows\\System32\\drivers\\csc.sys",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%SystemRoot%\\System32\\cscobj.dll",
"C:\\Windows\\System32\\gatherNetworkInfo.vbs",
"C:\\Windows\\SysWOW64\\drivers\\dfsc.sys",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\profiles.ini",
"C:\\Program Files\\Windows Media Player\\wmpnscfg.exe",
"C:\\Windows\\SysWOW64\\rundll32.exe C:\\Windows\\SysWOW64\\iedkcs32.dll,BrandIEActiveSetup SIGNUP",
"C:\\Windows\\SysWOW64\\GroupPolicy\\Machine\\Scripts\\psscripts.ini",
"C:\\Windows\\System32\\ipbusenum.dll",
"C:\\Windows\\System32\\winlogon.exe",
"C:\\FRST\\Hives\\SECURITY",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup",
"C:\\Windows\\System32\\catroot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\Microsoft-Windows-Common-Modem-Drivers-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\gmp",
"C:\\FRST\\m3Hu8Ft2L\\NTUSER.DAT",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent",
"C:\\Windows\\System32\\drivers\\fvevol.sys",
"C:\\Windows\\SysWOW64\\CLFS.sys",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Media Center\\ReindexSearchRoot",
"C:\\Windows\\System32\\dps.dll",
"C:\\Program Files (x86)\\Google\\Chrome\\Application",
"C:\\Python27\\fdeploy.dll",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Customer Experience Improvement Program\\Consolidator",
"C:\\Windows\\SysWOW64\\drivers\\hcw85cir.sys",
"C:\\Windows\\SysWOW64\\drivers\\appid.sys",
"C:\\Windows\\System32\\drivers\\cmdide.sys",
"C:\\Windows\\System32\\catroot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\Microsoft-Windows-SecureStartup-Basic-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat",
"C:\\Windows\\System32\\drivers\\beep.sys",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%SystemRoot%\\system32\\inetcomm.dll",
"C:\\Windows\\SysWOW64\\drivers\\.NET Data Provider for Oracle.sys",
"C:\\Windows\\System32\\GroupPolicy\\User\\Scripts\\psscripts.ini",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\CertificateServicesClient\\SystemTask",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\SystemExtensionsDev",
"C:\\Windows\\System32\\win32spl.dll",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft",
"C:\\Windows\\System32\\GroupPolicy\\User\\Scripts\\scripts.ini",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%SystemRoot%\\system32\\WinSATAPI.dll",
"C:\\Python27\\wlgpclnt.dll",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%SystemRoot%\\system32\\hidserv.dll",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Windows Error Reporting\\QueueReporting",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\followonsearch@mozilla.com.xpi",
"C:\\FRST\\m3Hu8Ft2L\\SOFTWARE.LOG1",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles",
"C:\\Windows\\SysWOW64\\drivers\\hidbth.sys",
"C:\\FRST\\m3Hu8Ft2L\\SOFTWARE.LOG2",
"C:\\Windows\\SysWOW64\\drivers\\HDAudBus.sys",
"C:\\Windows\\SysWOW64\\defragsvc.dll",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\PerfTrack\\BackgroundConfigSurveyor",
"C:\\Windows\\System32\\drivers\\amdxata.sys",
"C:\\Windows\\System32\\regidle.dll",
"C:\\Windows\\SysWOW64\\GroupPolicy\\User\\Scripts\\scripts.ini",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\system32\\DRIVERS\\i8042prt.sys",
"C:\\Windows\\System32\\scecli.dll",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\system32\\DRIVERS\\ipfltdrv.sys",
"C:\\Python27\\win32spl.dll",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\default\\about+newtab\\idb",
"C:\\Windows\\SysWOW64\\drivers\\fvevol.sys",
"C:\\Python27\\gpprefcl.dll",
"C:\\Windows\\SysWOW64\\dnsrslvr.dll",
"C:\\Windows\\System32\\nlaapi.dll",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%SystemRoot%\\System32\\alg.exe",
"C:\\Windows\\System32\\wininit.exe",
"C:\\Windows\\System32\\mscoree.dll",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Media Center\\PeriodicScanRetry",
"C:\\FRST\\m3Hu8Ft2L\\SECURITY.LOG",
"C:\\Windows\\SysWOW64\\drivers\\b57nd60a.sys",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\searchplugins",
"C:\\Windows\\System32\\aelupsvc.dll",
"C:\\Windows\\System32\\shell32.dll",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%SystemRoot%\\System32\\aelupsvc.dll",
"C:\\Windows\\explorer.exe",
"C:\\Program Files\\Mozilla Firefox\\distribution\\extensions",
"C:\\Windows\\System32\\certprop.dll",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\MemoryDiagnostic\\CorruptionDetector",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Pending Pings",
"C:\\Windows\\System32\\drivers\\b57nd60a.sys",
"C:\\Program Files\\mozilla firefox",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%SystemRoot%\\System32\\regidle.dll",
"C:\\Windows\\System32\\bdesvc.dll",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Application Experience\\ProgramDataUpdater",
"C:\\Windows\\System32\\drivers\\.NET Data Provider for SqlServer.sys",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Power Efficiency Diagnostics\\AnalyzeSystem",
"C:\\Windows\\System32\\drivers\\atapi.sys",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Media Center\\SqlLiteRecoveryTask",
"C:\\Windows\\System32\\dnsrslvr.dll",
"C:\\Windows\\System32\\audiosrv.dll",
"C:\\Windows\\SysWOW64\\GroupPolicy\\Machine\\Registry.pol",
"C:\\Program Files\\Windows Mail\\WinMail.exe",
"C:\\Windows\\System32\\drivers\\fileinfo.sys",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\system32\\drivers\\fileinfo.sys",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%ProgramFiles%\\Windows Media Player\\wmpnscfg.exe",
"C:\\FRST\\m3Hu8Ft2L\\SOFTWARE",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\System32\\drivers\\discache.sys",
"C:\\Windows\\System32\\drivers\\dfsc.sys",
"D:\\Windows\\System32\\config\\system.LOG*",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%SystemRoot%\\System32\\AxInstSV.dll",
"C:\\Windows\\System32\\catroot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\Microsoft-Windows-ParentalControls-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat",
"C:\\Windows\\System32\\catroot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\Microsoft-Windows-MobilePC-Client-Basic-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat",
"C:\\Windows\\System32\\auditcse.dll",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%systemroot%\\system32\\dimsjob.dll",
"C:\\Windows\\System32\\cscsvc.dll",
"C:\\Windows\\SysWOW64\\drivers\\filetrace.sys",
"C:\\Windows\\SysWOW64\\fdrespub.dll",
"D:\\Users\\cuck\\NTUSER.DAT.LOG*",
"C:\\Windows\\System32\\drivers\\ESENT.sys",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\crashes",
"C:\\Windows\\System32\\appidcertstorecheck.exe",
"C:\\Windows\\SysWOW64\\drivers\\gagp30kx.sys",
"C:\\Windows\\System32\\provsvc.dll",
"C:\\Windows\\System32\\catroot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\Microsoft-Windows-SearchEngine-Client-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat",
"C:\\Windows\\System32\\GroupPolicy\\Machine\\Registry.pol",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\system32\\DRIVERS\\cdfs.sys",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\WindowsColorSystem\\Calibration Loader",
"C:\\Program Files (x86)\\Mozilla Firefox\\distribution\\policies.json",
"C:\\Windows\\System32\\gpscript.dll",
"C:\\Windows\\System32\\appmgmts.dll",
"C:\\Windows\\Microsoft.Net\\Framework64\\v3.0\\WPF\\PresentationFontCache.exe",
"C:\\Users\\cuck\\AppData\\Roaming",
"C:\\Windows\\SysWOW64\\propsys.dll",
"C:\\Windows\\SysWOW64\\eapsvc.dll",
"C:\\Windows\\System32\\wdi.dll",
"C:\\Python27\\scecli.dll",
"C:\\Windows\\System32\\drivers\\dmvsc.sys",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%systemroot%\\system32\\fxssvc.exe",
"C:\\Python27\\Scripts\\gpprefcl.dll",
"C:\\Program Files (x86)\\Windows Mail\\WinMail.exe",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Windows Filtering Platform\\BfeOnServiceStartTypeChange",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%windir%\\system32\\appidpolicyconverter.exe",
"C:\\Windows\\System32\\appidpolicyconverter.exe",
"C:\\Program Files",
"C:\\Windows\\System32\\RacEngn.dll",
"C:\\Windows\\SysWOW64\\itss.dll",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\default\\about+newtab",
"C:\\Windows\\SysWOW64\\drivers\\.NETFramework.sys",
"C:\\Windows\\System32\\drivers\\acpi.sys",
"C:\\Windows\\System32\\catroot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\ntph.cat",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%SystemRoot%\\System32\\sdiagschd.dll",
"C:\\Python27\\Scripts\\appmgmts.dll",
"C:\\Windows\\System32\\wbem\\WmiPrvSE.exe",
"C:\\Windows\\System32\\AxInstSv.dll",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\SideShow\\AutoWake",
"C:\\Windows\\SysWOW64\\hidserv.dll",
"C:\\Windows\\SysWOW64\\drivers\\.NET CLR Networking.sys",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Windows Media Sharing\\UpdateLibrary",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\system32\\drivers\\csc.sys",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\8bea8c84332f5eaf85be32a3d67134efc603314efc297afe87b72d47bc03b79c.bin",
"D:\\Users\\cuck\\NTUSER.DAT",
"C:\\Windows\\SysWOW64\\lsass.exe",
"C:\\Users\\cuck\\AppData\\Local\\Google\\Chrome\\User Data",
"C:\\Windows\\System32\\VaultCredProvider.dll",
"C:\\Windows\\SysWOW64\\drivers\\1394ohci.sys",
"C:\\Windows\\System32\\audiodg.exe",
"C:\\Windows\\System32\\SearchIndexer.exe",
"C:\\Windows\\System32\\dllhost.exe",
"C:\\Windows\\System32\\drivers\\bowser.sys",
"C:\\Windows\\System32\\drivers\\BrSerId.sys",
"C:\\FRST\\m3Hu8Ft2L\\SECURITY",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\RemoteAssistance\\RemoteAssistanceTask",
"C:\\Python27\\Scripts\\gptext.dll",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%systemroot%\\Microsoft.NET\\Framework\\v2.0.50727\\mscorsvw.exe",
"C:\\Users\\",
"C:\\Windows\\System32\\wsqmcons.exe",
"C:\\Windows\\SysWOW64\\ie4uinit.exe -UserIconConfig",
"C:\\Windows\\System32\\drivers\\cdfs.sys",
"C:\\Windows\\SysWOW64\\drivers\\crypt32.sys",
"C:\\cuckoo_1788.ini",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\permissions.sqlite-wal",
"C:\\Windows\\System32\\pnrpnsp.dll",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%SystemRoot%\\System32\\cscui.dll",
"C:\\Windows\\SysWOW64\\ListSvc.dll",
"C:\\Windows\\System32\\catroot\\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\\",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\system32\\DRIVERS\\asyncmac.sys",
"C:\\Windows\\System32\\drivers\\amdppm.sys",
"C:\\FRST",
"C:\\Windows\\System32\\fdeploy.dll",
"C:\\Windows\\SysWOW64\\drivers\\HpSAMD.sys",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Extensions\\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}",
"C:\\Windows\\SysWOW64\\drivers\\Beep.sys",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\system32\\DRIVERS\\CompositeBus.sys",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%SystemRoot%\\System32\\appidsvc.dll",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox",
"C:\\Windows\\System32\\svchost.exe",
"C:\\Windows\\System32\\drivers\\etc\\hosts",
"C:\\Python27\\Scripts\\gpscript.dll",
"C:\\Users\\Public\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\SideShow\\SessionAgent",
"C:\\FRST\\bin\\sqlite3_x64.dll",
"C:\\Windows\\SysWOW64\\drivers\\evbda.sys",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%SystemRoot%\\system32\\provsvc.dll",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Diagnosis\\Scheduled",
"C:\\Windows\\System32\\GroupPolicy\\Machine\\Scripts\\scripts.ini",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%ProgramFiles(x86)%\\Windows Mail\\WinMail.exe OCInstallUserConfigOE",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%SystemRoot%\\System32\\bfe.dll",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Time Synchronization\\SynchronizeTime",
"C:\\Windows\\SysWOW64\\bfe.dll",
"C:\\Windows\\System32\\catroot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\Microsoft-Windows-RemoteAssistance-Package-Client~31bf3856ad364e35~amd64~~6.1.7601.17514.cat",
"C:\\Windows\\System32\\drivers\\1394ohci.sys",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Defrag\\ScheduledDefrag",
"C:\\Windows\\SysWOW64\\drivers\\asyncmac.sys",
"C:\\Windows\\System32\\drivers\\i8042prt.sys",
"C:\\Windows\\System32\\rundll32.exe",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Media Center\\DispatchRecoveryTasks",
"C:\\Windows\\System32\\drivers\\hidbth.sys",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%SystemRoot%\\System32\\dskquota.dll",
"C:\\FRST\\Hives\\BCD.LOG*",
"C:\\Windows\\System32\\perftrack.dll",
"C:\\Windows\\SysWOW64\\dot3svc.dll",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%SystemRoot%\\System32\\lsass.exe",
"C:\\Windows\\System32\\ListSvc.dll",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\system32\\DRIVERS\\blbdrive.sys",
"C:\\Windows\\SysWOW64\\drivers\\inetaccs.sys",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\screenshots@mozilla.org.xpi",
"C:\\Windows\\SysWOW64\\drivers\\cmdide.sys",
"C:\\Windows\\ehome\\ehPrivJob.exe",
"C:\\FRST\\m3Hu8Ft2L",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%SystemRoot%\\System32\\wdi.dll",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%systemroot%\\system32\\gpprnext.dll",
"C:\\Windows\\System32\\drivers\\HdAudio.sys",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Offline Files\\Logon Synchronization",
"C:\\Windows\\SysWOW64\\drivers\\elxstor.sys",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Customer Experience Improvement Program\\UsbCeip",
"C:\\Program Files\\Windows Defender\\MpOAV.dll",
"C:\\Windows\\SysWOW64\\drivers\\aliide.sys",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%windir%\\ehome\\MCUpdate.exe",
"C:\\Windows\\System32\\SearchProtocolHost.exe",
"C:\\Windows\\System32\\ie4uinit.exe",
"C:\\Windows\\System32\\MSVidCtl.dll",
"C:\\FRST\\Logs\\up64",
"C:\\Windows\\System32\\dskquota.dll",
"C:\\Windows\\System32\\drivers\\amdide.sys",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Media Center\\PBDADiscoveryW1",
"C:\\Windows\\SysWOW64\\drivers\\arc.sys",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\1338591tmp000.zip:Zone.Identifier",
"C:\\Program Files\\Mozilla Firefox\\browser\\features",
"C:\\Windows\\System32\\mscms.dll",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%SystemRoot%\\System32\\BioCredProv.dll",
"C:\\Windows\\System32\\powercfg.exe",
"C:\\Windows\\System32\\winrnr.dll",
"C:\\Windows\\System32\\GroupPolicyUsers\\scripts.ini",
"C:\\FRST\\Hives\\cuck",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%systemroot%\\system32\\RacEngn.dll",
"C:\\Windows\\System32\\taskhost.exe",
"C:\\Users\\cuck\\AppData\\Roaming\\Opera Software\\Opera Stable\\Extensions",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\System32\\drivers\\hwpolicy.sys",
"C:\\Windows\\SysWOW64\\drivers\\hwpolicy.sys",
"C:\\Program Files\\mozilla firefox\\defaults\\pref",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%SystemRoot%\\system32\\kmsvc.dll",
"C:\\Users\\Default User\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup",
"C:\\Program Files (x86)\\Mozilla Firefox\\distribution\\extensions",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\system32\\drivers\\filetrace.sys",
"C:\\Windows\\System32\\BthUdTask.exe",
"C:\\FRST\\z8Fn3Cz4\\SYSTEM.LOG",
"C:\\Python27\\appmgmts.dll",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\extensions\\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Bluetooth\\UninstallDeviceTask",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\system32\\drivers\\disk.sys",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\AppID\\PolicyConverter",
"C:\\Windows\\System32\\drivers\\hidbatt.sys",
"C:\\Windows\\SysWOW64\\drivers\\fdc.sys",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\TextServicesFramework\\MsCtfMonitor",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\features\\",
"C:\\Windows\\System32\\catroot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\Microsoft-Windows-Client-Features-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat",
"C:\\Windows\\System32\\drivers\\errdev.sys",
"C:\\Windows\\SysWOW64\\FntCache.dll",
"C:\\Users\\cuck\\AppData\\Local\\Temp",
"C:\\Windows\\SysWOW64\\alg.exe",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\MemoryDiagnostic\\DecompressionFailureDetector",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%SystemRoot%\\System32\\dot3svc.dll",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Media Center\\OCURActivate",
"C:\\Windows\\SysWOW64\\drivers\\.NET CLR Data.sys",
"C:\\Windows\\SysWOW64\\drivers\\ESENT.sys",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\system32\\DRIVERS\\compbatt.sys",
"C:\\Windows\\System32\\drivers\\.NET CLR Data.sys",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%SystemRoot%\\System32\\wsqmcons.exe",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\install1338591",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Extensions",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%SystemRoot%\\System32\\cscsvc.dll",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%SystemRoot%\\system32\\cryptsvc.dll",
"D:\\Windows\\System32\\config\\SAM.LOG*",
"C:\\Windows\\System32\\catroot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\Microsoft-Windows-SecureStartup-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\system32\\drivers\\HTTP.sys",
"C:\\Windows\\SysWOW64\\appinfo.dll",
"C:\\Windows\\SysWOW64\\ikeext.dll",
"C:\\Windows\\SysWOW64\\mscoree.dll",
"D:\\Windows\\System32\\config\\SYSTEM.LOG*",
"C:\\Python27\\aitagent.exe",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\CertificateServicesClient\\UserTask",
"C:\\FRST\\m3Hu8Ft2L\\UsrClass.dat.LOG1",
"C:\\FRST\\m3Hu8Ft2L\\UsrClass.dat.LOG2",
"C:\\Windows\\SysWOW64\\drivers\\bthmodem.sys",
"C:\\Windows\\System32\\authui.dll",
"C:\\Windows\\SysWOW64\\GroupPolicyUsers",
"C:\\Windows\\System32\\ie4uinit.exe -BaseSettings",
"C:\\Windows\\SysWOW64\\ieframe.dll",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\extensions.ini",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\webcompat@mozilla.org.xpi",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\activity-stream@mozilla.org.xpi",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%SystemRoot%\\system32\\bthserv.dll",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%SystemRoot%\\system32\\fdrespub.dll",
"C:\\Windows\\System32\\mswsock.dll",
"C:\\Windows\\System32\\WinSATAPI.dll",
"D:\\Windows\\System32\\config\\DEFAULT.LOG*",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%SystemRoot%\\system32\\MsCtfMonitor.dll",
"C:\\Windows\\System32\\catroot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\Microsoft-Windows-RemoteFX-RemoteClient-Setup-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat",
"C:\\Windows\\SysWOW64\\drivers\\bowser.sys",
"D:\\Windows\\System32\\config\\SOFTWARE",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Customer Experience Improvement Program\\KernelCeipTask",
"C:\\FRST\\m3Hu8Ft2L\\SECURITY.LOG2",
"C:\\FRST\\m3Hu8Ft2L\\SECURITY.LOG1",
"C:\\Windows\\SysWOW64\\dps.dll",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%SystemRoot%\\System32\\qmgr.dll",
"C:\\Windows\\System32\\drivers\\aliide.sys",
"C:\\Windows\\System32\\wevtsvc.dll",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\UsrClass.dat",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Tcpip\\IpAddressConflict2",
"C:\\Windows\\System32\\drivers\\evbda.sys",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Media Center\\PBDADiscovery",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Media Center\\mcupdate",
"C:\\Windows\\System32\\drivers\\iaStorV.sys",
"C:\\frst\\keysrem",
"C:\\Windows\\SysWOW64\\drivers\\CmBatt.sys",
"C:\\Windows\\System32\\drivers\\drmkaud.sys",
"C:\\Windows\\System32\\qmgr.dll",
"C:\\Windows\\System32\\defragsvc.dll",
"C:\\System Volume Information",
"C:\\Windows\\System32\\mshtml.dll",
"C:\\Windows\\System32\\wermgr.exe",
"C:\\Windows\\System32\\drivers\\fs_rec.sys",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Tcpip\\IpAddressConflict1",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Active Directory Rights Management Services Client\\AD RMS Rights Policy Template Management (Automated)",
"C:\\Windows\\System32\\dimsjob.dll",
"C:\\Windows\\SysWOW64\\drivers\\BattC.sys",
"C:\\Windows\\System32\\fveui.dll",
"C:\\Windows\\System32\\catroot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\ntpe.cat",
"C:\\frst\\files",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\formautofill@mozilla.org.xpi",
"C:\\Python27\\gpscript.dll",
"C:\\Windows\\SysWOW64\\GroupPolicy\\Machine\\Scripts\\scripts.ini",
"C:\\Users\\cuck\\AppData\\Roaming\\Identities\\{183045C5-6B41-4C94-A7FA-BE70B5E7A9D3}",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\system32\\DRIVERS\\b57nd60a.sys",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Media Center\\OCURDiscovery",
"C:\\Windows\\System32\\drivers\\.NETFramework.sys",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\firefox@getpocket.com.xpi",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%SystemRoot%\\System32\\wevtsvc.dll",
"C:\\Windows\\System32\\QAGENTRT.DLL",
"C:\\Program Files\\mozilla firefox\\browser\\plugins",
"C:\\Windows\\System32\\drivers\\acpipmi.sys",
"C:\\FRST\\Hives\\SAM",
"C:\\Windows\\System32\\dnsapi.dll",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\system32\\drivers\\fltmgr.sys",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%SystemRoot%\\system32\\unregmp2.exe \\ShowWMP",
"C:\\Users\\cuck\\AppData\\Roaming\\Media Center Programs",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%SystemRoot%\\System32\\usbceip.dll",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%SystemRoot%\\System32\\powercfg.exe",
"C:\\Windows\\System32\\SearchFilterHost.exe",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%systemroot%\\Microsoft.Net\\Framework64\\v3.0\\WPF\\PresentationFontCache.exe",
"C:\\Windows\\System32\\drivers\\adpahci.sys",
"C:\\Windows\\System32\\FntCache.dll",
"C:\\Python27\\Scripts\\wlgpclnt.dll",
"C:\\Windows\\SysWOW64\\drivers\\HTTP.sys",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Media Center\\InstallPlayReady",
"D:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\UsrClass.dat.LOG*",
"C:\\Program Files (x86)\\mozilla firefox\\browser\\defaults\\preferences",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%SystemRoot%\\ehome\\ehrec.exe",
"C:\\Windows\\SysWOW64\\drivers\\compbatt.sys",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\permissions.sqlite-journal",
"C:\\Windows\\System32\\VSSVC.exe",
"C:\\Windows\\System32\\drivers\\.NET CLR Networking.sys",
"C:\\FRST\\bin",
"C:\\Windows\\SysWOW64\\drivers\\adpahci.sys",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%SystemRoot%\\ehome\\ehPrivJob.exe",
"C:\\Windows\\System32\\certCredProvider.dll",
"C:\\Windows\\System32\\drivers\\fastfat.sys",
"C:\\Windows\\System32\\drivers\\hidusb.sys",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\RAC\\RacTask",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\archived",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\reg101",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Shell\\WindowsParentalControlsMigration",
"C:\\Windows\\SysWOW64\\cryptsvc.dll",
"C:\\Windows\\System32\\drivers\\GAGP30KX.SYS",
"C:\\FRST\\m3Hu8Ft2L\\SAM",
"C:\\Windows\\SysWOW64\\pnrpnsp.dll",
"C:\\FRST\\z8Fn3Cz4\\SYSTEM.LOG2",
"C:\\FRST\\z8Fn3Cz4\\SYSTEM.LOG1",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%SystemRoot%\\ehome\\mcupdate.exe",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\System32\\CLFS.sys",
"C:\\Program Files\\mozilla firefox\\browser\\defaults\\preferences",
"C:\\Windows\\ehome\\ehsched.exe",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\Extensions",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%windir%\\system32\\defrag.exe",
"C:\\Windows\\System32\\csrss.exe",
"c:\\program files\\windows defender\\MpCmdRun.exe",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%windir%\\system32\\RAServer.exe",
"C:\\Windows\\System32\\GroupPolicy\\Machine\\Scripts\\psscripts.ini",
"C:\\Python27\\auditcse.dll",
"C:\\Python27\\Scripts\\fdeploy.dll",
"C:\\Windows\\SysWOW64\\drivers\\bxvbda.sys",
"C:\\Windows\\System32\\dot3gpclnt.dll",
"C:\\Windows\\SysWOW64\\nlaapi.dll",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%SystemRoot%\\system32\\authui.dll",
"C:\\Windows\\System32\\HotStartUserAgent.dll",
"C:\\Windows\\System32\\drivers\\amdsata.sys",
"C:\\Windows\\System32\\eapsvc.dll",
"C:\\FRST\\m3Hu8Ft2L\\DEFAULT",
"C:\\Windows\\SysWOW64\\drivers\\iirsp.sys",
"C:\\FRST\\Hives",
"C:\\Windows\\System32\\gptext.dll",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\SideShow\\GadgetManager",
"C:\\Windows\\System32\\drivers\\bxvbda.sys",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\aushelper@mozilla.org.xpi",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Edge\\User Data",
"C:\\Windows\\SysWOW64\\drivers\\intelide.sys",
"C:\\Program Files (x86)\\mozilla firefox",
"C:\\Windows\\System32\\GroupPolicyUsers",
"C:\\Windows\\System32\\drivers\\crcdisk.sys",
"C:\\Program Files (x86)\\Windows Mail\\WinMail.exe OCInstallUserConfigOE",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%SystemRoot%\\system32\\dhcpcore.dll",
"C:\\Python27\\gptext.dll",
"C:\\Windows\\System32\\drivers\\BrUsbMdm.sys",
"C:\\Windows\\System32\\drivers\\battc.sys",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%SystemRoot%\\System32\\appmgmts.dll",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\bookmarkbackups",
"C:\\Windows\\System32\\catroot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\Microsoft-Windows-OfflineFiles-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%systemroot%\\system32\\es.dll",
"C:\\Windows\\System32\\spoolsv.exe",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\crashes\\events",
"C:\\Windows\\System32\\sdclt.exe",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%systemroot%\\ehome\\ehsched.exe",
"C:\\Windows\\System32\\cscui.dll",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\events",
"C:\\FRST\\Temp",
"C:\\FRST\\m3Hu8Ft2L\\DEFAULT.LOG",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\system32\\drivers\\drmkaud.sys",
"C:\\Windows\\SysWOW64\\drivers\\flpydisk.sys",
"C:\\Windows\\SysWOW64\\drivers\\adsi.sys",
"C:\\Windows\\SysWOW64\\drivers\\DCLocator.sys",
"C:\\Python27\\Scripts\\explorer.exe",
"C:\\Windows\\System32\\appinfo.dll",
"C:\\FRST\\b4Ye2Sa8E",
"C:\\FRST\\m3Hu8Ft2L\\SAM.LOG",
"C:\\Windows\\System32\\memdiag.dll",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\system32\\DRIVERS\\intelppm.sys",
"C:\\Windows\\System32\\drivers\\BTHPORT.sys",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\archived\\2018-06",
"C:\\Python27\\Scripts\\auditcse.dll",
"C:\\FRST\\m3Hu8Ft2L\\SYSTEM.LOG",
"C:\\Windows\\SysWOW64\\appmgmts.dll",
"C:\\Windows\\System32\\raserver.exe",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports",
"C:\\Windows\\System32\\drivers\\adsi.sys",
"C:\\Windows\\SysWOW64\\certprop.dll",
"C:\\Python27\\explorer.exe",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla",
"C:\\Windows\\System32\\sdiagschd.dll",
"C:\\Windows\\System32\\catroot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\Microsoft-Windows-Printing-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat",
"C:\\Windows\\SysWOW64\\drivers\\intelppm.sys",
"C:\\Program Files (x86)\\mozilla firefox\\defaults\\pref",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\winmgmts:{impersonationLevel=impersonate}!\\root\\cimv2:Win32_ShadowCopy",
"C:\\Windows\\System32\\cryptsvc.dll",
"C:\\Python27\\SmartcardCredentialProvider.dll",
"C:\\Windows\\SysWOW64\\drivers\\dmvsc.sys",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\system32\\DRIVERS\\cdrom.sys",
"C:\\Program Files\\Mozilla Firefox\\browser\\extensions",
"C:\\Windows\\System32\\drivers\\AGP440.sys",
"C:\\Windows\\SysWOW64\\drivers\\adpu320.sys",
"C:\\Windows\\System32\\explorer.exe",
"C:\\Python27\\Scripts\\aitagent.exe",
"D:\\Windows\\System32\\config\\SYSTEM",
"C:\\Windows\\System32\\catroot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\Microsoft-Windows-Client-Wired-Network-Drivers-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat",
"C:\\Program Files\\Mozilla Firefox\\distribution\\policies.json",
"C:\\Windows\\SysWOW64\\urlmon.dll",
"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorsvw.exe",
"C:\\Windows\\SysWOW64\\mshtml.dll",
"C:\\Windows\\System32\\drivers\\exfat.sys",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%SystemRoot%\\System32\\TsUsbRedirectionGroupPolicyExtension.dll",
"C:\\Windows\\System32\\catroot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\nt5.cat",
"C:\\Windows\\System32\\PlaySndSrv.dll"
],
"directory_enumerated": [
"C:\\Windows\\System32\\bcdedit.COM",
"C:\\Windows\\System32\\bcdedit.exe",
"C:\\Windows\\System32\\bcdedit.*"
]
}Dropped
[
{
"yara": [],
"sha1": "d04af565bc32ed36caf6ee7645027efb3fc2d4d8",
"name": "f0ccec54417b005f_SECURITY",
"filepath": "C:\\FRST\\m3Hu8Ft2L\\SECURITY",
"type": "MS Windows registry file, NT\/2000 or above",
"sha256": "f0ccec54417b005fb5c613db3dcb11e0000666aae6f75bf43493df8f0c5b3d72",
"urls": [],
"crc32": "7575FB92",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/5861\/files\/f0ccec54417b005f_SECURITY",
"ssdeep": null,
"size": 262144,
"sha512": "8d10df4b90aebeb966c65095db5bc6ad311a90b037baa812dbf9029f6f4f4994663256a0a635eb45ba522cf24c5d6e735d60e59b9f310deea310b6fb6bc5789d",
"pids": [],
"md5": "5d2dfb1c398a5fbf99b6dfe49ca91666"
},
{
"yara": [],
"sha1": "2b62d2b913ce9316960ab49815a8734a72bee323",
"name": "3a380e7aa3497603_SYSTEM{016888cd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms",
"filepath": "C:\\FRST\\z8Fn3Cz4\\SYSTEM{016888cd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms",
"type": "data",
"sha256": "3a380e7aa3497603c576423312d6f107717216edd711cb7d62c232a31fcc6d14",
"urls": [],
"crc32": "B773D322",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/5861\/files\/3a380e7aa3497603_SYSTEM{016888cd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms",
"ssdeep": null,
"size": 524288,
"sha512": "c6cc0a3700284de65bb09ff26080a0e72615e666740c276bc46a9845eb16fc5b9bfc08f1d793254d163ff8654a99571a314d08ea1f1472f1bccdeccfa08c4c70",
"pids": [],
"md5": "57afe043575b387bf30a69a6e7ae2a73"
},
{
"yara": [],
"sha1": "513025832a2c15e6cc7826846bf46bab21d8073a",
"name": "81312681d69111d3_1338591tmp000.zip",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\1338591tmp000.zip",
"type": "data",
"sha256": "81312681d69111d3ec4754a15a5ab33951f242f972963ce18cbc5162e311be12",
"urls": [
"http:\/\/www.mozilla.org\/2004\/em-rdf",
"http:\/\/mozilla.org\/MPL\/2.0\/."
],
"crc32": "B448676B",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/5861\/files\/81312681d69111d3_1338591tmp000.zip",
"ssdeep": null,
"size": 3268,
"sha512": "fee5dabcaa3a8e84cb51ecf7fe592d790e025d676d1de0c3d27434e855e4229b97dbb89ac4ad1bcaa0367d0f7aad442c2dec4b8a04ab09ac7f99ba0260850d6c",
"pids": [],
"md5": "75dc24469c5960dc9925cebb41913f71"
},
{
"yara": [],
"sha1": "817e62310a3c922707a5d2b6854fa56315afa644",
"name": "c4698cd6c9f19497_hndlr0",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\hndlr0",
"type": "ASCII text, with CRLF line terminators",
"sha256": "c4698cd6c9f19497f2cf9313b67b5b529cdf7d840878937c0ad4d9f9aaaaef6b",
"urls": [],
"crc32": "397282C1",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/5861\/files\/c4698cd6c9f19497_hndlr0",
"ssdeep": null,
"size": 1630,
"sha512": "c73a51dd98026f5cda5f5936636d2028eddb18b884f4d1831983f9b56763d99a9742ca1c13d0fdca0f85886c117f3136f8905552ee99c7f3976adc88dfa39683",
"pids": [
1664
],
"md5": "c2cd149b32e5d3b3dd4d8d844156cffd"
},
{
"yara": [],
"sha1": "1ddc18155adeebda3a9e14f29245e5611d70ee24",
"name": "affaf4c1ff680a7f_SECURITY.LOG",
"filepath": "C:\\FRST\\m3Hu8Ft2L\\SECURITY.LOG",
"type": "MS Windows registry file, NT\/2000 or above",
"sha256": "affaf4c1ff680a7fc68253c08c180337039edae6fc52338b14da9c98d6a08448",
"urls": [],
"crc32": "F8BAFEAE",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/5861\/files\/affaf4c1ff680a7f_SECURITY.LOG",
"ssdeep": null,
"size": 1024,
"sha512": "45697fd2523a57f5f2d80ff051d786eac36bee62bd0937291344720109913ab3af3b3c331c8dc1231a53742c7941b196139ef00ec30d4200513d77766f78b2e6",
"pids": [],
"md5": "e956efcb958e5ee234f9906d473f1b50"
},
{
"yara": [],
"sha1": "1d64e437b892bc019318295026743fcf495b6a06",
"name": "439fae2ecfdf61e0_SECURITY.LOG1",
"filepath": "C:\\FRST\\m3Hu8Ft2L\\SECURITY.LOG1",
"type": "MS Windows registry file, NT\/2000 or above",
"sha256": "439fae2ecfdf61e0f70e3095570f8a1918e6c7c8641aca88282f704bd4b6d1b3",
"urls": [],
"crc32": "90B38CE4",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/5861\/files\/439fae2ecfdf61e0_SECURITY.LOG1",
"ssdeep": null,
"size": 21504,
"sha512": "e80c65e766a14b058769f45fa6da8c936487dd939eade8a827d748b235214dcb99c8f6c6c8249bcc7f73c10f097b57e1380db8b44599cb2a4c09d7368c66655b",
"pids": [],
"md5": "6cb9704d9492ae0d556a2c46e534bd4f"
},
{
"yara": [],
"sha1": "c1db5a8716f6329a117cc81b0ddbd938f74a03af",
"name": "9abb8af0366a051f_SYSTEM.LOG1",
"filepath": "C:\\FRST\\m3Hu8Ft2L\\SYSTEM.LOG1",
"type": "MS Windows registry file, NT\/2000 or above",
"sha256": "9abb8af0366a051f256cb28fabbc49506c6c21b09f4e5958050d5856265e8790",
"urls": [],
"crc32": "71738F16",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/5861\/files\/9abb8af0366a051f_SYSTEM.LOG1",
"ssdeep": null,
"size": 262144,
"sha512": "bc7ecd9e197ff407979e12129beea19636c3961c7efecef42c56163d788a2ecb8e7758a692251393df6dd38d1b7902db1ccaf0d989cfe214a540844fa1f42df8",
"pids": [],
"md5": "0e8446cb5912a7d6df8c78f1576850d5"
},
{
"yara": [],
"sha1": "bbd0f23e3aaf13bdd4407cac47abd8ea007da3b9",
"name": "79521fec086ad1d8_hndlr0",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\hndlr0",
"type": "ASCII text, with CRLF line terminators",
"sha256": "79521fec086ad1d8638e4a99116eb8ebc0bb195d53ad99ecb7d72b88b15b800c",
"urls": [],
"crc32": "641E6B32",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/5861\/files\/79521fec086ad1d8_hndlr0",
"ssdeep": null,
"size": 5088,
"sha512": "5b608632196d662ce62bd325c771261bd18d93f110fe63d1c85c41fa306052f837b0eaccba61609c67f70266b63b6856ecf5718a1cdb2f07f57f100b34b9dd82",
"pids": [
1664
],
"md5": "2fdf53afc3564d2315b9d9eb8fe7ed33"
},
{
"yara": [],
"sha1": "d56161cad228482764fdd0638f80d3ffdaf0e452",
"name": "c67caae630af28ac_SOFTWARE.LOG1",
"filepath": "C:\\FRST\\m3Hu8Ft2L\\SOFTWARE.LOG1",
"type": "MS Windows registry file, NT\/2000 or above",
"sha256": "c67caae630af28acc6c57ab34e28431e2f79a62df62012e33049da59e80f1171",
"urls": [],
"crc32": "B825ECD3",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/5861\/files\/c67caae630af28ac_SOFTWARE.LOG1",
"ssdeep": null,
"size": 262144,
"sha512": "7c73450c44f53c038f7f06a22c662a046044b9de55b34f333772e55ef8cb877fd2a7658d1766be3a8cc3ae64a7087bcfb3310f1882b4d8652c1defd8242ffbaa",
"pids": [],
"md5": "703450a3b002e09b26e66dd91b9e0798"
},
{
"yara": [],
"sha1": "b9564fa6c6d05687b9c37e6786d9789d451bbc30",
"name": "406803852f5a2883_UsrClass.dat.LOG1",
"filepath": "C:\\FRST\\m3Hu8Ft2L\\UsrClass.dat.LOG1",
"type": "MS Windows registry file, NT\/2000 or above",
"sha256": "406803852f5a288335fa9cec86d9776372420c176003dcb7864b0f30289cbbbd",
"urls": [],
"crc32": "8BFAEFAA",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/5861\/files\/406803852f5a2883_UsrClass.dat.LOG1",
"ssdeep": null,
"size": 152576,
"sha512": "5bd079836b60045114d02ac550b26a4cb147ad1e54338bd4d80186ef23e5edbb2b448403d9f837553e5655652cc1cde582a88957c728ea6cecf041677ab12895",
"pids": [],
"md5": "1eea34206debd14bcd103d64dd19bbf5"
},
{
"yara": [],
"sha1": "e276094f45bad021048f367d481dec304362cbf6",
"name": "68f3ad6ebef95e76_users00",
"filepath": "C:\\FRST\\users00",
"type": "ASCII text, with CRLF line terminators",
"sha256": "68f3ad6ebef95e76c41770e8a4e1da4f0eeb57a1fd5fd716856a346acfccaa87",
"urls": [],
"crc32": "C0625513",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/5861\/files\/68f3ad6ebef95e76_users00",
"ssdeep": null,
"size": 89,
"sha512": "7a80b1efa5613656faf10be5bea280d62c78fce821d6c71cf4b7447616b0fd19f10a167cd2dd66f49bcf5b1c31ef674a8ee2bd41c354240a007519f105026cf3",
"pids": [
1664
],
"md5": "12fe3cc3a8e11bcc1d571a4ba5512a11"
},
{
"yara": [],
"sha1": "f650d3348ccb62ed5141b40c5f71fba32581609c",
"name": "2d7cb3f3029ea546_SYSTEM",
"filepath": "C:\\FRST\\m3Hu8Ft2L\\SYSTEM",
"type": "MS Windows registry file, NT\/2000 or above",
"sha256": "2d7cb3f3029ea54618a3e334254a80f34f744c1ac42cbc7c00eac172009c01a2",
"urls": [
"http:\/\/www.microsoft.com\/provisioning\/eaptlsuserpropertiesv1",
"http:\/\/www.microsoft.com\/provisioning\/mschapv2userpropertiesv1",
"http:\/\/www.microsoft.com\/provisioning\/mspeapconnectionpropertiesv1",
"http:\/\/www.microsoft.com\/provisioning\/eaptlsconnectionpropertiesv1",
"http:\/\/www.microsoft.com\/provisioning\/mspeapuserpropertiesv1",
"http:\/\/www.microsoft.com\/provisioning\/mschapv2connectionpropertiesv1"
],
"crc32": "2DA69850",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/5861\/files\/2d7cb3f3029ea546_SYSTEM",
"ssdeep": null,
"size": 9961472,
"sha512": "a8331ee79c7316395632a256bdd4aa20a3aab236d02d90d62d097135f7aee4de2c6ee694a4255b91486c5f7bfa463f79def7a025a1d9ec8a095ab3e6edd306d0",
"pids": [],
"md5": "072ee53889fe0450c1f6fc205cdaf6a1"
},
{
"yara": [],
"sha1": "ddb87b3cc0221da616f7b45a71cd30d4900d17d8",
"name": "70484142eff6821b_SYSTEM.LOG",
"filepath": "C:\\FRST\\m3Hu8Ft2L\\SYSTEM.LOG",
"type": "MS Windows registry file, NT\/2000 or above",
"sha256": "70484142eff6821b2650fa3a62e23f44fe88c350d86c8d727a5a8c51176d6379",
"urls": [],
"crc32": "BC2A73EE",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/5861\/files\/70484142eff6821b_SYSTEM.LOG",
"ssdeep": null,
"size": 1024,
"sha512": "de4f0e3861de3a3cd68c0f4ecf56ccd1ff8cf1041114bc892ab9cac68893b6fc2a6213486420555df2404488b05a8a6863b45029f67606a96e270e3e07b073c8",
"pids": [],
"md5": "cd1ed67ccd5b47295aa8818c7fef0317"
},
{
"yara": [],
"sha1": "b3dfee599dbca80335cf47f97bb73bf0f464462e",
"name": "3065c32f34c61ac3_DEFAULT.LOG1",
"filepath": "C:\\FRST\\m3Hu8Ft2L\\DEFAULT.LOG1",
"type": "MS Windows registry file, NT\/2000 or above",
"sha256": "3065c32f34c61ac3e987cfce55161934e71d0ada61dd1873b017a6e538228e0d",
"urls": [],
"crc32": "7C141123",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/5861\/files\/3065c32f34c61ac3_DEFAULT.LOG1",
"ssdeep": null,
"size": 164864,
"sha512": "4edb5afa4700eb29af421ba5d17e745a3d2018a07f7a38430c3beb4cada93557342da7b3bc05986c8c08ba233c320dc4ef58de4eb051cd163bd92c12a93c7930",
"pids": [],
"md5": "64bc272ddf17b4742f2f2de27ebf587d"
},
{
"yara": [],
"sha1": "c634e969ca4b39fc9ac115da6215a8a80df67920",
"name": "17b22c562ee8e559_DEFAULT",
"filepath": "C:\\FRST\\m3Hu8Ft2L\\DEFAULT",
"type": "MS Windows registry file, NT\/2000 or above",
"sha256": "17b22c562ee8e5590fc1d341c45a4e5ca3b45a16b8fcbef153bf29dc54eb7e21",
"urls": [],
"crc32": "8C8E1041",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/5861\/files\/17b22c562ee8e559_DEFAULT",
"ssdeep": null,
"size": 262144,
"sha512": "21177e30fb4c0087325dbe83255b356bb4ebf187acecc23a7bfaad24ed6121b88b606054514833ce43bed003d67876787362962a029e680f7cc9016c03cd40db",
"pids": [],
"md5": "ae6d854ed53a5045000aafb1e8b3c61c"
},
{
"yara": [],
"sha1": "49cea5d42f98d60a2273487a9802e9b9c8bbe5cb",
"name": "448a525cfa05b656_install.rdf",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\Temp1_1338591tmp000.zip\\install.rdf",
"type": "XML 1.0 document, ASCII text",
"sha256": "448a525cfa05b656bf1b6dbc12afc0dc8e1589c2f772066e2ca8e7efa1ac8d42",
"urls": [
"http:\/\/www.mozilla.org\/2004\/em-rdf",
"http:\/\/mozilla.org\/MPL\/2.0\/."
],
"crc32": "8756BCE4",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/5861\/files\/448a525cfa05b656_install.rdf",
"ssdeep": null,
"size": 1395,
"sha512": "1fb99f09395c177494b647516f831f2498c7dbec28fe16dc4d2e853ffc07c7cc7ecef6ce18ede3e2d79378ede3e7841b802ca8761b0b96d96ca06c462094a7a3",
"pids": [
1664
],
"md5": "ed8b10cea1b7bd0efa6aac380e4c0fac"
},
{
"yara": [],
"sha1": "8124009e8c53f85e8c64ed8fdad24f2b9ee88ae8",
"name": "f1b1b4973e0a7343_SOFTWARE.LOG",
"filepath": "C:\\FRST\\m3Hu8Ft2L\\SOFTWARE.LOG",
"type": "MS Windows registry file, NT\/2000 or above",
"sha256": "f1b1b4973e0a734364eebaac944dc6bfc43e839ea02aa82577bf2507698bd1aa",
"urls": [],
"crc32": "3960A872",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/5861\/files\/f1b1b4973e0a7343_SOFTWARE.LOG",
"ssdeep": null,
"size": 1024,
"sha512": "af23c468a9eb76174004ecee4a6fa1b6a1054cb84827e8bd8c370f846dc77eae62f363d39e6941889979188f1d0db5f0b98255373391dbf01194d024b9891475",
"pids": [],
"md5": "93a4221399b1dcb2213b32eac633e00e"
},
{
"yara": [],
"sha1": "c7b671585c8b602f4d1c3d5d20f5af32d1dc0da1",
"name": "95bf4db6a52e7e33_ntuser.dat.LOG1",
"filepath": "C:\\FRST\\m3Hu8Ft2L\\ntuser.dat.LOG1",
"type": "MS Windows registry file, NT\/2000 or above",
"sha256": "95bf4db6a52e7e33600dc1d0b0e52ec28f65ab3391e9ed0e4e1287892c83ea17",
"urls": [],
"crc32": "5673E72C",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/5861\/files\/95bf4db6a52e7e33_ntuser.dat.LOG1",
"ssdeep": null,
"size": 262144,
"sha512": "15cd884e4c8a750c4febed0ce7474d004a714541edc123ed28bc05bb6adee8d312aed671f5262017fb8e9772696f611f17f06dc55eeff9c292df5eabf17c45c5",
"pids": [],
"md5": "3c3d9d7c3db998130baa82ef55e1ab74"
},
{
"yara": [],
"sha1": "51a6f8fa23d96f2c2413f2b3dd9518e9be570871",
"name": "7d4d5d8f0c4d4496_SYSTEM{016888cd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf",
"filepath": "C:\\FRST\\z8Fn3Cz4\\SYSTEM{016888cd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf",
"type": "data",
"sha256": "7d4d5d8f0c4d4496d5ec7c9c1e60f14a212a28778468da229499a304a426a441",
"urls": [],
"crc32": "0745AB5F",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/5861\/files\/7d4d5d8f0c4d4496_SYSTEM{016888cd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf",
"ssdeep": null,
"size": 65536,
"sha512": "7c1d856ffbcafba16c6fdecdc5258030ba7d41639eb8e6f60a5210542ffbede299a56a27c46b5ef2b00d9c60189cb19d642a997fedf93478406022f339e491e2",
"pids": [],
"md5": "a68f5a68783d20e443b5b7ee8aba2641"
},
{
"yara": [],
"sha1": "4fdcd71346da168016a967602ca4df4295a0a10e",
"name": "44e35f6ea6246423_NTUSER.DAT",
"filepath": "C:\\FRST\\m3Hu8Ft2L\\NTUSER.DAT",
"type": "MS Windows registry file, NT\/2000 or above",
"sha256": "44e35f6ea62464231090481501365d1ff21ad5a70bdb8a63c4613de79abea319",
"urls": [],
"crc32": "9B41982D",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/5861\/files\/44e35f6ea6246423_NTUSER.DAT",
"ssdeep": null,
"size": 786432,
"sha512": "b44a67a3b13c86a17447985144182b86691248c3e5db0606652b0f2fe02bc0bc104597303363453592d5b337df9a3cdb422d057d623551c515ea024ea5c57792",
"pids": [],
"md5": "26a73a554c0484c5ce561cc8ee30f455"
},
{
"yara": [],
"sha1": "45f3270d64348a31ee08e25ddc33e539c078e036",
"name": "90403efc1fac06e5_aut5F4A.tmp",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\aut5F4A.tmp",
"type": "data",
"sha256": "90403efc1fac06e52d94b11473837c9c09d4f17f6892ea265b4a2e2968cca49d",
"urls": [],
"crc32": "08819C70",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/5861\/files\/90403efc1fac06e5_aut5F4A.tmp",
"ssdeep": null,
"size": 631596,
"sha512": "ca370635ba4f9927f20c8ed1f9a130c1882b908c2bf696e1164d798b91b3312ea267d2b1eeba787a4452bb779428ccb355bd050ed72dab2872ccaaa2085f1272",
"pids": [
1664
],
"md5": "c65d2bfee6f33857980f95bbf647d5c0"
},
{
"yara": [],
"sha1": "f4c1588288030f9702f0b8c9a7427f4d1db3eba8",
"name": "10f9035c5ddc473d_sqlite3_x64.dll",
"filepath": "C:\\FRST\\bin\\sqlite3_x64.dll",
"type": "PE32+ executable (DLL) (GUI) x86-64, for MS Windows",
"sha256": "10f9035c5ddc473d442d222296dc6c11925df21da9415f82f00374b96b4a9508",
"urls": [],
"crc32": "D26FFF30",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/5861\/files\/10f9035c5ddc473d_sqlite3_x64.dll",
"ssdeep": null,
"size": 1077248,
"sha512": "c07787abc5a00651642d2e5081e06a04cf17c6cd4942f4d025839108b05378797d2f3da42a4f3a796895ba48a57cc830de3b9e105a41d291615917f62171f649",
"pids": [
1664
],
"md5": "aeb9555da8a72977775c109e69843f2b"
},
{
"yara": [],
"sha1": "48a714cacddfebc8d146553f5c575b5d0138b59e",
"name": "24a38b569342ca9c_winsock",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\winsock",
"type": "ASCII text, with CRLF line terminators",
"sha256": "24a38b569342ca9cb9ec17b9482b365385970139c276e25559abfa1cd0f25a6b",
"urls": [],
"crc32": "9D0D2B74",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/5861\/files\/24a38b569342ca9c_winsock",
"ssdeep": null,
"size": 3858,
"sha512": "d4c427f1225bb7417d7cc719d6253c373a46c9a838769ebc045966821bd440360997b975e6b650573a0209871aaf0f9d124a99a68ecd441c05930eb2727455e8",
"pids": [
1664
],
"md5": "189033571ac710b1f39d3f2e5d91bf09"
},
{
"yara": [],
"sha1": "da39a3ee5e6b4b0d3255bfef95601890afd80709",
"name": "e3b0c44298fc1c14_BCD.LOG1",
"type": "empty",
"sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855",
"urls": [],
"crc32": "00000000",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/5861\/files\/e3b0c44298fc1c14_BCD.LOG1",
"ssdeep": null,
"size": 0,
"sha512": "cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e",
"md5": "d41d8cd98f00b204e9800998ecf8427e"
},
{
"yara": [],
"sha1": "dd9acbdb4bd53ea01f454fe4b147cac40812fd61",
"name": "2a9362a70c576f02_SAM.LOG1",
"filepath": "C:\\FRST\\m3Hu8Ft2L\\SAM.LOG1",
"type": "MS Windows registry file, NT\/2000 or above",
"sha256": "2a9362a70c576f028c8659df8275008a873d920fd179d97d8f8c53744a563eaf",
"urls": [],
"crc32": "B9513DF7",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/5861\/files\/2a9362a70c576f02_SAM.LOG1",
"ssdeep": null,
"size": 25600,
"sha512": "484187bbd8b62c3760434b53bcb6088ebcf5e64bd0bf1970f902c15d01c65f6df5ded716c79bc85048bcc9a06708fc547b878e07e77277e30f647ae417a8a19f",
"pids": [],
"md5": "d09acf0af7418317fdd0e8cb9b8c09ce"
},
{
"yara": [],
"sha1": "47601ebb419f0336cf38291e102dcf7e45549080",
"name": "38239de05eca1d32_SAM",
"filepath": "C:\\FRST\\m3Hu8Ft2L\\SAM",
"type": "MS Windows registry file, NT\/2000 or above",
"sha256": "38239de05eca1d3276f039d126d2de6062980298556339dd6cce301bd73666a2",
"urls": [],
"crc32": "9BB94F6C",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/5861\/files\/38239de05eca1d32_SAM",
"ssdeep": null,
"size": 262144,
"sha512": "857557ec617918d7a589e1ed69ee35d8632025e516a323a6b2a31cb912b389fc001f00868980b62dba344269d59e6b297bec4072e384e52e722ea5e4ac044a06",
"pids": [],
"md5": "245a191ea1cb650da9ad91b7174fcfcb"
},
{
"yara": [],
"sha1": "6a521e1d2a632c26e53b83d2cc4b0edecfc1e68c",
"name": "07854d2fef297a06_SYSTEM{016888cd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms",
"filepath": "C:\\FRST\\z8Fn3Cz4\\SYSTEM{016888cd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms",
"type": "data",
"sha256": "07854d2fef297a06ba81685e660c332de36d5d18d546927d30daad6d7fda1541",
"urls": [],
"crc32": "75660AAC",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/5861\/files\/07854d2fef297a06_SYSTEM{016888cd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms",
"ssdeep": null,
"size": 524288,
"sha512": "eedb6cadbceb2c991fc6f68dccb80463b3f660c5358acd7d705398ae2e3df2b4327f0f6c6746486848bd2992b379776483a98063ae96edb45877bb0314874668",
"pids": [],
"md5": "59071590099d21dd439896592338bf95"
},
{
"yara": [],
"sha1": "419a3ed526c3daf12ebf5e9d6204dbc2f4950454",
"name": "4db2303aa40fb773_SYSTEM",
"filepath": "C:\\FRST\\z8Fn3Cz4\\SYSTEM",
"type": "MS Windows registry file, NT\/2000 or above",
"sha256": "4db2303aa40fb7736c782628d5b4f8e43113ca917ea7c3ba6991a7c9f46548ce",
"urls": [
"http:\/\/www.microsoft.com\/provisioning\/eaptlsuserpropertiesv1",
"http:\/\/www.microsoft.com\/provisioning\/mschapv2userpropertiesv1",
"http:\/\/www.microsoft.com\/provisioning\/mspeapconnectionpropertiesv1",
"http:\/\/www.microsoft.com\/provisioning\/eaptlsconnectionpropertiesv1",
"http:\/\/www.microsoft.com\/provisioning\/mspeapuserpropertiesv1",
"http:\/\/www.microsoft.com\/provisioning\/mschapv2connectionpropertiesv1"
],
"crc32": "A6F9070F",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/5861\/files\/4db2303aa40fb773_SYSTEM",
"ssdeep": null,
"size": 9961472,
"sha512": "8890a613ad510928f7584aed258e5424101dd9419dec959b8fd6e52f14ecd4bb4bd819b9769970e3d1e8cfcfed0aab588ca014ac61a962274336293e136ac3ef",
"pids": [],
"md5": "b34c313d152d210acd6b8f35b7146379"
},
{
"yara": [],
"sha1": "9082cdfe393386a0f46f1bd16471ce57577a0f1d",
"name": "3139e6a414a65ca0_DEFAULT.LOG",
"filepath": "C:\\FRST\\m3Hu8Ft2L\\DEFAULT.LOG",
"type": "MS Windows registry file, NT\/2000 or above",
"sha256": "3139e6a414a65ca0fa6131a5ff8a0418bfd429f5e0a984d0580753f84020d8d8",
"urls": [],
"crc32": "2F7BF1A8",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/5861\/files\/3139e6a414a65ca0_DEFAULT.LOG",
"ssdeep": null,
"size": 1024,
"sha512": "55c8c6fa6f65cd876094fc04315e358a14256a93a4ea90f8d92e04f7f257347f15d5897ddc5824a29d3eefe14e4611b194dc48628a819408cbc6ee03a0efcbd6",
"pids": [],
"md5": "6726b4a393eb2592904fe8c2a4d71735"
},
{
"yara": [],
"sha1": "8782ec361b04fcc74c5821abfe0655fc8bfe7d8b",
"name": "2c56c252ea13a15c_BCD.LOG",
"filepath": "C:\\FRST\\Hives\\BCD.LOG",
"type": "MS Windows registry file, NT\/2000 or above",
"sha256": "2c56c252ea13a15c89b3da6f3f8c169906541b49b4fd47c79d771dd826402f9c",
"urls": [],
"crc32": "5F74984E",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/5861\/files\/2c56c252ea13a15c_BCD.LOG",
"ssdeep": null,
"size": 21504,
"sha512": "5162c3d7e30a2604b17856bf3947570d0a3153915fea1d3c3eea106b7844ef44aea3c8f6853236cf665ffb16c46c048c9ebdd2c9a687032d4e9bf95152ccfed4",
"pids": [],
"md5": "34a2de36a3c1269a29da516bd8f9610e"
},
{
"yara": [],
"sha1": "0dd9b5ca33e752ca33145c6a952c4b4b0c11b852",
"name": "a711f87273d28a72_UsrClass.dat",
"filepath": "C:\\FRST\\m3Hu8Ft2L\\UsrClass.dat",
"type": "MS Windows registry file, NT\/2000 or above",
"sha256": "a711f87273d28a724452690faa84eb691a225837cc09251ad93ae86edf6eead9",
"urls": [],
"crc32": "71C82516",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/5861\/files\/a711f87273d28a72_UsrClass.dat",
"ssdeep": null,
"size": 262144,
"sha512": "3615e539e5d4ee329e958adc06f0cea2b60661c3c322674615bd353305fde12008122637ad35043560085b381854efd244005b166134d8d862054cf71abc3d10",
"pids": [],
"md5": "c2b054f0817d67668b8fa59b8c513368"
},
{
"yara": [],
"sha1": "29d47a78d3a3faa2e733e13891f90df9e6b13cf0",
"name": "0f60582976ee93f6_SYSTEM.LOG1",
"filepath": "C:\\FRST\\z8Fn3Cz4\\SYSTEM.LOG1",
"type": "MS Windows registry file, NT\/2000 or above",
"sha256": "0f60582976ee93f6b3d69b026632cfcfd10196894e4b08541c1c351b9eb0c06b",
"urls": [],
"crc32": "4338ACFC",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/5861\/files\/0f60582976ee93f6_SYSTEM.LOG1",
"ssdeep": null,
"size": 262144,
"sha512": "dbaca5766258bb37e10de2b408c79edc7a08d53a17cccb569276227a061666005dbd57bbbd9822586897fdbdb9e34bc64939ee65f17111d7e4bdd83b78ef389d",
"pids": [],
"md5": "dfa979b6a5679fb7d83e49e85e583db8"
},
{
"yara": [],
"sha1": "bf2d742d6a1f5f64d5460f88f0ea3b2839859e38",
"name": "2166637e47607e5e_frst.txt",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\FRST.txt",
"type": "ASCII text, with CRLF line terminators",
"sha256": "2166637e47607e5e9544608efcc4506850974a70f743d57b5aa9b67b20da3c86",
"urls": [
"http:\/\/www.geekstogo.com\/forum\/topic\/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool\/"
],
"crc32": "1DAE9992",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/5861\/files\/2166637e47607e5e_frst.txt",
"ssdeep": null,
"size": 2739,
"sha512": "ece096524ca82ccf688c35e90b419eec5484cedd42323a56c04fce80dda4652f03a6d7e5554f01396d304e4d371e61bab99fbf66fa736d3986cf049d618dfaf3",
"pids": [
1664
],
"md5": "52cd66fe082fe8805a9098f3f388132f"
},
{
"yara": [],
"sha1": "65435433b09945e4b5a4a447fcee34785b5984b1",
"name": "cc15bd028c9bce65_ct.ini",
"filepath": "C:\\FRST\\Logs\\ct.ini",
"type": "ASCII text, with CRLF line terminators",
"sha256": "cc15bd028c9bce6584e16f3046eb274ca26486ecf0a19bca491f229ca16c0a0b",
"urls": [],
"crc32": "3C27454B",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/5861\/files\/cc15bd028c9bce65_ct.ini",
"ssdeep": null,
"size": 13,
"sha512": "cc72c68318f0e67242999ebf2bab00693861804b3d4c8f6636f1e76d9a606f52a1db59eed4f00a790da3de1dc2dca6d7ed3e225aae494df9e7de522591e369ab",
"pids": [
1664
],
"md5": "77d9dd2204786972b3dfc610003c2e77"
},
{
"yara": [],
"sha1": "bfcc8766a5fbdbe6c6586971f47051983e8292a4",
"name": "85ca8b85e11357b0_SAM.LOG",
"filepath": "C:\\FRST\\m3Hu8Ft2L\\SAM.LOG",
"type": "MS Windows registry file, NT\/2000 or above",
"sha256": "85ca8b85e11357b0ab117582e44846fd4a9387359a2d3210ccbb65df59119a0a",
"urls": [],
"crc32": "9173963A",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/5861\/files\/85ca8b85e11357b0_SAM.LOG",
"ssdeep": null,
"size": 1024,
"sha512": "c5e2d1be4a207d3997a0e6d62f20e55a253dd6c5cdcabbba02a7dc1610a335076df281446f20ffe1e13bf9c6c25419075d8a11de3fc9e44bbdedeebf7bff142e",
"pids": [],
"md5": "2c66fa9ca74bba02f12bda4976d527a6"
},
{
"yara": [
{
"meta": {
"description": "A non-Windows executable contains win32 API functions names",
"author": "nex"
},
"name": "embedded_win_api",
"offsets": {
"api7": [
[
4637592,
0
],
[
4735108,
0
],
[
4735740,
0
],
[
4901392,
0
],
[
4901776,
0
],
[
5332768,
0
],
[
5545488,
0
],
[
5545888,
0
]
]
},
"strings": [
"U2hlbGxFeGVjdXRl"
]
},
{
"meta": {
"description": "Possibly employs anti-virtualization techniques",
"author": "nex"
},
"name": "vmdetect",
"offsets": {
"virtualbox_mac_1a": [
[
17615176,
2
],
[
19181048,
2
]
],
"vmcheckdll": [
[
13063245,
3
],
[
13063597,
3
]
],
"vmware_mac_1c": [
[
1671107,
1
],
[
1703555,
1
]
],
"vmware_mac_2c": [
[
8133481,
0
],
[
8134633,
0
],
[
8385505,
0
],
[
8386185,
0
],
[
8387825,
0
],
[
8397545,
0
],
[
8398697,
0
],
[
8399041,
0
],
[
8399393,
0
],
[
8399993,
0
],
[
8401153,
0
],
[
8405825,
0
],
[
8407065,
0
],
[
8407649,
0
],
[
8407985,
0
],
[
8409769,
0
],
[
8410169,
0
],
[
8410513,
0
],
[
8411369,
0
],
[
8414449,
0
],
[
8415473,
0
],
[
8420753,
0
],
[
8423297,
0
],
[
8435865,
0
],
[
8437473,
0
],
[
8439121,
0
],
[
8440153,
0
],
[
8454553,
0
],
[
8517737,
0
],
[
8518041,
0
],
[
8518609,
0
],
[
8519817,
0
],
[
8524577,
0
],
[
8525273,
0
],
[
8526913,
0
],
[
8528249,
0
],
[
8529497,
0
],
[
8530073,
0
],
[
8530409,
0
],
[
8532193,
0
],
[
8532593,
0
],
[
8532937,
0
],
[
8533793,
0
],
[
8537633,
0
],
[
8539585,
0
],
[
8541225,
0
],
[
8543417,
0
],
[
8552945,
0
],
[
8554929,
0
],
[
8555961,
0
],
[
8570161,
0
],
[
9036513,
0
],
[
9038073,
0
],
[
9850881,
0
],
[
21915657,
0
],
[
21917833,
0
],
[
21985169,
0
],
[
22028145,
0
],
[
22685073,
0
],
[
26322593,
0
],
[
26960697,
0
]
]
},
"strings": [
"MDA1MDU2",
"MDAwNTY5",
"MDgtMDAtMjc=",
"RccAAQ=="
]
}
],
"sha1": "de1fa991c93dd5a682fc717dba97e29953c17265",
"name": "a5754eb051470022_SOFTWARE",
"filepath": "C:\\FRST\\m3Hu8Ft2L\\SOFTWARE",
"type": "MS Windows registry file, NT\/2000 or above",
"sha256": "a5754eb0514700225592287519113b253d2fa7605f9977d00781851e229ad00c",
"urls": [
"https:\/\/www.verisign.com\/repository\/CPS",
"http:\/\/crl.verisign.com\/pca3.crl0",
"https:\/\/www.verisign.com\/repository\/verisignlogo.gif0D",
"https:\/\/www.verisign.com\/rpa0",
"https:\/\/www.verisign.com",
"http:\/\/preview.services.wmdrm.windowsmedia.com",
"http:\/\/drmlicense.one.microsoft.com",
"http:\/\/crl.globalsign.net\/root-r2.crl0",
"http:\/\/services.wmdrm.windowsmedia.comUB",
"https:\/\/www.verisign.com\/CPS04"
],
"crc32": "0AD0B340",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/5861\/files\/a5754eb051470022_SOFTWARE",
"ssdeep": null,
"size": 38273024,
"sha512": "1fc564b76c0315727117c686dc3372770ebe448721c489db2ab7ab80066394ecc16e2d7777dfac5d51fbc61eba1fa563d342fc2fe56e174f27c35f9ea6aed445",
"pids": [],
"md5": "816b2c4c0558b4d23c846487748ca469"
},
{
"yara": [],
"sha1": "622273d3717d8b34264e8bceb1b014ca9b2eaecc",
"name": "bb8b35e53e3efbef_reg101",
"filepath": "C:\\Users\\cuck\\AppData\\Local\\Temp\\reg101",
"type": "ASCII text, with CRLF line terminators",
"sha256": "bb8b35e53e3efbefb5feddb81bef5da45e9fe5008afb460c3018fb6d3cbdb3e8",
"urls": [],
"crc32": "13ED045C",
"path": "\/home\/hpuser\/.cuckoo\/storage\/analyses\/5861\/files\/bb8b35e53e3efbef_reg101",
"ssdeep": null,
"size": 1911,
"sha512": "17ddd65cae33aff8a150db5c87d2b1a2169e1265832fe6d4959ac115163acebfd1ffe7017dcf4bed5a48cd226fd1bd72308ab14fed3c5c960624624227138379",
"pids": [
1664
],
"md5": "9425d839efca6ef8aa3c2f72f878f7e4"
}
]Generic
[
{
"process_path": "C:\\Users\\cuck\\AppData\\Local\\Temp\\8bea8c84332f5eaf85be32a3d67134efc603314efc297afe87b72d47bc03b79c.bin",
"process_name": "8bea8c84332f5eaf85be32a3d67134efc603314efc297afe87b72d47bc03b79c.bin",
"pid": 1664,
"summary": {
"file_created": [
"C:\\Users\\cuck\\AppData\\Local\\Temp\\hndlr0",
"C:\\FRST\\bin\\sqlite3_x64.dll",
"C:\\FRST\\users00",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\Temp1_1338591tmp000.zip\\install.rdf",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\aut5F4A.tmp",
"C:\\FRST\\Logs\\ct.ini",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\FRST.txt",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\reg101",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\winsock",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\install1338591"
],
"file_recreated": [
"\\??\\nul",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\aut5F4A.tmp",
"\\Device\\KsecDD"
],
"directory_created": [
"C:\\FRST\\bin",
"C:\\FRST\\z8Fn3Cz4",
"C:\\FRST",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Caches",
"C:\\Windows\\System32\\catroot",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\Temp1_1338591tmp000.zip\\",
"C:\\Windows\\System32\\catroot2",
"C:\\FRST\\Logs",
"C:\\FRST\\Hives",
"C:\\FRST\\Quarantine",
"C:\\FRST\\b4Ye2Sa8E",
"C:\\FRST\\m3Hu8Ft2L",
"C:\\FRST\\Hives\\cuck"
],
"dll_loaded": [
"C:\\Windows\\system32\\ntshrui.dll",
"ncrypt.dll",
"C:\\Windows\\system32\\pnrpnsp.dll",
"imagehlp.dll",
"kernel32",
"api-ms-win-core-localization-l1-2-1",
"C:\\Windows\\system32\\wshext.dll",
"C:\\Windows\\System32\\mswsock.dll",
"apphelp.dll",
"Crypt32.dll",
"DNSAPI.dll",
"zipfldr.dll",
"kernel32.dll",
"UxTheme.dll",
"Wintrust.dll",
"C:\\Windows\\system32\\ole32.dll",
"dwmapi.dll",
"ntdll.dll",
"C:\\Windows\\system32\\napinsp.dll",
"api-ms-win-core-synch-l1-2-0",
"ntmarta.dll",
"bcrypt.dll",
"API-MS-WIN-Service-Management-L1-1-0.dll",
"C:\\Windows\\system32\\MSCTF.dll",
"PROPSYS.dll",
"C:\\Windows\\system32\\kernel32.dll",
"MSISIP.DLL",
"Advapi32.dll",
"API-MS-Win-Core-LocalRegistry-L1-1-0.dll",
"DHCPCSVC.DLL",
"RASMAN.DLL",
"advapi32.dll",
"comctl32",
"ole32.dll",
"USERENV.dll",
"CRYPTSP.dll",
"USER32.dll",
"IMM32.dll",
"API-MS-Win-Security-SDDL-L1-1-0.dll",
"API-MS-WIN-Service-winsvc-L1-1-0.dll",
"wintrust.dll",
"rtutils.dll",
"IPHLPAPI.DLL",
"wininet.dll",
"C:\\Windows\\system32\\CRYPT32.dll",
"RASAPI32.dll",
"OLEAUT32.dll",
"netutils.dll",
"SHELL32.dll",
"C:\\Windows\\system32\\winshfhc.dll",
"C:\\Windows\\System32\\winrnr.dll",
"comctl32.dll",
"C:\\Windows\\system32\\oleaut32.dll",
"C:\\Windows\\system32\\user32.dll",
"C:\\Windows\\system32\\shell32.dll",
"C:\\FRST\\bin\\sqlite3_x64.dll",
"C:\\Program Files\\Windows Defender\\MPCLIENT.DLL",
"SXS.DLL",
"api-ms-win-core-fibers-l1-1-1",
"WINTRUST.DLL",
"C:\\Windows\\system32\\bcryptprimitives.dll",
"ADVAPI32.dll",
"advapi32",
"SETUPAPI.dll",
"WS2_32.dll",
"userenv.dll"
],
"file_opened": [
"",
"C:\\Windows\\SysWOW64\\es.dll",
"C:\\Windows\\System32\\wdc.dll",
"C:\\Windows\\System32\\drivers\\amdk8.sys",
"C:\\Program Files\\Windows Media Player\\wmpnetwk.exe",
"C:\\Windows\\System32\\svchost.exe",
"C:\\Windows\\System32\\catroot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\Microsoft-Windows-MediaPlayer-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat",
"C:\\FRST\\",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Media Center\\RegisterSearch",
"C:\\Windows\\System32\\certprop.dll",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\",
"C:\\Windows\\SysWOW64\\winrnr.dll",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\",
"C:\\Windows\\ehome\\ehrec.exe",
"C:\\Windows\\SysWOW64\\iedkcs32.dll",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Media Center\\MediaCenterRecoveryTask",
"C:\\Windows\\System32\\BioCredProv.dll",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\DiskDiagnostic\\Microsoft-Windows-DiskDiagnosticResolver",
"C:\\Windows\\System32\\drivers\\blbdrive.sys",
"C:\\Windows\\SysWOW64\\dllhost.exe",
"C:\\Windows\\System32\\clfs.sys",
"C:\\Program Files\\Windows Sidebar\\",
"C:\\Windows\\System32\\en-US\\KERNELBASE.dll.mui",
"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\",
"C:\\FRST\\m3Hu8Ft2L\\ntuser.dat.LOG1",
"C:\\FRST\\m3Hu8Ft2L\\ntuser.dat.LOG2",
"C:\\Windows\\System32\\drivers\\hidir.sys",
"C:\\Windows\\System32\\catroot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\Microsoft-Windows-Tuner-Drivers-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat",
"C:\\Windows\\Globalization\\Sorting\\sortdefault.nls",
"C:\\Windows\\System32\\polstore.dll",
"C:\\Windows\\System32\\drivers\\asyncmac.sys",
"C:\\Windows\\System32\\KMSVC.DLL",
"C:\\Windows\\System32\\ieframe.dll",
"C:\\Windows\\System32\\drivers\\flpydisk.sys",
"C:\\Windows\\System32\\catroot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\Microsoft-Windows-ICM-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Active Directory Rights Management Services Client\\AD RMS Rights Policy Template Management (Manual)",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\",
"C:\\Users\\cuck\\AppData\\Roaming\\Media Center Programs\\",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\MobilePC\\HotStart",
"C:\\Windows\\System32\\FDResPub.dll",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\MUI\\LPRemove",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\default\\",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\temporary\\",
"C:\\Windows\\System32\\drivers\\circlass.sys",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Media Center\\ConfigureInternetTimeService",
"C:\\Windows\\System32\\drivers\\CompositeBus.sys",
"C:\\Users\\cuck\\AppData\\Local",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\AppID\\VerifiedPublisherCertStoreCheck",
"C:\\Windows\\System32\\gpprefcl.dll",
"C:\\Windows\\System32\\drivers\\fdc.sys",
"C:\\Windows\\SysWOW64\\dhcpcore.dll",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\SystemRestore\\SR",
"C:\\Windows\\System32\\drivers\\bthmodem.sys",
"C:\\Windows\\System32\\drivers\\compbatt.sys",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Extensions\\",
"C:\\Windows\\System32\\RacEngn.dll",
"C:\\Windows\\System32\\itss.dll",
"C:\\Windows\\SysWOW64\\userinit.exe",
"C:\\Windows\\System32\\catroot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\Microsoft-Windows-MobilePC-Client-Sensors-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\1338591tmp000.zip",
"C:\\Windows\\System32\\wevtsvc.dll",
"C:\\Program Files (x86)\\mozilla firefox\\",
"C:\\Windows\\System32\\iedkcs32.dll",
"C:\\Windows\\System32\\stdole2.tlb",
"D:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\",
"C:\\Users\\cuck\\AppData\\",
"C:\\Windows\\System32\\urlmon.dll",
"C:\\Windows\\System32\\drivers\\filetrace.sys",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows Defender\\MpIdleTask",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Media Center\\PBDADiscoveryW2",
"C:\\Windows\\System32\\ras\\",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Media Center\\PBDADiscovery",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Location\\Notifications",
"C:\\Windows\\System32\\inetpp.dll",
"C:\\Windows\\System32\\rasmbmgr.dll",
"C:\\Windows\\SysWOW64\\mswsock.dll",
"C:\\Windows\\System32\\drivers\\BrUsbSer.sys",
"C:\\Windows\\System32\\rasplap.dll",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CRLs\\",
"C:\\Windows\\System32\\drivers\\BrFiltUp.sys",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\NetTrace\\GatherNetworkInfo",
"C:\\Windows\\System32\\mshtml.dll",
"C:\\Windows\\System32\\dhcpcore.dll",
"C:\\Windows\\ehome\\ehrecvr.exe",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Application Experience\\AitAgent",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Media Center\\PeriodicScanRetry",
"C:\\Windows\\System32\\drivers\\HpSAMD.sys",
"C:\\Users\\cuck\\AppData\\Roaming\\Identities\\{183045C5-6B41-4C94-A7FA-BE70B5E7A9D3}\\",
"C:\\Windows\\System32\\drivers\\E1G6032E.sys",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\permissions.sqlite",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\",
"C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\",
"C:\\Windows\\System32\\TsUsbRedirectionGroupPolicyExtension.dll",
"C:\\Windows\\System32\\dwm.exe",
"C:\\Windows\\System32\\drivers\\fltMgr.sys",
"C:\\Windows\\System32\\rpcss.dll",
"C:\\Windows\\System32\\catroot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\Microsoft-Windows-Gadget-Platform-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat",
"C:\\Program Files (x86)\\mozilla firefox\\defaults\\pref\\channel-prefs.js",
"C:\\Windows\\System32\\raserver.exe",
"C:\\Windows\\SysWOW64\\ie4uinit.exe",
"\\\\?\\PIPE\\srvsvc",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows Defender\\MP Scheduled Scan",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\winsock",
"C:\\Windows\\System32\\drivers\\ipfltdrv.sys",
"C:\\Windows\\System32\\drivers\\hwpolicy.sys",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Multimedia\\SystemSoundsService",
"C:\\FRST\\z8Fn3Cz4",
"C:\\Windows\\System32\\bthserv.dll",
"C:\\FRST\\z8Fn3Cz4\\SYSTEM{016888cd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms",
"C:\\Program Files\\Windows Mail\\",
"C:\\Windows\\System32\\iphlpsvc.dll",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Ras\\MobilityManager",
"C:\\Program Files\\Windows Media Player\\",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\hndlr0",
"C:\\Users\\cuck\\AppData",
"C:\\Windows\\SysWOW64\\",
"C:\\Windows\\System32\\drivers\\iaStorV.sys",
"C:\\Windows\\System32\\cmd.exe",
"C:\\Windows\\ehome\\mcupdate.exe",
"C:\\Windows\\SysWOW64\\inetcomm.dll",
"C:\\Windows\\System32\\drivers\\dmvsc.sys",
"C:\\Windows\\System32\\catroot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\Microsoft-Windows-InternetExplorer-Package~31bf3856ad364e35~amd64~~8.0.7601.17514.cat",
"C:\\Windows\\System32\\catroot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\Microsoft-Windows-MediaCenter-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat",
"C:\\Windows\\System32\\drivers\\adpu320.sys",
"D:\\Users\\cuck\\",
"C:\\Windows\\System32\\AuxiliaryDisplayServices.dll",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Task Manager\\Interactive",
"C:\\Windows\\System32\\MsCtfMonitor.dll",
"C:\\Windows\\System32\\drivers\\cdrom.sys",
"C:\\Windows\\SysWOW64\\NapiNSP.dll",
"C:\\Windows\\System32\\lpremove.exe",
"C:\\Users\\cuck\\AppData\\Local\\",
"C:\\Windows\\System32\\AxInstSv.dll",
"C:\\Program Files\\Windows Sidebar\\sidebar.exe",
"C:\\Windows\\SysWOW64\\mscories.dll",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\SideShow\\SystemDataProviders",
"C:\\Windows\\AppPatch\\AppPatch64\\sysmain.sdb",
"C:\\Windows\\SysWOW64\\provsvc.dll",
"C:\\Windows\\System32\\cscobj.dll",
"C:\\Windows\\System32\\Defrag.exe",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Registry\\RegIdleBackup",
"C:\\Windows\\Tasks\\",
"C:\\Windows\\System32\\catroot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\Microsoft-Hyper-V-Guest-Integration-Drivers-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat",
"C:\\Windows\\System32\\unregmp2.exe",
"C:\\Windows\\System32\\drivers\\adp94xx.sys",
"C:\\Windows\\System32\\catroot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\Microsoft-Windows-Shell-HomeGroup-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat",
"C:\\Windows\\System32\\drivers\\iirsp.sys",
"C:\\Windows\\System32\\userinit.exe",
"C:\\Windows\\System32\\drivers\\hdaudbus.sys",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\",
"C:\\",
"C:\\Windows\\System32\\mscoree.dll",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\UPnP\\UPnPHostConfig",
"C:\\Windows\\System32\\bdesvc.dll",
"C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorsvw.exe",
"C:\\Windows\\System32\\wpcmig.dll",
"C:\\Windows\\System32\\auditcse.dll",
"C:\\Windows\\System32\\drivers\\FsDepends.sys",
"C:\\Windows\\System32\\kernelceip.dll",
"C:\\Windows\\System32\\wbem\\wbemdisp.tlb",
"C:\\FRST\\z8Fn3Cz4\\SYSTEM{016888cd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms",
"C:\\Windows\\System32\\conhost.exe",
"C:\\Windows\\System32\\appidpolicyconverter.exe",
"C:\\FRST\\m3Hu8Ft2L\\",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Media Center\\RecordingRestart",
"C:\\FRST\\z8Fn3Cz4\\",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Maintenance\\WinSAT",
"C:\\Windows\\System32\\drivers\\fastfat.sys",
"C:\\Windows\\System32\\msdrm.dll",
"C:\\Windows\\System32\\NapiNSP.dll",
"C:\\Windows\\System32\\drivers\\hcw85cir.sys",
"C:\\Windows\\System32\\inetcomm.dll",
"C:\\Windows\\System32\\drivers\\cng.sys",
"C:\\Program Files\\Windows Defender\\MsMpLics.dll",
"C:\\Windows\\System32\\mscories.dll",
"C:\\Windows\\ehome\\ehPrivJob.exe",
"C:\\FRST\\Logs\\",
"C:\\Windows\\System32\\GroupPolicyUsers\\",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\RAC\\RacTask",
"C:\\Windows\\SysWOW64\\unregmp2.exe",
"C:\\Windows\\System32\\catroot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\nt5.cat",
"C:\\Users\\cuck\\",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\",
"C:\\Windows\\System32\\drivers\\HdAudio.sys",
"C:\\Windows\\System32\\smss.exe",
"C:\\Windows\\System32\\catroot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\Microsoft-Windows-Client-Drivers-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat",
"C:\\Windows\\System32\\SmartcardCredentialProvider.dll",
"C:\\Windows\\SysWOW64\\cryptsvc.dll",
"C:\\Windows\\System32\\drivers\\CmBatt.sys",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\aut5F4A.tmp",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\WindowsBackup\\ConfigNotification",
"C:\\Windows\\SysWOW64\\explorer.exe",
"C:\\Windows\\System32\\catroot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\Microsoft-Windows-GroupPolicy-ClientExtensions-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat",
"C:\\Windows\\System32\\sdiagschd.dll",
"C:\\Windows\\System32\\catroot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\ntexe.cat",
"C:\\Windows\\System32\\drivers\\afd.sys",
"C:\\Windows\\System32\\drivers\\drmkaud.sys",
"C:\\Windows\\System32\\appidsvc.dll",
"C:\\Python27\\python.exe",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Media Center\\ObjectStoreRecoveryTask",
"C:\\Windows\\System32\\es.dll",
"C:\\Windows\\System32\\wlgpclnt.dll",
"C:\\Windows\\System32\\alg.exe",
"C:\\Windows\\System32\\catroot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\Microsoft-Windows-Disk-Diagnosis-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Media Center\\PvrScheduleTask",
"C:\\Windows\\System32\\drivers\\disk.sys",
"C:\\Windows\\System32\\drivers\\BrFiltLo.sys",
"C:\\Windows\\System32\\lsass.exe",
"C:\\Windows\\System32\\ntshrui.dll",
"C:\\Windows\\System32\\usbceip.dll",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\CertificateServicesClient\\UserTask-Roam",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\Temp1_1338591tmp000.zip\\install.rdf",
"C:\\Windows\\System32\\drivers\\amdsbs.sys",
"C:\\Windows\\System32\\lsm.exe",
"C:\\Windows\\System32\\catroot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\Microsoft-Windows-WMPNetworkSharingService-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Media Center\\UpdateRecordPath",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Autochk\\Proxy",
"C:\\Windows\\System32\\drivers\\appid.sys",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Caches\\cversions.1.db",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Offline Files\\Background Synchronization",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\saved-telemetry-pings\\",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\DiskDiagnostic\\Microsoft-Windows-DiskDiagnosticDataCollector",
"C:\\Windows\\System32\\wbem\\en-US\\wmiutils.dll.mui",
"C:\\Windows\\System32\\gpsvc.dll",
"C:\\Windows\\System32\\catroot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\Microsoft-Windows-Backup-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\minidumps\\",
"C:\\Windows\\System32\\services.exe",
"C:\\Windows\\System32\\dot3svc.dll",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\2918063365piupsah.files\\",
"C:\\Windows\\System32\\fdPHost.dll",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Media Center\\PvrRecoveryTask",
"C:\\Windows\\System32\\catroot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\Microsoft-Windows-MobilePC-Client-SideShow-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat",
"C:\\Windows\\System32\\drivers\\BrSerWdm.sys",
"C:\\Windows\\System32\\drivers\\beep.sys",
"C:\\Users\\cuck",
"C:\\Windows\\System32\\DFDWiz.exe",
"C:\\Windows\\System32\\drivers\\dxgkrnl.sys",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\prefs.js",
"C:\\Windows\\System32\\catroot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\Microsoft-Windows-PeerToPeer-Full-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat",
"C:\\Windows\\System32\\LocationNotifications.exe",
"C:\\Windows\\System32\\FXSSVC.exe",
"C:\\Windows\\System32\\gpprnext.dll",
"C:\\Windows\\System32\\catroot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat",
"C:\\Windows\\System32\\drivers\\intelppm.sys",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\WDI\\ResolutionHost",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Media Center\\ehDRMInit",
"C:\\Windows\\System32\\IKEEXT.DLL",
"C:\\Windows\\System32\\wpcumi.dll",
"C:\\Windows\\System32\\catroot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\Microsoft-Windows-Common-Drivers-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat",
"C:\\Windows\\System32\\drivers\\csc.sys",
"C:\\Windows\\System32\\drivers\\i8042prt.sys",
"C:\\Windows\\System32\\gatherNetworkInfo.vbs",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\profiles.ini",
"C:\\Program Files\\Windows Media Player\\wmpnscfg.exe",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\",
"C:\\Windows\\System32\\ipbusenum.dll",
"C:\\Windows\\System32\\winlogon.exe",
"C:\\Windows\\System32\\wbem\\",
"C:\\Windows\\System32\\catroot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\Microsoft-Windows-Common-Modem-Drivers-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat",
"C:\\FRST\\m3Hu8Ft2L\\NTUSER.DAT",
"C:\\Windows\\System32\\drivers\\fvevol.sys",
"C:\\Windows\\Microsoft.NET\\Framework64\\v3.0\\Windows Communication Foundation\\infocard.exe",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Media Center\\ReindexSearchRoot",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\1657114595AmcateirvtiSty.files\\",
"C:\\Windows\\Microsoft.Net\\Framework64\\v3.0\\WPF\\",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Customer Experience Improvement Program\\Consolidator",
"C:\\Windows\\System32\\catroot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\Microsoft-Windows-SecureStartup-Basic-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat",
"C:\\Windows\\System32\\drivers\\hidusb.sys",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\CertificateServicesClient\\SystemTask",
"C:\\Windows\\System32\\win32spl.dll",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\AppID\\PolicyConverter",
"C:\\Windows\\System32\\",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Windows Error Reporting\\QueueReporting",
"C:\\Users\\cuck\\AppData\\Roaming\\Identities\\",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Pending Pings\\",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\PerfTrack\\BackgroundConfigSurveyor",
"C:\\Windows\\System32\\drivers\\amdxata.sys",
"C:\\Windows\\System32\\regidle.dll",
"C:\\FRST\\users00",
"C:\\Windows\\System32\\scecli.dll",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\default\\moz-safe-about+home\\idb\\3312185054sbndi_pspte.files\\",
"C:\\Windows\\System32\\nlaapi.dll",
"C:\\Windows\\System32\\wininit.exe",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\",
"C:\\Windows\\System32\\aelupsvc.dll",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\Certificates\\",
"C:\\Windows\\System32\\BFE.DLL",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\",
"C:\\Windows\\explorer.exe",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\MemoryDiagnostic\\CorruptionDetector",
"c:\\program files\\windows defender\\",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Application Experience\\ProgramDataUpdater",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Power Efficiency Diagnostics\\AnalyzeSystem",
"C:\\Windows\\System32\\drivers\\atapi.sys",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Media Center\\SqlLiteRecoveryTask",
"C:\\Windows\\System32\\audiosrv.dll",
"C:\\Program Files\\Windows Mail\\WinMail.exe",
"C:\\Windows\\System32\\drivers\\fileinfo.sys",
"C:\\Windows\\System32\\drivers\\dfsc.sys",
"C:\\Windows\\System32\\catroot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\Microsoft-Windows-ParentalControls-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat",
"C:\\Windows\\System32\\catroot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\Microsoft-Windows-MobilePC-Client-Basic-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\crashes\\",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\sessionstore-backups\\",
"C:\\Windows\\System32\\srchadmin.dll",
"C:\\Windows\\System32\\cscsvc.dll",
"C:\\Windows\\System32\\aitagent.exe",
"C:\\Windows\\System32\\appidcertstorecheck.exe",
"C:\\Windows\\System32\\provsvc.dll",
"C:\\Windows\\System32\\catroot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\Microsoft-Windows-SearchEngine-Client-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Customer Experience Improvement Program\\KernelCeipTask",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\WindowsColorSystem\\Calibration Loader",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\default\\about+newtab\\idb\\",
"C:\\Windows\\System32\\gpscript.dll",
"C:\\Windows\\System32\\appmgmts.dll",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\SystemExtensionsDev\\",
"C:\\Windows\\Microsoft.Net\\Framework64\\v3.0\\WPF\\PresentationFontCache.exe",
"C:\\Windows\\System32\\drivers\\b57nd60a.sys",
"C:\\Windows\\System32\\wdi.dll",
"C:\\Program Files (x86)\\Windows Mail\\",
"C:\\Program Files (x86)\\Windows Mail\\WinMail.exe",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Windows Filtering Platform\\BfeOnServiceStartTypeChange",
"C:\\Program Files (x86)\\mozilla firefox\\browser\\",
"C:\\Windows\\SysWOW64\\urlmon.dll",
"C:\\Windows\\SysWOW64\\itss.dll",
"C:\\Windows\\System32\\drivers\\acpi.sys",
"C:\\Windows\\System32\\catroot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\ntph.cat",
"C:\\Users\\Default User\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\",
"C:\\Windows\\System32\\wbem\\WmiPrvSE.exe",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\SideShow\\AutoWake",
"C:\\Windows\\SysWOW64\\hidserv.dll",
"C:\\Windows\\System32\\catroot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\Microsoft-Windows-RemoteAssistance-Package-Client~31bf3856ad364e35~amd64~~6.1.7601.17514.cat",
"C:\\Windows\\System32\\drivers\\hidbth.sys",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\8bea8c84332f5eaf85be32a3d67134efc603314efc297afe87b72d47bc03b79c.bin",
"C:\\Windows\\System32\\VaultCredProvider.dll",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\default\\about+newtab\\idb\\3312185054sbndi_pspte.files\\",
"C:\\Windows\\System32\\audiodg.exe",
"C:\\Windows\\System32\\SearchIndexer.exe",
"C:\\Windows\\System32\\dllhost.exe",
"C:\\Windows\\System32\\drivers\\bowser.sys",
"C:\\Windows\\System32\\drivers\\BrSerId.sys",
"C:\\Python27\\Scripts\\",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\RemoteAssistance\\RemoteAssistanceTask",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\gmp\\",
"C:\\Users\\",
"C:\\Windows\\System32\\drivers\\cdfs.sys",
"C:\\Windows\\System32\\pnrpnsp.dll",
"C:\\Users",
"C:\\Program Files\\Windows Defender\\",
"C:\\Windows\\System32\\drivers\\amdppm.sys",
"C:\\FRST",
"C:\\Windows\\System32\\fdeploy.dll",
"C:\\Windows\\System32\\hidserv.dll",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\bookmarkbackups\\",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\",
"C:\\Windows\\System32\\drivers\\etc\\hosts",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Shell\\WindowsParentalControls",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\SideShow\\SessionAgent",
"C:\\FRST\\bin\\sqlite3_x64.dll",
"C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Diagnosis\\Scheduled",
"C:\\FRST\\Hives\\",
"C:\\Windows\\System32\\catroot",
"C:\\Windows\\System32\\catroot2",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Time Synchronization\\SynchronizeTime",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Windows Media Sharing\\UpdateLibrary",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000004.db",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Defrag\\ScheduledDefrag",
"C:\\Windows\\System32\\rundll32.exe",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Media Center\\DispatchRecoveryTasks",
"C:\\Windows\\System32\\dnsrslvr.dll",
"C:\\Windows\\System32\\ListSvc.dll",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\extensions\\",
"C:\\Windows\\System32\\eapsvc.dll",
"C:\\Windows\\System32\\WinSATAPI.dll",
"C:\\FRST\\m3Hu8Ft2L",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Offline Files\\Logon Synchronization",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\",
"C:\\FRST\\bin\\",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Customer Experience Improvement Program\\UsbCeip",
"C:\\Program Files\\Windows Defender\\MpOAV.dll",
"C:\\Windows\\System32\\SearchProtocolHost.exe",
"C:\\Windows\\System32\\ie4uinit.exe",
"C:\\Windows\\System32\\MSVidCtl.dll",
"C:\\Windows\\System32\\drivers\\arcsas.sys",
"C:\\Windows\\System32\\dskquota.dll",
"C:\\Windows\\System32\\drivers\\amdide.sys",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Media Center\\PBDADiscoveryW1",
"C:\\Windows\\System32\\browser.dll",
"C:\\Windows\\System32\\mscms.dll",
"C:\\Windows\\System32\\powercfg.exe",
"C:\\Windows\\System32\\winrnr.dll",
"C:\\Windows\\System32\\taskhost.exe",
"C:\\Windows\\System32\\drivers\\intelide.sys",
"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorsvw.exe",
"C:\\Windows\\System32\\BthUdTask.exe",
"C:\\Windows\\System32\\dps.dll",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Bluetooth\\UninstallDeviceTask",
"C:\\Windows\\SysWOW64\\MSVidCtl.dll",
"C:\\Windows\\System32\\drivers\\hidbatt.sys",
"C:\\Program Files (x86)\\mozilla firefox\\defaults\\pref\\",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\TextServicesFramework\\MsCtfMonitor",
"C:\\Windows\\System32\\catroot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\Microsoft-Windows-Client-Features-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat",
"C:\\Windows\\System32\\drivers\\errdev.sys",
"C:\\Program Files\\",
"C:\\Users\\cuck\\AppData\\Local\\Temp",
"C:\\Windows\\ehome\\",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\MemoryDiagnostic\\DecompressionFailureDetector",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\default\\moz-safe-about+home\\idb\\",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Media Center\\OCURActivate",
"C:\\Windows\\System32\\cryptsvc.dll",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\install1338591",
"C:\\Windows\\SysWOW64\\mscoree.dll",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\CertificateServicesClient\\UserTask",
"C:\\FRST\\m3Hu8Ft2L\\UsrClass.dat.LOG1",
"C:\\FRST\\m3Hu8Ft2L\\UsrClass.dat.LOG2",
"C:\\Windows\\System32\\drivers\\discache.sys",
"C:\\Windows\\System32\\perftrack.dll",
"C:\\Windows\\SysWOW64\\ieframe.dll",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\3561288849sdhlie.files\\",
"C:\\Windows\\System32\\mswsock.dll",
"C:\\Windows\\System32\\catroot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\Microsoft-Windows-RemoteFX-RemoteClient-Setup-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat",
"C:\\Windows\\System32\\authui.dll",
"C:\\Windows\\System32\\drivers\\aliide.sys",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Tcpip\\IpAddressConflict1",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Tcpip\\IpAddressConflict2",
"C:\\Windows\\System32\\drivers\\evbda.sys",
"C:\\Windows\\Microsoft.NET\\Framework64\\v3.0\\Windows Communication Foundation\\",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\events\\",
"C:\\Users\\cuck\\AppData\\Roaming\\",
"C:\\Windows\\System32\\defragsvc.dll",
"C:\\Windows\\System32\\wermgr.exe",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\archived\\2018-06\\",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Active Directory Rights Management Services Client\\AD RMS Rights Policy Template Management (Automated)",
"C:\\Windows\\System32\\dimsjob.dll",
"C:\\Windows\\System32\\catroot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\ntpe.cat",
"C:\\Windows\\SysWOW64\\appmgmts.dll",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\archived\\",
"C:\\Windows\\SysWOW64\\mshtml.dll",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Media Center\\OCURDiscovery",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\gmp\\WINNT_x86-msvc\\",
"C:\\Windows\\System32\\FntCache.dll",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Media Center\\ActivateWindowsSearch",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Media Center\\mcupdate",
"C:\\Windows\\System32\\drivers\\acpipmi.sys",
"C:\\Windows\\System32\\mctadmin.exe",
"C:\\Windows\\System32\\SearchFilterHost.exe",
"C:\\Windows\\System32\\drivers\\adpahci.sys",
"C:\\FRST\\Hives\\cuck\\",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Media Center\\InstallPlayReady",
"C:\\Windows\\System32\\drivers\\arc.sys",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\User Profile Service\\HiveUploadTask",
"C:\\Windows\\System32\\drivers\\elxstor.sys",
"C:\\Windows\\System32\\VSSVC.exe",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\default\\moz-safe-about+home\\",
"C:\\Python27\\",
"C:\\Windows\\System32\\certCredProvider.dll",
"C:\\FRST\\z8Fn3Cz4\\SYSTEM{016888cd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf",
"\\Device\\NamedPipe\\",
"C:\\Windows\\System32\\qmgr.dll",
"C:\\Windows\\System32\\drivers\\cmdide.sys",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\reg101",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Shell\\WindowsParentalControlsMigration",
"D:\\Windows\\System32\\config\\",
"C:\\Windows\\System32\\drivers\\GAGP30KX.SYS",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\crashes\\events\\",
"C:\\Windows\\SysWOW64\\pnrpnsp.dll",
"C:\\Windows\\ehome\\ehsched.exe",
"C:\\Windows\\System32\\csrss.exe",
"c:\\program files\\windows defender\\MpCmdRun.exe",
"C:\\Windows\\System32\\drivers\\1394ohci.sys",
"C:\\Windows\\System32\\dot3gpclnt.dll",
"C:\\Windows\\SysWOW64\\nlaapi.dll",
"C:\\Windows\\SysWOW64\\GroupPolicyUsers\\",
"C:\\Windows\\System32\\HotStartUserAgent.dll",
"C:\\Users\\desktop.ini",
"C:\\Windows\\System32\\drivers\\amdsata.sys",
"C:\\Windows\\System32\\drivers\\fs_rec.sys",
"C:\\Windows\\System32\\gptext.dll",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\SideShow\\GadgetManager",
"C:\\Windows\\System32\\drivers\\bxvbda.sys",
"C:\\Windows\\SysWOW64\\drivers\\",
"C:\\Windows\\System32\\drivers\\crcdisk.sys",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\",
"C:\\Windows\\System32\\drivers\\BrUsbMdm.sys",
"C:\\Windows\\System32\\drivers\\battc.sys",
"C:\\Windows\\System32\\catroot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\Microsoft-Windows-OfflineFiles-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat",
"C:\\Windows\\System32\\catroot2\\",
"C:\\Windows\\System32\\spoolsv.exe",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CTLs\\",
"C:\\Windows\\System32\\sdclt.exe",
"C:\\Windows\\System32\\cscui.dll",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\default\\about+newtab\\",
"C:\\Windows\\",
"C:\\Windows\\System32\\drivers\\http.sys",
"C:\\Windows\\System32\\drivers\\",
"C:\\Windows\\System32\\appinfo.dll",
"C:\\FRST\\b4Ye2Sa8E",
"C:\\Windows\\System32\\memdiag.dll",
"C:\\Windows\\System32\\catroot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\Microsoft-Windows-Printing-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat",
"C:\\Windows\\System32\\drivers\\AGP440.sys",
"C:\\Windows\\System32\\wsqmcons.exe",
"C:\\Windows\\System32\\catroot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\Microsoft-Windows-Client-Wired-Network-Drivers-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\FRST.txt",
"C:\\Windows\\System32\\drivers\\exfat.sys",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\SoftwareProtectionPlatform\\SvcRestartTask",
"C:\\Windows\\System32\\PlaySndSrv.dll"
],
"file_copied": [
[
"D:\\Windows\\System32\\config\\SAM",
"C:\\FRST\\m3Hu8Ft2L\\SAM"
],
[
"D:\\Windows\\System32\\config\\SECURITY.LOG1",
"C:\\FRST\\m3Hu8Ft2L\\SECURITY.LOG1"
],
[
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\extensions\\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\1338591tmp000.zip"
],
[
"D:\\Windows\\System32\\config\\SECURITY.LOG",
"C:\\FRST\\m3Hu8Ft2L\\SECURITY.LOG"
],
[
"D:\\Windows\\System32\\config\\SAM.LOG1",
"C:\\FRST\\m3Hu8Ft2L\\SAM.LOG1"
],
[
"C:\\FRST\\m3Hu8Ft2L\\SAM",
"C:\\FRST\\Hives\\SAM"
],
[
"C:\\FRST\\m3Hu8Ft2L\\NTUSER.DAT",
"C:\\FRST\\Hives\\cuck\\NTUSER.DAT"
],
[
"C:\\FRST\\m3Hu8Ft2L\\SYSTEM",
"C:\\FRST\\Hives\\SYSTEM"
],
[
"D:\\Windows\\System32\\config\\SYSTEM.LOG",
"C:\\FRST\\z8Fn3Cz4\\SYSTEM.LOG"
],
[
"D:\\Users\\cuck\\ntuser.dat.LOG2",
"C:\\FRST\\m3Hu8Ft2L\\ntuser.dat.LOG2"
],
[
"D:\\Windows\\System32\\config\\SYSTEM",
"C:\\FRST\\m3Hu8Ft2L\\SYSTEM"
],
[
"C:\\FRST\\m3Hu8Ft2L\\SECURITY",
"C:\\FRST\\Hives\\SECURITY"
],
[
"D:\\Users\\cuck\\NTUSER.DAT",
"C:\\FRST\\m3Hu8Ft2L\\NTUSER.DAT"
],
[
"D:\\Windows\\System32\\config\\DEFAULT.LOG",
"C:\\FRST\\m3Hu8Ft2L\\DEFAULT.LOG"
],
[
"C:\\FRST\\m3Hu8Ft2L\\SOFTWARE",
"C:\\FRST\\Hives\\SOFTWARE"
],
[
"D:\\Windows\\System32\\config\\SOFTWARE.LOG",
"C:\\FRST\\m3Hu8Ft2L\\SOFTWARE.LOG"
],
[
"D:\\Windows\\System32\\config\\SYSTEM.LOG2",
"C:\\FRST\\z8Fn3Cz4\\SYSTEM.LOG2"
],
[
"D:\\Windows\\System32\\config\\SYSTEM",
"C:\\FRST\\z8Fn3Cz4\\SYSTEM"
],
[
"D:\\Windows\\System32\\config\\SECURITY.LOG2",
"C:\\FRST\\m3Hu8Ft2L\\SECURITY.LOG2"
],
[
"D:\\Windows\\System32\\config\\SOFTWARE",
"C:\\FRST\\m3Hu8Ft2L\\SOFTWARE"
],
[
"D:\\Windows\\System32\\config\\DEFAULT.LOG1",
"C:\\FRST\\m3Hu8Ft2L\\DEFAULT.LOG1"
],
[
"D:\\Users\\cuck\\ntuser.dat.LOG1",
"C:\\FRST\\m3Hu8Ft2L\\ntuser.dat.LOG1"
],
[
"D:\\Windows\\System32\\config\\SECURITY",
"C:\\FRST\\m3Hu8Ft2L\\SECURITY"
],
[
"D:\\Windows\\System32\\config\\DEFAULT.LOG2",
"C:\\FRST\\m3Hu8Ft2L\\DEFAULT.LOG2"
],
[
"D:\\Windows\\System32\\config\\SYSTEM.LOG2",
"C:\\FRST\\m3Hu8Ft2L\\SYSTEM.LOG2"
],
[
"D:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\UsrClass.dat.LOG1",
"C:\\FRST\\m3Hu8Ft2L\\UsrClass.dat.LOG1"
],
[
"C:\\FRST\\m3Hu8Ft2L\\UsrClass.dat",
"C:\\FRST\\Hives\\cuck\\UsrClass.dat"
],
[
"D:\\Windows\\System32\\config\\SYSTEM.LOG1",
"C:\\FRST\\z8Fn3Cz4\\SYSTEM.LOG1"
],
[
"D:\\Windows\\System32\\config\\SAM.LOG",
"C:\\FRST\\m3Hu8Ft2L\\SAM.LOG"
],
[
"D:\\Windows\\System32\\config\\SOFTWARE.LOG1",
"C:\\FRST\\m3Hu8Ft2L\\SOFTWARE.LOG1"
],
[
"D:\\Windows\\System32\\config\\DEFAULT",
"C:\\FRST\\m3Hu8Ft2L\\DEFAULT"
],
[
"D:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\UsrClass.dat",
"C:\\FRST\\m3Hu8Ft2L\\UsrClass.dat"
],
[
"D:\\Windows\\System32\\config\\SYSTEM.LOG1",
"C:\\FRST\\m3Hu8Ft2L\\SYSTEM.LOG1"
],
[
"D:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\UsrClass.dat.LOG2",
"C:\\FRST\\m3Hu8Ft2L\\UsrClass.dat.LOG2"
],
[
"D:\\Windows\\System32\\config\\SAM.LOG2",
"C:\\FRST\\m3Hu8Ft2L\\SAM.LOG2"
],
[
"D:\\Windows\\System32\\config\\SYSTEM.LOG",
"C:\\FRST\\m3Hu8Ft2L\\SYSTEM.LOG"
],
[
"D:\\Windows\\System32\\config\\SOFTWARE.LOG2",
"C:\\FRST\\m3Hu8Ft2L\\SOFTWARE.LOG2"
],
[
"C:\\FRST\\m3Hu8Ft2L\\DEFAULT",
"C:\\FRST\\Hives\\DEFAULT"
]
],
"connects_host": [
"download.bleepingcomputer.com"
],
"regkey_opened": [
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\clr_optimization_v2.0.50727_32",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\BTHMODEM",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Disk",
"HKEY_CURRENT_USER\\SOFTWARE\\Policies\\Microsoft\\Internet Explorer",
"HKEY_LOCAL_MACHINE\\Software\\Wow6432Node\\Microsoft\\Internet Explorer\\URLSearchHooks",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\URL\\Prefixes",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\AudioEndpointBuilder\\parameters",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\FileInfo",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\arcsas",
"HKEY_LOCAL_MACHINE\\Software\\Wow6432Node\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags\\InstalledSDB",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_INITIALIZE_URLACTION_SHELLEXECUTE_TO_ALLOW_KB936610",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GPExtensions\\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\agp440",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\vds",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\IKEEXT",
"HKEY_CLASSES_ROOT\\CLSID\\{79eac9e7-baf9-11ce-8c82-00aa004ba90b}\\InprocServer32",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\udfs",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\DPS",
"HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\\InprocServer32",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GPExtensions\\{91FBB303-0CD5-4055-BF42-E512A681B325}",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\ehRecvr",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\App Paths\\fdeploy.dll",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\idsvc",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\FontCache\\parameters",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\rdyboost",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Authentication\\Credential Providers",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\AudioEndpointBuilder",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\SamSs",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\NativeWifiP",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\scfilter",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\WIMMount",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\App Paths\\gpprefcl.dll",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\Dnscache\\parameters",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\rdbss",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\{AEFD33F3-CC73-4821-AD44-6915063E7FB1}",
"HKEY_CLASSES_ROOT\\CLSID\\{05300401-BCBC-11d0-85E3-00C04FD85AB4}\\InprocServer32",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\adp94xx",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\fdPHost",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{CEE64558-E1A7-4D9D-80A7-2001912BE5B5}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\WdiSystemHost",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\BITS",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\amdsbs",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Wd",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\App Paths\\gpscript.dll",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GPExtensions\\",
"HKEY_LOCAL_MACHINE\\Software\\Wow6432Node\\Mozilla\\Firefox",
"HKEY_LOCAL_MACHINE\\Software\\Wow6432Node\\Microsoft\\Active Setup\\Installed Components\\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\TsUsbGD",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries64",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\intelppm",
"HKEY_CLASSES_ROOT\\CLSID\\{12D51199-0DB5-46FE-A120-47A3D7D937CC}\\InprocServer32",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\iphlpsvc",
"HKEY_USERS\\Software\\Classes\\ActivatableClasses\\Package",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\iaStorV",
"HKEY_USERS\\.DEFAULT\\SOFTWARE\\Policies\\Google",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\DPS\\parameters",
"HKEY_LOCAL_MACHINE\\Software\\microsoft\\internet explorer",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries64\\000000000002",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries64\\000000000003",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries64\\000000000004",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries64\\000000000005",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries64\\000000000006",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries64\\000000000007",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries64\\000000000008",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries64\\000000000009",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\lmhosts",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\BattC",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags\\Custom",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\MozillaMaintenance",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\megasas",
"HKEY_CLASSES_ROOT\\CLSID\\{94596c7e-3744-41ce-893e-bbf09122f76a}\\InprocServer32",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\defragsvc\\parameters",
"HKEY_USERS\\.DEFAULT\\SOFTWARE\\Policies\\Mozilla\\Firefox",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{4FDEA3B5-7CDE-48F7-940C-43CDBB18FB20}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\xmlprov",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries64\\000000000001",
"HKEY_USERS\\.DEFAULT\\Software\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppContainer\\Storage",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\BrUsbMdm",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\HidIr",
"HKEY_CLASSES_ROOT\\CLSID\\{B210D694-C8DF-490d-9576-9E20CDBC20BD}\\InprocServer32",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\ServiceModelService 3.0.0.0",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Active Setup\\Installed Components\\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\IPMIDRV",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\HDAudBus",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\UGatherer",
"HKEY_USERS\\.DEFAULT\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\BDESVC\\parameters",
"HKEY_USERS\\.DEFAULT\\Software\\Microsoft\\Internet Explorer\\ContinuousBrowsing",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\clr_optimization_v2.0.50727_64",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\BattC",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\QWAVEdrv",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Npfs",
"HKEY_CLASSES_ROOT\\CLSID\\{1E66F26B-79EE-11D2-8710-00C04F79ED0D}\\InprocServer32",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\b57nd60a",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\RasAuto",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\sppuinotify",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\volmgrx",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\TrustedInstaller",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\Tcpip\\Parameters\\Interfaces\\{EF381EA0-4D07-418D-A490-68AF67CE948B}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\ServiceModelEndpoint 3.0.0.0",
"HKEY_CURRENT_USER\\Environment",
"HKEY_CLASSES_ROOT\\CLSID\\{3050F3B2-98B5-11CF-BB82-00AA00BDCE0B}\\InprocServer32",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\CNG",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\HomeGroupListener\\parameters",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\RemovalTools\\MRT",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GPExtensions\\{6232C319-91AC-4931-9385-E70C2B099F0E}",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\.NET Data Provider for Oracle",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Authentication\\PLAP Providers",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{EB02381F-D652-4B1C-894A-712498C62C51}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Fax",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\RDPCDD",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\LanmanServer",
"HKEY_LOCAL_MACHINE\\Software\\Wow6432Node\\Microsoft\\Active Setup\\Installed Components\\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\App Paths\\inetpp.dll",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\eventlog\\parameters",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{D018DE2F-F02A-4BDB-BA74-56BCD427BE40}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GPExtensions\\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Active Setup\\Installed Components\\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Smb",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{28011108-68DF-4C73-B91B-57427D501BBA}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\s3cap",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\BrSerWdm",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{B0CBAB43-44FC-469B-A4CE-87426761FDCE}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GPExtensions\\{7933F41E-56F8-41d6-A31C-4148A711EE93}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\iirsp",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\hidserv",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Print\\Providers",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\crcdisk",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\secdrv",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\FltMgr",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\FontCache",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\UI0Detect",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Serial",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\crypt32",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Dnscache",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GPExtensions\\{C418DD9D-0D14-4efb-8FBF-CFE535C8FAC7}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\WSearch",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\HidBth",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\CLFS",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\kbdhid",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\.NET Data Provider for Oracle",
"HKEY_CLASSES_ROOT\\CLSID\\{BA677074-762C-444b-94C8-8C83F93F6605}\\localserver32",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Active Setup\\Installed Components\\{3af36230-a269-11d1-b5bf-0000f8051515}",
"HKEY_CURRENT_USER\\SOFTWARE\\Clients\\StartMenuInternet\\shell\\open\\command",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\PolicyAgent",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\AmdK8",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GPExtensions\\{E62688F0-25FD-4c90-BFF5-F508B9D2E31F}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Null",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\Dnscache",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Active Setup\\Installed Components\\{C9E9A340-D1F1-11D0-821E-444553540600}",
"HKEY_CLASSES_ROOT\\CLSID\\{06DA0625-9701-43da-BFD7-FBEEA2180A1E}\\InprocServer32",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EFS",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\wercplsupport",
"HKEY_CLASSES_ROOT\\CLSID\\{c1f85ef8-bcc2-4606-bb39-70c523715eb3}\\InprocServer32",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GPExtensions\\{cdeafc3d-948d-49dd-ab12-e578ba4af7aa}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GPExtensions\\{c6dc5466-785a-11d2-84d0-00c04fb169f7}",
"HKEY_CLASSES_ROOT\\Wow6432Node\\CLSID\\{8f6b0360-b80d-11d0-a9b3-006097942311}\\InprocServer32",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\LanmanWorkstation",
"HKEY_CURRENT_USER\\Software\\AutoIt v3\\AutoIt",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\NetBT",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\SearchScopes",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\adpu320",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\storflt",
"HKEY_CLASSES_ROOT\\CLSID\\{3050F3BC-98B5-11CF-BB82-00AA00BDCE0B}\\InprocServer32",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\EapHost\\parameters",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\App Paths\\appmgmts.dll",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\MsRPC",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\App Paths\\inetpp.dll",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Active Setup\\Installed Components\\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}",
"HKEY_CLASSES_ROOT\\CLSID\\{42060D27-CA53-41f5-96E4-B1E8169308A6}\\InprocServer32",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\HomeGroupListener",
"HKEY_LOCAL_MACHINE\\Software\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\RunOnceEx",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Active Setup\\Installed Components\\{89B4C1CD-B018-4511-B0A1-5476DBF70820}",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\AmdPPM",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\sppsvc",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\HTTP",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\adpahci",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{3307E641-F5EE-49E6-A1FE-BFB5D671441C}",
"HKEY_CLASSES_ROOT\\CLSID\\{190BA3F6-0205-4f46-B589-95C6822899D2}\\InprocServer32",
"HKEY_USERS\\.DEFAULT\\SOFTWARE\\Policies\\Microsoft\\Internet Explorer",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\hwpolicy",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{1F7B7221-AE8F-44F3-BA82-F7D260F51964}",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\gagp30kx",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\SessionEnv",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\COMSysApp\\parameters",
"HKEY_CLASSES_ROOT\\PROTOCOLS\\Filter\\deflate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{17F5B0DE-8DA9-4280-8CB8-91422B9A8CE1}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\ws2ifsl",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\WinHttpAutoProxySvc",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\AudioSrv",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\COMSysApp",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\Fax",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\wcncsvc",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\UmPass",
"HKEY_CLASSES_ROOT\\PROTOCOLS\\Filter\\application\/x-complus",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\mrxsmb20",
"HKEY_LOCAL_MACHINE\\Software\\Wow6432Node\\Microsoft\\Active Setup\\Installed Components\\{630b1da0-b465-11d1-9948-00c04f98bbc9}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\WinSock2",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\iScsiPrt",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_PROTOCOL_LOCKDOWN",
"HKEY_CLASSES_ROOT\\Wow6432Node\\CLSID\\{05300401-BCBC-11d0-85E3-00C04FD85AB4}\\InprocServer32",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GPExtensions\\{7150F9BF-48AD-4da4-A49C-29EF4A8369BA}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters\\PersistentRoutes",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\CryptSvc",
"HKEY_USERS\\.DEFAULT\\Software\\Mozilla",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\PropertySystem\\PropertyHandlers\\.",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\policies\\Explorer\\Run",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\wuauserv",
"HKEY_CLASSES_ROOT\\CLSID\\{2781761E-28E0-4109-99FE-B9D127C57AFE}\\Hosts\\SHDOCVW\\8bea8c84332f5eaf85be32a3d67134efc603314efc297afe87b72d47bc03b79c.bin",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Lsa",
"HKEY_CURRENT_USER\\Control Panel\\Desktop",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\AppIDSvc",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\DcomLaunch",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GPExtensions\\{42B5FAAE-6536-11d2-AE5A-0000F87571E3}",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\AudioEndpointBuilder",
"HKEY_CLASSES_ROOT\\Wow6432Node\\CLSID\\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.exe",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Processor",
"HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Run",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\App Paths\\BthUdTask.exe",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\arcsas",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\BTHMODEM",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Wlansvc",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\CertPropSvc\\parameters",
"HKEY_CLASSES_ROOT\\CLSID\\{58fb76b9-ac85-4e55-ac04-427593b1d060}\\InprocServer32",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries",
"HKEY_CLASSES_ROOT\\Wow6432Node\\CLSID\\{79eac9e5-baf9-11ce-8c82-00aa004ba90b}\\InprocServer32",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\LSI_SAS",
"HKEY_CLASSES_ROOT\\Wow6432Node\\CLSID\\{9D148291-B9C8-11D0-A4CC-0000F80149F6}\\InprocServer32",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\HidBatt",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{09F06BFE-A3C8-40E3-846A-6E6F4000C238}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\App Paths\\wlgpclnt.dll",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\ServiceModelOperation 3.0.0.0",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GPExtensions\\{FB2CA36D-0B40-4307-821B-A13B252DE56C}",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\hidserv\\parameters",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Active Setup\\Installed Components\\{89820200-ECBD-11cf-8B85-00AA005B4383}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\isapnp",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GPExtensions\\{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\volsnap",
"HKEY_LOCAL_MACHINE\\Software\\Wow6432Node\\Microsoft\\Active Setup\\Installed Components\\{7C028AF8-F614-47B3-82DA-BA94E41B1089}",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\flpydisk",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\ldap",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\E1G60",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\netprofm",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Session Manager",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\sffp_sd",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\usbprint",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\RasAgileVpn",
"HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows NT\\SystemRestore",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\flpydisk",
"HKEY_CLASSES_ROOT\\PROTOCOLS\\Handler\\http",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{874CFED9-D01D-4D16-9775-B8A7A05004BF}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\App Paths\\win32spl.dll",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\DfsC",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\ehRecvr\\parameters",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\Tcpip\\Parameters\\Interfaces\\{AEFD33F3-CC73-4821-AD44-6915063E7FB1}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{5C0AEEEA-C154-45BE-8499-BEA5F11BAFF6}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\i8042prt",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\pcmcia",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries64",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\MSDTC",
"HKEY_USERS\\.DEFAULT\\Software\\Policies\\Microsoft\\Windows\\safer\\codeidentifiers",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\gpsvc",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\circlass",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\amdsbs",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\PropertySystem\\PropertyHandlers\\.LOG",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{DA41DE71-8431-42FB-9DB0-EB64A961DEAD}",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\blbdrive",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\RemoteRegistry",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\W32Time",
"HKEY_LOCAL_MACHINE\\Software\\MozillaPlugins",
"HKEY_CLASSES_ROOT\\CLSID\\{3dd6bec0-8193-4ffe-ae25-e08e39ea4063}\\InprocServer32",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Ndisuio",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\atapi",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\AmdPPM",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\ALG",
"HKEY_CLASSES_ROOT\\CLSID\\{79eac9e6-baf9-11ce-8c82-00aa004ba90b}\\InprocServer32",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Themes",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\pla",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Clients\\StartMenuInternet\\IEXPLORE.EXE\\shell\\open\\command",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{5BE46CE1-CA9B-4CAD-B2E9-8C3F7716AF90}",
"HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\System",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\fastfat",
"HKEY_LOCAL_MACHINE\\Software\\Wow6432Node\\Microsoft\\Active Setup\\Installed Components\\{4f645220-306d-11d2-995d-00c04f98bbc9}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GPExtensions\\{74EE6C03-5363-4554-B161-627540339CAB}",
"HKEY_CLASSES_ROOT\\CLSID\\{e7ed314f-2816-4c26-aeb5-54a34d02404c}\\InprocServer32",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\seclogon",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\LSI_SAS2",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\mrxsmb",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GPExtensions\\{F9C77450-3A41-477E-9310-9ACD617BD9E3}",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\IPBusEnum\\parameters",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\clr_optimization_v2.0.50727_32",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\SecurityProviders",
"HKEY_USERS\\Software\\Microsoft\\Windows\\CurrentVersion\\PackagedAppXDebug",
"HKEY_CLASSES_ROOT\\PROTOCOLS\\Handler\\mailto",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GPExtensions\\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\PeerDistSvc",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\nsiproxy",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\.NET CLR Data",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\CSC",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Toolbar\\WebBrowser",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\AxInstSV",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\monitor",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\atapi",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GPExtensions\\{5794DAFD-BE60-433f-88A2-1A31939AC01F}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\BFE",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\DXGKrnl",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{CA4B8FF2-A4D2-4D88-A52E-3A5BDAF7F56E}",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\Browser",
"HKEY_LOCAL_MACHINE\\Software\\Wow6432Node\\Microsoft\\Internet Explorer\\Main",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\ProtectedStorage",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\Appinfo\\parameters",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\WebClient",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\eventlog",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\idsvc",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\HidUsb",
"HKEY_CLASSES_ROOT\\PROTOCOLS\\Handler\\dvd",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\AmdK8",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\mouhid",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\App Paths\\dot3gpclnt.dll",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\SCardSvr",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Active Setup\\Installed Components\\{89820200-ECBD-11cf-8B85-00AA005B4340}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\FDResPub",
"HKEY_CURRENT_USER\\Control Panel\\Mouse",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\aliide",
"HKEY_CLASSES_ROOT\\CLSID\\{79eac9e3-baf9-11ce-8c82-00aa004ba90b}\\InprocServer32",
"HKEY_LOCAL_MACHINE\\Software\\Wow6432Node\\Microsoft\\Active Setup\\Installed Components\\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\Fs_Rec",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{CD962721-73F1-4649-85D7-6884C1EF28D9}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\App Paths\\scecli.dll",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\RDPDR",
"HKEY_CLASSES_ROOT\\PROTOCOLS\\Handler\\mhtml",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows Defender",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\nv_agp",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Command Processor",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Active Setup\\Installed Components\\{7790769C-0471-11d2-AF11-00C04FA35D02}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects",
"HKEY_CLASSES_ROOT\\PROTOCOLS\\Filter",
"HKEY_USERS\\.DEFAULT\\Software\\Microsoft\\Internet Explorer\\Toolbar\\WebBrowser",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries64\\000000000010",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\RDPDD",
"HKEY_USERS\\.DEFAULT\\SOFTWARE\\Clients\\StartMenuInternet\\ChromeHTML",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\ACPI",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\BrFiltLo",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\App Paths\\SmartcardCredentialProvider.dll",
"HKEY_CLASSES_ROOT\\CLSID\\{25CBB996-92ED-457e-B28C-4774084BD562}\\InprocServer32",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\fdPHost",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\Run",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\PerfOS",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GPExtensions\\{E47248BA-94CC-49c4-BBB5-9EB7F05183D0}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\App Paths\\mscoree.dll",
"HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\SystemCertificates\\Disallowed\\Certificates",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\exfat",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\CertPropSvc",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\App Paths\\explorer.exe",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\FontCache3.0.0.0",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\Security",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EapHost",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\SearchScopes\\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\RDPENCDD",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\system",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\ErrDev",
"HKEY_CLASSES_ROOT\\CLSID\\{E51DFD48-AA36-4B45-BB52-E831F02E8316}\\InprocServer32",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\MRxDAV",
"HKEY_CLASSES_ROOT\\Wow6432Node\\CLSID\\{CBD30858-AF45-11D2-B6D6-00C04FBBDE6E}\\InprocServer32",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Active Setup\\Installed Components\\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}",
"HKEY_CLASSES_ROOT\\CLSID\\{45F26E9E-6199-477F-85DA-AF1EDfE067B1}\\InprocServer32",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\nvstor",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\AppMgmt",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Wpad\\{E34DF837-3A38-4E8C-83F4-ABF8AB3FB4A6}",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\inetaccs",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Active Setup\\Installed Components",
"HKEY_CLASSES_ROOT\\Wow6432Node\\CLSID\\{3dd53d40-7b8b-11D0-b013-00aa0059ce02}\\InprocServer32",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Shell\\AutoRun\\command",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\SensrSvc",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\DfsC",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Active Setup\\Installed Components\\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}",
"HKEY_CLASSES_ROOT\\CLSID\\{1E66F26B-79EE-11D2-8710-00C04F79ED0D}\\InprocServer32\\2.0.50727",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows Defender\\Real-Time Protection",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\WdiServiceHost",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\arc",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\SearchScopes",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\VaultSvc",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\amdxata",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\fvevol",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\EFS",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{753C47AE-EC5E-44B3-95A9-2C8E553F0E39}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\wmiApSrv",
"HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon",
"HKEY_CLASSES_ROOT\\Wow6432Node\\CLSID\\{3050F3BC-98B5-11CF-BB82-00AA00BDCE0B}\\InprocServer32",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Active Setup\\Installed Components\\>{26923b43-4d38-484f-9b9e-de460746276c}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\WinDefend",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\intelide",
"HKEY_LOCAL_MACHINE\\Software\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\RunOnce",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\.NETFramework",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\i8042prt",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{A6AF9377-77CE-47AB-AD7D-EC32CAD0C82D}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\arc",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\AeLookupSvc\\parameters",
"HKEY_CLASSES_ROOT\\FirefoxURL-E7CF176E110C211B\\shell\\open\\command",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{CDA5F4EE-8293-4A5D-8564-04CD067D1A85}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Brserid",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{AC4E5ACF-89F7-4220-BA21-81EE183975E2}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{7AFCC0CA-7121-422A-AB45-B0E8D599FF08}",
"HKEY_CLASSES_ROOT\\Wow6432Node\\CLSID\\{1E66F26B-79EE-11D2-8710-00C04F79ED0D}\\InprocServer32",
"HKEY_LOCAL_MACHINE\\Software\\Wow6432Node\\Microsoft\\Active Setup\\Installed Components\\{7790769C-0471-11d2-AF11-00C04FA35D02}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\MpsSvc",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\EapHost",
"HKEY_LOCAL_MACHINE\\Software\\Wow6432Node\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\PerfDisk",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\WerSvc",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\MMCSS",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\AcpiPmi",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\sffp_mmc",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\Tcpip\\Parameters",
"HKEY_USERS\\.DEFAULT\\SOFTWARE\\Google\\Chrome\\Extensions",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GPExtensions\\{A3F3E39B-5D83-4940-B954-28315B82F0A8}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\intelppm",
"HKEY_LOCAL_MACHINE\\Software\\Wow6432Node\\Microsoft\\Command Processor",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\ehRecvr",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\tunnel",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Appinfo",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\App Paths\\BthUdTask.exe",
"HKEY_CLASSES_ROOT\\Wow6432Node\\CLSID\\{79eac9e3-baf9-11ce-8c82-00aa004ba90b}\\InprocServer32",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GPExtensions\\{0E28E245-9368-4853-AD84-6DA3BA35BB75}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GPExtensions\\{B087BE9D-ED37-454f-AF9C-04291E351182}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\SDRSVC",
"HKEY_CURRENT_USER\\SOFTWARE\\Policies\\Google",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{72DB7465-BC54-491B-A92A-4637A28C9BBF}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\FontCache3.0.0.0",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\hcw85cir",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags\\Custom",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Modem",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\AxInstSV",
"HKEY_LOCAL_MACHINE\\Software\\Wow6432Node\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags\\Custom",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Netman",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\amdxata",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\eventlog",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\PerfProc",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\.NET Data Provider for SqlServer",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\App Paths\\gptext.dll",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\CompositeBus",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\FltMgr",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\EventSystem\\parameters",
"HKEY_LOCAL_MACHINE\\HARDWARE\\DESCRIPTION\\System\\BIOS",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\AppMgmt\\parameters",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\ACPI",
"HKEY_CURRENT_USER\\SOFTWARE\\Clients\\StartMenuInternet\\ChromeHTML",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\AsyncMac",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\KeyIso",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\uliagpkx",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\NdisWan",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\PropertySystem\\PropertyHandlers\\.regtrans-ms",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\KindMap",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Nls\\Language",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Schedule",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\.NET Data Provider for SqlServer",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\MegaSR",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\TCPIPTUNNEL",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Power",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\URL\\DefaultPrefix",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\dmvsc",
"HKEY_LOCAL_MACHINE\\Software\\Wow6432Node\\Microsoft\\Active Setup\\Installed Components\\{89820200-ECBD-11cf-8B85-00AA005B4340}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\sffdisk",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\MSSCNTRS",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Active Setup\\Installed Components\\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\HDAudBus",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\FDResPub\\parameters",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries64\\000000000002",
"HKEY_CLASSES_ROOT\\CLSID\\{ca767aa8-9157-4604-b64b-40747123d5f2}\\InprocServer32",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\upnphost",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GPExtensions\\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries64\\000000000006",
"HKEY_LOCAL_MACHINE\\Software\\Wow6432Node\\Microsoft\\Active Setup\\Installed Components\\{C9E9A340-D1F1-11D0-821E-444553540600}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries64\\000000000004",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries64\\000000000005",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\WinRM",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\RpcEptMapper",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings",
"HKEY_LOCAL_MACHINE\\Software\\Wow6432Node\\Mozilla",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\vdrvroot",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\cmdide",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\WANARP",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\IKEEXT\\parameters",
"HKEY_CLASSES_ROOT\\PROTOCOLS\\Handler",
"HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\SearchScopes",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\UmRdpService",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\bowser",
"HKEY_CLASSES_ROOT\\CLSID\\{8f6b0360-b80d-11d0-a9b3-006097942311}\\InprocServer32",
"HKEY_LOCAL_MACHINE\\Software\\Wow6432Node\\Microsoft\\Active Setup\\Installed Components\\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}",
"HKEY_CLASSES_ROOT\\Wow6432Node\\CLSID\\{3050f3DA-98B5-11CF-BB82-00AA00BDCE0B}\\InprocServer32",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\000000000010",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{FDD56C73-F0D5-41B6-B767-6EFFD7966428}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\ALG",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\tdx",
"HKEY_CURRENT_USER\\Software\\Mozilla",
"HKEY_CLASSES_ROOT\\CLSID\\{FF87090D-4A9A-4f47-879B-29A80C355D61}\\InprocServer32",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\1394ohci",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\ksthunk",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\TCPIP6",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\PNRPsvc",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{FB3C354D-297A-4EB2-9B58-090F6361906B}",
"HKEY_LOCAL_MACHINE\\Software\\Wow6432Node\\Mozilla\\Mozilla Firefox 60.0.2\\extensions",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\mssmbios",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\PropertySystem\\PropertyHandlers\\.blf",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Run",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GPExtensions\\{AADCED64-746C-4633-A97C-D61349046527}",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\HomeGroupProvider\\parameters",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{5B42DD9C-5A26-4F27-BB95-34603F0997E5}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\USBSTOR",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\CLFS",
"HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppContainer\\Storage\\microsoft.microsoftedge_8wekyb3d8bbwe\\MicrosoftEdge\\Notifications\\Domains",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{A48CABBF-24C8-4B87-B00F-9261807C3B43}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Active Setup\\Installed Components\\{FEBEF00C-046D-438D-8A88-BF94A6C9E703}",
"HKEY_LOCAL_MACHINE\\Software\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\RpcSs",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\BrUsbSer",
"HKEY_CLASSES_ROOT\\CLSID\\{900be39d-6be8-461a-bc4d-b0fa71f5ecb1}\\InprocServer32",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\ehSched",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\WinSock2\\Parameters\\NameSpace_Catalog5",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{486D715E-6AA2-44CF-BC48-B6990CBB53C6}",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\hwpolicy",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\App Paths\\auditcse.dll",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\Toolbar",
"HKEY_CLASSES_ROOT\\CLSID\\{503739d0-4c5e-4cfd-b3ba-d881334f0df2}\\InprocServer32",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\ContinuousBrowsing",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\iphlpsvc",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{044A6734-E90E-4F8F-B357-B2DC8AB3B5EC}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\TCPIP6TUNNEL",
"HKEY_CLASSES_ROOT\\CLSID\\{AC3AC249-E820-4343-A65B-377AC634DC09}\\InprocServer32",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\CscService",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\bthserv",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Compbatt",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\BrFiltUp",
"HKEY_CURRENT_USER\\Software\\Microsoft\\SystemCertificates\\Disallowed\\Certificates",
"HKEY_USERS\\.DEFAULT\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\App Paths\\appmgmts.dll",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{2E941CB2-1B33-47C4-905B-8B4278819513}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\cmdide",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\BFE",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{FA2BC0A6-8D4B-458A-85C8-2B8C72487513}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries\\000000000002",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries\\000000000003",
"HKEY_CLASSES_ROOT\\PROTOCOLS\\Filter\\application\/octet-stream",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries\\000000000001",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries\\000000000006",
"HKEY_USERS\\.DEFAULT\\SOFTWARE\\Microsoft\\Internet Explorer\\SearchScopes",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries\\000000000004",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries\\000000000005",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\BTHPORT",
"HKEY_CLASSES_ROOT\\PROTOCOLS\\Filter\\application\/x-msdownload",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{CC35D2E9-B9E1-4ADC-9DA5-71487D9E9EB5}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Netlogon",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\HidUsb",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\RDPWD",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\vsmraid",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\storvsc",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{B81A55E6-C03C-4EF0-B86F-A80A89DF468D}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Tcpip",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{A7C73732-9F11-4281-8D19-764D4EC9D94D}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Code Store Database\\Distribution Units",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\TermDD",
"HKEY_CLASSES_ROOT\\PROTOCOLS\\Handler\\https",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\aliide",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Wanarpv6",
"HKEY_LOCAL_MACHINE\\Software\\Wow6432Node\\Microsoft\\Active Setup\\Installed Components\\{3af36230-a269-11d1-b5bf-0000f8051515}",
"HKEY_CLASSES_ROOT\\PROTOCOLS\\Handler\\javascript",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\idsvc\\parameters",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\DcomLaunch",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\CryptSvc",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\iaStorV",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\Compbatt",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\PerfNet",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Winmgmt",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\circlass",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\WacomPen",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\amdide",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\rdpbus",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\ehSched",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\cdfs",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\RDPREFMP",
"HKEY_CLASSES_ROOT\\CLSID\\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\UGTHRSVC",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\drmkaud",
"HKEY_CLASSES_ROOT\\PROTOCOLS\\Handler\\mk",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\Disk",
"HKEY_CLASSES_ROOT\\CLSID\\{BF5CB148-7C77-4d8a-A53E-D81C70CF743C}\\InprocServer32",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\AppID",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\blbdrive",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\RasSstp",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\fastfat",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\1394ohci",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\sermouse",
"HKEY_LOCAL_MACHINE\\Software\\Wow6432Node\\Microsoft\\Active Setup\\Installed Components\\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\crcdisk",
"HKEY_LOCAL_MACHINE\\i2Os6As7Bx\\Select",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{B43033E6-1453-4AD6-AFBA-C03CFC178286}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GPExtensions\\{4bcd6cde-777b-48b6-9804-43568e23545d}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GPExtensions\\{fbf687e6-f063-4d9f-9f4f-fd9a26acdd5f}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\msdsm",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\MSiSCSI",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\MSKSSRV",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\ohci1394",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{81540B9F-B5BF-47EB-9C95-BE195BF2C664}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Active Setup\\Installed Components\\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\Beep",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\CmBatt",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C}",
"HKEY_LOCAL_MACHINE\\Software\\Wow6432Node\\Microsoft\\Active Setup\\Installed Components\\{9381D8F2-0288-11D0-9501-00AA00B911A5}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\stisvc",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Windows Workflow Foundation 3.0.0.0",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\ebdrv",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\HomeGroupProvider",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\App Paths\\aitagent.exe",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\sfloppy",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\msahci",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\WudfPf",
"HKEY_CLASSES_ROOT\\PROTOCOLS\\Handler\\local",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\b06bdrv",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\AudioSrv\\parameters",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\NTDS",
"HKEY_CLASSES_ROOT\\Wow6432Node\\CLSID\\{79eac9e2-baf9-11ce-8c82-00aa004ba90b}\\InprocServer32",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\{3f5cc1b6-70f9-11e8-b07b-806e6f6e6963}\\Shell\\AutoRun\\command",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\UxSms",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries64\\000000000003",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GPExtensions\\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{C016366B-7126-46CA-B36B-592A3D95A60B}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\KtmRm",
"HKEY_CLASSES_ROOT\\PROTOCOLS\\Handler\\its",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\mshidkmdf",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\KSecDD",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries64\\000000000001",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\SENS",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Lsa",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Authentication\\Credential Provider Filters",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{D0250F3F-6480-484F-B719-42F659AC64D5}",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\App Paths\\wlgpclnt.dll",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\WmiAcpi",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\LanmanServer\\DefaultSecurity",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\srvnet",
"HKEY_CLASSES_ROOT\\CLSID\\{c27f6b1d-fe0b-45e4-9257-38799fa69bc8}\\InprocServer32",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\elxstor",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\TsUsbFlt",
"HKEY_CLASSES_ROOT\\Wow6432Node\\CLSID\\{12D51199-0DB5-46FE-A120-47A3D7D937CC}\\InprocServer32",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\RunServicesOnce",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{96137355-BC34-4BA7-81B7-47C87B556E7D}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{DD9F510C-95F4-499A-90C8-BAC5BC372FF4}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\RasPppoe",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Active Setup\\Installed Components\\{6BF52A52-394A-11d3-B153-00C04F79FAA6}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\RemoteAccess",
"HKEY_LOCAL_MACHINE\\Software\\Wow6432Node\\Microsoft\\Active Setup\\Installed Components\\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Fs_Rec",
"HKEY_CLASSES_ROOT\\PROTOCOLS\\Handler\\vbscript",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\pciide",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\dot3svc",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\elxstor",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\AppIDSvc\\parameters",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\dmvsc",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\spldr",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\LSI_SCSI",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\NdisTapi",
"HKEY_CURRENT_USER\\SOFTWARE\\Google\\Chrome\\Extensions",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\PptpMiniport",
"HKEY_LOCAL_MACHINE\\Software\\Wow6432Node\\Microsoft\\Windows NT\\CurrentVersion\\Windows",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\Browser\\parameters",
"HKEY_CURRENT_USER\\SOFTWARE\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppContainer\\Storage\\microsoft.microsoftedge_8wekyb3d8bbwe\\MicrosoftEdge\\ExtensionsStore\\datastore\\Config\\",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Active Setup\\Installed Components\\{E92B03AB-B707-11d2-9CBD-0000F87A369E}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\URL\\DefaultPrefix",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\dot3svc\\parameters",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{82676C49-21A7-4605-AA06-E04A067FB611}",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\.NET CLR Networking",
"HKEY_CLASSES_ROOT\\Wow6432Node\\CLSID\\{1E66F26B-79EE-11D2-8710-00C04F79ED0D}\\InprocServer32\\2.0.50727",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\b57nd60a",
"HKEY_LOCAL_MACHINE\\Software\\microsoft\\windows nt\\currentversion\\Image File Execution Options\\IEInstal.exe",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\CertPropSvc",
"HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppContainer\\Storage\\microsoft.microsoftedge_8wekyb3d8bbwe\\MicrosoftEdge\\Main",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GPExtensions\\{8A28E2C5-8D06-49A4-A08C-632DAA493E17}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Active Setup\\Installed Components\\{630b1da0-b465-11d1-9948-00c04f98bbc9}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\gpsvc",
"HKEY_CURRENT_USER\\Software\\Microsoft\\windows\\CurrentVersion\\Internet Settings\\Wpad",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\wbengine",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\PortProxy",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Winsock",
"HKEY_LOCAL_MACHINE\\Software\\Classes\\CLSID\\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\\InprocServer32",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{F18ED8A5-C696-4951-B068-CA8E83634C04}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\tcpipreg",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\SysMain",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\mpio",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GPExtensions\\{C631DF4C-088F-4156-B058-4375F0853CD8}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\NDProxy",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\W3SVC",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\agp440",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Session Manager\\Environment",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\adp94xx",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\amdsata",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\{EF381EA0-4D07-418D-A490-68AF67CE948B}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventSystem",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Active Setup\\Installed Components\\{4f645220-306d-11d2-995d-00c04f98bbc9}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\mrxsmb10",
"HKEY_CLASSES_ROOT\\CLSID\\{343D770D-7788-47c2-B62A-B7C4CED925CB}\\InprocServer32",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\ehSched\\parameters",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{6738BA6E-EA75-4B6B-B8B8-71F0336DD8EF}",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\BTHPORT",
"HKEY_CLASSES_ROOT\\CLSID\\{DFA14C43-F385-4170-99CC-1B7765FA0E4A}\\InprocServer32",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\TSDDD",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{1BB08CFD-C6AD-44C7-BD0B-8F23035A5731}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\RasMan",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GPExtensions\\{f3ccc681-b74c-4060-9f26-cd84525dca2a}",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\Dhcp\\parameters",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GPExtensions\\{BC75B1ED-5833-4858-9BB8-CBF0B166DF9D}",
"HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\safer\\codeidentifiers",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Session Manager\\Environment",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\ShellHWDetection",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Spooler",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Browser",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\ql40xx",
"HKEY_CLASSES_ROOT\\Wow6432Node\\CLSID\\{79eac9e6-baf9-11ce-8c82-00aa004ba90b}\\InprocServer32",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\AeLookupSvc",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\BFE\\parameters",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Google",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\lltdio",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\ESENT",
"HKEY_CLASSES_ROOT\\PROTOCOLS\\Handler\\res",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\bthserv",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\AFD",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{47536D45-EEEC-4BDC-8183-A4DC1F8DA9E4}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\ql2300",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\hkmsvc",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Rasl2tp",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\napagent",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Ntfs",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\BrFiltUp",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\ErrDev",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\PerfHost",
"HKEY_USERS\\.DEFAULT\\Software\\MozillaPlugins",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\adsi",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\pcw",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\usbcir",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\FsDepends",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\AeLookupSvc",
"HKEY_CLASSES_ROOT\\CLSID\\{79eac9e5-baf9-11ce-8c82-00aa004ba90b}\\InprocServer32",
"HKEY_CLASSES_ROOT\\Wow6432Node\\CLSID\\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\\InprocServer32",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\AudioSrv",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\AppIDSvc",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\amdide",
"HKEY_CLASSES_ROOT\\CLSID\\{6f45dc1e-5384-457a-bc13-2cd81b0d28ed}\\InprocServer32",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\fdPHost\\parameters",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GPExtensions\\{25537BA6-77A8-11D2-9B6C-0000F8080861}",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\BDESVC",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\SNMPTRAP",
"HKEY_LOCAL_MACHINE\\Software\\Wow6432Node\\Microsoft\\Active Setup\\Installed Components\\{6BF52A52-394A-11d3-B153-00C04F79FAA6}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\KSecPkg",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\p2pimsvc",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\DcomLaunch\\parameters",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\usbohci",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Shell\\Associations\\UrlAssociations\\http\\UserChoice",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Active Setup\\Installed Components\\{45ea75a0-a269-11d1-b5bf-0000f8051515}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{A35BB7A6-5F0C-4C9F-8450-2B3BED532D51}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\PcaSvc",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\DCLocator",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\HTTP",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\ebdrv",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\TBS",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{B78DBF96-841E-4336-BFE9-1C4975F9DA60}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\gagp30kx",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\App Paths\\dot3gpclnt.dll",
"HKEY_CLASSES_ROOT\\CLSID\\{CBD30858-AF45-11D2-B6D6-00C04FBBDE6E}\\InprocServer32",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\cdrom",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{088482FA-65B8-4E17-9ABF-1DCD48E8D373}",
"HKEY_CLASSES_ROOT\\CLSID\\{5537E283-B1E7-4EF8-9C6E-7AB0AFE5056D}\\InprocServer32",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags\\InstalledSDB",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\QWAVE",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\SiSRaid2",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{5F5A18EB-DC73-4E45-A11C-B59043598412}",
"HKEY_CLASSES_ROOT\\PROTOCOLS\\Handler\\tv",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\HpSAMD",
"HKEY_LOCAL_MACHINE\\Software\\Wow6432Node\\Microsoft\\Active Setup\\Installed Components\\{45ea75a0-a269-11d1-b5bf-0000f8051515}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\partmgr",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\sbp2port",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\SiSRaid4",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\wudfsvc",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\Brserid",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\BITS",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\000000000009",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{9979CB83-103A-4105-9E5D-C74B0AF6D198}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\defragsvc",
"HKEY_CLASSES_ROOT\\CLSID\\{DDC0EED2-ADBE-40b6-A217-EDE16A79A0DE}\\InprocServer32",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\Filetrace",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{06308A56-69E7-4844-A784-8509C25B6C62}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\mpsdrv",
"HKEY_USERS\\.DEFAULT\\Software\\Policies\\Microsoft\\SystemCertificates\\Disallowed\\Certificates",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GPExtensions\\{17D89FEC-5C44-4972-B12D-241CAEF74509}",
"HKEY_LOCAL_MACHINE\\Software\\Mozilla\\MaintenanceService",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\fvevol",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\HomeGroupListener",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\AppID",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\b06bdrv",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\App Paths\\gpprefcl.dll",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\SearchScopes\\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\COMSysApp",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{9435F817-FED2-454E-88CD-7F78FDA62C48}",
"HKEY_USERS\\Environment",
"HKEY_CLASSES_ROOT\\CLSID\\{FA3F3DD9-4C1A-456B-A8FA-C76EF3ED83B8}\\InprocServer32",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\LSI_FC",
"HKEY_CLASSES_ROOT\\CLSID\\{EA9155A3-8A39-40b4-8963-D3C761B18371}\\InprocServer32",
"HKEY_USERS\\.DEFAULT\\Environment",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\NetTcpPortSharing",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\wscsvc",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\exfat",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\PackagedAppXDebug",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\pci",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\IPNAT",
"HKEY_LOCAL_MACHINE\\Software\\Wow6432Node\\Mozilla\\Mozilla Firefox",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\TDTCP",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\stexstor",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\NDIS",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\clr_optimization_v2.0.50727_64\\parameters",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\000000000002",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\pcw",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\iphlpsvc\\parameters",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\BITS\\parameters",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\TabletInputService",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\000000000003",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\SharedAccess",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\WinSock2\\Parameters\\Protocol_Catalog9",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\AsyncMac",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows NT\\CurrentVersion\\AppCompatFlags\\InstalledSDB",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Dhcp",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Clients\\StartMenuInternet",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\MSTEE",
"HKEY_LOCAL_MACHINE\\Software\\Wow6432Node\\Mozilla\\Mozilla Firefox 60.0.2",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\cdrom",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\IKEEXT",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\IpFilterDriver",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{87F56B34-044E-4A48-8FDD-087BFABD5ECF}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\msiserver",
"HKEY_LOCAL_MACHINE\\Software\\Wow6432Node\\Microsoft\\Active Setup\\Installed Components\\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{BE669C13-8165-4536-96D0-6D6C39292AAE}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\nsi",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\rspndr",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\clr_optimization_v2.0.50727_32\\parameters",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\WbioSrvc",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\RpcLocator",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\RunOnceEx",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\.NET CLR Data",
"HKEY_USERS\\.DEFAULT\\Software\\Microsoft\\SystemCertificates\\Disallowed\\Certificates",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Filetrace",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\RunServices",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{AC668097-4D6B-4093-AC14-014C09DBF820}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\srv",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\PropertySystem\\PropertyHandlers\\.LOG1",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\PropertySystem\\PropertyHandlers\\.LOG2",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\StorSvc",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\fdc",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\mountmgr",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{5A40E926-9E86-4B89-9CFD-B12311724371}",
"HKEY_CLASSES_ROOT\\CLSID\\{c463a0fc-794f-4fdf-9201-01938ceacafa}\\InprocServer32",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\intelide",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{CB3D64BF-C0C9-45FF-BFB0-FF1A8F680186}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\AcpiPmi",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\EventSystem",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\bthserv\\parameters",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Clients\\StartMenuInternet\\Firefox-E7CF176E110C211B\\shell\\open\\command",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\Tcpip\\Parameters\\Interfaces",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Wdf01000",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Psched",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\App Paths\\mscoree.dll",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Session Manager\\SubSystems",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\App Paths\\win32spl.dll",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\vhdmp",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\FileInfo",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\App Paths\\auditcse.dll",
"HKEY_CLASSES_ROOT\\CLSID\\{7CCA6768-8373-4D28-8876-83E8B4E3A969}\\InprocServer32",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\App Paths\\SmartcardCredentialProvider.dll",
"HKEY_LOCAL_MACHINE\\Software\\microsoft\\windows nt\\currentversion\\Image File Execution Options\\DllNXOptions",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\E1G60",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\umbus",
"HKEY_CLASSES_ROOT\\Wow6432Node\\CLSID\\{3050F3B2-98B5-11CF-BB82-00AA00BDCE0B}\\InprocServer32",
"HKEY_LOCAL_MACHINE\\Software\\Wow6432Node\\Microsoft\\Active Setup\\Installed Components\\{89820200-ECBD-11cf-8B85-00AA005B4383}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{EB07F7B4-BB95-4B74-9D32-4533D566453C}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\dot3svc",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{8C5ED038-CFAD-48A0-BB2F-D128286E49B3}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{994C86AD-A929-4B2C-88A0-4E25A107A029}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\PropertySystem\\PropertyHandlers\\.DAT",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Command Processor",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\000000000008",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{D7B6E81D-3CF4-432C-84D2-24213F4316E6}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\MSDTC Bridge 3.0.0.0",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\WmiApRpl",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\000000000004",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\000000000005",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\000000000006",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\000000000007",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\000000000001",
"HKEY_LOCAL_MACHINE\\Software\\Wow6432Node\\Microsoft\\Active Setup\\Installed Components\\{89B4C1CD-B018-4511-B0A1-5476DBF70820}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Print\\Providers\\LanMan Print Services",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\CompositeBus",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\THREADORDER",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\vwifibus",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Google\\Chrome\\Extensions",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\vga",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\usbehci",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\FsDepends",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\CryptSvc\\parameters",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{40DD7C5E-DA67-4A78-B96C-582A4CBAEDF3}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows Defender",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\usbhub",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.exe\\OpenWithProgids",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\FontCache3.0.0.0\\parameters",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\nfrd960",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GPExtensions\\{728EE579-943C-4519-9EF7-AB56765798ED}",
"HKEY_USERS\\.DEFAULT\\Software\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppContainer\\Storage\\microsoft.microsoftedge_8wekyb3d8bbwe\\MicrosoftEdge\\Notifications\\Domains",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\.NET CLR Networking",
"HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\SystemCertificates\\Disallowed\\Certificates",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Active Setup\\Installed Components\\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}",
"HKEY_CURRENT_USER\\Software\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppContainer\\Storage",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\hkmsvc",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Active Setup\\Installed Components\\{9381D8F2-0288-11D0-9501-00AA00B911A5}",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\fdc",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\adpahci",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\WfpLwf",
"HKEY_CURRENT_USER\\Software\\Classes\\ActivatableClasses\\Package",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\HomeGroupProvider",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\volmgr",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GPExtensions\\{6A4C88C6-C502-4f74-8F60-2CB23EDC24E2}",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\.NETFramework",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\Dhcp",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\HidIr",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\ALG\\parameters",
"HKEY_LOCAL_MACHINE\\Software\\Wow6432Node\\MozillaPlugins",
"HKEY_CLASSES_ROOT\\PROTOCOLS\\Handler\\about",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\TrkWks",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\AppMgmt",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Beep",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\HidBatt",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\clr_optimization_v2.0.50727_64",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Print\\Providers\\Internet Print Provider",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\srv2",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\BrUsbSer",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{2470470F-2634-478E-B181-571E98A789BB}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Msfs",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\swprv",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\services\\NlaSvc\\Parameters\\Internet\\ManualProxies",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\tssecsrv",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\AxInstSV\\parameters",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\SMSvcHost 3.0.0.0",
"HKEY_CLASSES_ROOT\\CLSID\\{01575cfe-9a55-4003-a5e1-f38d1ebdcbe1}\\InprocServer32",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\MSPQM",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\msisadrv",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\drmkaud",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\SstpSvc",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Security",
"HKEY_CURRENT_USER\\Software\\Microsoft\\windows\\CurrentVersion\\Internet Settings\\Connections",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\BrUsbMdm",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\HpSAMD",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{A8B18D02-60CD-4305-90CC-7DAAC028BDCD}",
"HKEY_LOCAL_MACHINE\\system\\currentcontrolset\\control\\safeboot\\option",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GPExtensions\\{E4F48E54-F38D-4884-BFB9-D4D2E5729C18}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\WSearchIdxPi",
"HKEY_CLASSES_ROOT\\CLSID\\{3050f3DA-98B5-11CF-BB82-00AA00BDCE0B}\\InprocServer32",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\IPBusEnum",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\usbccgp",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\FontCache",
"HKEY_LOCAL_MACHINE\\Software\\Wow6432Node\\Microsoft\\Active Setup\\Installed Components\\{E92B03AB-B707-11d2-9CBD-0000F87A369E}",
"HKEY_CLASSES_ROOT\\PROTOCOLS\\Handler\\ms-its",
"HKEY_CLASSES_ROOT\\CLSID\\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\\InprocServer32",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\BrSerWdm",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\SCPolicySvc",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\MpDebug\\DebugValues\\MsMpEng.exe",
"HKEY_CLASSES_ROOT\\PROTOCOLS\\Handler\\ftp",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\AFD",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Google\\Chrome\\Extensions",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\adsi",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\bowser",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{E3163C33-301D-4730-A266-5518C5ED3967}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\URLSearchHooks",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{EACA24FF-236C-401D-A1E7-B3D5267B8A50}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\MTConfig",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\FDResPub",
"HKEY_CLASSES_ROOT\\CLSID\\{2781761E-28E0-4109-99FE-B9D127C57AFE}\\Hosts\\SHDOCVW",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{4DE0CAB9-ECFE-4AA9-B95A-FE815A2EAA4E}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Mcx2Svc",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows Defender\\Real-Time Protection",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GPExtensions\\{3A0DBA37-F8B2-4356-83DE-3E90BD5C261F}",
"HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\safer\\codeidentifiers",
"HKEY_CLASSES_ROOT\\Wow6432Node\\CLSID\\{79eac9e7-baf9-11ce-8c82-00aa004ba90b}\\InprocServer32",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\App Paths\\aitagent.exe",
"HKEY_LOCAL_MACHINE\\Software\\microsoft\\windows nt\\currentversion\\Image File Execution Options",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\FEATURE_PROTOCOL_LOCKDOWN",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\p2psvc",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\WwanSvc",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\CscService\\parameters",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\TDPIPE",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\inetaccs",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\hcw85cir",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\WPCSvc",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\viaide",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{551B3807-871F-4E48-A943-2330449F0615}",
"HKEY_CLASSES_ROOT\\CLSID\\{9D148291-B9C8-11D0-A4CC-0000F80149F6}\\InprocServer32",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Serenum",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\WPDBusEnum",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Wecsvc",
"HKEY_CLASSES_ROOT\\Wow6432Node\\CLSID\\{3050F406-98B5-11CF-BB82-00AA00BDCE0B}\\InprocServer32",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\CSC",
"HKEY_CLASSES_ROOT\\CLSID\\{3050F406-98B5-11CF-BB82-00AA00BDCE0B}\\InprocServer32",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{448186F9-75B9-4FB7-A6E0-B19A2BADC1BE}",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\discache",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\uagp35",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\DXGKrnl",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\PlugPlay",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\CmBatt",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\VSS",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\SafeBoot",
"HKEY_LOCAL_MACHINE\\Software\\Wow6432Node\\Microsoft\\Active Setup\\Installed Components\\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\App Paths\\gptext.dll",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\usbuhci",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\CNG",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Session Manager\\AppCertDlls",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\ProfSvc",
"HKEY_CLASSES_ROOT\\PROTOCOLS\\Handler\\file",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\SystemCertificates\\Disallowed\\Certificates",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GPExtensions\\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\gpsvc\\parameters",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\TapiSrv",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\vmbus",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GPExtensions\\{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\NetBIOS",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce",
"HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\SearchScopes\\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\HdAudAddService",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\DCLocator",
"HKEY_LOCAL_MACHINE\\Software\\Wow6432Node\\Microsoft\\Active Setup\\Installed Components\\>{26923b43-4d38-484f-9b9e-de460746276c}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Active Setup\\Installed Components\\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\IPSec\\Policy\\Local",
"HKEY_CURRENT_USER\\SOFTWARE\\Policies\\Mozilla\\Firefox",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\lltdsvc",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\TermService",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\PEAUTH",
"HKEY_CLASSES_ROOT\\CLSID\\{e74e57b0-6c6d-44d5-9cda-fb2df5ed7435}\\InprocServer32",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\nvraid",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\luafv",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\NlaSvc",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\VgaSave",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Code Store Database\\Distribution Units",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\PNRPAutoReg",
"HKEY_CLASSES_ROOT\\PROTOCOLS\\Handler\\cdl",
"HKEY_CLASSES_ROOT\\CLSID\\{2DEA658F-54C1-4227-AF9B-260AB5FC3543}\\InprocServer32",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{4C8B01A2-11FF-4C41-848F-508EF4F00CF7}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{A656BBE1-4E3E-4C8A-BD79-A8CA56782753}",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\App Paths\\fdeploy.dll",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\HdAudAddService",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\CscService",
"HKEY_CURRENT_USER\\Software\\MozillaPlugins",
"HKEY_USERS\\.DEFAULT\\Software\\Classes\\ActivatableClasses\\Package",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\App Paths\\gpscript.dll",
"HKEY_LOCAL_MACHINE\\Software\\Wow6432Node\\Microsoft\\Active Setup\\Installed Components",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\Appinfo",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GPExtensions\\{1A6364EB-776B-4120-ADE1-B63A406A76B5}",
"HKEY_LOCAL_MACHINE\\Software\\Wow6432Node\\Microsoft\\Active Setup\\Installed Components\\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\NdisCap",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\DPS",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\swenum",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\defragsvc",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows Defender\\",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\RasAcd",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\App Paths\\explorer.exe",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\IRENUM",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Mozilla\\Firefox",
"HKEY_CLASSES_ROOT\\CLSID\\{79eac9e2-baf9-11ce-8c82-00aa004ba90b}\\InprocServer32",
"HKEY_CLASSES_ROOT\\CLSID\\{CF2CF428-325B-48D3-8CA8-7633E36E5A32}\\InprocServer32",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\amdsata",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{613612BA-897D-44CE-8DC1-8FC283F9FD51}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\discache",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\URL\\Prefixes",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\ESENT",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\IPBusEnum",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\BrFiltLo",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{4D19A151-A712-4920-AC6D-6C6FD81C8CDB}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\kbdclass",
"HKEY_LOCAL_MACHINE\\Software\\Mozilla",
"HKEY_CLASSES_ROOT\\CLSID\\{BA677074-762C-444b-94C8-8C83F93F6605}\\InprocServer32",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\WcsPlugInService",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\BDESVC",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\WMPNetworkSvc",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\mouclass",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\IpFilterDriver",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects",
"HKEY_USERS\\.DEFAULT\\Software\\Microsoft\\Internet Explorer\\Main",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{7DC691A2-CB15-44DB-853C-19938051BB22}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\VMBusHID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GPExtensions\\{7B849a69-220F-451E-B3FE-2CB811AF94AE}",
"HKEY_CLASSES_ROOT\\PROTOCOLS\\Filter\\gzip",
"HKEY_CLASSES_ROOT\\CLSID\\{3dd53d40-7b8b-11D0-b013-00aa0059ce02}\\InprocServer32",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\Toolbar",
"HKEY_CLASSES_ROOT\\CLSID\\{855fec53-d2e4-4999-9e87-3414e9cf0ff4}\\InprocServer32",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Internet Explorer",
"HKEY_CLASSES_ROOT\\CLSID\\{A9A33436-678B-4c9c-A211-7CC38785E79D}\\InprocServer32",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\crypt32",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\MSPCLOCK",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Parport",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\EFS\\parameters",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{F6B1AFFE-48F0-4340-9F59-C73DDA17C17D}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\cdfs",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\iirsp",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\Fax\\parameters",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{06CD2154-751E-469F-8E4A-C3F118356423}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_ZONES_DEFAULT_DRIVE_INTRANET_KB941000",
"HKEY_CLASSES_ROOT\\CLSID\\{8bf9a910-a8ff-457f-999f-a5ca10b4a885}\\InprocServer32",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\PropertySystem\\PropertyHandlers\\.dat",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{268014E7-A27E-4FD7-89A6-A481DA222EC8}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GPExtensions\\{E5094040-C46C-4115-B030-04FB2E545B00}",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Run",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\adpu320",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\hidserv",
"HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{E22A8667-F75B-4BA9-BA46-067ED4429DE8}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GPExtensions\\{e437bc1c-aa7d-11d2-a382-00c04f991e27}",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\HidBth",
"HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Internet Explorer\\URLSearchHooks",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GPExtensions\\{426031c0-0b47-4852-b0ca-ac3d37bfcb39}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\SSDPSRV",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Mup",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\App Paths\\scecli.dll",
"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\hkmsvc\\parameters",
"HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\RDPNP",
"HKEY_USERS\\.DEFAULT\\Software\\Microsoft\\Windows\\CurrentVersion\\PackagedAppXDebug"
],
"resolves_host": [
"wpad",
"cuckpc"
],
"file_written": [
"C:\\Users\\cuck\\AppData\\Local\\Temp\\hndlr0",
"C:\\FRST\\bin\\sqlite3_x64.dll",
"C:\\FRST\\users00",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\Temp1_1338591tmp000.zip\\install.rdf",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\aut5F4A.tmp",
"\\\\?\\PIPE\\srvsvc",
"C:\\FRST\\Logs\\ct.ini",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\FRST.txt",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\reg101",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\winsock",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\install1338591"
],
"file_deleted": [
"C:\\FRST\\z8Fn3Cz4\\SYSTEM{016888cd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\hndlr0",
"C:\\FRST\\z8Fn3Cz4\\SYSTEM{016888cd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms",
"C:\\FRST\\z8Fn3Cz4\\SYSTEM{016888cd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\aut5F4A.tmp",
"C:\\FRST\\m3Hu8Ft2L\\SAM.LOG1",
"C:\\FRST\\m3Hu8Ft2L\\SAM.LOG2",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\winsock",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\reg101",
"C:\\FRST\\m3Hu8Ft2L\\SECURITY",
"C:\\FRST\\Hives\\BCD.LOG2",
"C:\\FRST\\m3Hu8Ft2L\\SYSTEM.LOG2",
"C:\\FRST\\m3Hu8Ft2L\\SYSTEM.LOG1",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\1338591tmp000.zip",
"C:\\FRST\\m3Hu8Ft2L\\SYSTEM",
"C:\\FRST\\z8Fn3Cz4\\SYSTEM.LOG2",
"C:\\FRST\\z8Fn3Cz4\\SYSTEM.LOG1",
"C:\\FRST\\Hives\\BCD.LOG",
"C:\\FRST\\Hives\\BCD.LOG1",
"C:\\FRST\\m3Hu8Ft2L\\SECURITY.LOG",
"C:\\FRST\\m3Hu8Ft2L\\SOFTWARE.LOG2",
"C:\\FRST\\z8Fn3Cz4\\SYSTEM",
"C:\\FRST\\m3Hu8Ft2L\\NTUSER.DAT",
"C:\\FRST\\m3Hu8Ft2L\\UsrClass.dat.LOG1",
"C:\\FRST\\m3Hu8Ft2L\\UsrClass.dat.LOG2",
"C:\\FRST\\m3Hu8Ft2L\\UsrClass.dat",
"C:\\FRST\\m3Hu8Ft2L\\SYSTEM.LOG",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\Temp1_1338591tmp000.zip\\install.rdf",
"C:\\FRST\\m3Hu8Ft2L\\SOFTWARE.LOG",
"C:\\FRST\\m3Hu8Ft2L\\DEFAULT",
"C:\\FRST\\m3Hu8Ft2L\\ntuser.dat.LOG1",
"C:\\FRST\\m3Hu8Ft2L\\ntuser.dat.LOG2",
"C:\\FRST\\m3Hu8Ft2L\\SAM",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\install1338591",
"C:\\FRST\\m3Hu8Ft2L\\SECURITY.LOG2",
"C:\\FRST\\m3Hu8Ft2L\\SECURITY.LOG1",
"C:\\FRST\\m3Hu8Ft2L\\DEFAULT.LOG2",
"C:\\FRST\\m3Hu8Ft2L\\DEFAULT.LOG1",
"C:\\FRST\\m3Hu8Ft2L\\SOFTWARE.LOG1",
"C:\\FRST\\m3Hu8Ft2L\\DEFAULT.LOG",
"C:\\FRST\\m3Hu8Ft2L\\SAM.LOG",
"C:\\FRST\\m3Hu8Ft2L\\SOFTWARE",
"C:\\FRST\\z8Fn3Cz4\\SYSTEM.LOG"
],
"directory_removed": [
"C:\\Users\\cuck\\AppData\\Local\\Temp\\Temp1_1338591tmp000.zip\\",
"C:\\FRST\\b4Ye2Sa8E",
"C:\\FRST\\z8Fn3Cz4",
"C:\\FRST\\m3Hu8Ft2L",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\Temp1_1338591tmp000.zip"
],
"file_exists": [
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\user.js",
"C:\\Windows\\SysWOW64\\GroupPolicyUsers\\scripts.ini",
"C:\\Windows\\System32\\hidserv.dll",
"C:\\Windows\\SysWOW64\\drivers\\circlass.sys",
"C:\\Windows\\SysWOW64\\es.dll",
"C:\\Windows\\SysWOW64\\drivers\\cng.sys",
"C:\\Windows\\System32\\wdc.dll",
"C:\\Windows\\System32\\drivers\\amdk8.sys",
"C:\\Program Files\\Windows Media Player\\wmpnetwk.exe",
"C:\\Windows\\SysWOW64\\drivers\\BrUsbSer.sys",
"C:\\Windows\\System32\\catroot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\Microsoft-Windows-MediaPlayer-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat",
"C:\\Windows\\SysWOW64\\drivers\\HidBatt.sys",
"C:\\Windows\\SysWOW64\\drivers\\arcsas.sys",
"C:\\Python27\\python.exe",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\default",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%systemroot%\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorsvw.exe",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Media Center\\RegisterSearch",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Shell\\WindowsParentalControls",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\SoftwareProtectionPlatform\\SvcRestartTask",
"C:\\Windows\\System32\\drivers\\crypt32.sys",
"C:\\Python27\\Scripts\\mscoree.dll",
"C:\\Python27\\Scripts\\SmartcardCredentialProvider.dll",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%SystemRoot%\\System32\\kernelceip.dll",
"C:\\Windows\\ehome\\ehrec.exe",
"C:\\Windows\\SysWOW64\\iedkcs32.dll",
"C:\\Windows\\SysWOW64\\GroupPolicy\\User\\Registry.pol",
"C:\\Windows\\SysWOW64\\fxssvc.exe",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\gmp\\WINNT_x86-msvc",
"C:\\Windows\\System32\\BioCredProv.dll",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\DiskDiagnostic\\Microsoft-Windows-DiskDiagnosticResolver",
"C:\\Windows\\System32\\drivers\\blbdrive.sys",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%ProgramFiles%\\Windows Sidebar\\Sidebar.exe \\autoRun",
"C:\\Windows\\SysWOW64\\drivers\\blbdrive.sys",
"C:\\Windows\\System32\\clfs.sys",
"C:\\Windows\\SysWOW64\\drivers\\amdk8.sys",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\default\\about+newtab\\idb\\3312185054sbndi_pspte.files",
"C:\\Windows\\System32\\es.dll",
"D:\\Windows\\System32\\config\\SECURITY",
"C:\\FRST\\m3Hu8Ft2L\\ntuser.dat.LOG1",
"C:\\FRST\\m3Hu8Ft2L\\ntuser.dat.LOG2",
"C:\\Windows\\SysWOW64\\wevtsvc.dll",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\sessionstore-backups",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%SystemRoot%\\System32\\HotStartUserAgent.dll",
"C:\\Windows\\SysWOW64\\drivers\\BrSerWdm.sys",
"C:\\Windows\\System32\\catroot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\Microsoft-Windows-Tuner-Drivers-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat",
"C:\\Windows\\System32\\drivers\\ipfltdrv.sys",
"C:\\Windows\\System32\\polstore.dll",
"C:\\Python27\\Scripts\\dot3gpclnt.dll",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%systemroot%\\Microsoft.NET\\Framework64\\v3.0\\Windows Communication Foundation\\infocard.exe",
"C:\\Python27\\BthUdTask.exe",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome",
"C:\\Windows\\System32\\drivers\\asyncmac.sys",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\System32\\drivers\\FsDepends.sys",
"C:\\Windows\\System32\\ieframe.dll",
"C:\\Windows\\SysWOW64\\drivers\\ACPI.sys",
"C:\\Windows\\System32\\drivers\\flpydisk.sys",
"C:\\FRST\\m3Hu8Ft2L\\UsrClass.dat",
"C:\\Windows\\System32\\catroot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\Microsoft-Windows-ICM-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat",
"C:\\Windows\\SysWOW64\\drivers\\i8042prt.sys",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Active Directory Rights Management Services Client\\AD RMS Rights Policy Template Management (Manual)",
"C:\\Windows\\SysWOW64\\GroupPolicyUsers\\psscripts.ini",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\MobilePC\\HotStart",
"C:\\Windows\\SysWOW64\\drivers\\cdrom.sys",
"C:\\Windows\\System32\\FDResPub.dll",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\MUI\\LPRemove",
"C:\\Windows\\System32\\iphlpsvc.dll",
"C:\\Windows\\System32\\drivers\\circlass.sys",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Media Center\\ConfigureInternetTimeService",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%SystemRoot%\\System32\\PlaySndSrv.dll",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\AppID\\VerifiedPublisherCertStoreCheck",
"C:\\Windows\\SysWOW64\\drivers\\fileinfo.sys",
"C:\\Windows\\System32\\gpprefcl.dll",
"C:\\Windows\\System32\\drivers\\fdc.sys",
"C:\\Windows\\SysWOW64\\gpsvc.dll",
"C:\\Users\\cuck\\AppData\\Roaming\\Opera Software\\Opera Stable\\preferences",
"C:\\frst\\filesRem",
"C:\\Windows\\SysWOW64\\dhcpcore.dll",
"C:\\Windows\\SysWOW64\\drivers\\BrFiltUp.sys",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%SystemRoot%\\System32\\srchadmin.dll",
"C:\\FRST\\tmphives",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\SystemRestore\\SR",
"C:\\Windows\\System32\\drivers\\bthmodem.sys",
"C:\\Windows\\System32\\drivers\\compbatt.sys",
"C:\\Users\\cuck\\NTUSER.DAT",
"C:\\Program Files\\Windows Sidebar\\Sidebar.exe \\autoRun",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%SystemRoot%\\System32\\iphlpsvc.dll",
"C:\\Python27\\Scripts\\win32spl.dll",
"C:\\Windows\\SysWOW64\\drivers\\cdfs.sys",
"C:\\Windows\\System32\\wpcmig.dll",
"C:\\Windows\\SysWOW64\\GroupPolicy\\User\\Scripts\\psscripts.ini",
"C:\\Windows\\System32\\itss.dll",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%SystemRoot%\\system32\\ipbusenum.dll",
"C:\\Windows\\SysWOW64\\userinit.exe",
"C:\\Windows\\System32\\catroot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\Microsoft-Windows-MobilePC-Client-Sensors-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\default\\moz-safe-about+home\\idb\\3312185054sbndi_pspte.files",
"C:\\Windows\\SysWOW64\\drivers\\crcdisk.sys",
"C:\\Windows\\SysWOW64\\drivers\\amdppm.sys",
"D:\\Windows\\System32\\config\\SECURITY.LOG*",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\2918063365piupsah.files",
"C:\\Windows\\System32\\iedkcs32.dll",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\System32\\DRIVERS\\fvevol.sys",
"C:\\Windows\\SysWOW64\\Audiosrv.dll",
"C:\\Windows\\System32\\urlmon.dll",
"C:\\Windows\\SysWOW64\\drivers\\FsDepends.sys",
"C:\\Windows\\SysWOW64\\drivers\\errdev.sys",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows Defender\\MpIdleTask",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Media Center\\PBDADiscoveryW2",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\1338591tmp000.zip",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\User Profile Service\\HiveUploadTask",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Location\\Notifications",
"C:\\Windows\\System32\\inetpp.dll",
"C:\\Windows\\System32\\rasmbmgr.dll",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\system32\\drivers\\amdxata.sys",
"C:\\Windows\\SysWOW64\\mswsock.dll",
"C:\\Windows\\SysWOW64\\drivers\\amdxata.sys",
"C:\\Windows\\System32\\drivers\\BrUsbSer.sys",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\default\\moz-safe-about+home\\idb",
"C:\\Windows\\System32\\rasplap.dll",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default",
"C:\\Windows\\System32\\drivers\\BrFiltUp.sys",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\NetTrace\\GatherNetworkInfo",
"C:\\Windows\\SysWOW64\\winrnr.dll",
"C:\\Windows\\System32\\Rundll32.exe C:\\Windows\\system32\\mscories.dll,Install",
"C:\\Program Files (x86)\\mozilla firefox\\browser\\plugins",
"C:\\Windows\\System32\\dhcpcore.dll",
"C:\\Windows\\ehome\\ehrecvr.exe",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Application Experience\\AitAgent",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb",
"C:\\Windows\\System32\\drivers\\HpSAMD.sys",
"C:\\Windows\\System32\\drivers\\E1G6032E.sys",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\permissions.sqlite",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%SystemRoot%\\System32\\itss.dll",
"C:\\Python27\\Scripts\\BthUdTask.exe",
"C:\\Windows\\System32\\p2pcollab.dll",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\system32\\DRIVERS\\bowser.sys",
"C:\\Windows\\System32\\TsUsbRedirectionGroupPolicyExtension.dll",
"C:\\Windows\\System32\\dwm.exe",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%SystemRoot%\\system32\\FntCache.dll",
"C:\\Windows\\System32\\drivers\\discache.sys",
"C:\\Windows\\System32\\rpcss.dll",
"C:\\Windows\\System32\\catroot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\Microsoft-Windows-Gadget-Platform-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat",
"C:\\Program Files (x86)\\mozilla firefox\\defaults\\pref\\channel-prefs.js",
"D:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\UsrClass.dat",
"C:\\Windows\\SysWOW64\\ie4uinit.exe",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\Temp1_1338591tmp000.zip\\",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\onboarding@mozilla.org.xpi",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows Defender\\MP Scheduled Scan",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Media Center\\MediaCenterRecoveryTask",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\winsock",
"C:\\Windows\\System32\\drivers\\hwpolicy.sys",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Multimedia\\SystemSoundsService",
"C:\\FRST\\z8Fn3Cz4",
"C:\\Windows\\System32\\bthserv.dll",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%SystemRoot%\\System32\\dnsrslvr.dll",
"C:\\Windows\\SysWOW64\\rpcss.dll",
"C:\\Windows\\SysWOW64\\drivers\\dxgkrnl.sys",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%windir%\\System32\\LocationNotifications.exe",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Ras\\MobilityManager",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\Temp1_1338591tmp000.zip\\install.rdf",
"C:\\FRST\\Hives\\SOFTWARE",
"C:\\Windows\\System32\\mctadmin.exe",
"C:\\Python27\\Scripts\\scecli.dll",
"C:\\Windows\\SysWOW64\\drivers\\fltmgr.sys",
"C:\\Windows\\SysWOW64\\dllhost.exe",
"C:\\Windows\\System32\\drivers\\CompositeBus.sys",
"C:\\FRST\\Hives\\cuck\\UsrClass.dat",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\System32\\Drivers\\dfsc.sys",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\hndlr0",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\system32\\DRIVERS\\hidusb.sys",
"C:\\Windows\\SysWOW64\\drivers\\fastfat.sys",
"C:\\Windows\\System32\\unregmp2.exe \\ShowWMP",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%SystemRoot%\\system32\\rpcss.dll",
"C:\\Windows\\System32\\BFE.DLL",
"C:\\FRST\\Quarantine",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%SystemRoot%\\System32\\browser.dll",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%systemroot%\\system32\\msdrm.dll",
"C:\\Windows\\SysWOW64\\drivers\\Brserid.sys",
"C:\\Windows\\System32\\cmd.exe",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%SystemRoot%\\system32\\dllhost.exe",
"C:\\Windows\\SysWOW64\\drivers\\acpipmi.sys",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%SystemRoot%\\System32\\eapsvc.dll",
"C:\\FRST\\m3Hu8Ft2L\\SYSTEM",
"C:\\Windows\\System32\\lsm.exe",
"C:\\Windows\\SysWOW64\\drivers\\BrUsbMdm.sys",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%systemroot%\\system32\\certCredProvider.dll",
"C:\\Windows\\ehome\\mcupdate.exe",
"C:\\Windows\\SysWOW64\\inetcomm.dll",
"C:\\Windows\\SysWOW64\\drivers\\discache.sys",
"C:\\Windows\\System32\\catroot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\Microsoft-Windows-InternetExplorer-Package~31bf3856ad364e35~amd64~~8.0.7601.17514.cat",
"C:\\Windows\\System32\\catroot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\Microsoft-Windows-MediaCenter-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat",
"C:\\Windows\\System32\\drivers\\arc.sys",
"C:\\Windows\\SysWOW64\\drivers\\CompositeBus.sys",
"C:\\Windows\\System32\\drivers\\adpu320.sys",
"C:\\Windows\\System32\\AuxiliaryDisplayServices.dll",
"C:\\Windows\\SysWOW64\\drivers\\drmkaud.sys",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Task Manager\\Interactive",
"C:\\Windows\\System32\\MsCtfMonitor.dll",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\system32\\drivers\\HdAudio.sys",
"C:\\Windows\\System32\\drivers\\cdrom.sys",
"C:\\Windows\\SysWOW64\\NapiNSP.dll",
"D:\\Windows\\System32\\config\\SOFTWARE.LOG*",
"C:\\Windows\\SysWOW64\\drivers\\E1G6032E.sys",
"C:\\Users\\Default\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup",
"C:\\Users\\cuck\\AppData\\Roaming\\Identities",
"C:\\FRST\\m3Hu8Ft2L\\SOFTWARE.LOG",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\saved-telemetry-pings",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%SystemRoot%\\System32\\AuxiliaryDisplayServices.dll",
"C:\\Windows\\SysWOW64\\drivers\\amdsata.sys",
"C:\\Program Files\\Windows Sidebar\\sidebar.exe",
"C:\\Windows\\SysWOW64\\mscories.dll",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\SideShow\\SystemDataProviders",
"C:\\Windows\\SysWOW64\\provsvc.dll",
"C:\\Windows\\System32\\cscobj.dll",
"C:\\Windows\\System32\\Defrag.exe",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Registry\\RegIdleBackup",
"C:\\Windows\\Tasks\\",
"C:\\Program Files\\Windows Mail\\WinMail.exe OCInstallUserConfigOE",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\extension-settings.json",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%SystemRoot%\\System32\\certprop.dll",
"C:\\Windows\\System32\\unregmp2.exe",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\system32\\drivers\\atapi.sys",
"C:\\Windows\\SysWOW64\\appidsvc.dll",
"C:\\Windows\\System32\\drivers\\adp94xx.sys",
"C:\\Windows\\System32\\catroot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\Microsoft-Windows-Shell-HomeGroup-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat",
"C:\\Windows\\System32\\drivers\\iirsp.sys",
"C:\\Windows\\System32\\userinit.exe",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\temporary",
"C:\\Windows\\System32\\drivers\\hdaudbus.sys",
"C:\\Python27\\inetpp.dll",
"C:\\Windows\\SysWOW64\\qmgr.dll",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%SystemRoot%\\system32\\rasplap.dll",
"C:\\Windows\\System32\\drivers\\http.sys",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\UPnP\\UPnPHostConfig",
"C:\\Windows\\System32\\unregmp2.exe \\FirstLogon \\Shortcuts \\RegBrowsers \\ResetMUI",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%windir%\\system32\\lpremove.exe",
"C:\\Windows\\Microsoft.NET\\Framework64\\v2.0.50727\\mscorsvw.exe",
"C:\\FRST\\m3Hu8Ft2L\\SAM.LOG1",
"C:\\FRST\\m3Hu8Ft2L\\SAM.LOG2",
"C:\\Windows\\System32\\drivers\\FsDepends.sys",
"C:\\Windows\\System32\\kernelceip.dll",
"C:\\Windows\\SysWOW64\\AxInstSV.dll",
"C:\\Windows\\SysWOW64\\cscsvc.dll",
"C:\\Windows\\SysWOW64\\drivers\\agp440.sys",
"C:\\Windows\\System32\\conhost.exe",
"C:\\Windows\\SysWOW64\\drivers\\.NET Data Provider for SqlServer.sys",
"C:\\FRST\\m3Hu8Ft2L\\SYSTEM.LOG2",
"C:\\FRST\\m3Hu8Ft2L\\SYSTEM.LOG1",
"C:\\Windows\\System32\\drivers\\hidir.sys",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\minidumps",
"C:\\Python27\\mscoree.dll",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\System32\\Drivers\\cng.sys",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Media Center\\RecordingRestart",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\system32\\DRIVERS\\CmBatt.sys",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%SystemRoot%\\System32\\ikeext.dll",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Maintenance\\WinSAT",
"C:\\Windows\\System32\\msdrm.dll",
"C:\\Windows\\System32\\NapiNSP.dll",
"C:\\Windows\\System32\\drivers\\hcw85cir.sys",
"C:\\Windows\\SysWOW64\\drivers\\amdide.sys",
"C:\\Windows\\SysWOW64\\drivers\\hidir.sys",
"C:\\Windows\\System32\\inetcomm.dll",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%SystemRoot%\\System32\\VaultCredProvider.dll",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%SystemRoot%\\System32\\memdiag.dll",
"C:\\Program Files\\Windows Defender\\MsMpLics.dll",
"C:\\Windows\\SysWOW64\\drivers\\iaStorV.sys",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%systemroot%\\System32\\sdclt.exe",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\plugins",
"C:\\Windows\\System32\\mscories.dll",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\system32\\DRIVERS\\E1G6032E.sys",
"C:\\Windows\\Microsoft.NET\\Framework64\\v3.0\\Windows Communication Foundation\\infocard.exe",
"C:\\Windows\\SysWOW64\\drivers\\Fs_Rec.sys",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\default\\moz-safe-about+home",
"C:\\Windows\\SysWOW64\\drivers\\csc.sys",
"C:\\Windows\\SysWOW64\\unregmp2.exe",
"C:\\Windows\\SysWOW64\\bdesvc.dll",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Media Center\\ActivateWindowsSearch",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%windir%\\system32\\wermgr.exe",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\system32\\drivers\\ACPI.sys",
"C:\\Windows\\System32\\smss.exe",
"C:\\Windows\\System32\\catroot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\Microsoft-Windows-Client-Drivers-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat",
"C:\\Windows\\SysWOW64\\drivers\\afd.sys",
"C:\\Windows\\SysWOW64\\browser.dll",
"C:\\Windows\\System32\\SmartcardCredentialProvider.dll",
"C:\\Windows\\System32\\propsys.dll",
"C:\\Windows\\System32\\drivers\\CmBatt.sys",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\WindowsBackup\\ConfigNotification",
"C:\\Python27\\Scripts\\inetpp.dll",
"C:\\Windows\\SysWOW64\\explorer.exe",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%systemroot%\\ehome\\ehRecvr.exe",
"C:\\Windows\\SysWOW64\\x32\\Data\\profile",
"C:\\Windows\\System32\\catroot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\Microsoft-Windows-GroupPolicy-ClientExtensions-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat",
"C:\\Windows\\SysWOW64\\drivers\\BrFiltLo.sys",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%SystemRoot%\\system32\\wdc.dll",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Offline Files\\Background Synchronization",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%windir%\\system32\\DFDWiz.exe",
"C:\\Windows\\System32\\catroot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\ntexe.cat",
"C:\\Windows\\System32\\GroupPolicyUsers\\psscripts.ini",
"C:\\Windows\\System32\\drivers\\arcsas.sys",
"C:\\FRST\\Hives\\SYSTEM",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%SystemRoot%\\System32\\Audiosrv.dll",
"C:\\Windows\\System32\\appidsvc.dll",
"C:\\FRST\\",
"C:\\Windows\\SysWOW64\\drivers\\exfat.sys",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Media Center\\ObjectStoreRecoveryTask",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%ProgramFiles%\\Windows Mail\\WinMail.exe OCInstallUserConfigOE",
"C:\\Windows\\System32\\drivers\\intelide.sys",
"C:\\Windows\\SysWOW64\\drivers\\ipfltdrv.sys",
"C:\\FRST\\z8Fn3Cz4\\SYSTEM",
"C:\\Windows\\SysWOW64\\Rundll32.exe C:\\Windows\\SysWOW64\\mscories.dll,Install",
"C:\\Windows\\System32\\drivers\\BrFiltLo.sys",
"C:\\Windows\\System32\\wlgpclnt.dll",
"C:\\Windows\\SysWOW64\\drivers\\atapi.sys",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%SystemRoot%\\System32\\appinfo.dll",
"C:\\Windows\\SysWOW64\\drivers\\disk.sys",
"D:\\Windows\\System32\\config\\SAM",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%SystemRoot%\\system32\\ListSvc.dll",
"C:\\Windows\\System32\\alg.exe",
"C:\\Windows\\System32\\catroot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\Microsoft-Windows-Disk-Diagnosis-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Media Center\\PvrScheduleTask",
"C:\\Windows\\SysWOW64\\drivers\\HdAudio.sys",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%SystemRoot%\\System32\\gpsvc.dll",
"C:\\Windows\\System32\\drivers\\disk.sys",
"C:\\Program Files (x86)",
"C:\\Windows\\System32\\lpremove.exe",
"C:\\Windows\\System32\\KMSVC.DLL",
"C:\\Windows\\System32\\lsass.exe",
"D:\\Windows\\System32\\config\\DEFAULT",
"C:\\Windows\\System32\\drivers\\fltMgr.sys",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%SystemRoot%\\system32\\dps.dll",
"C:\\Windows\\System32\\usbceip.dll",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\CertificateServicesClient\\UserTask-Roam",
"C:\\Windows\\System32\\browser.dll",
"C:\\FRST\\m3Hu8Ft2L\\DEFAULT.LOG2",
"C:\\FRST\\m3Hu8Ft2L\\DEFAULT.LOG1",
"C:\\Windows\\System32\\catroot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\Microsoft-Hyper-V-Guest-Integration-Drivers-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat",
"C:\\Windows\\System32\\drivers\\amdsbs.sys",
"C:\\FRST\\Logs\\ct.ini",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%SystemRoot%\\System32\\bdesvc.dll",
"C:\\Windows\\System32\\catroot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\Microsoft-Windows-WMPNetworkSharingService-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%windir%\\system32\\gatherNetworkInfo.vbs",
"C:\\Windows\\System32\\drivers\\filetrace.sys",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Media Center\\UpdateRecordPath",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Autochk\\Proxy",
"C:\\FRST\\Hives\\cuck\\NTUSER.DAT",
"C:\\Windows\\SysWOW64\\kmsvc.dll",
"C:\\Windows\\System32\\drivers\\DCLocator.sys",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\system32\\DRIVERS\\HDAudBus.sys",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%SystemRoot%\\System32\\polstore.dll",
"C:\\Windows\\SysWOW64\\ipbusenum.dll",
"C:\\Windows\\System32\\drivers\\appid.sys",
"C:\\Windows\\System32\\drivers\\.NET Data Provider for Oracle.sys",
"C:\\Windows\\System32\\drivers\\cng.sys",
"C:\\Windows\\System32\\ie4uinit.exe -UserIconConfig",
"C:\\Python27\\dot3gpclnt.dll",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%SystemRoot%\\system32\\unregmp2.exe \\FirstLogon \\Shortcuts \\RegBrowsers \\ResetMUI",
"C:\\Windows\\SysWOW64\\drivers\\BTHPORT.sys",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%windir%\\system32\\appidcertstorecheck.exe",
"C:\\Windows\\System32\\drivers\\afd.sys",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\DiskDiagnostic\\Microsoft-Windows-DiskDiagnosticDataCollector",
"C:\\Windows\\SysWOW64\\ie4uinit.exe -BaseSettings",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\Temp1_1338591tmp000.zip",
"C:\\Windows\\System32\\gpsvc.dll",
"C:\\Windows\\System32\\drivers\\elxstor.sys",
"C:\\Windows\\SysWOW64\\bthserv.dll",
"C:\\Windows\\System32\\catroot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\Microsoft-Windows-Backup-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat",
"C:\\Windows\\SysWOW64\\aelupsvc.dll",
"C:\\Windows\\SysWOW64\\drivers\\amdsbs.sys",
"C:\\Windows\\System32\\srchadmin.dll",
"C:\\Windows\\System32\\services.exe",
"C:\\Windows\\System32\\dot3svc.dll",
"C:\\FRST\\Logs",
"C:\\Windows\\System32\\catroot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\Microsoft-Windows-MobilePC-Client-SideShow-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\winmgmts:{impersonationLevel=impersonate}!\\root\\cimv2",
"C:\\Windows\\System32\\fdPHost.dll",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Media Center\\PvrRecoveryTask",
"C:\\Windows\\SysWOW64\\MSVidCtl.dll",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\3561288849sdhlie.files",
"C:\\Windows\\SysWOW64\\drivers\\hidusb.sys",
"C:\\Windows\\System32\\drivers\\BrSerWdm.sys",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%SystemRoot%\\System32\\mscms.dll",
"C:\\Windows\\System32\\catroot2\\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\\",
"C:\\Users\\cuck",
"C:\\Windows\\SysWOW64\\fdPHost.dll",
"C:\\Windows\\System32\\DFDWiz.exe",
"C:\\Windows\\System32\\drivers\\dxgkrnl.sys",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\prefs.js",
"C:\\Windows\\System32\\aitagent.exe",
"C:\\Windows\\System32\\catroot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\Microsoft-Windows-PeerToPeer-Full-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat",
"C:\\Windows\\SysWOW64\\drivers\\adp94xx.sys",
"C:\\Windows\\System32\\LocationNotifications.exe",
"C:\\Windows\\System32\\rundll32.exe C:\\Windows\\System32\\iedkcs32.dll,BrandIEActiveSetup SIGNUP",
"C:\\Windows\\System32\\FXSSVC.exe",
"C:\\Windows\\System32\\gpprnext.dll",
"C:\\Windows\\System32\\catroot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\extensions",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%SystemRoot%\\system32\\fdPHost.dll",
"C:\\FRST\\Hives\\DEFAULT",
"C:\\Windows\\System32\\drivers\\intelppm.sys",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\WDI\\ResolutionHost",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent\\chrome\\idb\\1657114595AmcateirvtiSty.files",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Media Center\\ehDRMInit",
"C:\\Windows\\System32\\IKEEXT.DLL",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%Systemroot%\\System32\\defragsvc.dll",
"C:\\Windows\\System32\\GroupPolicy\\User\\Registry.pol",
"C:\\Windows\\System32\\wpcumi.dll",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%systemroot%\\system32\\rasmbmgr.dll",
"C:\\Windows\\System32\\catroot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\Microsoft-Windows-Common-Drivers-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat",
"C:\\Windows\\System32\\drivers\\inetaccs.sys",
"C:\\Windows\\System32\\drivers\\csc.sys",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%SystemRoot%\\System32\\cscobj.dll",
"C:\\Windows\\System32\\gatherNetworkInfo.vbs",
"C:\\Windows\\SysWOW64\\drivers\\dfsc.sys",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\profiles.ini",
"C:\\Program Files\\Windows Media Player\\wmpnscfg.exe",
"C:\\Windows\\SysWOW64\\rundll32.exe C:\\Windows\\SysWOW64\\iedkcs32.dll,BrandIEActiveSetup SIGNUP",
"C:\\Windows\\SysWOW64\\GroupPolicy\\Machine\\Scripts\\psscripts.ini",
"C:\\Windows\\System32\\ipbusenum.dll",
"C:\\Windows\\System32\\winlogon.exe",
"C:\\FRST\\Hives\\SECURITY",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup",
"C:\\Windows\\System32\\catroot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\Microsoft-Windows-Common-Modem-Drivers-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\gmp",
"C:\\FRST\\m3Hu8Ft2L\\NTUSER.DAT",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\permanent",
"C:\\Windows\\System32\\drivers\\fvevol.sys",
"C:\\Windows\\SysWOW64\\CLFS.sys",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Media Center\\ReindexSearchRoot",
"C:\\Windows\\System32\\dps.dll",
"C:\\Program Files (x86)\\Google\\Chrome\\Application",
"C:\\Python27\\fdeploy.dll",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Customer Experience Improvement Program\\Consolidator",
"C:\\Windows\\SysWOW64\\drivers\\hcw85cir.sys",
"C:\\Windows\\SysWOW64\\drivers\\appid.sys",
"C:\\Windows\\System32\\drivers\\cmdide.sys",
"C:\\Windows\\System32\\catroot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\Microsoft-Windows-SecureStartup-Basic-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat",
"C:\\Windows\\System32\\drivers\\beep.sys",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%SystemRoot%\\system32\\inetcomm.dll",
"C:\\Windows\\SysWOW64\\drivers\\.NET Data Provider for Oracle.sys",
"C:\\Windows\\System32\\GroupPolicy\\User\\Scripts\\psscripts.ini",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\CertificateServicesClient\\SystemTask",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\SystemExtensionsDev",
"C:\\Windows\\System32\\win32spl.dll",
"C:\\Users\\cuck\\AppData\\Roaming\\Microsoft",
"C:\\Windows\\System32\\GroupPolicy\\User\\Scripts\\scripts.ini",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%SystemRoot%\\system32\\WinSATAPI.dll",
"C:\\Python27\\wlgpclnt.dll",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%SystemRoot%\\system32\\hidserv.dll",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Windows Error Reporting\\QueueReporting",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\followonsearch@mozilla.com.xpi",
"C:\\FRST\\m3Hu8Ft2L\\SOFTWARE.LOG1",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles",
"C:\\Windows\\SysWOW64\\drivers\\hidbth.sys",
"C:\\FRST\\m3Hu8Ft2L\\SOFTWARE.LOG2",
"C:\\Windows\\SysWOW64\\drivers\\HDAudBus.sys",
"C:\\Windows\\SysWOW64\\defragsvc.dll",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\PerfTrack\\BackgroundConfigSurveyor",
"C:\\Windows\\System32\\drivers\\amdxata.sys",
"C:\\Windows\\System32\\regidle.dll",
"C:\\Windows\\SysWOW64\\GroupPolicy\\User\\Scripts\\scripts.ini",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\system32\\DRIVERS\\i8042prt.sys",
"C:\\Windows\\System32\\scecli.dll",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\system32\\DRIVERS\\ipfltdrv.sys",
"C:\\Python27\\win32spl.dll",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\default\\about+newtab\\idb",
"C:\\Windows\\SysWOW64\\drivers\\fvevol.sys",
"C:\\Python27\\gpprefcl.dll",
"C:\\Windows\\SysWOW64\\dnsrslvr.dll",
"C:\\Windows\\System32\\nlaapi.dll",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%SystemRoot%\\System32\\alg.exe",
"C:\\Windows\\System32\\wininit.exe",
"C:\\Windows\\System32\\mscoree.dll",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Media Center\\PeriodicScanRetry",
"C:\\FRST\\m3Hu8Ft2L\\SECURITY.LOG",
"C:\\Windows\\SysWOW64\\drivers\\b57nd60a.sys",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\searchplugins",
"C:\\Windows\\System32\\aelupsvc.dll",
"C:\\Windows\\System32\\shell32.dll",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%SystemRoot%\\System32\\aelupsvc.dll",
"C:\\Windows\\explorer.exe",
"C:\\Program Files\\Mozilla Firefox\\distribution\\extensions",
"C:\\Windows\\System32\\certprop.dll",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\MemoryDiagnostic\\CorruptionDetector",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Pending Pings",
"C:\\Windows\\System32\\drivers\\b57nd60a.sys",
"C:\\Program Files\\mozilla firefox",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%SystemRoot%\\System32\\regidle.dll",
"C:\\Windows\\System32\\bdesvc.dll",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Application Experience\\ProgramDataUpdater",
"C:\\Windows\\System32\\drivers\\.NET Data Provider for SqlServer.sys",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Power Efficiency Diagnostics\\AnalyzeSystem",
"C:\\Windows\\System32\\drivers\\atapi.sys",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Media Center\\SqlLiteRecoveryTask",
"C:\\Windows\\System32\\dnsrslvr.dll",
"C:\\Windows\\System32\\audiosrv.dll",
"C:\\Windows\\SysWOW64\\GroupPolicy\\Machine\\Registry.pol",
"C:\\Program Files\\Windows Mail\\WinMail.exe",
"C:\\Windows\\System32\\drivers\\fileinfo.sys",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\system32\\drivers\\fileinfo.sys",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%ProgramFiles%\\Windows Media Player\\wmpnscfg.exe",
"C:\\FRST\\m3Hu8Ft2L\\SOFTWARE",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\System32\\drivers\\discache.sys",
"C:\\Windows\\System32\\drivers\\dfsc.sys",
"D:\\Windows\\System32\\config\\system.LOG*",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%SystemRoot%\\System32\\AxInstSV.dll",
"C:\\Windows\\System32\\catroot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\Microsoft-Windows-ParentalControls-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat",
"C:\\Windows\\System32\\catroot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\Microsoft-Windows-MobilePC-Client-Basic-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat",
"C:\\Windows\\System32\\auditcse.dll",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%systemroot%\\system32\\dimsjob.dll",
"C:\\Windows\\System32\\cscsvc.dll",
"C:\\Windows\\SysWOW64\\drivers\\filetrace.sys",
"C:\\Windows\\SysWOW64\\fdrespub.dll",
"D:\\Users\\cuck\\NTUSER.DAT.LOG*",
"C:\\Windows\\System32\\drivers\\ESENT.sys",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\crashes",
"C:\\Windows\\System32\\appidcertstorecheck.exe",
"C:\\Windows\\SysWOW64\\drivers\\gagp30kx.sys",
"C:\\Windows\\System32\\provsvc.dll",
"C:\\Windows\\System32\\catroot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\Microsoft-Windows-SearchEngine-Client-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat",
"C:\\Windows\\System32\\GroupPolicy\\Machine\\Registry.pol",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\system32\\DRIVERS\\cdfs.sys",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\WindowsColorSystem\\Calibration Loader",
"C:\\Program Files (x86)\\Mozilla Firefox\\distribution\\policies.json",
"C:\\Windows\\System32\\gpscript.dll",
"C:\\Windows\\System32\\appmgmts.dll",
"C:\\Windows\\Microsoft.Net\\Framework64\\v3.0\\WPF\\PresentationFontCache.exe",
"C:\\Users\\cuck\\AppData\\Roaming",
"C:\\Windows\\SysWOW64\\propsys.dll",
"C:\\Windows\\SysWOW64\\eapsvc.dll",
"C:\\Windows\\System32\\wdi.dll",
"C:\\Python27\\scecli.dll",
"C:\\Windows\\System32\\drivers\\dmvsc.sys",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%systemroot%\\system32\\fxssvc.exe",
"C:\\Python27\\Scripts\\gpprefcl.dll",
"C:\\Program Files (x86)\\Windows Mail\\WinMail.exe",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Windows Filtering Platform\\BfeOnServiceStartTypeChange",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%windir%\\system32\\appidpolicyconverter.exe",
"C:\\Windows\\System32\\appidpolicyconverter.exe",
"C:\\Program Files",
"C:\\Windows\\System32\\RacEngn.dll",
"C:\\Windows\\SysWOW64\\itss.dll",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage\\default\\about+newtab",
"C:\\Windows\\SysWOW64\\drivers\\.NETFramework.sys",
"C:\\Windows\\System32\\drivers\\acpi.sys",
"C:\\Windows\\System32\\catroot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\ntph.cat",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%SystemRoot%\\System32\\sdiagschd.dll",
"C:\\Python27\\Scripts\\appmgmts.dll",
"C:\\Windows\\System32\\wbem\\WmiPrvSE.exe",
"C:\\Windows\\System32\\AxInstSv.dll",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\SideShow\\AutoWake",
"C:\\Windows\\SysWOW64\\hidserv.dll",
"C:\\Windows\\SysWOW64\\drivers\\.NET CLR Networking.sys",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Windows Media Sharing\\UpdateLibrary",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\system32\\drivers\\csc.sys",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\8bea8c84332f5eaf85be32a3d67134efc603314efc297afe87b72d47bc03b79c.bin",
"D:\\Users\\cuck\\NTUSER.DAT",
"C:\\Windows\\SysWOW64\\lsass.exe",
"C:\\Users\\cuck\\AppData\\Local\\Google\\Chrome\\User Data",
"C:\\Windows\\System32\\VaultCredProvider.dll",
"C:\\Windows\\SysWOW64\\drivers\\1394ohci.sys",
"C:\\Windows\\System32\\audiodg.exe",
"C:\\Windows\\System32\\SearchIndexer.exe",
"C:\\Windows\\System32\\dllhost.exe",
"C:\\Windows\\System32\\drivers\\bowser.sys",
"C:\\Windows\\System32\\drivers\\BrSerId.sys",
"C:\\FRST\\m3Hu8Ft2L\\SECURITY",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\RemoteAssistance\\RemoteAssistanceTask",
"C:\\Python27\\Scripts\\gptext.dll",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%systemroot%\\Microsoft.NET\\Framework\\v2.0.50727\\mscorsvw.exe",
"C:\\Users\\",
"C:\\Windows\\System32\\wsqmcons.exe",
"C:\\Windows\\SysWOW64\\ie4uinit.exe -UserIconConfig",
"C:\\Windows\\System32\\drivers\\cdfs.sys",
"C:\\Windows\\SysWOW64\\drivers\\crypt32.sys",
"C:\\Program Files\\mozilla firefox\\browser\\defaults\\preferences",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\permissions.sqlite-wal",
"C:\\Windows\\System32\\pnrpnsp.dll",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%SystemRoot%\\System32\\cscui.dll",
"C:\\Windows\\SysWOW64\\ListSvc.dll",
"C:\\Windows\\System32\\catroot\\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\\",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\system32\\DRIVERS\\asyncmac.sys",
"C:\\Windows\\System32\\drivers\\amdppm.sys",
"C:\\FRST",
"C:\\Windows\\System32\\fdeploy.dll",
"C:\\Windows\\SysWOW64\\drivers\\HpSAMD.sys",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Extensions\\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}",
"C:\\Windows\\SysWOW64\\drivers\\Beep.sys",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\system32\\DRIVERS\\CompositeBus.sys",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%SystemRoot%\\System32\\appidsvc.dll",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox",
"C:\\Windows\\System32\\svchost.exe",
"C:\\Windows\\System32\\drivers\\etc\\hosts",
"C:\\Python27\\Scripts\\gpscript.dll",
"C:\\Users\\Public\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\SideShow\\SessionAgent",
"C:\\FRST\\bin\\sqlite3_x64.dll",
"C:\\Windows\\SysWOW64\\drivers\\evbda.sys",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%SystemRoot%\\system32\\provsvc.dll",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Diagnosis\\Scheduled",
"C:\\Windows\\System32\\GroupPolicy\\Machine\\Scripts\\scripts.ini",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%ProgramFiles(x86)%\\Windows Mail\\WinMail.exe OCInstallUserConfigOE",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%SystemRoot%\\System32\\bfe.dll",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Time Synchronization\\SynchronizeTime",
"C:\\Windows\\SysWOW64\\bfe.dll",
"C:\\Windows\\System32\\catroot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\Microsoft-Windows-RemoteAssistance-Package-Client~31bf3856ad364e35~amd64~~6.1.7601.17514.cat",
"C:\\Windows\\System32\\drivers\\1394ohci.sys",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Defrag\\ScheduledDefrag",
"C:\\Windows\\SysWOW64\\drivers\\asyncmac.sys",
"C:\\Windows\\System32\\drivers\\i8042prt.sys",
"C:\\Windows\\System32\\rundll32.exe",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Media Center\\DispatchRecoveryTasks",
"C:\\Windows\\System32\\drivers\\hidbth.sys",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%SystemRoot%\\System32\\dskquota.dll",
"C:\\FRST\\Hives\\BCD.LOG*",
"C:\\Windows\\System32\\perftrack.dll",
"C:\\Windows\\SysWOW64\\dot3svc.dll",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%SystemRoot%\\System32\\lsass.exe",
"C:\\Windows\\System32\\ListSvc.dll",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\system32\\DRIVERS\\blbdrive.sys",
"C:\\Windows\\SysWOW64\\drivers\\inetaccs.sys",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\screenshots@mozilla.org.xpi",
"C:\\Windows\\SysWOW64\\drivers\\cmdide.sys",
"C:\\Windows\\ehome\\ehPrivJob.exe",
"C:\\FRST\\m3Hu8Ft2L",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%SystemRoot%\\System32\\wdi.dll",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%systemroot%\\system32\\gpprnext.dll",
"C:\\Windows\\System32\\drivers\\HdAudio.sys",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Offline Files\\Logon Synchronization",
"C:\\Windows\\SysWOW64\\drivers\\elxstor.sys",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Customer Experience Improvement Program\\UsbCeip",
"C:\\Program Files\\Windows Defender\\MpOAV.dll",
"C:\\Windows\\SysWOW64\\drivers\\aliide.sys",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%windir%\\ehome\\MCUpdate.exe",
"C:\\Windows\\System32\\SearchProtocolHost.exe",
"C:\\Windows\\System32\\ie4uinit.exe",
"C:\\Windows\\System32\\MSVidCtl.dll",
"C:\\FRST\\Logs\\up64",
"C:\\Windows\\System32\\dskquota.dll",
"C:\\Windows\\System32\\drivers\\amdide.sys",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Media Center\\PBDADiscoveryW1",
"C:\\Windows\\SysWOW64\\drivers\\arc.sys",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\1338591tmp000.zip:Zone.Identifier",
"C:\\Program Files\\Mozilla Firefox\\browser\\features",
"C:\\Windows\\System32\\mscms.dll",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%SystemRoot%\\System32\\BioCredProv.dll",
"C:\\Windows\\System32\\powercfg.exe",
"C:\\Windows\\System32\\winrnr.dll",
"C:\\Windows\\System32\\GroupPolicyUsers\\scripts.ini",
"C:\\FRST\\Hives\\cuck",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%systemroot%\\system32\\RacEngn.dll",
"C:\\Windows\\System32\\taskhost.exe",
"C:\\Users\\cuck\\AppData\\Roaming\\Opera Software\\Opera Stable\\Extensions",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\System32\\drivers\\hwpolicy.sys",
"C:\\Windows\\SysWOW64\\drivers\\hwpolicy.sys",
"C:\\Program Files\\mozilla firefox\\defaults\\pref",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%SystemRoot%\\system32\\kmsvc.dll",
"C:\\Users\\Default User\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup",
"C:\\Program Files (x86)\\Mozilla Firefox\\distribution\\extensions",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\system32\\drivers\\filetrace.sys",
"C:\\Windows\\System32\\BthUdTask.exe",
"C:\\FRST\\z8Fn3Cz4\\SYSTEM.LOG",
"C:\\Python27\\appmgmts.dll",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\extensions\\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Bluetooth\\UninstallDeviceTask",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\system32\\drivers\\disk.sys",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\AppID\\PolicyConverter",
"C:\\Windows\\System32\\drivers\\hidbatt.sys",
"C:\\Windows\\SysWOW64\\drivers\\fdc.sys",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\TextServicesFramework\\MsCtfMonitor",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\features\\",
"C:\\Windows\\System32\\catroot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\Microsoft-Windows-Client-Features-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat",
"C:\\Windows\\System32\\drivers\\errdev.sys",
"C:\\Windows\\SysWOW64\\FntCache.dll",
"C:\\Users\\cuck\\AppData\\Local\\Temp",
"C:\\Windows\\SysWOW64\\alg.exe",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\MemoryDiagnostic\\DecompressionFailureDetector",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%SystemRoot%\\System32\\dot3svc.dll",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Media Center\\OCURActivate",
"C:\\Windows\\SysWOW64\\drivers\\.NET CLR Data.sys",
"C:\\Windows\\SysWOW64\\drivers\\ESENT.sys",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\system32\\DRIVERS\\compbatt.sys",
"C:\\Windows\\System32\\drivers\\.NET CLR Data.sys",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%SystemRoot%\\System32\\wsqmcons.exe",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\install1338591",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Extensions",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%SystemRoot%\\System32\\cscsvc.dll",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%SystemRoot%\\system32\\cryptsvc.dll",
"D:\\Windows\\System32\\config\\SAM.LOG*",
"C:\\Windows\\System32\\catroot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\Microsoft-Windows-SecureStartup-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\system32\\drivers\\HTTP.sys",
"C:\\Windows\\SysWOW64\\appinfo.dll",
"C:\\Windows\\SysWOW64\\ikeext.dll",
"C:\\Windows\\SysWOW64\\mscoree.dll",
"D:\\Windows\\System32\\config\\SYSTEM.LOG*",
"C:\\Python27\\aitagent.exe",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\CertificateServicesClient\\UserTask",
"C:\\FRST\\m3Hu8Ft2L\\UsrClass.dat.LOG1",
"C:\\FRST\\m3Hu8Ft2L\\UsrClass.dat.LOG2",
"C:\\Windows\\SysWOW64\\drivers\\bthmodem.sys",
"C:\\Windows\\System32\\authui.dll",
"C:\\Windows\\SysWOW64\\GroupPolicyUsers",
"C:\\Windows\\System32\\ie4uinit.exe -BaseSettings",
"C:\\Windows\\SysWOW64\\ieframe.dll",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\extensions.ini",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\webcompat@mozilla.org.xpi",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\activity-stream@mozilla.org.xpi",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%SystemRoot%\\system32\\bthserv.dll",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%SystemRoot%\\system32\\fdrespub.dll",
"C:\\Windows\\System32\\mswsock.dll",
"C:\\Windows\\System32\\WinSATAPI.dll",
"D:\\Windows\\System32\\config\\DEFAULT.LOG*",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%SystemRoot%\\system32\\MsCtfMonitor.dll",
"C:\\Windows\\System32\\catroot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\Microsoft-Windows-RemoteFX-RemoteClient-Setup-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat",
"C:\\Windows\\SysWOW64\\drivers\\bowser.sys",
"D:\\Windows\\System32\\config\\SOFTWARE",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Customer Experience Improvement Program\\KernelCeipTask",
"C:\\FRST\\m3Hu8Ft2L\\SECURITY.LOG2",
"C:\\FRST\\m3Hu8Ft2L\\SECURITY.LOG1",
"C:\\Windows\\SysWOW64\\dps.dll",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%SystemRoot%\\System32\\qmgr.dll",
"C:\\Windows\\System32\\drivers\\aliide.sys",
"C:\\Windows\\System32\\wevtsvc.dll",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\UsrClass.dat",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Tcpip\\IpAddressConflict2",
"C:\\Windows\\System32\\drivers\\evbda.sys",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Media Center\\PBDADiscovery",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Media Center\\mcupdate",
"C:\\Windows\\System32\\drivers\\iaStorV.sys",
"C:\\frst\\keysrem",
"C:\\Windows\\SysWOW64\\drivers\\CmBatt.sys",
"C:\\Windows\\System32\\drivers\\drmkaud.sys",
"C:\\Windows\\System32\\qmgr.dll",
"C:\\Windows\\System32\\defragsvc.dll",
"C:\\Windows\\System32\\mshtml.dll",
"C:\\Windows\\System32\\wermgr.exe",
"C:\\Windows\\System32\\drivers\\fs_rec.sys",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Tcpip\\IpAddressConflict1",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Active Directory Rights Management Services Client\\AD RMS Rights Policy Template Management (Automated)",
"C:\\Windows\\System32\\dimsjob.dll",
"C:\\Windows\\SysWOW64\\drivers\\BattC.sys",
"C:\\Windows\\System32\\fveui.dll",
"C:\\Windows\\System32\\catroot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\ntpe.cat",
"C:\\frst\\files",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\storage",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\formautofill@mozilla.org.xpi",
"C:\\Python27\\gpscript.dll",
"C:\\Windows\\SysWOW64\\GroupPolicy\\Machine\\Scripts\\scripts.ini",
"C:\\Users\\cuck\\AppData\\Roaming\\Identities\\{183045C5-6B41-4C94-A7FA-BE70B5E7A9D3}",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\system32\\DRIVERS\\b57nd60a.sys",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Media Center\\OCURDiscovery",
"C:\\Windows\\System32\\drivers\\.NETFramework.sys",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\firefox@getpocket.com.xpi",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%SystemRoot%\\System32\\wevtsvc.dll",
"C:\\Windows\\System32\\QAGENTRT.DLL",
"C:\\Program Files\\mozilla firefox\\browser\\plugins",
"C:\\Windows\\System32\\drivers\\acpipmi.sys",
"C:\\FRST\\Hives\\SAM",
"C:\\Windows\\System32\\dnsapi.dll",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\system32\\drivers\\fltmgr.sys",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%SystemRoot%\\system32\\unregmp2.exe \\ShowWMP",
"C:\\Users\\cuck\\AppData\\Roaming\\Media Center Programs",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%SystemRoot%\\System32\\usbceip.dll",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%SystemRoot%\\System32\\powercfg.exe",
"C:\\Windows\\System32\\SearchFilterHost.exe",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%systemroot%\\Microsoft.Net\\Framework64\\v3.0\\WPF\\PresentationFontCache.exe",
"C:\\Windows\\System32\\drivers\\adpahci.sys",
"C:\\Windows\\System32\\FntCache.dll",
"C:\\Python27\\Scripts\\wlgpclnt.dll",
"C:\\Windows\\SysWOW64\\drivers\\HTTP.sys",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Media Center\\InstallPlayReady",
"D:\\Users\\cuck\\AppData\\Local\\Microsoft\\Windows\\UsrClass.dat.LOG*",
"C:\\Program Files (x86)\\mozilla firefox\\browser\\defaults\\preferences",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%SystemRoot%\\ehome\\ehrec.exe",
"C:\\Windows\\SysWOW64\\drivers\\compbatt.sys",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\permissions.sqlite-journal",
"C:\\Windows\\System32\\VSSVC.exe",
"C:\\Windows\\System32\\drivers\\.NET CLR Networking.sys",
"C:\\FRST\\bin",
"C:\\Windows\\SysWOW64\\drivers\\adpahci.sys",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%SystemRoot%\\ehome\\ehPrivJob.exe",
"C:\\Windows\\System32\\certCredProvider.dll",
"C:\\Windows\\System32\\drivers\\fastfat.sys",
"C:\\Windows\\System32\\drivers\\hidusb.sys",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\RAC\\RacTask",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\archived",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\reg101",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Shell\\WindowsParentalControlsMigration",
"C:\\Windows\\SysWOW64\\cryptsvc.dll",
"C:\\Windows\\System32\\drivers\\GAGP30KX.SYS",
"C:\\FRST\\m3Hu8Ft2L\\SAM",
"C:\\Windows\\SysWOW64\\pnrpnsp.dll",
"C:\\FRST\\z8Fn3Cz4\\SYSTEM.LOG2",
"C:\\FRST\\z8Fn3Cz4\\SYSTEM.LOG1",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%SystemRoot%\\ehome\\mcupdate.exe",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\System32\\CLFS.sys",
"C:\\Windows\\ehome\\ehsched.exe",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\Extensions",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%windir%\\system32\\defrag.exe",
"C:\\Windows\\System32\\csrss.exe",
"c:\\program files\\windows defender\\MpCmdRun.exe",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%windir%\\system32\\RAServer.exe",
"C:\\Windows\\System32\\GroupPolicy\\Machine\\Scripts\\psscripts.ini",
"C:\\Python27\\auditcse.dll",
"C:\\Python27\\Scripts\\fdeploy.dll",
"C:\\Windows\\SysWOW64\\drivers\\bxvbda.sys",
"C:\\Windows\\System32\\dot3gpclnt.dll",
"C:\\Windows\\SysWOW64\\nlaapi.dll",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%SystemRoot%\\system32\\authui.dll",
"C:\\Windows\\System32\\HotStartUserAgent.dll",
"C:\\Windows\\System32\\drivers\\amdsata.sys",
"C:\\Windows\\System32\\eapsvc.dll",
"C:\\FRST\\m3Hu8Ft2L\\DEFAULT",
"C:\\Windows\\SysWOW64\\drivers\\iirsp.sys",
"C:\\FRST\\Hives",
"C:\\Windows\\System32\\gptext.dll",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\SideShow\\GadgetManager",
"C:\\Windows\\System32\\drivers\\bxvbda.sys",
"C:\\Program Files (x86)\\Mozilla Firefox\\browser\\features\\aushelper@mozilla.org.xpi",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Edge\\User Data",
"C:\\Windows\\SysWOW64\\drivers\\intelide.sys",
"C:\\Program Files (x86)\\mozilla firefox",
"C:\\Windows\\System32\\GroupPolicyUsers",
"C:\\Windows\\System32\\drivers\\crcdisk.sys",
"C:\\Program Files (x86)\\Windows Mail\\WinMail.exe OCInstallUserConfigOE",
"C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%SystemRoot%\\system32\\dhcpcore.dll",
"C:\\Python27\\gptext.dll",
"C:\\Windows\\System32\\drivers\\BrUsbMdm.sys",
"C:\\Windows\\System32\\drivers\\battc.sys",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%SystemRoot%\\System32\\appmgmts.dll",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\bookmarkbackups",
"C:\\Windows\\System32\\catroot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\Microsoft-Windows-OfflineFiles-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%systemroot%\\system32\\es.dll",
"C:\\Windows\\System32\\spoolsv.exe",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\crashes\\events",
"C:\\Windows\\System32\\sdclt.exe",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%systemroot%\\ehome\\ehsched.exe",
"C:\\Windows\\System32\\cscui.dll",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\events",
"C:\\FRST\\Temp",
"C:\\FRST\\m3Hu8Ft2L\\DEFAULT.LOG",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\system32\\drivers\\drmkaud.sys",
"C:\\Windows\\SysWOW64\\drivers\\flpydisk.sys",
"C:\\Windows\\SysWOW64\\drivers\\adsi.sys",
"C:\\Windows\\SysWOW64\\drivers\\DCLocator.sys",
"C:\\Python27\\Scripts\\explorer.exe",
"C:\\Windows\\System32\\appinfo.dll",
"C:\\FRST\\b4Ye2Sa8E",
"C:\\FRST\\m3Hu8Ft2L\\SAM.LOG",
"C:\\Windows\\System32\\memdiag.dll",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\system32\\DRIVERS\\intelppm.sys",
"C:\\Windows\\System32\\drivers\\BTHPORT.sys",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\datareporting\\archived\\2018-06",
"C:\\Python27\\Scripts\\auditcse.dll",
"C:\\FRST\\m3Hu8Ft2L\\SYSTEM.LOG",
"C:\\Windows\\SysWOW64\\appmgmts.dll",
"C:\\Windows\\System32\\raserver.exe",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports",
"C:\\Windows\\System32\\drivers\\adsi.sys",
"C:\\Windows\\SysWOW64\\certprop.dll",
"C:\\Python27\\explorer.exe",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla",
"C:\\Windows\\System32\\sdiagschd.dll",
"C:\\Windows\\System32\\catroot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\Microsoft-Windows-Printing-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat",
"C:\\Windows\\SysWOW64\\drivers\\intelppm.sys",
"C:\\Program Files (x86)\\mozilla firefox\\defaults\\pref",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\winmgmts:{impersonationLevel=impersonate}!\\root\\cimv2:Win32_ShadowCopy",
"C:\\Windows\\System32\\cryptsvc.dll",
"C:\\Python27\\SmartcardCredentialProvider.dll",
"C:\\Windows\\SysWOW64\\drivers\\dmvsc.sys",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\system32\\DRIVERS\\cdrom.sys",
"C:\\Program Files\\Mozilla Firefox\\browser\\extensions",
"C:\\Windows\\System32\\drivers\\AGP440.sys",
"C:\\Windows\\SysWOW64\\drivers\\adpu320.sys",
"C:\\Windows\\System32\\explorer.exe",
"C:\\Python27\\Scripts\\aitagent.exe",
"D:\\Windows\\System32\\config\\SYSTEM",
"C:\\Windows\\System32\\catroot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\Microsoft-Windows-Client-Wired-Network-Drivers-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat",
"C:\\Program Files\\Mozilla Firefox\\distribution\\policies.json",
"C:\\Windows\\SysWOW64\\urlmon.dll",
"C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorsvw.exe",
"C:\\Windows\\SysWOW64\\mshtml.dll",
"C:\\Windows\\System32\\drivers\\exfat.sys",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%SystemRoot%\\System32\\TsUsbRedirectionGroupPolicyExtension.dll",
"C:\\Windows\\System32\\catroot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\\nt5.cat",
"C:\\Windows\\System32\\PlaySndSrv.dll"
],
"mutex": [
"IESQMMUTEX_0_208",
"RasPbFile"
],
"file_failed": [
"C:\\Windows\\SysWOW64\\drivers\\fdc.sys",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\features\\",
"C:\\Windows\\SysWOW64\\drivers\\arcsas.sys",
"C:\\Windows\\SysWOW64\\drivers\\circlass.sys",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%systemroot%\\system32\\",
"C:\\Windows\\SysWOW64\\drivers\\cng.sys",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%ProgramFiles%\\Windows Mail\\",
"C:\\Windows\\SysWOW64\\drivers\\disk.sys",
"C:\\Windows\\SysWOW64\\defragsvc.dll",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\system32\\DRIVERS\\",
"C:\\Windows\\SysWOW64\\drivers\\BrFiltLo.sys",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\System32\\drivers\\",
"C:\\Windows\\SysWOW64\\drivers\\fvevol.sys",
"C:\\Windows\\SysWOW64\\qmgr.dll",
"C:\\Windows\\SysWOW64\\dnsrslvr.dll",
"C:\\Windows\\SysWOW64\\drivers\\errdev.sys",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%systemroot%\\System32\\",
"C:\\Windows\\SysWOW64\\drivers\\amdxata.sys",
"C:\\FRST\\m3Hu8Ft2L\\desktop.ini",
"C:\\Windows\\SysWOW64\\drivers\\BrUsbMdm.sys",
"C:\\Program Files (x86)\\mozilla firefox\\browser\\defaults\\",
"C:\\Windows\\SysWOW64\\drivers\\b57nd60a.sys",
"C:\\Users\\cuck\\AppData\\Local\\Microsoft\\Edge\\",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%Systemroot%\\System32\\",
"C:\\ProgramData\\Microsoft\\Network\\Connections\\Pbk\\",
"C:\\Windows\\SysWOW64\\drivers\\ipfltdrv.sys",
"C:\\Windows\\SysWOW64\\drivers\\amdide.sys",
"C:\\Windows\\SysWOW64\\drivers\\hidir.sys",
"C:\\SystemRoot\\System32\\drivers\\",
"C:\\Windows\\SysWOW64\\drivers\\blbdrive.sys",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%systemroot%\\Microsoft.NET\\Framework\\v2.0.50727\\",
"C:\\Windows\\SysWOW64\\drivers\\amdk8.sys",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%windir%\\System32\\",
"C:\\Windows\\SysWOW64\\drivers\\iaStorV.sys",
"C:\\Windows\\SysWOW64\\drivers\\agp440.sys",
"C:\\Windows\\SysWOW64\\wevtsvc.dll",
"C:\\Windows\\SysWOW64\\drivers\\bowser.sys",
"C:\\Windows\\SysWOW64\\eapsvc.dll",
"C:\\Windows\\SysWOW64\\drivers\\Fs_Rec.sys",
"C:\\Windows\\SysWOW64\\dps.dll",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\System32\\DRIVERS\\",
"C:\\Windows\\SysWOW64\\drivers\\intelide.sys",
"C:\\Windows\\SysWOW64\\drivers\\afd.sys",
"C:\\Windows\\SysWOW64\\bdesvc.dll",
"C:\\Program Files (x86)\\Google\\Chrome\\",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\system32\\drivers\\",
"C:\\Windows\\SysWOW64\\drivers\\ACPI.sys",
"C:\\Windows\\SysWOW64\\drivers\\CmBatt.sys",
"C:\\Windows\\SysWOW64\\browser.dll",
"C:\\Windows\\SysWOW64\\drivers\\fileinfo.sys",
"C:\\Windows\\SysWOW64\\drivers\\filetrace.sys",
"C:\\Windows\\SysWOW64\\drivers\\BrSerWdm.sys",
"C:\\Windows\\SysWOW64\\fdrespub.dll",
"C:\\Windows\\SysWOW64\\GroupPolicy\\User\\Scripts\\",
"C:\\Windows\\SysWOW64\\drivers\\cdrom.sys",
"C:\\Windows\\SysWOW64\\drivers\\E1G6032E.sys",
"C:\\Users\\cuck\\AppData\\Local\\Google\\Chrome\\",
"C:\\Windows\\SysWOW64\\drivers\\drmkaud.sys",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%SystemRoot%\\system32\\unregmp2.exe \\FirstLogon \\Shortcuts \\RegBrowsers \\",
"C:\\Windows\\System32\\GroupPolicy\\User\\",
"C:\\Program Files\\mozilla firefox\\browser\\",
"C:\\Windows\\SysWOW64\\Rundll32.exe C:\\Windows\\SysWOW64\\",
"C:\\Windows\\SysWOW64\\drivers\\HidBatt.sys",
"C:\\FRST\\",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%windir%\\system32\\",
"C:\\Users\\cuck\\AppData\\Roaming\\Opera Software\\Opera Stable\\preferences",
"C:\\Users\\cuck\\AppData\\Roaming\\Opera Software\\Opera Stable\\",
"C:\\Windows\\SysWOW64\\drivers\\atapi.sys",
"C:\\Windows\\System32\\GroupPolicy\\Machine\\Scripts\\",
"C:\\Windows\\SysWOW64\\drivers\\cdfs.sys",
"C:\\Windows\\SysWOW64\\drivers\\hidbth.sys",
"C:\\Windows\\SysWOW64\\rundll32.exe C:\\Windows\\SysWOW64\\",
"C:\\Windows\\SysWOW64\\Audiosrv.dll",
"C:\\Windows\\SysWOW64\\FntCache.dll",
"C:\\Windows\\SysWOW64\\ikeext.dll",
"C:\\Windows\\SysWOW64\\drivers\\crcdisk.sys",
"C:\\Windows\\SysWOW64\\drivers\\amdppm.sys",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\Temp1_1338591tmp000.zip\\install.rdf",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%systemroot%\\ehome\\",
"C:\\Windows\\SysWOW64\\drivers\\FsDepends.sys",
"C:\\Windows\\SysWOW64\\drivers\\HTTP.sys",
"C:\\Windows\\SysWOW64\\drivers\\csc.sys",
"C:\\Windows\\SysWOW64\\drivers\\HDAudBus.sys",
"C:\\Windows\\SysWOW64\\drivers\\1394ohci.sys",
"C:\\Windows\\SysWOW64\\drivers\\exfat.sys",
"C:\\Windows\\SysWOW64\\AxInstSV.dll",
"C:\\Windows\\SysWOW64\\ipbusenum.dll",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\System32\\",
"C:\\Windows\\SysWOW64\\drivers\\elxstor.sys",
"C:\\Program Files\\mozilla firefox\\defaults\\",
"C:\\Windows\\SysWOW64\\drivers\\i8042prt.sys",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%systemroot%\\Microsoft.NET\\Framework64\\v3.0\\Windows Communication Foundation\\",
"C:\\frst\\",
"C:\\Windows\\SysWOW64\\drivers\\adpahci.sys",
"C:\\Windows\\SysWOW64\\kmsvc.dll",
"C:\\Windows\\SysWOW64\\bthserv.dll",
"C:\\Windows\\SysWOW64\\drivers\\amdsbs.sys",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\winmgmts:{impersonationLevel=impersonate}!\\root\\cimv2",
"C:\\Windows\\SysWOW64\\ListSvc.dll",
"C:\\Program Files\\mozilla firefox\\browser\\defaults\\",
"C:\\Windows\\SysWOW64\\drivers\\bxvbda.sys",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%SystemRoot%\\system32\\",
"C:\\Windows\\SysWOW64\\certprop.dll",
"C:\\Windows\\System32\\Rundll32.exe C:\\Windows\\system32\\",
"C:\\Windows\\SysWOW64\\drivers\\dmvsc.sys",
"C:\\Windows\\SysWOW64\\drivers\\HpSAMD.sys",
"C:\\Windows\\SysWOW64\\drivers\\Beep.sys",
"C:\\Windows\\SysWOW64\\drivers\\fastfat.sys",
"C:\\Windows\\SysWOW64\\drivers\\iirsp.sys",
"C:\\Windows\\SysWOW64\\fdPHost.dll",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%ProgramFiles(x86)%\\Windows Mail\\",
"C:\\Windows\\SysWOW64\\drivers\\adp94xx.sys",
"C:\\Program Files (x86)\\Mozilla Firefox\\distribution\\",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%SystemRoot%\\system32\\unregmp2.exe \\",
"C:\\Windows\\SysWOW64\\drivers\\evbda.sys",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%ProgramFiles%\\Windows Sidebar\\Sidebar.exe \\",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%SystemRoot%\\System32\\",
"C:\\Windows\\SysWOW64\\rpcss.dll",
"C:\\Windows\\SysWOW64\\drivers\\dxgkrnl.sys",
"C:\\Windows\\SysWOW64\\bfe.dll",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%systemroot%\\Microsoft.Net\\Framework64\\v3.0\\WPF\\",
"C:\\Windows\\SysWOW64\\drivers\\fltmgr.sys",
"C:\\Windows\\System32\\unregmp2.exe \\",
"C:\\Windows\\SysWOW64\\drivers\\asyncmac.sys",
"C:\\Windows\\SysWOW64\\dot3svc.dll",
"C:\\Windows\\SysWOW64\\drivers\\bthmodem.sys",
"C:\\Windows\\System32\\GroupPolicy\\Machine\\",
"C:\\Windows\\SysWOW64\\drivers\\appid.sys",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%systemroot%\\Microsoft.NET\\Framework64\\v2.0.50727\\",
"C:\\Windows\\System32\\rundll32.exe C:\\Windows\\System32\\",
"C:\\Windows\\SysWOW64\\GroupPolicy\\Machine\\",
"C:\\Windows\\SysWOW64\\drivers\\gagp30kx.sys",
"C:\\SystemRoot\\system32\\drivers\\",
"C:\\Windows\\SysWOW64\\drivers\\BrUsbSer.sys",
"C:\\FRST\\z8Fn3Cz4\\desktop.ini",
"C:\\Users\\Public\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\",
"C:\\Windows\\SysWOW64\\drivers\\cmdide.sys",
"C:\\Program Files\\Windows Sidebar\\Sidebar.exe \\",
"C:\\Windows\\SysWOW64\\drivers\\hidusb.sys",
"C:\\Windows\\SysWOW64\\drivers\\Brserid.sys",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%windir%\\ehome\\",
"C:\\Windows\\SysWOW64\\drivers\\acpipmi.sys",
"C:\\Windows\\SysWOW64\\appinfo.dll",
"C:\\Windows\\SysWOW64\\drivers\\flpydisk.sys",
"C:\\Program Files\\Mozilla Firefox\\browser\\",
"C:\\Windows\\SysWOW64\\drivers\\discache.sys",
"C:\\Windows\\SysWOW64\\cscsvc.dll",
"C:\\FRST\\bin\\",
"C:\\Windows\\SysWOW64\\GroupPolicy\\Machine\\Scripts\\",
"C:\\Windows\\SysWOW64\\drivers\\aliide.sys",
"C:\\Windows\\SysWOW64\\drivers\\CompositeBus.sys",
"C:\\Users\\cuck\\AppData\\Local\\Google\\Chrome\\User Data\\Local State",
"C:\\Windows\\SysWOW64\\drivers\\HdAudio.sys",
"C:\\Windows\\SysWOW64\\drivers\\dfsc.sys",
"C:\\Windows\\SysWOW64\\CLFS.sys",
"C:\\Windows\\SysWOW64\\x32\\Data\\",
"C:\\Windows\\System32\\unregmp2.exe \\FirstLogon \\Shortcuts \\RegBrowsers \\",
"C:\\Windows\\SysWOW64\\drivers\\arc.sys",
"C:\\Windows\\SysWOW64\\drivers\\compbatt.sys",
"C:\\Windows\\SysWOW64\\drivers\\hcw85cir.sys",
"C:\\SystemRoot\\System32\\Drivers\\",
"C:\\Windows\\SysWOW64\\drivers\\intelppm.sys",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%ProgramFiles%\\Windows Media Player\\",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\winmgmts:{impersonationLevel=impersonate}!\\root\\cimv2:Win32_ShadowCopy",
"C:\\Windows\\SysWOW64\\drivers\\amdsata.sys",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\System32\\Drivers\\",
"C:\\Windows\\SysWOW64\\gpsvc.dll",
"C:\\Windows\\SysWOW64\\aelupsvc.dll",
"C:\\FRST\\b4Ye2Sa8E\\desktop.ini",
"C:\\Windows\\SysWOW64\\GroupPolicy\\User\\",
"C:\\Windows\\SysWOW64\\drivers\\hwpolicy.sys",
"C:\\Windows\\SysWOW64\\drivers\\adpu320.sys",
"C:\\Windows\\SysWOW64\\drivers\\BrFiltUp.sys",
"C:\\Windows\\SysWOW64\\appidsvc.dll",
"C:\\Windows\\System32\\GroupPolicy\\User\\Scripts\\",
"C:\\Program Files\\Mozilla Firefox\\distribution\\",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\%SystemRoot%\\ehome\\"
],
"guid": [
"{56ffcc30-d398-11d0-b2ae-00a0c908fa49}",
"{00000003-0000-0000-c000-000000000046}",
"{688c934d-0c26-40f6-8d29-d56d72c76b48}",
"{eb87e1bd-3233-11d2-aec9-00c04fb68820}",
"{559b1911-d3af-486e-b8bc-242b24df0114}",
"{eb87e1bc-3233-11d2-aec9-00c04fb68820}",
"{8bc3f05e-d86b-11d0-a075-00c04fb68820}",
"{00020400-0000-0000-c000-000000000046}",
"{0002e013-0000-0000-c000-000000000046}",
"{dcb00c01-570f-4a9b-8d69-199fdba5723b}",
"{5762f2a7-4658-4c7a-a4ac-bdabfe154e0d}",
"{0000011a-0000-0000-c000-000000000046}",
"{00000000-0000-0000-c000-000000000046}",
"{4590f811-1d3a-11d0-891f-00aa004b2e24}",
"{73db1241-1e85-4581-8e4f-a81e1d0f8c57}",
"{9e175b6d-f52a-11d8-b9a5-505054503030}",
"{d0074ffd-570f-4a9b-8d69-199fdba5723b}",
"{76765b11-3f95-4af2-ac9d-ea55d8994f1a}",
"{3bc15af2-736c-477e-9e51-238af8667dcc}",
"{79eac9ee-baf9-11ce-8c82-00aa004ba90b}",
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}",
"{000214fc-0000-0000-c000-000000000046}",
"{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}",
"{0002e005-0000-0000-c000-000000000046}",
"{172bddf8-ceea-11d1-8b05-00600806d9b6}",
"{cf4cc405-e2c5-4ddd-b3ce-5e7582d8c9fa}",
"{3e24a11c-15b2-4f71-b81e-008f77998e9f}",
"{603d3801-bd81-11d0-a3a5-00c04fd706ec}",
"{57ced8a7-3f4a-432c-9350-30f24483f74f}",
"{d5f569d0-593b-101a-b569-08002b2dbf7a}",
"{ee09b103-97e0-11cf-978f-00a02463e06f}",
"{72eb61e0-8672-4303-9175-f2e4c68b2e7c}",
"{f309ad18-d86a-11d0-a075-00c04fb68820}",
"{dcb00000-570f-4a9b-8d69-199fdba5723b}",
"{4125dd96-e03a-4103-8f70-e0597d803b9c}",
"{2781761e-28e0-4109-99fe-b9d127c57afe}",
"{a47979d2-c419-11d9-a5b4-001185ad2b89}",
"{06290bd1-48aa-11d2-8432-006008c3fbfc}",
"{6311429e-2f1a-4777-880f-c7289fd10169}",
"{edb5f444-cb8d-445a-a523-ec5ab6ea33c7}",
"{e4d1c9b0-46e8-11d4-a2a6-00104bd35090}",
"{7c857801-7381-11cf-884d-00aa004b2e24}",
"{7b8a2d94-0ac9-11d1-896c-00c04fb6bfc4}",
"{dc12a687-737f-11cf-884d-00aa004b2e24}",
"{b056521a-9b10-425e-b616-1fcd828db3b1}",
"{4590f812-1d3a-11d0-891f-00aa004b2e24}"
],
"wmi_query": [
"SELECT * FROM Win32_ComputerSystem",
"SELECT * FROM Win32_ShadowCopy"
],
"command_line": [
"C:\\Windows\\system32\\cmd.exe \/c echo 2",
"C:\\Windows\\system32\\cmd.exe \/c C:\\Windows\\system32\\bcdedit \/export C:\\FRST\\Hives\\BCD",
"\"C:\\Windows\\system32\\rundll32.exe\" \"C:\\Windows\\system32\\WININET.dll\",DispatchAPICall 1 "
],
"file_read": [
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\PerfTrack\\BackgroundConfigSurveyor",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\TextServicesFramework\\MsCtfMonitor",
"C:\\FRST\\users00",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\UPnP\\UPnPHostConfig",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\MemoryDiagnostic\\DecompressionFailureDetector",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Media Center\\OCURActivate",
"C:\\Windows\\System32\\wbem\\wbemdisp.tlb",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\install1338591",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Media Center\\RegisterSearch",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\User Profile Service\\HiveUploadTask",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Media Center\\PeriodicScanRetry",
"C:\\Program Files (x86)\\mozilla firefox\\defaults\\pref\\channel-prefs.js",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Media Center\\MediaCenterRecoveryTask",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\CertificateServicesClient\\UserTask",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Diagnosis\\Scheduled",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\DiskDiagnostic\\Microsoft-Windows-DiskDiagnosticResolver",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\MemoryDiagnostic\\CorruptionDetector",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Application Experience\\ProgramDataUpdater",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Power Efficiency Diagnostics\\AnalyzeSystem",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Tcpip\\IpAddressConflict1",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Tcpip\\IpAddressConflict2",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Media Center\\ActivateWindowsSearch",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Media Center\\PBDADiscovery",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Media Center\\mcupdate",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Active Directory Rights Management Services Client\\AD RMS Rights Policy Template Management (Manual)",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\aut5F4A.tmp",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\WindowsBackup\\ConfigNotification",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Active Directory Rights Management Services Client\\AD RMS Rights Policy Template Management (Automated)",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\MobilePC\\HotStart",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\MUI\\LPRemove",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Media Center\\ConfigureInternetTimeService",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Customer Experience Improvement Program\\KernelCeipTask",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\WindowsColorSystem\\Calibration Loader",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\AppID\\VerifiedPublisherCertStoreCheck",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Application Experience\\AitAgent",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Media Center\\OCURDiscovery",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Media Center\\ObjectStoreRecoveryTask",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\SystemRestore\\SR",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Windows Filtering Platform\\BfeOnServiceStartTypeChange",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Media Center\\PvrScheduleTask",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows Defender\\MpIdleTask",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\1338591tmp000.zip",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\SideShow\\AutoWake",
"C:\\Windows\\System32\\stdole2.tlb",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\CertificateServicesClient\\UserTask-Roam",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\Temp1_1338591tmp000.zip\\install.rdf",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Windows Media Sharing\\UpdateLibrary",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Media Center\\InstallPlayReady",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Media Center\\PBDADiscoveryW2",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Media Center\\PBDADiscoveryW1",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Location\\Notifications",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Media Center\\UpdateRecordPath",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Autochk\\Proxy",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Media Center\\RecordingRestart",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\RAC\\RacTask",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\NetTrace\\GatherNetworkInfo",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\reg101",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Shell\\WindowsParentalControlsMigration",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Offline Files\\Background Synchronization",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\DiskDiagnostic\\Microsoft-Windows-DiskDiagnosticDataCollector",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Maintenance\\WinSAT",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\RemoteAssistance\\RemoteAssistanceTask",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\permissions.sqlite",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Media Center\\PvrRecoveryTask",
"C:\\Users\\desktop.ini",
"\\\\?\\PIPE\\srvsvc",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows Defender\\MP Scheduled Scan",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\winsock",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\74r5sasm.default\\prefs.js",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Shell\\WindowsParentalControls",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\SideShow\\SessionAgent",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\SideShow\\GadgetManager",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Multimedia\\SystemSoundsService",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Media Center\\SqlLiteRecoveryTask",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Ras\\MobilityManager",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\WDI\\ResolutionHost",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Time Synchronization\\SynchronizeTime",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Media Center\\ehDRMInit",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Defrag\\ScheduledDefrag",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Media Center\\DispatchRecoveryTasks",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\hndlr0",
"C:\\Windows\\System32\\drivers\\etc\\hosts",
"C:\\Windows\\System32\\gatherNetworkInfo.vbs",
"C:\\Users\\cuck\\AppData\\Roaming\\Mozilla\\Firefox\\profiles.ini",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Offline Files\\Logon Synchronization",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Customer Experience Improvement Program\\UsbCeip",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Task Manager\\Interactive",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Media Center\\ReindexSearchRoot",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Customer Experience Improvement Program\\Consolidator",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\SideShow\\SystemDataProviders",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\CertificateServicesClient\\SystemTask",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Registry\\RegIdleBackup",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Windows Error Reporting\\QueueReporting",
"C:\\Users\\cuck\\AppData\\Local\\Temp\\FRST.txt",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\Bluetooth\\UninstallDeviceTask",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\AppID\\PolicyConverter",
"C:\\Windows\\System32\\Tasks\\Microsoft\\Windows\\SoftwareProtectionPlatform\\SvcRestartTask"
],
"regkey_read": [
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GPExtensions\\{6A4C88C6-C502-4f74-8F60-2CB23EDC24E2}\\DllName",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\bthserv\\type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{753C47AE-EC5E-44B3-95A9-2C8E553F0E39}\\(Default)",
"HKEY_CURRENT_USER\\Control Panel\\Desktop\\SCRNSAVE.EXE",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries\\000000000003\\ProviderId",
"\\REGISTRY\\USER\\.DEFAULT\\SOFTWARE\\Microsoft\\Command Processor\\AutoRun",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Active Setup\\Installed Components\\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}\\ShellComponent",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\flpydisk\\Start",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\Userinit",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444B-8957-A3773F02200E}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\eventlog\\Imagepath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GPExtensions\\{0E28E245-9368-4853-AD84-6DA3BA35BB75}\\DllName",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\elxstor\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\gpsvc\\Parameters\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinHttpAutoProxySvc\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\fdPHost\\Start",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\BDESVC\\Imagepath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{25CBB996-92ED-457e-B28C-4774084BD562}\\InProcServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\KindMap\\.rdf",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{96137355-BC34-4BA7-81B7-47C87B556E7D}\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\mouclass\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\amdsbs\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\amdsbs\\Start",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\ALG\\Imagepath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\PinToNameSpaceTree",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\SensrSvc\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\HomeGroupListener\\type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Active Setup\\Installed Components\\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}\\ShellComponent",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Wd\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CompressedFolder\\NeverShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{94596c7e-3744-41ce-893e-bbf09122f76a}\\InProcServer32\\(Default)",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\Show_URLToolBar",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{EB02381F-D652-4B1C-894A-712498C62C51}\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\SESSION MANAGER\\BootExecute",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\CryptSvc\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GPExtensions\\{1A6364EB-776B-4120-ADE1-B63A406A76B5}\\DllName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\RestrictedAttributes",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\SearchScopes\\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\url",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\bthserv\\Parameters\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{B196B286-BAB4-101A-B69C-00AA00341D07}\\InprocServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_PROTOCOL_LOCKDOWN\\8bea8c84332f5eaf85be32a3d67134efc603314efc297afe87b72d47bc03b79c.bin",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{FDD56C73-F0D5-41B6-B767-6EFFD7966428}\\Path",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\SearchScopes\\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\intelppm\\Imagepath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\DocObject",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\PROTOCOLS\\Filter\\application\/x-msdownload\\clsid",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\FontCache3.0.0.0\\type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{D7B6E81D-3CF4-432C-84D2-24213F4316E6}\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\ALG\\type",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\AmdPPM\\Imagepath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\PolicyAgent\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\PROTOCOLS\\Handler\\vbscript\\clsid",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\cmdide\\type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\SiSRaid4\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\iaStorV\\type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31}\\ShellFolder\\HideFolderVerbs",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WbioSrvc\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{423EC01E-2E35-11D2-B604-00104B703EFD}\\ProxyStubClsid32\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\SDRSVC\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Active Setup\\Installed Components\\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}\\StubPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\AutoConfigURL",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\hidserv\\Imagepath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\fvevol\\type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Tracing\\RASMANCS\\ConsoleTracingMask",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\nvraid\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c1f85ef8-bcc2-4606-bb39-70c523715eb3}\\InprocServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Fs_Rec\\Start",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\MapNetDrvBtn",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\Providers\\Trust\\Certificate\\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\\$Function",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\ebdrv\\Imagepath",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\MaxUndoItems",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\PROTOCOLS\\Handler\\mk\\clsid",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\AppIDSvc\\Parameters\\ServiceDLL",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GPExtensions\\{AADCED64-746C-4633-A97C-D61349046527}\\DllName",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\ESENT\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\BrFiltUp\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\Category",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\hkmsvc\\Imagepath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{A8B18D02-60CD-4305-90CC-7DAAC028BDCD}\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Clients\\StartMenuInternet\\Firefox-E7CF176E110C211B\\shell\\open\\command\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{551B3807-871F-4E48-A943-2330449F0615}\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\Providers\\Trust\\FinalPolicy\\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\\$DLL",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\hkmsvc\\(Default)",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\ShowTypeOverlay",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\HideFileExt",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\cdfs\\Start",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\.NET Data Provider for SqlServer\\Imagepath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\FsDepends\\Imagepath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\VSS\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{1F7B7221-AE8F-44F3-BA82-F7D260F51964}\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\clr_optimization_v2.0.50727_32\\Imagepath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\TDPIPE\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\wcncsvc\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Active Setup\\Installed Components\\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}\\ShellComponent",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WcsPlugInService\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Appinfo\\Parameters\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\fastfat\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{E51DFD48-AA36-4B45-BB52-E831F02E8316}\\InprocServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\discache\\Imagepath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\SiSRaid2\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\arcsas\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Active Setup\\Installed Components\\{89820200-ECBD-11cf-8B85-00AA005B4340}\\StubPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{81540B9F-B5BF-47EB-9C95-BE195BF2C664}\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Appinfo\\Start",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GPExtensions\\{E47248BA-94CC-49c4-BBB5-9EB7F05183D0}\\DllName",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\RDPCDD\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Active Setup\\Installed Components\\{89B4C1CD-B018-4511-B0A1-5476DBF70820}\\ShellComponent",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoWebView",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{2470470F-2634-478E-B181-571E98A789BB}\\(Default)",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Command Processor\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\QWAVE\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\LegalNoticeCaption",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\fvevol\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\KSecPkg\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\crypt32\\Imagepath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CryptDllFindOIDInfo\\1.3.6.1.4.1.311.44.3.4!7\\Name",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Dnscache\\Imagepath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\fdc\\type",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\AppID\\Start",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\CryptSvc\\Start",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\PROTOCOLS\\Handler\\ms-its\\clsid",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\SessionEnv\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\amdsata\\Start",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\atapi\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\.NET Data Provider for Oracle\\Start",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.LOG\\PerceivedType",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\BrFiltLo\\Start",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\W32Time\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\elxstor\\Start",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0\\1806",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0\\1807",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\ProgramData",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{3307E641-F5EE-49E6-A1FE-BFB5D671441C}\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GPExtensions\\{42B5FAAE-6536-11d2-AE5A-0000F87571E3}\\DllName",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WMPNetworkSvc\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\LocalRedirectOnly",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{B196B286-BAB4-101A-B69C-00AA00341D07}\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\Roamable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Active Setup\\Installed Components\\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}\\StubPath",
"HKEY_CURRENT_USER\\FirefoxURL-E7CF176E110C211B\\shell\\open\\command\\(Default)",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\Start Page Redirect Cache_TIMESTAMP",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\exfat\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\amdide\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\hidserv\\Start",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\DcomLaunch\\ServiceDll",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{4FDEA3B5-7CDE-48F7-940C-43CDBB18FB20}\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Locale\\00000409",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{FB3C354D-297A-4EB2-9B58-090F6361906B}\\Path",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\IPNAT\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\000000000002\\PackedCatalogItem",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\HomeGroupProvider\\ServiceDll",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{ca767aa8-9157-4604-b64b-40747123d5f2}\\InprocServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Roamable",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Dhcp\\ServiceDll",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{B81A55E6-C03C-4EF0-B86F-A80A89DF468D}\\Path",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\.NET Data Provider for Oracle\\Imagepath",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Cached\\{2781761E-28E0-4109-99FE-B9D127C57AFE} {56FFCC30-D398-11D0-B2AE-00A0C908FA49} 0xFFFF",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\PROTOCOLS\\Handler\\tv\\clsid",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{06308A56-69E7-4844-A784-8509C25B6C62}\\Path",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\cmdide\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\isapnp\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\hcw85cir\\type",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\fastfat\\Start",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GPExtensions\\{fbf687e6-f063-4d9f-9f4f-fd9a26acdd5f}\\DllName",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\HomeGroupProvider\\type",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\volmgrx\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\svcversion",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Beep\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Tracing\\RASMANCS\\EnableFileTracing",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{7CCA6768-8373-4D28-8876-83E8B4E3A969}\\InprocServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.zip\\IsShortcut",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\PlugPlay\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\AeLookupSvc\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\EapHost\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\QueryForInfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31}\\ShellFolder\\MapNetDriveVerbs",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\mouhid\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.DAT\\DocObject",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Active Setup\\Installed Components\\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}\\StubPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Active Setup\\Installed Components\\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}\\StubPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{DA41DE71-8431-42FB-9DB0-EB64A961DEAD}\\(Default)",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\Cache_Update_Frequency",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Dnscache\\type",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\CompatibilityFlags",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{8A40A45D-055C-4B62-ABD7-6D613E2CEAEC}\\ProxyStubClsid32\\(Default)",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\Enable Browser Extensions",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\FontCache\\Parameters\\ServiceDLL",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\TSDDD\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\Start Page",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444B-8957-A3773F02200E}\\Stream",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\StorSvc\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\AppMgmt\\Parameters\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\AccessProviders\\MartaExtension",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\hwpolicy\\Imagepath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\NlaSvc\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Active Setup\\Installed Components\\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}\\StubPath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\TrkWks\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries64\\000000000003\\PackedCatalogItem",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\E1G60\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\RasPppoe\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{F18ED8A5-C696-4951-B068-CA8E83634C04}\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{1BB08CFD-C6AD-44C7-BD0B-8F23035A5731}\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\EapHost\\Parameters\\ServiceDLL",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\DXGKrnl\\type",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\COMSysApp\\ServiceDll",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{EB07F7B4-BB95-4B74-9D32-4533D566453C}\\Path",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\AxInstSV\\Parameters\\ServiceDLL",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\Disable Script Debugger",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444B-8957-A3773F02200E}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\DPS\\Parameters\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\LanmanServer\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\BDESVC\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\BrUsbSer\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\NeverShowExt",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\monitor\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GPExtensions\\{7B849a69-220F-451E-B3FE-2CB811AF94AE}\\DllName",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\CmBatt\\Imagepath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{3050f3DA-98B5-11CF-BB82-00AA00BDCE0B}\\InProcServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\AudioEndpointBuilder\\ServiceDll",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{09F06BFE-A3C8-40E3-846A-6E6F4000C238}\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Dhcp\\Start",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\CscService\\ServiceDll",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\AppMgmt\\ServiceDll",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\dmvsc\\Start",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\WantsUniversalDelegate",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\SESSION MANAGER\\Environment\\COR_PROFILER",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444B-8957-A3773F02200E}\\Roamable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{5BE46CE1-CA9B-4CAD-B2E9-8C3F7716AF90}\\Path",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Security\\Safety Warning Level",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\MAIN\\Default_Page_URL",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\SearchScopes\\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\url",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Shell\\Associations\\UrlAssociations\\http\\UserChoice\\Progid",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Description",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{B43033E6-1453-4AD6-AFBA-C03CFC178286}\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\WantsFORPARSING",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\NonEnum\\{E88DCCE0-B7B3-11D1-A9F0-00AA0060FA31}",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Tracing\\RASAPI32\\FileTracingMask",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\IPBusEnum\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\AmdK8\\Imagepath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{05300401-BCBC-11d0-85E3-00C04FD85AB4}\\InprocServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\Userinit",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\DXGKrnl\\Start",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444B-8957-A3773F02200E}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\CryptnetPreFetchTriggerPeriodSeconds",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{79eac9e6-baf9-11ce-8c82-00aa004ba90b}\\InprocServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\IKEEXT\\Start",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\NativeWifiP\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoInternetIcon",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\cdfs\\Imagepath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\BFE\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\rdpbus\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\AppID\\Imagepath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Rasl2tp\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\SamSs\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{BE669C13-8165-4536-96D0-6D6C39292AAE}\\Path",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\DcomLaunch\\Imagepath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\URL\\Prefixes\\www",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Discardable\\PostSetup\\Component Categories64\\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}\\Enum\\Implementing",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\HomeGroupProvider\\Start",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\AeLookupSvc\\ServiceDll",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\cdrom\\Imagepath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{AC4E5ACF-89F7-4220-BA21-81EE183975E2}\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\AppID\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\EapHost\\ServiceDll",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Name",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections\\DefaultConnectionSettings",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\E1G60\\type",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\BattC\\Imagepath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\UI0Detect\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\AmdPPM\\type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{753C47AE-EC5E-44B3-95A9-2C8E553F0E39}\\Path",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\Debugger",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2781761E-28E0-4109-99FE-B9D127C57AFE}\\InprocServer32\\LoadWithoutCOM",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\NdisWan\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\1394ohci\\type",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\usbhub\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31}\\ShellFolder\\WantsUniversalDelegate",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\AudioSrv\\ServiceDll",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Browser\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\IpFilterDriver\\Start",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\AppIDSvc\\Parameters\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\Stream",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\nsi\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\Security\\DisableSecuritySettingsCheck",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Active Setup\\Installed Components\\{C9E9A340-D1F1-11D0-821E-444553540600}\\StubPath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\ALG\\ServiceDll",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\PROTOCOLS\\Handler\\about\\clsid",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\ebdrv\\Start",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\version",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Stream",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444B-8957-A3773F02200E}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\pciide\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\RemoteAccess\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Active Setup\\Installed Components\\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}\\StubPath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\AeLookupSvc\\Parameters\\ServiceDLL",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444B-8957-A3773F02200E}\\Description",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\PerfOS\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Wlansvc\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\FDResPub\\ServiceDll",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\Providers\\Trust\\Signature\\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\\$Function",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\defragsvc\\Imagepath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\FDResPub\\Imagepath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\BrFiltLo\\Imagepath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\SMSvcHost 3.0.0.0\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{B210D694-C8DF-490d-9576-9E20CDBC20BD}\\InprocServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{5C0AEEEA-C154-45BE-8499-BEA5F11BAFF6}\\Path",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\hwpolicy\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\ESENT\\Start",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\secdrv\\(Default)",
"\\REGISTRY\\USER\\.DEFAULT\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\AutoConfigURL",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2781761E-28E0-4109-99FE-B9D127C57AFE}\\Hosts\\SHDOCVW\\MaxFileSize",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\.NET CLR Data\\Start",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\BITS\\type",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\HidIr\\Start",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\clr_optimization_v2.0.50727_64\\ServiceDll",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Active Setup\\Installed Components\\{630b1da0-b465-11d1-9948-00c04f98bbc9}\\StubPath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\iphlpsvc\\Parameters\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows Defender\\DisableAntiSpyware",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\DPS\\Parameters\\ServiceDLL",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{CA4B8FF2-A4D2-4D88-A52E-3A5BDAF7F56E}\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GPExtensions\\{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}\\DllName",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Filetrace\\Start",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\ACPI\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{4DE0CAB9-ECFE-4AA9-B95A-FE815A2EAA4E}\\Path",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{DDC0EED2-ADBE-40b6-A217-EDE16A79A0DE}\\InProcServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\SCPolicySvc\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\cdfs\\type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Tcpip\\Parameters\\NameServer",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\BTHMODEM\\Imagepath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CryptDllFindOIDInfo\\1.3.6.1.4.1.311.64.1.1!7\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GPExtensions\\{728EE579-943C-4519-9EF7-AB56765798ED}\\DllName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\PROTOCOLS\\Handler\\javascript\\clsid",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\000000000006\\PackedCatalogItem",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\defragsvc\\ServiceDll",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\atapi\\Start",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\TsUsbFlt\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\AFD\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Active Setup\\Installed Components\\{6BF52A52-394A-11d3-B153-00C04F79FAA6}\\StubPath",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Shell Folders\\Cache",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{D0250F3F-6480-484F-B719-42F659AC64D5}\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Tracing\\RASMANCS\\FileTracingMask",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\viaide\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\storflt\\(Default)",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\NoNetCrawling",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\bthserv\\Start",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\gpsvc\\Start",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Mozilla\\Mozilla Firefox 60.0.2\\extensions\\Components",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\Anchor Underline",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\BITS\\Parameters\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\agp440\\type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\URL\\Prefixes\\home",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\crcdisk\\Start",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\Shell",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{01575CFE-9A55-4003-A5E1-F38D1EBDCBE1}\\InprocServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{B78DBF96-841E-4336-BFE9-1C4975F9DA60}\\Path",
"\\REGISTRY\\USER\\.DEFAULT\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ProxyServer",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\cmdide\\Imagepath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Disk\\type",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Dhcp\\Parameters\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\FontCache3.0.0.0\\Imagepath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\i8042prt\\type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.DAT\\IsShortcut",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{4D19A151-A712-4920-AC6D-6C6FD81C8CDB}\\Path",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\BFE\\ServiceDll",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0\\1807",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\0\\1806",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WfpLwf\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\AeLookupSvc\\Imagepath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\CompositeBus\\Imagepath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\b06bdrv\\type",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\aliide\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\DfsC\\Start",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\b06bdrv\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\circlass\\type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{40DD7C5E-DA67-4A78-B96C-582A4CBAEDF3}\\Path",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{06308A56-69E7-4844-A784-8509C25B6C62}\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\elxstor\\Imagepath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\PROTOCOLS\\Filter\\application\/octet-stream\\clsid",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\245C97DF7514E7CF2DF8BE72AE957B9E04741E85\\Blob",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\BrowseInPlace",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CompressedFolder\\AlwaysShowExt",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\AeLookupSvc\\Parameters\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{81540B9F-B5BF-47EB-9C95-BE195BF2C664}\\Path",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\\Blob",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{044A6734-E90E-4F8F-B357-B2DC8AB3B5EC}\\Path",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Tcpip\\Parameters\\DhcpNameServer",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{088482FA-65B8-4E17-9ABF-1DCD48E8D373}\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\iirsp\\Start",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\cmdide\\Start",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\URL\\DefaultPrefix\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{79eac9e3-baf9-11ce-8c82-00aa004ba90b}\\InprocServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{5BE46CE1-CA9B-4CAD-B2E9-8C3F7716AF90}\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\SpecialFoldersCacheSize",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\volsnap\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\DfsC\\type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Unknown\\AlwaysShowExt",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\TDTCP\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\RasAcd\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\AeLookupSvc\\Start",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\usbohci\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{BE669C13-8165-4536-96D0-6D6C39292AAE}\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\AxInstSV\\Imagepath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\vwifibus\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Dnscache\\Parameters\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\CDD4EEAE6000AC7F40C3802C171E30148030C072\\Blob",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{87F56B34-044E-4A48-8FDD-087BFABD5ECF}\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GPExtensions\\{B087BE9D-ED37-454f-AF9C-04291E351182}\\DllName",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\BrSerWdm\\Start",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\COMSysApp\\Start",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\.NET Data Provider for Oracle\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\FltMgr\\Imagepath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\LocalRedirectOnly",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C}\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{A8B18D02-60CD-4305-90CC-7DAAC028BDCD}\\Path",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\SearchScopes\\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\url",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\exfat\\type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GPExtensions\\{BC75B1ED-5833-4858-9BB8-CBF0B166DF9D}\\DllName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{8f6b0360-b80d-11d0-a9b3-006097942311}\\InprocServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31}\\ShellFolder\\CallForAttributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{7DC691A2-CB15-44DB-853C-19938051BB22}\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\vmbus\\(Default)",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\Default Download Directory",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\MSDTC\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\MaxUrlRetrievalByteCount",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\BTHMODEM\\type",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\AppIDSvc\\Start",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\{EF381EA0-4D07-418D-A490-68AF67CE948B}\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\rdyboost\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\RasAuto\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\000000000007\\PackedCatalogItem",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\eventlog\\type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{79eac9e6-baf9-11ce-8c82-00aa004ba90b}\\InprocServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{28011108-68DF-4C73-B91B-57427D501BBA}\\Path",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Compbatt\\type",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\napagent\\(Default)",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Hidden",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\AudioSrv\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\bthserv\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\CLFS\\Imagepath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\PROTOCOLS\\Filter\\gzip\\clsid",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Npfs\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries\\000000000005\\ProviderId",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Tcpip\\Parameters\\Interfaces\\{EF381EA0-4D07-418D-A490-68AF67CE948B}\\DhcpNameServer",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Unknown\\NeverShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Active Setup\\Installed Components\\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}\\StubPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.DAT\\AlwaysShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{45F26E9E-6199-477F-85DA-AF1EDFE067B1}\\InprocServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\LegalNoticeText",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Fax\\Imagepath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries\\000000000001\\ProviderId",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\BTHPORT\\Start",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\EFS\\type",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\gagp30kx\\type",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\PerfHost\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\tunnel\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\sppuinotify\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{79eac9e3-baf9-11ce-8c82-00aa004ba90b}\\InprocServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\AudioEndpointBuilder\\Imagepath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\amdide\\type",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Wdf01000\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Dhcp\\Imagepath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoSetFolders",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\A43489159A520F0D93D032CCAF37E7FE20A8B419\\Blob",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\crypt32\\DiagMatchAnyMask",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\BrUsbSer\\Imagepath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\CscService\\Parameters\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\Shell",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\AutoProxyDetectType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\NoFileFolderJunction",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\.NETFramework\\Start",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\URL\\DefaultPrefix\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Fs_Rec\\Imagepath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\AxInstSV\\Start",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\SstpSvc\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\MegaSR\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Tracing\\RASAPI32\\ConsoleTracingMask",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{FB3C354D-297A-4EB2-9B58-090F6361906B}\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\txtfile\\IsShortcut",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{17F5B0DE-8DA9-4280-8CB8-91422B9A8CE1}\\Path",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\EventSystem\\Start",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\crcdisk\\type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1E66F26B-79EE-11D2-8710-00C04F79ED0D}\\InprocServer32\\(Default)",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ProxyEnable",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\MpsSvc\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\BrFiltUp\\Start",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\AmdPPM\\Start",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{C016366B-7126-46CA-B36B-592A3D95A60B}\\Path",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\drmkaud\\Imagepath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Active Setup\\Installed Components\\{45ea75a0-a269-11d1-b5bf-0000f8051515}\\StubPath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries\\000000000006\\LibraryPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.zip\\BrowseInPlace",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\Display Inline Images",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\dot3svc\\Imagepath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Netman\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\elxstor\\type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\DisableUnsupportedCriticalExtensions",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\ProtectedStorage\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\pcw\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\LanmanServer\\DefaultSecurity\\SrvsvcDefaultShareInfo",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\IpFilterDriver\\type",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Fs_Rec\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\amdxata\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\intelide\\Imagepath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\CA\\Certificates\\FEE449EE0E3965A5246F000E87FDE2A065FD89D4\\Blob",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GPExtensions\\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}\\DllName",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\DPS\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31}\\ShellFolder\\WantsParseDisplayName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{12D51199-0DB5-46FE-A120-47A3D7D937CC}\\InprocServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.zip\\NeverShowExt",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\DontPrettyPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\742C3192E607E424EB4549542BE1BBC53E6174E2\\Blob",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\fdc\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\DevicePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Tracing\\RASMANCS\\FileDirectory",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{47536D45-EEEC-4BDC-8183-A4DC1F8DA9E4}\\Path",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GPExtensions\\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}\\DllName",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Filetrace\\type",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\FontCache\\ServiceDll",
"HKEY_CURRENT_USER\\Local Settings\\MuiCache\\2\\52C64B7E\\@%SystemRoot%\\system32\\p2pcollab.dll,-8042",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\BFE\\type",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\DPS\\Imagepath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{CDA5F4EE-8293-4A5D-8564-04CD067D1A85}\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\IPSEC\\Policy\\Local\\ActivePolicy",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{D7B6E81D-3CF4-432C-84D2-24213F4316E6}\\Path",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\nvstor\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\en-US",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{AC668097-4D6B-4093-AC14-014C09DBF820}\\Path",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\BrUsbMdm\\type",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\usbehci\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\\InprocServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\hkmsvc\\type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{06CD2154-751E-469F-8E4A-C3F118356423}\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Active Setup\\Installed Components\\{89820200-ECBD-11cf-8B85-00AA005B4340}\\StubPath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\LDAP\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\txtfile\\AlwaysShowExt",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\MTConfig\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{96137355-BC34-4BA7-81B7-47C87B556E7D}\\Path",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\gagp30kx\\Imagepath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\FileInfo\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GPExtensions\\{C631DF4C-088F-4156-B058-4375F0853CD8}\\DllName",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Tcpip\\Parameters\\Interfaces\\{AEFD33F3-CC73-4821-AD44-6915063E7FB1}\\NameServer",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\AFD\\Imagepath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\xmlprov\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\AsyncMac\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\CA\\Certificates\\D559A586669B08F46A30A133F8A9ED3D038E2EA8\\Blob",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\\InProcServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\HomeGroupListener\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\MapNetDriveVerbs",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\SeparateProcess",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\SharedAccess\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2781761E-28E0-4109-99FE-B9D127C57AFE}\\Hosts\\SHDOCVW\\Enable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\ProfilesDirectory",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Attributes",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\BrSerWdm\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Tracing\\RASAPI32\\FileDirectory",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\HidUsb\\Imagepath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{06CD2154-751E-469F-8E4A-C3F118356423}\\Path",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Browser\\ServiceDll",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\CryptSvc\\type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\\Blob",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries64\\000000000001\\ProviderId",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\PcaSvc\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{9D148291-B9C8-11D0-A4CC-0000F80149F6}\\InprocServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Dhcp\\type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\StreamResourceType",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ProxyServer",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\TIP\\{0000897b-83df-4b96-be07-0fb58b01c4a4}\\LanguageProfile\\0x00000000\\{0001bea3-ed56-483d-a2e2-aeae25577436}\\Enable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Active Setup\\Installed Components\\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\\StubPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.zip\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Active Setup\\Installed Components\\{9381D8F2-0288-11D0-9501-00AA00B911A5}\\StubPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ProxyServer",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\Security",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WudfPf\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Dhcp\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\b06bdrv\\Start",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\97817950D81C9670CC34D809CF794431367EF474\\Blob",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{A7C73732-9F11-4281-8D19-764D4EC9D94D}\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\HdAudAddService\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\BDESVC\\Parameters\\ServiceDLL",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\PeerDistSvc\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\nv_agp\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\TrustedInstaller\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\000000000010\\PackedCatalogItem",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\ehSched\\ServiceDll",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\IKEEXT\\Imagepath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Active Setup\\Installed Components\\{89820200-ECBD-11cf-8B85-00AA005B4340}\\ShellComponent",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\NeverShowExt",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\iaStorV\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\ShellHWDetection\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\agp440\\Imagepath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\PreCreate",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\Shell",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\b57nd60a\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Disk\\Imagepath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\mrxsmb10\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\MSPCLOCK\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{FDD56C73-F0D5-41B6-B767-6EFFD7966428}\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GPExtensions\\{E5094040-C46C-4115-B030-04FB2E545B00}\\DllName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{5F5A18EB-DC73-4E45-A11C-B59043598412}\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{8f6b0360-b80d-11d0-a9b3-006097942311}\\InprocServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Active Setup\\Installed Components\\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}\\StubPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{4C8B01A2-11FF-4C41-848F-508EF4F00CF7}\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\HidUsb\\type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{72DB7465-BC54-491B-A92A-4637A28C9BBF}\\Path",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\AmdK8\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{FF87090D-4A9A-4f47-879B-29A80C355D61}\\InprocServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{4FDEA3B5-7CDE-48F7-940C-43CDBB18FB20}\\Path",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\000000000008\\PackedCatalogItem",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\IPBusEnum\\Parameters\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\BrFiltLo\\type",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\RDPREFMP\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31}\\ShellFolder\\HasNavigationEnum",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\SpecialFoldersCacheSize",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\DfsC\\Imagepath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\discache\\(Default)",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\Show_StatusBar",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\TermService\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\idsvc\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\UGatherer\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GPExtensions\\{f3ccc681-b74c-4060-9f26-cd84525dca2a}\\DllName",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\CryptSvc\\Parameters\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\.NETFramework\\(Default)",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\SearchScopes\\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\ConfirmFileDelete",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\BrFiltLo\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\HidBth\\type",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\clr_optimization_v2.0.50727_64\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\BrowseInPlace",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\msahci\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\PerfProc\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\srv\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31}\\ShellFolder\\QueryForInfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Tracing\\EnableConsoleTracing",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{82676C49-21A7-4605-AA06-E04A067FB611}\\Path",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\MSTEE\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\CryptSvc\\ServiceDll",
"\\REGISTRY\\USER\\.DEFAULT\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Windows\\Run",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\CNG\\Start",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\adpahci\\type",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\ServiceModelEndpoint 3.0.0.0\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\spldr\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\BattC\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\BE36A4562FB2EE05DBB3D32323ADF445084ED656\\Blob",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444B-8957-A3773F02200E}\\Category",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\mpio\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\NDIS\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\amdxata\\Start",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{268014E7-A27E-4FD7-89A6-A481DA222EC8}\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\dot3svc\\ServiceDll",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{C016366B-7126-46CA-B36B-592A3D95A60B}\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\adpahci\\Start",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ProgramFilesDir (x86)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\IsShortcut",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoPropertiesRecycleBin",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\crcdisk\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoPropertiesMyComputer",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\SearchScopes\\DefaultScope",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{17F5B0DE-8DA9-4280-8CB8-91422B9A8CE1}\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\ACPI\\Imagepath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries64\\000000000009\\PackedCatalogItem",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\HasNavigationEnum",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\iphlpsvc\\ServiceDll",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{CB3D64BF-C0C9-45FF-BFB0-FF1A8F680186}\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{55272A00-42CB-11CE-8135-00AA004BB851}\\ProxyStubClsid32\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\CryptSvc\\Imagepath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{CB3D64BF-C0C9-45FF-BFB0-FF1A8F680186}\\Path",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShellState",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Active Setup\\Installed Components\\{89820200-ECBD-11cf-8B85-00AA005B4383}\\StubPath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Winsock\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{EACA24FF-236C-401D-A1E7-B3D5267B8A50}\\Path",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.DAT\\NeverShowExt",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\dot3svc\\Parameters\\ServiceDLL",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Schedule\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\srv2\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\VaultSvc\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\CertPropSvc\\type",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\FontCache\\Parameters\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\Providers\\Trust\\Cleanup\\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\\$Function",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\HidBatt\\type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\PreCreate",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\storvsc\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\AmdK8\\type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Drive\\shellex\\FolderExtensions\\{fbeb8a05-beee-4442-804e-409d6c4515e9}\\DriveMask",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\IPBusEnum\\type",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\aliide\\type",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\COMSysApp\\(Default)",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{3f5cc1b6-70f9-11e8-b07b-806e6f6e6963}\\Generation",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Active Setup\\Installed Components\\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\\StubPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444B-8957-A3773F02200E}\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\shellex\\CopyHookHandlers\\FileSystem\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoControlPanel",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\IEInstal.exe\\GlobalFlag",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\HdAudAddService\\Start",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{BF5CB148-7C77-4d8a-A53E-D81C70CF743C}\\InprocServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\BDESVC\\type",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\UseClearType",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\ohci1394\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\HTTP\\Imagepath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\URL\\Prefixes\\home",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Active Setup\\Installed Components\\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\\ShellComponent",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\Play_Animations",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\Save_Session_History_On_Exit",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\kbdhid\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\BrSerWdm\\type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Active Setup\\Installed Components\\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}\\StubPath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\ErrDev\\type",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\CertPropSvc\\Parameters\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\NetBT\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{5537E283-B1E7-4EF8-9C6E-7AB0AFE5056D}\\InProcServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\ehRecvr\\Start",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\AmdK8\\Start",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\QueryForOverlay",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444B-8957-A3773F02200E}\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{A35BB7A6-5F0C-4C9F-8450-2B3BED532D51}\\Path",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\TBS\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{EE09B103-97E0-11CF-978F-00A02463E06F}\\InprocServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\fastfat\\type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\UseDropHandler",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Num_Catalog_Entries",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\MaxAIAUrlRetrievalCountPerChain",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\NoUpdateCheck",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GPExtensions\\{74EE6C03-5363-4554-B161-627540339CAB}\\DllName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GPExtensions\\{8A28E2C5-8D06-49A4-A08C-632DAA493E17}\\DllName",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries\\000000000004\\ProviderId",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\HpSAMD\\Start",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\PROTOCOLS\\Filter\\deflate\\clsid",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\000000000003\\PackedCatalogItem",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GPExtensions\\{3A0DBA37-F8B2-4356-83DE-3E90BD5C261F}\\DllName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Active Setup\\Installed Components\\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}\\StubPath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\dot3svc\\Start",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{3dd6bec0-8193-4ffe-ae25-e08e39ea4063}\\InProcServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\sbp2port\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\Enabled",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries64\\000000000006\\LibraryPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\Providers\\Trust\\Initialization\\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\\$DLL",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WSearchIdxPi\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Wecsvc\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\gpsvc\\type",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\exfat\\Imagepath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\Icon",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\Providers\\Trust\\CertCheck\\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\\$Function",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\msdsm\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Active Setup\\Installed Components\\>{26923b43-4d38-484f-9b9e-de460746276c}\\StubPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\HideOnDesktopPerUser",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\Play_Background_Sounds",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\tcpipreg\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\FDResPub\\Start",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WebClient\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\FltMgr\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Active Setup\\Installed Components\\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}\\StubPath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\EventSystem\\Parameters\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{CBD30858-AF45-11D2-B6D6-00C04FBBDE6E}\\InprocServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\BDESVC\\ServiceDll",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\AudioSrv\\Parameters\\ServiceDLL",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{088482FA-65B8-4E17-9ABF-1DCD48E8D373}\\Path",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\crypt32\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\CompositeBus\\type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{B0CBAB43-44FC-469B-A4CE-87426761FDCE}\\Path",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\cdfs\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\RemovalTools\\MRT\\GUID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProductName",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\AeLookupSvc\\type",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\CertPropSvc\\Parameters\\ServiceDLL",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoNetCrawling",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\FileInfo\\type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{CEE64558-E1A7-4D9D-80A7-2001912BE5B5}\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\HidUsb\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\eventlog\\Start",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\adp94xx\\type",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\agp440\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\CscService\\type",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\adp94xx\\Start",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\lltdio\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{09F06BFE-A3C8-40E3-846A-6E6F4000C238}\\Path",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\b06bdrv\\Imagepath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\DCLocator\\Start",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\AFD\\type",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\RpcEptMapper\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31}\\ShellFolder\\HideInWebView",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{8C5ED038-CFAD-48A0-BB2F-D128286E49B3}\\Path",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\CmBatt\\Start",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\Providers\\Trust\\FinalPolicy\\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\\$Function",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\StreamResourceType",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Wpad\\WpadLastNetwork",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\mrxsmb20\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Active Setup\\Installed Components\\{FEBEF00C-046D-438D-8A88-BF94A6C9E703}\\StubPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Roamable",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\usbcir\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\EventSystem\\ServiceDll",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\ALG\\Start",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Fax\\Start",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Unknown\\BrowseInPlace",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\dot3svc\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\RDPENCDD\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\PortProxy\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\clr_optimization_v2.0.50727_64\\type",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WwanSvc\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\amdsata\\type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GPExtensions\\{7933F41E-56F8-41d6-A31C-4148A711EE93}\\DllName",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries64\\000000000006\\PackedCatalogItem",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\seclogon\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Serenum\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\LDAP\\UseOldHostResolutionOrder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{B78DBF96-841E-4336-BFE9-1C4975F9DA60}\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{486D715E-6AA2-44CF-BC48-B6990CBB53C6}\\(Default)",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\ShowSuperHidden",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\ehRecvr\\ServiceDll",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\megasas\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\AFD\\Start",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\PROTOCOLS\\Handler\\res\\clsid",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\gpsvc\\Parameters\\ServiceDLL",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\FontCache3.0.0.0\\ServiceDll",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Tcpip\\Parameters\\Interfaces\\{AEFD33F3-CC73-4821-AD44-6915063E7FB1}\\DhcpNameServer",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\adsi\\(Default)",
"HKEY_CURRENT_USER\\Keyboard Layout\\Toggle\\Hotkey",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\PROTOCOLS\\Handler\\local\\clsid",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{40DD7C5E-DA67-4A78-B96C-582A4CBAEDF3}\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\b57nd60a\\Imagepath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\WantsFORDISPLAY",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\CSC\\Imagepath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\EFS\\Start",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\fdPHost\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Num_Catalog_Entries64",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\vsmraid\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\iirsp\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Filetrace\\Imagepath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows Defender\\Real-Time Protection\\IOAVMaxSize",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\Search Page",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{6738BA6E-EA75-4B6B-B8B8-71F0336DD8EF}\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\EventSystem\\Parameters\\ServiceDLL",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\Use_DlgBox_Colors",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\fvevol\\Imagepath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\FontCache3.0.0.0\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\SearchScopes\\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Parport\\(Default)",
"HKEY_CURRENT_USER\\Control Panel\\Mouse\\SwapMouseButtons",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\IpFilterDriver\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\BrUsbMdm\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\RDPDD\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\hcw85cir\\Start",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\ClassicShell",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Browser\\Parameters\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\IKEEXT\\type",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Null\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\THREADORDER\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GPExtensions\\{cdeafc3d-948d-49dd-ab12-e578ba4af7aa}\\DllName",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Browser\\Imagepath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{994C86AD-A929-4B2C-88A0-4E25A107A029}\\Path",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries64\\000000000007\\PackedCatalogItem",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\RasSstp\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\blbdrive\\Imagepath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Unknown\\DocObject",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\tdx\\(Default)",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\IconsOnly",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\HDAudBus\\Start",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\mrxsmb\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\hwpolicy\\Start",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\MSKSSRV\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\blbdrive\\(Default)",
"HKEY_CURRENT_USER\\Software\\Microsoft\\SystemCertificates\\Root\\ProtectedRoots\\Certificates",
"HKEY_LOCAL_MACHINE\\HARDWARE\\DESCRIPTION\\System\\BIOS\\SystemProductName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ProgramFilesDir",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CryptDllFindOIDInfo\\1.3.6.1.4.1.311.67.1.1!7\\Name",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\SCardSvr\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\dmvsc\\Imagepath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\\InProcServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Modem\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\IPBusEnum\\ServiceDll",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\PptpMiniport\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CompressedFolder\\IsShortcut",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries64\\000000000006\\ProviderId",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\hkmsvc\\Start",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{79eac9e2-baf9-11ce-8c82-00aa004ba90b}\\InprocServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\HDAudBus\\type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\DisableCANameConstraints",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Active Setup\\Installed Components\\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}\\ShellComponent",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\HomeGroupListener\\Imagepath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\safer\\codeidentifiers\\ExecutableTypes",
"\\REGISTRY\\USER\\.DEFAULT\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ProxyEnable",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\gpsvc\\Imagepath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries\\000000000002\\ProviderId",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries64\\000000000005\\PackedCatalogItem",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2781761E-28E0-4109-99FE-B9D127C57AFE}\\InprocServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\RasAgileVpn\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{855fec53-d2e4-4999-9e87-3414e9cf0ff4}\\InProcServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\rdbss\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\FontCache\\Start",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\stexstor\\(Default)",
"\\REGISTRY\\USER\\.DEFAULT\\Environment\\UserInitMprLogonScript",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\IPBusEnum\\Imagepath",
"HKEY_LOCAL_MACHINE\\I2OS6AS7BX\\Select\\Default",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{8bf9a910-a8ff-457f-999f-a5ca10b4a885}\\InProcServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\DcomLaunch\\Parameters\\ServiceDLL",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\EnableWeakSignatureFlags",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\wmiApSrv\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\AxInstSV\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\LSI_SAS2\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\IKEEXT\\ServiceDll",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries\\000000000002\\LibraryPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{A6AF9377-77CE-47AB-AD7D-EC32CAD0C82D}\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\netprofm\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Beep\\Imagepath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\bowser\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\HomeGroupListener\\ServiceDll",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{82676C49-21A7-4605-AA06-E04A067FB611}\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{E22A8667-F75B-4BA9-BA46-067ED4429DE8}\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{448186F9-75B9-4FB7-A6E0-B19A2BADC1BE}\\Path",
"HKEY_LOCAL_MACHINE\\HARDWARE\\DESCRIPTION\\System\\BIOS\\SystemManufacturer",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries64\\000000000004\\LibraryPath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\defragsvc\\Parameters\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\SearchScopes\\DefaultScope",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\arc\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\.NET CLR Data\\Imagepath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\IsShortcut",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\CscService\\Parameters\\ServiceDLL",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\SESSION MANAGER\\Environment\\COR_PROFILER_PATH",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Processor\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\txtfile\\DocObject",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Active Setup\\Installed Components\\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}\\StubPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\BrowseInPlace",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WSearch\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\ql40xx\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\intelide\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\BTHPORT\\Imagepath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\HpSAMD\\type",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Netlogon\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\FileInfo\\Imagepath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31}\\ShellFolder\\RestrictedAttributes",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\HidBth\\Imagepath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\DfsC\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\PROTOCOLS\\Handler\\mhtml\\clsid",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\PROTOCOLS\\Handler\\https\\clsid",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{7DC691A2-CB15-44DB-853C-19938051BB22}\\Path",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GPExtensions\\{e437bc1c-aa7d-11d2-a382-00c04f991e27}\\DllName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{613612BA-897D-44CE-8DC1-8FC283F9FD51}\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{EB02381F-D652-4B1C-894A-712498C62C51}\\Path",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\SESSION MANAGER\\SubSystems\\Windows",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\hidserv\\Parameters\\ServiceDLL",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\RemoteRegistry\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\PNRPsvc\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Num_Catalog_Entries",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\amdxata\\type",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Tcpip\\Parameters\\Domain",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{FA2BC0A6-8D4B-458A-85C8-2B8C72487513}\\Path",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\IPMIDRV\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{3050F3BC-98B5-11CF-BB82-00AA00BDCE0B}\\InProcServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\PEAUTH\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\DCLocator\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{268014E7-A27E-4FD7-89A6-A481DA222EC8}\\Path",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\.NET CLR Data\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\FontCache\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\FileInfo\\Start",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Active Setup\\Installed Components\\>{26923b43-4d38-484f-9b9e-de460746276c}\\ShellComponent",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\E1G60\\Imagepath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WerSvc\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\gagp30kx\\Start",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\Attributes",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Compbatt\\Start",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{D018DE2F-F02A-4BDB-BA74-56BCD427BE40}\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{EA9155A3-8A39-40b4-8963-D3C761B18371}\\InprocServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\iphlpsvc\\type",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\cdrom\\type",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\HidBth\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\RDPWD\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\MaxAIAUrlRetrievalCertCount",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\atapi\\Imagepath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Unknown\\shell\\openas\\NeverDefault",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\b57nd60a\\type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\txtfile\\BrowseInPlace",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GPExtensions\\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}\\DllName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Active Setup\\Installed Components\\{89B4C1CD-B018-4511-B0A1-5476DBF70820}\\ShellComponent",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Disk\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GPExtensions\\{7150F9BF-48AD-4da4-A49C-29EF4A8369BA}\\DllName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{CD962721-73F1-4649-85D7-6884C1EF28D9}\\(Default)",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\IE8TourShown",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\FsDepends\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\amdsata\\Imagepath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\umbus\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\Authentication Packages",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\Defaults\\Provider\\Microsoft Enhanced RSA and AES Cryptographic Provider\\Type",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\drmkaud\\type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{217FC9C0-3AEA-1069-A2DB-08002B30309D}\\InProcServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{2E941CB2-1B33-47C4-905B-8B4278819513}\\Path",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries64\\000000000002\\ProviderId",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\DPS\\ServiceDll",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Appinfo\\ServiceDll",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\ql2300\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\AllowFileCLSIDJunctions",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\MachineGuid",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{CC35D2E9-B9E1-4ADC-9DA5-71487D9E9EB5}\\Path",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Stream",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\dot3svc\\type",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\NlaSvc\\Parameters\\Internet\\ManualProxies\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\AutoConfigURL",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\iphlpsvc\\Parameters\\ServiceDLL",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\EditFlags",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GPExtensions\\{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}\\DllName",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries\\000000000004\\LibraryPath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\E1G60\\Start",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\p2pimsvc\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GPExtensions\\{A3F3E39B-5D83-4940-B954-28315B82F0A8}\\DllName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Active Setup\\Installed Components\\{89820200-ECBD-11cf-8B85-00AA005B4340}\\ShellComponent",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{A7C73732-9F11-4281-8D19-764D4EC9D94D}\\Path",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Active Setup\\Installed Components\\{3af36230-a269-11d1-b5bf-0000f8051515}\\StubPath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Fax\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\msisadrv\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.zip\\AlwaysShowExt",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\FsDepends\\type",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\clr_optimization_v2.0.50727_64\\Imagepath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\BrUsbMdm\\Imagepath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\\Blob",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\nfrd960\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\wuauserv\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{874CFED9-D01D-4D16-9775-B8A7A05004BF}\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows Defender\\Real-Time Protection\\DisableIOAVProtection",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\NetBIOS\\(Default)",
"HKEY_CURRENT_USER\\Environment\\UserInitMprLogonScript",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{F6B1AFFE-48F0-4340-9F59-C73DDA17C17D}\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Brserid\\Imagepath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\crypt32\\DiagLevel",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\CLFS\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{AC668097-4D6B-4093-AC14-014C09DBF820}\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\amdide\\Start",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\lltdsvc\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\adpu320\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\SNMPTRAP\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{1F7B7221-AE8F-44F3-BA82-F7D260F51964}\\Path",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\fdPHost\\ServiceDll",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\MSDTC Bridge 3.0.0.0\\(Default)",
"\\REGISTRY\\USER\\.DEFAULT\\Environment\\COR_PROFILER",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\TapiSrv\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Msfs\\(Default)",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Command Processor\\AutoRun",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\CLFS\\Start",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Active Setup\\Installed Components\\{630b1da0-b465-11d1-9948-00c04f98bbc9}\\StubPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{900be39d-6be8-461a-bc4d-b0fa71f5ecb1}\\InprocServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\defragsvc\\Start",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\ws2ifsl\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{79eac9e7-baf9-11ce-8c82-00aa004ba90b}\\InprocServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\fdc\\Imagepath",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\NoFileFolderConnection",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\iScsiPrt\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\AppIDSvc\\type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{3050F3B2-98B5-11CF-BB82-00AA00BDCE0B}\\InProcServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{4C8B01A2-11FF-4C41-848F-508EF4F00CF7}\\Path",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31}\\ShellFolder\\WantsFORDISPLAY",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\AudioSrv\\Start",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\.NET CLR Networking\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\ErrDev\\Imagepath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\Name",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\BrFiltUp\\type",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\HpSAMD\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries64\\000000000002\\PackedCatalogItem",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{FA2BC0A6-8D4B-458A-85C8-2B8C72487513}\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{DD9F510C-95F4-499A-90C8-BAC5BC372FF4}\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\AudioEndpointBuilder\\Parameters\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries\\000000000005\\LibraryPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31}\\ShellFolder\\WantsFORPARSING",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\vdrvroot\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\iphlpsvc\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{2A1C9EB2-DF62-4154-B800-63278FCB8037}\\ProxyStubClsid32\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Windows\\AppInit_DLLs",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Active Setup\\Installed Components\\{89820200-ECBD-11cf-8B85-00AA005B4383}\\ShellComponent",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\fastfat\\Imagepath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Dnscache\\ServiceDll",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\scfilter\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{B196B286-BAB4-101A-B69C-00AA00341D07}\\InprocServer32\\InprocServer32",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\StreamResource",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\AlwaysShowExt",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\adpahci\\Imagepath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Print\\Providers\\LanMan Print Services\\Name",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\.NET CLR Networking\\Start",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\FolderTypeID",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\defragsvc\\Parameters\\ServiceDLL",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\{AEFD33F3-CC73-4821-AD44-6915063E7FB1}\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444B-8957-A3773F02200E}\\ParsingName",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\idsvc\\Imagepath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Print\\Providers\\Internet Print Provider\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoCommonGroups",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\inetaccs\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\dmvsc\\type",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\i8042prt\\Start",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\NetTcpPortSharing\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{8C5ED038-CFAD-48A0-BB2F-D128286E49B3}\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GPExtensions\\{E62688F0-25FD-4c90-BFF5-F508B9D2E31F}\\DllName",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\fvevol\\Start",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\CSC\\Start",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\vhdmp\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\idsvc\\ServiceDll",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\defragsvc\\type",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\ErrDev\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Browser\\type",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Brserid\\Start",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WPDBusEnum\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\BrSerWdm\\Imagepath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31}\\ShellFolder\\QueryForOverlay",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\Show_FullURL",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\AcpiPmi\\Start",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\DcomLaunch\\Parameters\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Active Setup\\Installed Components\\>{26923b43-4d38-484f-9b9e-de460746276c}\\ShellComponent",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{CA4B8FF2-A4D2-4D88-A52E-3A5BDAF7F56E}\\Path",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{CBD30858-AF45-11D2-B6D6-00C04FBBDE6E}\\InprocServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\000000000009\\PackedCatalogItem",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{2E941CB2-1B33-47C4-905B-8B4278819513}\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\BDESVC\\Parameters\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{1C1C45EE-4395-11D2-B60B-00104B703EFD}\\ProxyStubClsid32\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\QWAVEdrv\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Wanarpv6\\(Default)",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\ShowCompColor",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Active Setup\\Installed Components\\{7790769C-0471-11d2-AF11-00C04FA35D02}\\StubPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{A9A33436-678B-4c9c-A211-7CC38785E79D}\\InProcServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\ehRecvr\\type",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\intelppm\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\FontCache\\Imagepath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Ntfs\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Active Setup\\Installed Components\\{89B4C1CD-B018-4511-B0A1-5476DBF70820}\\StubPath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\pla\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\000000000004\\PackedCatalogItem",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\swenum\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\amdsata\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{6738BA6E-EA75-4B6B-B8B8-71F0336DD8EF}\\Path",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\.NET Data Provider for SqlServer\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{7AFCC0CA-7121-422A-AB45-B0E8D599FF08}\\Path",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\SystemFileAssociations\\.zip\\DocObject",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{40DD6E20-7C17-11CE-A804-00AA003CA9F6}\\InProcServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Tcpip\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\MAIN\\Search Page",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\ehSched\\type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\MaxAIAUrlCountInCert",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\ParentFolder",
"\\REGISTRY\\USER\\.DEFAULT\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Windows\\Load",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows\\Run",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Active Setup\\Installed Components\\{3af36230-a269-11d1-b5bf-0000f8051515}\\StubPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\PROTOCOLS\\Handler\\http\\clsid",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\inetaccs\\Imagepath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\TabletInputService\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\COMSysApp\\Imagepath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{87F56B34-044E-4A48-8FDD-087BFABD5ECF}\\Path",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\7F88CD7223F3C813818C994614A89C99FA3B5247\\Blob",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\gagp30kx\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\1394ohci\\Imagepath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\FDResPub\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\AsyncMac\\type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\Providers\\Trust\\Certificate\\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\\$DLL",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.zip\\Content Type",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\TCPIP6TUNNEL\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\VgaSave\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\MUI\\StringCacheSettings\\StringCacheGeneration",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\sffdisk\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{551B3807-871F-4E48-A943-2330449F0615}\\Path",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{3307E641-F5EE-49E6-A1FE-BFB5D671441C}\\Path",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\amdsbs\\Imagepath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Unknown\\shell\\openas\\command\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Appinfo\\type",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\IE8RunOnceLastShown_TIMESTAMP",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{5A40E926-9E86-4B89-9CFD-B12311724371}\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{e7ed314f-2816-4c26-aeb5-54a34d02404c}\\InprocServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\MMCSS\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\arcsas\\type",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\AppIDSvc\\ServiceDll",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\IKEEXT\\Parameters\\ServiceDLL",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{3f5cc1b5-70f9-11e8-b07b-806e6f6e6963}\\Generation",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\DcomLaunch\\type",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\BITS\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\Taskman",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\UxSms\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\BTHMODEM\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\CTF\\EnableAnchorContext",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries64\\000000000001\\PackedCatalogItem",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\NdisCap\\(Default)",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.exe\\OpenWithProgids\\exefile",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\inetaccs\\Start",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\KeyIso\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{DA41DE71-8431-42FB-9DB0-EB64A961DEAD}\\Path",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ProxySettingsPerUser",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CompressedFolder\\DocObject",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\BITS\\Parameters\\ServiceDLL",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\flpydisk\\type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\WantsAliasedNotifications",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Mup\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\sffp_mmc\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31}\\ShellFolder\\NoFileFolderJunction",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\FullScreen",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\Providers\\Trust\\Signature\\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\\$DLL",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GPExtensions\\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}\\DllName",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WPCSvc\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\UmPass\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\1394ohci\\Start",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ProxyEnable",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries64\\000000000002\\LibraryPath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\KSecDD\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\HomeGroupProvider\\Parameters\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\DllNXOptions\\GlobalFlag",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{3f5cc1b6-70f9-11e8-b07b-806e6f6e6963}\\Data",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GPExtensions\\{FB2CA36D-0B40-4307-821B-A13B252DE56C}\\DllName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CompressedFolder\\CLSID\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\FDResPub\\Parameters\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\udfs\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Fax\\type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Active Setup\\Installed Components\\{C9E9A340-D1F1-11D0-821E-444553540600}\\StubPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GPExtensions\\{17D89FEC-5C44-4972-B12D-241CAEF74509}\\DllName",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\BITS\\Start",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\idsvc\\type",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Compbatt\\Imagepath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\IKEEXT\\Parameters\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Security",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\CscService\\Start",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\b57nd60a\\Start",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Appinfo\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\FontCache3.0.0.0\\Start",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Spooler\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\Disallowed\\Certificates\\637162CC59A3A1E25956FA5FA8F60D2E1C52EAC6\\Blob",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\Defaults\\Provider\\Microsoft Enhanced RSA and AES Cryptographic Provider\\Image Path",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{DFA14C43-F385-4170-99CC-1B7765FA0E4A}\\InProcServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\Providers\\Trust\\Cleanup\\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\\$DLL",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\intelide\\Start",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\Userinit",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\UGTHRSVC\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Clients\\StartMenuInternet\\IEXPLORE.EXE\\shell\\open\\command\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\HomeGroupProvider\\Imagepath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{79eac9e2-baf9-11ce-8c82-00aa004ba90b}\\InprocServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\AppIDSvc\\Imagepath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\fdc\\Start",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\PNRPAutoReg\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444B-8957-A3773F02200E}\\Icon",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\AudioSrv\\Imagepath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CryptDllFindOIDInfo\\1.3.6.1.4.1.311.67.1.2!7\\Name",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries64\\000000000003\\ProviderId",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{26656EAA-54EB-4E6F-8F85-4F0EF901A406}\\ProxyStubClsid32\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\clr_optimization_v2.0.50727_32\\Start",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\DCLocator\\Imagepath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\.NETFramework\\Imagepath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\hidserv\\ServiceDll",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{AC4E5ACF-89F7-4220-BA21-81EE183975E2}\\Path",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{06DA0625-9701-43da-BFD7-FBEEA2180A1E}\\InProcServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\ROOT\\Certificates\\18F7C1FCC3090203FD5BAA2F861A754976C8DD25\\Blob",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\AsyncMac\\Start",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\adp94xx\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31}\\ShellFolder\\UseDropHandler",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Compbatt\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{F6B1AFFE-48F0-4340-9F59-C73DDA17C17D}\\Path",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\CryptSvc\\Parameters\\ServiceDLL",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{9435F817-FED2-454E-88CD-7F78FDA62C48}\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\LocalizedName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{A656BBE1-4E3E-4C8A-BD79-A8CA56782753}\\Path",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\Window_Placement",
"HKEY_CURRENT_USER\\Local Settings\\MuiCache\\2\\52C64B7E\\@%SystemRoot%\\System32\\fveui.dll,-844",
"HKEY_CURRENT_USER\\Local Settings\\MuiCache\\2\\52C64B7E\\@%SystemRoot%\\System32\\fveui.dll,-843",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{D0250F3F-6480-484F-B719-42F659AC64D5}\\Path",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Active Setup\\Installed Components\\{89B4C1CD-B018-4511-B0A1-5476DBF70820}\\StubPath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\IPBusEnum\\Parameters\\ServiceDLL",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\AppMgmt\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\CLFS\\type",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\AudioEndpointBuilder\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{CDA5F4EE-8293-4A5D-8564-04CD067D1A85}\\Path",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Command Processor\\AutoRun",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\fdPHost\\type",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\intelide\\type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\\Blob",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Active Setup\\Installed Components\\>{26923b43-4d38-484f-9b9e-de460746276c}\\StubPath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\ServiceModelService 3.0.0.0\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\UmRdpService\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{5F5A18EB-DC73-4E45-A11C-B59043598412}\\Path",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444B-8957-A3773F02200E}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Tracing\\RASAPI32\\MaxFileSize",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\PreCreate",
"HKEY_CURRENT_USER\\Environment\\COR_PROFILER",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\PerfDisk\\(Default)",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders\\AppData",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\HomeGroupListener\\Parameters\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\000000000005\\PackedCatalogItem",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\System",
"\\REGISTRY\\USER\\.DEFAULT\\Control Panel\\Desktop\\SCRNSAVE.EXE",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\HidIr\\Imagepath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\vga\\(Default)",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\Local Page",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GPExtensions\\{6232C319-91AC-4931-9385-E70C2B099F0E}\\DllName",
"\\REGISTRY\\USER\\.DEFAULT\\SOFTWARE\\Microsoft\\Command Processor\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\bowser\\Imagepath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\AxInstSV\\ServiceDll",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\LDAP\\UseHostnameAsAlias",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Active Setup\\Installed Components\\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\\ShellComponent",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1E66F26B-79EE-11D2-8710-00C04F79ED0D}\\InprocServer32\\2.0.50727\\CodeBase",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\FDResPub\\type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{5C0AEEEA-C154-45BE-8499-BEA5F11BAFF6}\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\UIHost",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\RDPDR\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C}\\Path",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GPExtensions\\{25537BA6-77A8-11D2-9B6C-0000F8080861}\\DllName",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\DcomLaunch\\Start",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\IEInstal.exe\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CryptDllFindOIDInfo\\1.3.6.1.4.1.311.47.1.1!7\\Name",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444B-8957-A3773F02200E}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\NDProxy\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\TCPIP6\\(Default)",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Cached\\{40DD6E20-7C17-11CE-A804-00AA003CA9F6} {000214FC-0000-0000-C000-000000000046} 0xFFFF",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\Default_Page_URL",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{DD9F510C-95F4-499A-90C8-BAC5BC372FF4}\\Path",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\bowser\\Start",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GPExtensions\\{C418DD9D-0D14-4efb-8FBF-CFE535C8FAC7}\\DllName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\CertPropSvc\\Imagepath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\AcpiPmi\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\shellex\\CopyHookHandlers\\Sharing\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\gpsvc\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\SpecialFoldersCacheSize",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\hwpolicy\\type",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries\\000000000001\\PackedCatalogItem",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\MAIN\\Local Page",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\defragsvc\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\dmvsc\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\wercplsupport\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.DAT\\PerceivedType",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\EventSystem\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Winmgmt\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\EapHost\\type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{1E66F26B-79EE-11D2-8710-00C04F79ED0D}\\InprocServer32\\CodeBase",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{A656BBE1-4E3E-4C8A-BD79-A8CA56782753}\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\LDAP\\LdapClientIntegrity",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\ServiceModelOperation 3.0.0.0\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\adpu320\\Start",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\sermouse\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\cdrom\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Active Setup\\Installed Components\\{45ea75a0-a269-11d1-b5bf-0000f8051515}\\StubPath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\stisvc\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\ehRecvr\\Imagepath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Folder\\DocObject",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444B-8957-A3773F02200E}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{5B42DD9C-5A26-4F27-BB95-34603F0997E5}\\Path",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\MAIN\\Default_Search_URL",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\AcpiPmi\\Imagepath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\CertPropSvc\\ServiceDll",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\1394ohci\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{5A40E926-9E86-4B89-9CFD-B12311724371}\\Path",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{9D148291-B9C8-11D0-A4CC-0000F80149F6}\\InprocServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\amdsbs\\type",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\HdAudAddService\\type",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\iirsp\\type",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\drmkaud\\Start",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\s3cap\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\BrUsbSer\\Start",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\HidBatt\\Imagepath",
"HKEY_CURRENT_USER\\Local Settings\\MuiCache\\2\\52C64B7E\\@%SystemRoot%\\system32\\dnsapi.dll,-103",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{FA3F3DD9-4C1A-456B-A8FA-C76EF3ED83B8}\\InProcServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\MozillaMaintenance\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\bthserv\\Imagepath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries64\\000000000001\\LibraryPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{EACA24FF-236C-401D-A1E7-B3D5267B8A50}\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GPExtensions\\{91FBB303-0CD5-4055-BF42-E512A681B325}\\DllName",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\hcw85cir\\Imagepath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{448186F9-75B9-4FB7-A6E0-B19A2BADC1BE}\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\HideFolderVerbs",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Lsa\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{12D51199-0DB5-46FE-A120-47A3D7D937CC}\\InprocServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{D018DE2F-F02A-4BDB-BA74-56BCD427BE40}\\Path",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\upnphost\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\SSDPSRV\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries64\\000000000004\\ProviderId",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\CallForAttributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SQMClient\\Windows\\CEIPEnable",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\AudioSrv\\type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\Local Page",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\AppID\\type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\PROTOCOLS\\Handler\\mailto\\clsid",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\MSPQM\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\DisableMandatoryBasicConstraints",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\fdPHost\\Parameters\\ServiceDLL",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{EB07F7B4-BB95-4B74-9D32-4533D566453C}\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\ehSched\\Start",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\Providers\\Trust\\Initialization\\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\\$Function",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\BrUsbSer\\type",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\uagp35\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444B-8957-A3773F02200E}\\LocalRedirectOnly",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\clr_optimization_v2.0.50727_32\\type",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\SecurityProviders\\SecurityProviders",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\S-1-5-21-699399860-4089948139-3198924279-1001\\ProfileImagePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\Stream",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\Providers\\Trust\\CertCheck\\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\\$DLL",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\IRENUM\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ProxyServer",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\AsyncMac\\Imagepath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\DXGKrnl\\Imagepath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\InitFolderHandler",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31}\\ShellFolder\\PinToNameSpaceTree",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Active Setup\\Installed Components\\{6BF52A52-394A-11d3-B153-00C04F79FAA6}\\ShellComponent",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\arc\\Start",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Interface\\{BCD1DE7E-2DB1-418B-B047-4A74E101F8C1}\\ProxyStubClsid32\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\lmhosts\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\luafv\\(Default)",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\Start Page Redirect Cache",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\NTDS\\(Default)",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\HideIcons",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\BITS\\ServiceDll",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{72DB7465-BC54-491B-A92A-4637A28C9BBF}\\(Default)",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\Start Page",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{A48CABBF-24C8-4B87-B00F-9261807C3B43}\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.LOG\\(Default)",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\AutoCheckSelect",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\InfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.DAT\\Content Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\MaxUndoItems",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\Name",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\FltMgr\\type",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\HidUsb\\Start",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\HomeGroupListener\\Start",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{4D19A151-A712-4920-AC6D-6C6FD81C8CDB}\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{F18ED8A5-C696-4951-B068-CA8E83634C04}\\Path",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Brserid\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\IsShortcut",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\URLSearchHooks\\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\DcomLaunch\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\crcdisk\\Imagepath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\arcsas\\Imagepath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\pcmcia\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{6f45dc1e-5384-457a-bc13-2cd81b0d28ed}\\InProcServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\i8042prt\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\CscService\\Imagepath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Language\\InstallLanguage",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\CA\\Certificates\\109F1CAED645BB78B3EA2B94C0697C740733031C\\Blob",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\adp94xx\\Imagepath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\EapHost\\Parameters\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\usbprint\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{3050F3B2-98B5-11CF-BB82-00AA00BDCE0B}\\InProcServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Unknown\\shell\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{5B42DD9C-5A26-4F27-BB95-34603F0997E5}\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Disk\\Start",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\Description",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\SESSION MANAGER\\Environment\\UserInitMprLogonScript",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\RelativePath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\Disallowed\\Certificates\\7D7F4414CCEF168ADF6BF40753B5BECD78375931\\Blob",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.LOG\\Content Type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{E22A8667-F75B-4BA9-BA46-067ED4429DE8}\\Path",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\WebView",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{A6AF9377-77CE-47AB-AD7D-EC32CAD0C82D}\\Path",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\RasMan\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\adpahci\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\SafeBoot\\AlternateShell",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\NotifyDownloadComplete",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\hkmsvc\\Parameters\\ServiceDLL",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.DAT\\BrowseInPlace",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{B196B286-BAB4-101A-B69C-00AA00341D07}\\InprocServer32\\ThreadingModel",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\uliagpkx\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\LocalizedName",
"HKEY_CURRENT_USER\\Environment\\COR_PROFILER_PATH",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\amdxata\\Imagepath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\LocalRedirectOnly",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\CA\\CRLs\\A377D1B1C0538833035211F4083D00FECC414DAB\\Blob",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\SysMain\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\hidserv\\type",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\HTTP\\Start",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\MAIN\\Start Page",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\iphlpsvc\\Start",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\atapi\\type",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\mountmgr\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GPExtensions\\{F9C77450-3A41-477E-9310-9ACD617BD9E3}\\DllName",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WacomPen\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{AC3AC249-E820-4343-A65B-377AC634DC09}\\InProcServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\fdPHost\\Imagepath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\HomeGroupProvider\\Parameters\\ServiceDLL",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Active Setup\\Installed Components\\{9381D8F2-0288-11D0-9501-00AA00B911A5}\\StubPath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\bowser\\type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{C27F6B1D-FE0B-45E4-9257-38799FA69BC8}\\InprocServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\RelativePath",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\CPC\\Volume\\{3f5cc1b5-70f9-11e8-b07b-806e6f6e6963}\\Data",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\hidserv\\Parameters\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Active Setup\\Installed Components\\{89820200-ECBD-11cf-8B85-00AA005B4383}\\ShellComponent",
"\\REGISTRY\\USER\\.DEFAULT\\Environment\\COR_PROFILER_PATH",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Beep\\type",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\ksthunk\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\iaStorV\\Imagepath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\PreCreate",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Security",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\USBSTOR\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Unknown\\IsShortcut",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\clr_optimization_v2.0.50727_32\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\circlass\\Imagepath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\EFS\\Imagepath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\iphlpsvc\\Imagepath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\BFE\\Parameters\\ServiceDLL",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{A48CABBF-24C8-4B87-B00F-9261807C3B43}\\Path",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\EventSystem\\type",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\crypt32\\Start",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\BrFiltUp\\Imagepath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\TypeLib\\{420B2830-E718-11CF-893D-00A0C9054228}\\1.0\\0\\win64\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WdiServiceHost\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Tracing\\RASAPI32\\EnableConsoleTracing",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\blbdrive\\type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Category",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\TypeLib\\{00020430-0000-0000-C000-000000000046}\\2.0\\0\\win64\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Num_Catalog_Entries64",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WdiSystemHost\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\TermDD\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\Notification Packages",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31}\\ShellFolder\\WantsAliasedNotifications",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\CertPropSvc\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\CSC\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\rspndr\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{1E66F26B-79EE-11D2-8710-00C04F79ED0D}\\InprocServer32\\CodeBase",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\SourcePath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\HidBth\\Start",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\aliide\\Imagepath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\IEInstal.exe\\Debugger",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{3dd53d40-7b8b-11D0-b013-00aa0059ce02}\\InprocServer32\\(Default)",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\ShowInfoTip",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\WantsParseDisplayName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{58fb76b9-ac85-4e55-ac04-427593b1d060}\\InprocServer32\\(Default)",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\AutoConfigURL",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\.NET Data Provider for SqlServer\\Start",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Serial\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{2DEA658F-54C1-4227-AF9B-260AB5FC3543}\\InprocServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\Description",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\HidIr\\type",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\LSI_SCSI\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Dnscache\\Start",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{EE09B103-97E0-11CF-978F-00A02463E06F}\\InprocServer32\\ThreadingModel",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{3050F406-98B5-11CF-BB82-00AA00BDCE0B}\\InProcServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\PerfNet\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Appinfo\\Parameters\\ServiceDLL",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries64\\000000000008\\PackedCatalogItem",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\arcsas\\Start",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\circlass\\Start",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\DllNXOptions\\Debugger",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Active Setup\\Installed Components\\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}\\StubPath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WIMMount\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\nsiproxy\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{343D770D-7788-47c2-B62A-B7C4CED925CB}\\InProcServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\MSiSCSI\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\MRxDAV\\(Default)",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\Start Page Redirect Cache AcceptLangs",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\.DAT\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Active Setup\\Installed Components\\{E92B03AB-B707-11d2-9CBD-0000F87A369E}\\StubPath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\IKEEXT\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\CertPropSvc\\Start",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\Do404Search",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\CNG\\type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{79eac9e7-baf9-11ce-8c82-00aa004ba90b}\\InprocServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\bthserv\\ServiceDll",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\mshidkmdf\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{B0CBAB43-44FC-469B-A4CE-87426761FDCE}\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\srvnet\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\PROTOCOLS\\Handler\\file\\clsid",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\BTHPORT\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Appinfo\\Imagepath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\AppMgmt\\Parameters\\ServiceDLL",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{3050F3BC-98B5-11CF-BB82-00AA00BDCE0B}\\InProcServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\AudioEndpointBuilder\\Parameters\\ServiceDLL",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{40DD6E20-7C17-11CE-A804-00AA003CA9F6}\\InProcServer32\\LoadWithoutCOM",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\hidserv\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\FltMgr\\Start",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444B-8957-A3773F02200E}\\PublishExpandedPath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\cdrom\\Start",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Tcpip\\Parameters\\Hostname",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\hkmsvc\\Parameters\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Active Setup\\Installed Components\\{4f645220-306d-11d2-995d-00c04f98bbc9}\\StubPath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\tssecsrv\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\adpu320\\Imagepath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\HpSAMD\\Imagepath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\NdisTapi\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\CSC\\type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{CD962721-73F1-4649-85D7-6884C1EF28D9}\\Path",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\WinTrust\\Trust Providers\\Software Publishing\\State",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Active Setup\\Installed Components\\{6BF52A52-394A-11d3-B153-00C04F79FAA6}\\ShellComponent",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Themes\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{79eac9e5-baf9-11ce-8c82-00aa004ba90b}\\InprocServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows NT\\CurrentVersion\\Windows\\AppInit_DLLs",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries\\000000000001\\LibraryPath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\AppMgmt\\type",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Fax\\ServiceDll",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\HdAudAddService\\Imagepath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Active Setup\\Installed Components\\{E92B03AB-B707-11d2-9CBD-0000F87A369E}\\StubPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\StreamResourceType",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\usbuhci\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\BFE\\Start",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\TsUsbGD\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\sffp_sd\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\LSI_SAS\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Fs_Rec\\type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\TypeLib\\{565783C6-CB41-11D1-8B02-00600806D9B6}\\1.2\\0\\win32\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\Roamable",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\DllNXOptions\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Command Processor\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\iirsp\\Imagepath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\KtmRm\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Scripting.Dictionary\\CLSID\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\EFS\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\iaStorV\\Start",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinRM\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\intelppm\\Start",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CompressedFolder\\BrowseInPlace",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{D65231B0-B2F1-4857-A4CE-A8E7C6EA7D27}\\Icon",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\AmdPPM\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Browser\\Parameters\\ServiceDLL",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\AudioEndpointBuilder\\type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{E3163C33-301D-4730-A266-5518C5ED3967}\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{7AFCC0CA-7121-422A-AB45-B0E8D599FF08}\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\AxInstSV\\Parameters\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Mcx2Svc\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\AudioEndpointBuilder\\Start",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\HDAudBus\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\adpu320\\type",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\AppMgmt\\Imagepath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\SearchScopes\\DefaultScope",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\URL\\Prefixes\\www",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\idsvc\\Start",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Active Setup\\Installed Components\\{4f645220-306d-11d2-995d-00c04f98bbc9}\\StubPath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\arc\\Imagepath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{28011108-68DF-4C73-B91B-57427D501BBA}\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Internet Explorer\\MAIN\\FeatureControl\\FEATURE_PROTOCOL_LOCKDOWN\\*",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\ACPI\\type",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\.NET CLR Networking\\Imagepath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\ebdrv\\type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{A35BB7A6-5F0C-4C9F-8450-2B3BED532D51}\\(Default)",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\Filter",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{3050f3DA-98B5-11CF-BB82-00AA00BDCE0B}\\InProcServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\volmgr\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\ehSched\\Imagepath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\LocalizedName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\Description",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\AcpiPmi\\type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\PROTOCOLS\\Handler\\dvd\\clsid",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\IE8RunOnceLastShown",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Beep\\Start",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\DontShowSuperHidden",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\RDPNP\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\agp440\\Start",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\AppMgmt\\Start",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\HomeGroupListener\\Parameters\\ServiceDLL",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\HTTP\\type",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\ALG\\(Default)",
"HKEY_CURRENT_USER\\Local Settings\\MuiCache\\2\\52C64B7E\\@%SystemRoot%\\system32\\qagentrt.dll,-10",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Power\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\ehRecvr\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\RpcSs\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\75E0ABB6138512271C04F85FDDDE38E4B7242EFE\\Blob",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\msiserver\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\PROTOCOLS\\Handler\\its\\clsid",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Tracing\\RASMANCS\\EnableConsoleTracing",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\Show_ToolBar",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{42060D27-CA53-41F5-96E4-B1E8169308A6}\\InprocServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Active Setup\\Installed Components\\{6BF52A52-394A-11d3-B153-00C04F79FAA6}\\StubPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Active Setup\\Installed Components\\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}\\ShellComponent",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\FontCache\\type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{CF2CF428-325B-48D3-8CA8-7633E36E5A32}\\InprocServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WANARP\\(Default)",
"HKEY_CURRENT_USER\\Keyboard Layout\\Toggle\\Layout Hotkey",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Active Setup\\Installed Components\\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\\StubPath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\FDResPub\\Parameters\\ServiceDLL",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444B-8957-A3773F02200E}\\Security",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\PROTOCOLS\\Filter\\application\/x-complus\\clsid",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries64\\000000000003\\LibraryPath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\wbengine\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{79eac9e5-baf9-11ce-8c82-00aa004ba90b}\\InprocServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\BFE\\Parameters\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{486D715E-6AA2-44CF-BC48-B6990CBB53C6}\\Path",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\swprv\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\BFE\\Imagepath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\Search Page",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ProxyEnable",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\ProfSvc\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\bthserv\\Parameters\\ServiceDLL",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Filetrace\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\CscService\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{2470470F-2634-478E-B181-571E98A789BB}\\Path",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.exe\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries\\000000000006\\ProviderId",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Command Processor\\AutoRun",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Active Setup\\Installed Components\\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}\\StubPath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\CmBatt\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\VMBusHID\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\CNG\\Imagepath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{1BB08CFD-C6AD-44C7-BD0B-8F23035A5731}\\Path",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\DXGKrnl\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\HTTP\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\CompositeBus\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\HDAudBus\\Imagepath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries64\\000000000005\\LibraryPath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\circlass\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\AudioSrv\\Parameters\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\BDESVC\\Start",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\FsDepends\\Start",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Active Setup\\Installed Components\\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\\StubPath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\BattC\\Start",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\Providers\\Trust\\Message\\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\\$DLL",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\TurnOffSPIAnimations",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GPExtensions\\{5794DAFD-BE60-433f-88A2-1A31939AC01F}\\DllName",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Browser\\Start",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\arc\\type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Tracing\\RASMANCS\\MaxFileSize",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{994C86AD-A929-4B2C-88A0-4E25A107A029}\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{B81A55E6-C03C-4EF0-B86F-A80A89DF468D}\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{1E66F26B-79EE-11D2-8710-00C04F79ED0D}\\InprocServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries64\\000000000005\\ProviderId",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\CmBatt\\type",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\EapHost\\Imagepath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Unknown\\EditFlags",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\WINMGMTS\\CLSID\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\Security",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\clr_optimization_v2.0.50727_64\\Start",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Tracing\\RASAPI32\\EnableFileTracing",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\ebdrv\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\LanmanWorkstation\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\en-US",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries64\\000000000010\\PackedCatalogItem",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\SENS\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries64\\000000000004\\PackedCatalogItem",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\p2psvc\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\AxInstSV\\type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\WBEM\\CIMOM\\EnableObjectValidation",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\amdide\\Imagepath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\fdPHost\\Parameters\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Directory\\DocObject",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\LocalRedirectOnly",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{EE09B103-97E0-11CF-978F-00A02463E06F}\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{3050F406-98B5-11CF-BB82-00AA00BDCE0B}\\InProcServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Unknown\\NoStaticDefaultVerb",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{EE09B103-97E0-11CF-978F-00A02463E06F}\\ProgID\\(Default)",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows\\Load",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{9979CB83-103A-4105-9E5D-C74B0AF6D198}\\Path",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\pci\\(Default)",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\XMLHTTP",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\CNG\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\dot3svc\\Parameters\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{4DE0CAB9-ECFE-4AA9-B95A-FE815A2EAA4E}\\(Default)",
"HKEY_CURRENT_USER\\Keyboard Layout\\Toggle\\Language Hotkey",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\flpydisk\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{503739d0-4c5e-4cfd-b3ba-d881334f0df2}\\InProcServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WmiAcpi\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\adsi\\Imagepath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{3dd53d40-7b8b-11D0-b013-00aa0059ce02}\\InprocServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\discache\\type",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\exfat\\Start",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\Certificates\\8F43288AD272F3103B6FB1428485EA3014C0BCFE\\Blob",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\EFS\\ServiceDll",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\hcw85cir\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WmiApRpl\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\HidIr\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Active Setup\\Installed Components\\{7790769C-0471-11d2-AF11-00C04FA35D02}\\StubPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{1E66F26B-79EE-11D2-8710-00C04F79ED0D}\\InprocServer32\\2.0.50727\\CodeBase",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\partmgr\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Mozilla\\Mozilla Firefox 60.0.2\\extensions\\Plugins",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\Providers\\Trust\\Message\\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}\\$Function",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GPExtensions\\{4bcd6cde-777b-48b6-9804-43568e23545d}\\DllName",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\kbdclass\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{874CFED9-D01D-4D16-9775-B8A7A05004BF}\\Path",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{EE09B103-97E0-11CF-978F-00A02463E06F}\\InprocServer32\\InprocServer32",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Language Groups\\1",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Windows Workflow Foundation 3.0.0.0\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{F38BF404-1D43-42F2-9305-67DE0B28FC23}\\ParentFolder",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\BITS\\Imagepath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\intelppm\\type",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Dnscache\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\gpsvc\\ServiceDll",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\aliide\\Start",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{e74e57b0-6c6d-44d5-9cda-fb2df5ed7435}\\InprocServer32\\(Default)",
"HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\SpecialFoldersCacheSize",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\COMSysApp\\type",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\wudfsvc\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Ndisuio\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{044A6734-E90E-4F8F-B357-B2DC8AB3B5EC}\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\MSSCNTRS\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\Attributes",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444B-8957-A3773F02200E}\\LocalizedName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GPExtensions\\{35378EAC-683F-11D2-A89A-00C04FBBCFA2}\\DllName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\\InprocServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\mpsdrv\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\W3SVC\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\MaxAIAUrlRetrievalByteCount",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\drmkaud\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\txtfile\\NeverShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{B43033E6-1453-4AD6-AFBA-C03CFC178286}\\Path",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\MsRPC\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\eventlog\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{9979CB83-103A-4105-9E5D-C74B0AF6D198}\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\discache\\Start",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\mssmbios\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{6D809377-6AF0-444B-8957-A3773F02200E}\\PreCreate",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\ehSched\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\ErrDev\\Start",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\flpydisk\\Imagepath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Smb\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\Wow6432Node\\CLSID\\{05300401-BCBC-11d0-85E3-00C04FD85AB4}\\InprocServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\ShellFolder\\HideInWebView",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\ACPI\\Start",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced\\SeparateProcess",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\DPS\\type",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\hkmsvc\\ServiceDll",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{E3163C33-301D-4730-A266-5518C5ED3967}\\Path",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\wscsvc\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\PROTOCOLS\\Handler\\ftp\\clsid",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts\\.exe\\OpenWithProgids\\secfile",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Active Setup\\Installed Components\\{7C028AF8-F614-47B3-82DA-BA94E41B1089}\\StubPath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\*\\EditFlags",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\vds\\(Default)",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\Show_URLinStatusBar",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Psched\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{c463a0fc-794f-4fdf-9201-01938ceacafa}\\InProcServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows Defender\\Real-Time Protection\\DisableRealtimeMonitoring",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{CEE64558-E1A7-4D9D-80A7-2001912BE5B5}\\Path",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{47536D45-EEEC-4BDC-8183-A4DC1F8DA9E4}\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Active Setup\\Installed Components\\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}\\ShellComponent",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\CompositeBus\\Start",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\HomeGroupProvider\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\AppIDSvc\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\RpcLocator\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\HidBatt\\Start",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\HidBatt\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Active Setup\\Installed Components\\{89820200-ECBD-11cf-8B85-00AA005B4383}\\StubPath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\IpFilterDriver\\Imagepath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\OID\\EncodingType 0\\CertDllCreateCertificateChainEngine\\Config\\ChainCacheResyncFiletime",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Brserid\\type",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GPExtensions\\{E4F48E54-F38D-4884-BFB9-D4D2E5729C18}\\DllName",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Security\\DisableSecuritySettingsCheck",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\ESENT\\Imagepath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31}\\ShellFolder\\HideOnDesktopPerUser",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\eventlog\\ServiceDll",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\EapHost\\Start",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{CC35D2E9-B9E1-4ADC-9DA5-71487D9E9EB5}\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GPExtensions\\{426031c0-0b47-4852-b0ca-ac3d37bfcb39}\\DllName",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Tcpip\\Parameters\\Interfaces\\{EF381EA0-4D07-418D-A490-68AF67CE948B}\\NameServer",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\usbccgp\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{9435F817-FED2-454E-88CD-7F78FDA62C48}\\Path",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GPExtensions\\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}\\DllName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Schedule\\TaskCache\\Tasks\\{613612BA-897D-44CE-8DC1-8FC283F9FD51}\\Path",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Internet Explorer\\MAIN\\Default_Search_URL",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\Main\\IE8TourShownTime",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\URLSearchHooks\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinDefend\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GPExtensions\\{c6dc5466-785a-11d2-84d0-00c04fb169f7}\\DllName",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\LSI_FC\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FolderDescriptions\\{7C5A40EF-A0FB-4BFC-874A-C0F2E0B9FA8E}\\LocalizedName",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\sppsvc\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\sfloppy\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\PROTOCOLS\\Handler\\cdl\\clsid",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\Dnscache\\Parameters\\ServiceDLL",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\adsi\\Start",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\TCPIPTUNNEL\\(Default)",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\BrUsbMdm\\Start",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\i8042prt\\Imagepath",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\AllFilesystemObjects\\NeverShowExt",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31}\\ShellFolder\\Attributes",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\EventSystem\\Imagepath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\IPBusEnum\\Start",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoSimpleStartMenu",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\blbdrive\\Start",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\DPS\\Start",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\WinSock2\\Parameters\\NameSpace_Catalog5\\Catalog_Entries\\000000000003\\LibraryPath",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\clr_optimization_v2.0.50727_32\\ServiceDll",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\BTHMODEM\\Start",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\services\\pcw\\start",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\CLSID\\{190BA3F6-0205-4f46-B589-95C6822899D2}\\InprocServer32\\(Default)",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Command Processor\\(Default)"
],
"regkey_written": [
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Shell Extensions\\Cached\\{2781761E-28E0-4109-99FE-B9D127C57AFE} {56FFCC30-D398-11D0-B2AE-00A0C908FA49} 0xFFFF",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Tracing\\RASMANCS\\FileDirectory",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Wpad\\{E34DF837-3A38-4E8C-83F4-ABF8AB3FB4A6}\\WpadDecisionReason",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Tracing\\RASMANCS\\EnableFileTracing",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Wpad\\{E34DF837-3A38-4E8C-83F4-ABF8AB3FB4A6}\\WpadDecision",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Tracing\\RASMANCS\\MaxFileSize",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Tracing\\RASMANCS\\FileTracingMask",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Wpad\\{E34DF837-3A38-4E8C-83F4-ABF8AB3FB4A6}\\WpadNetworkName",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Tracing\\RASAPI32\\MaxFileSize",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Tracing\\RASAPI32\\EnableConsoleTracing",
"HKEY_CURRENT_USER\\Local Settings\\MuiCache\\2\\52C64B7E\\LanguageList",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections\\DefaultConnectionSettings",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Tracing\\RASAPI32\\EnableFileTracing",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Wpad\\{E34DF837-3A38-4E8C-83F4-ABF8AB3FB4A6}\\WpadDecisionTime",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Wpad\\WpadLastNetwork",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Tracing\\RASAPI32\\ConsoleTracingMask",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Tracing\\RASAPI32\\FileDirectory",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Discardable\\PostSetup\\Component Categories64\\{56FFCC30-D398-11D0-B2AE-00A0C908FA49}\\Enum\\Implementing",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Tracing\\RASMANCS\\EnableConsoleTracing",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Tracing\\RASMANCS\\ConsoleTracingMask",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Tracing\\RASAPI32\\FileTracingMask"
]
},
"first_seen": 1583394785.5,
"ppid": 2448
},
{
"process_path": "C:\\Windows\\System32\\cmd.exe",
"process_name": "cmd.exe",
"pid": 2244,
"summary": {
"file_opened": [
"C:\\Users\\",
"C:\\Users\\cuck\\AppData\\",
"C:\\Users\\cuck\\AppData\\Local\\",
"C:\\",
"C:\\Users\\cuck\\"
],
"file_exists": [
"C:\\Users\\cuck\\AppData\\Local\\Temp"
],
"regkey_read": [
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Language Groups\\1",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Command Processor\\DelayedExpansion",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Command Processor\\PathCompletionChar",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Command Processor\\DisableUNCCheck",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Command Processor\\EnableExtensions",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Command Processor\\CompletionChar",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Command Processor\\DefaultColor",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\en-US",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Command Processor\\AutoRun",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Command Processor\\CompletionChar",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Locale\\00000409",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\en-US",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\GRE_Initialize\\DisableMetaFiles",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Command Processor\\PathCompletionChar",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Command Processor\\DisableUNCCheck",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Command Processor\\EnableExtensions",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Command Processor\\DelayedExpansion",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Command Processor\\DefaultColor",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Command Processor\\AutoRun"
]
},
"first_seen": 1583394787.89143,
"ppid": 1664
},
{
"process_path": "C:\\Windows\\System32\\lsass.exe",
"process_name": "lsass.exe",
"pid": 476,
"summary": {},
"first_seen": 1583394785.328125,
"ppid": 376
},
{
"process_path": "C:\\Windows\\System32\\bcdedit.exe",
"process_name": "bcdedit.exe",
"pid": 1132,
"summary": {
"file_opened": [
"C:\\Windows\\System32\\en-US\\KERNELBASE.dll.mui"
],
"file_created": [
"C:\\FRST\\Hives\\BCD"
],
"regkey_read": [
"HKEY_LOCAL_MACHINE\\BCD00000000\\Objects\\{7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}\\Elements\\14000006\\Element",
"HKEY_LOCAL_MACHINE\\BCD00000000\\Objects\\{b2721d73-1db4-4c62-bf78-c548a880142d}\\Description\\FirmwareVariable",
"HKEY_LOCAL_MACHINE\\BCD00000000\\Objects\\{5189b25c-5558-4bf2-bca4-289b11bd29e2}\\Description\\FirmwareVariable",
"HKEY_LOCAL_MACHINE\\BCD00000000\\Objects\\{9431d580-7101-11e8-ab61-bbe2f5b369b3}\\Description\\Type",
"HKEY_LOCAL_MACHINE\\BCD00000000\\Objects\\{9431d580-7101-11e8-ab61-bbe2f5b369b3}\\Description\\FirmwareVariable",
"HKEY_LOCAL_MACHINE\\BCD00000000\\Objects\\{b2721d73-1db4-4c62-bf78-c548a880142d}\\Elements\\12000004\\Element",
"HKEY_LOCAL_MACHINE\\BCD00000000\\Objects\\{9dea862c-5cdd-4e70-acc1-f32b344d4795}\\Elements\\24000001\\Element",
"HKEY_LOCAL_MACHINE\\BCD00000000\\Objects\\{7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}\\Description\\FirmwareVariable",
"HKEY_LOCAL_MACHINE\\BCD00000000\\Objects\\{4636856e-540f-4170-a130-a84776f4c654}\\Elements\\15000013\\Element",
"HKEY_LOCAL_MACHINE\\BCD00000000\\Objects\\{9431d580-7101-11e8-ab61-bbe2f5b369b3}\\Elements\\12000005\\Element",
"HKEY_LOCAL_MACHINE\\BCD00000000\\Objects\\{9431d581-7101-11e8-ab61-bbe2f5b369b3}\\Elements\\14000006\\Element",
"HKEY_LOCAL_MACHINE\\BCD00000000\\Objects\\{9431d583-7101-11e8-ab61-bbe2f5b369b3}\\Elements\\32000004\\Element",
"HKEY_LOCAL_MACHINE\\BCD00000000\\Objects\\{9431d583-7101-11e8-ab61-bbe2f5b369b3}\\Description\\FirmwareVariable",
"HKEY_LOCAL_MACHINE\\BCD00000000\\Objects\\{9431d581-7101-11e8-ab61-bbe2f5b369b3}\\Elements\\16000009\\Element",
"HKEY_LOCAL_MACHINE\\BCD00000000\\Description\\System",
"HKEY_LOCAL_MACHINE\\BCD00000000\\Objects\\{7ff607e0-4395-11db-b0de-0800200c9a66}\\Elements\\250000f3\\Element",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Language Groups\\1",
"HKEY_LOCAL_MACHINE\\BCD00000000\\Objects\\{9dea862c-5cdd-4e70-acc1-f32b344d4795}\\Elements\\11000001\\Element",
"HKEY_LOCAL_MACHINE\\BCD00000000\\Objects\\{9431d581-7101-11e8-ab61-bbe2f5b369b3}\\Elements\\11000001\\Element",
"HKEY_LOCAL_MACHINE\\BCD00000000\\Objects\\{6efb52bf-1766-41db-a6b3-0ee5eff72bd7}\\Description\\Type",
"HKEY_LOCAL_MACHINE\\BCD00000000\\Objects\\{b2721d73-1db4-4c62-bf78-c548a880142d}\\Elements\\12000002\\Element",
"HKEY_LOCAL_MACHINE\\BCD00000000\\Objects\\{0ce4991b-e6b3-4b16-b23c-5e0d9250e5d9}\\Elements\\16000020\\Element",
"HKEY_LOCAL_MACHINE\\BCD00000000\\Objects\\{9431d583-7101-11e8-ab61-bbe2f5b369b3}\\Elements\\12000004\\Element",
"HKEY_LOCAL_MACHINE\\BCD00000000\\Objects\\{9dea862c-5cdd-4e70-acc1-f32b344d4795}\\Elements\\12000005\\Element",
"HKEY_LOCAL_MACHINE\\BCD00000000\\Objects\\{9431d580-7101-11e8-ab61-bbe2f5b369b3}\\Elements\\11000001\\Element",
"HKEY_LOCAL_MACHINE\\BCD00000000\\Objects\\{9431d581-7101-11e8-ab61-bbe2f5b369b3}\\Description\\FirmwareVariable",
"HKEY_LOCAL_MACHINE\\BCD00000000\\Description\\TreatAsSystem",
"HKEY_LOCAL_MACHINE\\BCD00000000\\Objects\\{4636856e-540f-4170-a130-a84776f4c654}\\Description\\FirmwareVariable",
"HKEY_LOCAL_MACHINE\\BCD00000000\\Objects\\{9431d582-7101-11e8-ab61-bbe2f5b369b3}\\Description\\FirmwareVariable",
"HKEY_LOCAL_MACHINE\\BCD00000000\\Objects\\{9431d582-7101-11e8-ab61-bbe2f5b369b3}\\Elements\\26000022\\Element",
"HKEY_LOCAL_MACHINE\\BCD00000000\\Objects\\{1afa9c49-16ab-4a5c-901b-212802da9460}\\Description\\Type",
"HKEY_LOCAL_MACHINE\\BCD00000000\\Objects\\{9431d581-7101-11e8-ab61-bbe2f5b369b3}\\Elements\\25000020\\Element",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Locale\\00000409",
"HKEY_LOCAL_MACHINE\\BCD00000000\\Objects\\{6efb52bf-1766-41db-a6b3-0ee5eff72bd7}\\Description\\FirmwareVariable",
"HKEY_LOCAL_MACHINE\\BCD00000000\\Objects\\{7ff607e0-4395-11db-b0de-0800200c9a66}\\Elements\\250000f5\\Element",
"HKEY_LOCAL_MACHINE\\BCD00000000\\Objects\\{9dea862c-5cdd-4e70-acc1-f32b344d4795}\\Elements\\23000003\\Element",
"HKEY_LOCAL_MACHINE\\BCD00000000\\Objects\\{6efb52bf-1766-41db-a6b3-0ee5eff72bd7}\\Elements\\14000006\\Element",
"HKEY_LOCAL_MACHINE\\BCD00000000\\Objects\\{b2721d73-1db4-4c62-bf78-c548a880142d}\\Elements\\11000001\\Element",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\SystemStartOptions",
"HKEY_LOCAL_MACHINE\\BCD00000000\\Objects\\{4636856e-540f-4170-a130-a84776f4c654}\\Elements\\15000014\\Element",
"HKEY_LOCAL_MACHINE\\BCD00000000\\Objects\\{9431d582-7101-11e8-ab61-bbe2f5b369b3}\\Description\\Type",
"HKEY_LOCAL_MACHINE\\BCD00000000\\Objects\\{7ff607e0-4395-11db-b0de-0800200c9a66}\\Elements\\250000f4\\Element",
"HKEY_LOCAL_MACHINE\\BCD00000000\\Objects\\{4636856e-540f-4170-a130-a84776f4c654}\\Description\\Type",
"HKEY_LOCAL_MACHINE\\BCD00000000\\Objects\\{9431d581-7101-11e8-ab61-bbe2f5b369b3}\\Elements\\12000005\\Element",
"HKEY_LOCAL_MACHINE\\BCD00000000\\Objects\\{9431d582-7101-11e8-ab61-bbe2f5b369b3}\\Elements\\11000001\\Element",
"HKEY_CURRENT_USER\\Control Panel\\Desktop\\MuiCached\\MachinePreferredUILanguages",
"HKEY_LOCAL_MACHINE\\BCD00000000\\Objects\\{9431d580-7101-11e8-ab61-bbe2f5b369b3}\\Elements\\12000002\\Element",
"HKEY_LOCAL_MACHINE\\BCD00000000\\Objects\\{7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}\\Description\\Type",
"HKEY_LOCAL_MACHINE\\BCD00000001\\Description\\KeyName",
"HKEY_LOCAL_MACHINE\\BCD00000000\\Objects\\{0ce4991b-e6b3-4b16-b23c-5e0d9250e5d9}\\Description\\FirmwareVariable",
"HKEY_LOCAL_MACHINE\\BCD00000000\\Objects\\{9431d581-7101-11e8-ab61-bbe2f5b369b3}\\Description\\Type",
"HKEY_LOCAL_MACHINE\\BCD00000000\\Objects\\{9431d580-7101-11e8-ab61-bbe2f5b369b3}\\Elements\\22000002\\Element",
"HKEY_LOCAL_MACHINE\\BCD00000000\\Objects\\{9dea862c-5cdd-4e70-acc1-f32b344d4795}\\Elements\\23000006\\Element",
"HKEY_LOCAL_MACHINE\\BCD00000000\\Objects\\{1afa9c49-16ab-4a5c-901b-212802da9460}\\Elements\\14000006\\Element",
"HKEY_LOCAL_MACHINE\\BCD00000000\\Objects\\{9431d582-7101-11e8-ab61-bbe2f5b369b3}\\Elements\\12000002\\Element",
"HKEY_LOCAL_MACHINE\\BCD00000000\\Objects\\{b2721d73-1db4-4c62-bf78-c548a880142d}\\Elements\\12000005\\Element",
"HKEY_LOCAL_MACHINE\\BCD00000000\\Objects\\{7ff607e0-4395-11db-b0de-0800200c9a66}\\Description\\FirmwareVariable",
"HKEY_LOCAL_MACHINE\\BCD00000000\\Objects\\{9431d582-7101-11e8-ab61-bbe2f5b369b3}\\Elements\\46000010\\Element",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\Windows Error Reporting\\WMR\\Disable",
"HKEY_CURRENT_USER\\Control Panel\\Desktop\\PreferredUILanguages",
"HKEY_LOCAL_MACHINE\\BCD00000000\\Objects\\{9431d582-7101-11e8-ab61-bbe2f5b369b3}\\Elements\\22000002\\Element",
"HKEY_LOCAL_MACHINE\\BCD00000000\\Objects\\{9431d580-7101-11e8-ab61-bbe2f5b369b3}\\Elements\\26000006\\Element",
"HKEY_LOCAL_MACHINE\\BCD00000000\\Objects\\{9dea862c-5cdd-4e70-acc1-f32b344d4795}\\Elements\\25000004\\Element",
"HKEY_LOCAL_MACHINE\\BCD00000000\\Objects\\{9dea862c-5cdd-4e70-acc1-f32b344d4795}\\Description\\Type",
"HKEY_LOCAL_MACHINE\\BCD00000000\\Objects\\{9dea862c-5cdd-4e70-acc1-f32b344d4795}\\Description\\FirmwareVariable",
"HKEY_LOCAL_MACHINE\\BCD00000000\\Objects\\{9431d583-7101-11e8-ab61-bbe2f5b369b3}\\Description\\Type",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\en-US",
"HKEY_LOCAL_MACHINE\\BCD00000000\\Objects\\{0ce4991b-e6b3-4b16-b23c-5e0d9250e5d9}\\Description\\Type",
"HKEY_LOCAL_MACHINE\\BCD00000000\\Objects\\{9431d580-7101-11e8-ab61-bbe2f5b369b3}\\Elements\\14000006\\Element",
"HKEY_LOCAL_MACHINE\\BCD00000000\\Objects\\{9431d581-7101-11e8-ab61-bbe2f5b369b3}\\Elements\\14000008\\Element",
"HKEY_LOCAL_MACHINE\\BCD00000000\\Objects\\{9431d582-7101-11e8-ab61-bbe2f5b369b3}\\Elements\\12000004\\Element",
"HKEY_LOCAL_MACHINE\\BCD00000000\\Objects\\{9431d581-7101-11e8-ab61-bbe2f5b369b3}\\Elements\\12000002\\Element",
"HKEY_LOCAL_MACHINE\\BCD00000000\\Objects\\{9dea862c-5cdd-4e70-acc1-f32b344d4795}\\Elements\\24000010\\Element",
"HKEY_LOCAL_MACHINE\\BCD00000000\\Objects\\{9431d581-7101-11e8-ab61-bbe2f5b369b3}\\Elements\\22000002\\Element",
"HKEY_LOCAL_MACHINE\\BCD00000000\\Objects\\{1afa9c49-16ab-4a5c-901b-212802da9460}\\Description\\FirmwareVariable",
"HKEY_LOCAL_MACHINE\\BCD00000000\\Objects\\{9431d580-7101-11e8-ab61-bbe2f5b369b3}\\Elements\\12000004\\Element",
"HKEY_LOCAL_MACHINE\\BCD00000000\\Objects\\{9431d580-7101-11e8-ab61-bbe2f5b369b3}\\Elements\\21000001\\Element",
"HKEY_LOCAL_MACHINE\\BCD00000000\\Objects\\{9dea862c-5cdd-4e70-acc1-f32b344d4795}\\Elements\\14000006\\Element",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\en-US",
"HKEY_LOCAL_MACHINE\\BCD00000000\\Objects\\{9431d582-7101-11e8-ab61-bbe2f5b369b3}\\Elements\\14000006\\Element",
"HKEY_LOCAL_MACHINE\\BCD00000000\\Objects\\{9431d583-7101-11e8-ab61-bbe2f5b369b3}\\Elements\\31000003\\Element",
"HKEY_LOCAL_MACHINE\\BCD00000000\\Objects\\{9431d581-7101-11e8-ab61-bbe2f5b369b3}\\Elements\\23000003\\Element",
"HKEY_LOCAL_MACHINE\\BCD00000001\\Description\\TreatAsSystem",
"HKEY_LOCAL_MACHINE\\BCD00000000\\Objects\\{7ff607e0-4395-11db-b0de-0800200c9a66}\\Description\\Type",
"HKEY_LOCAL_MACHINE\\BCD00000000\\Objects\\{9431d582-7101-11e8-ab61-bbe2f5b369b3}\\Elements\\25000020\\Element",
"HKEY_LOCAL_MACHINE\\BCD00000000\\Objects\\{9431d582-7101-11e8-ab61-bbe2f5b369b3}\\Elements\\21000001\\Element",
"HKEY_LOCAL_MACHINE\\BCD00000000\\Objects\\{4636856e-540f-4170-a130-a84776f4c654}\\Elements\\15000011\\Element",
"HKEY_LOCAL_MACHINE\\BCD00000000\\Objects\\{9dea862c-5cdd-4e70-acc1-f32b344d4795}\\Elements\\12000004\\Element",
"HKEY_LOCAL_MACHINE\\BCD00000001\\Description\\System",
"HKEY_LOCAL_MACHINE\\BCD00000000\\Objects\\{5189b25c-5558-4bf2-bca4-289b11bd29e2}\\Description\\Type",
"HKEY_LOCAL_MACHINE\\BCD00000000\\Objects\\{9431d581-7101-11e8-ab61-bbe2f5b369b3}\\Elements\\12000004\\Element",
"HKEY_LOCAL_MACHINE\\BCD00000000\\Objects\\{b2721d73-1db4-4c62-bf78-c548a880142d}\\Description\\Type",
"HKEY_LOCAL_MACHINE\\BCD00000000\\Objects\\{b2721d73-1db4-4c62-bf78-c548a880142d}\\Elements\\1600000b\\Element",
"HKEY_LOCAL_MACHINE\\BCD00000000\\Objects\\{9431d581-7101-11e8-ab61-bbe2f5b369b3}\\Elements\\21000001\\Element",
"HKEY_LOCAL_MACHINE\\BCD00000000\\Objects\\{b2721d73-1db4-4c62-bf78-c548a880142d}\\Elements\\14000006\\Element"
],
"dll_loaded": [
"kernel32.dll"
],
"regkey_written": [
"HKEY_LOCAL_MACHINE\\BCD00000001\\Objects\\{9431d581-7101-11e8-ab61-bbe2f5b369b3}\\Elements\\11000001\\Element",
"HKEY_LOCAL_MACHINE\\BCD00000001\\Objects\\{9431d582-7101-11e8-ab61-bbe2f5b369b3}\\Elements\\21000001\\Element",
"HKEY_LOCAL_MACHINE\\BCD00000001\\Objects\\{9431d582-7101-11e8-ab61-bbe2f5b369b3}\\Elements\\14000006\\Element",
"HKEY_LOCAL_MACHINE\\BCD00000001\\Objects\\{b2721d73-1db4-4c62-bf78-c548a880142d}\\Elements\\1600000b\\Element",
"HKEY_LOCAL_MACHINE\\BCD00000001\\Objects\\{9dea862c-5cdd-4e70-acc1-f32b344d4795}\\Description\\Type",
"HKEY_LOCAL_MACHINE\\BCD00000001\\Objects\\{6efb52bf-1766-41db-a6b3-0ee5eff72bd7}\\Elements\\14000006\\Element",
"HKEY_LOCAL_MACHINE\\BCD00000001\\Objects\\{9431d582-7101-11e8-ab61-bbe2f5b369b3}\\Description\\Type",
"HKEY_LOCAL_MACHINE\\BCD00000001\\Objects\\{9431d581-7101-11e8-ab61-bbe2f5b369b3}\\Elements\\16000009\\Element",
"HKEY_LOCAL_MACHINE\\BCD00000001\\Objects\\{b2721d73-1db4-4c62-bf78-c548a880142d}\\Description\\Type",
"HKEY_LOCAL_MACHINE\\BCD00000001\\Objects\\{9431d581-7101-11e8-ab61-bbe2f5b369b3}\\Elements\\25000020\\Element",
"HKEY_LOCAL_MACHINE\\BCD00000001\\Objects\\{9431d582-7101-11e8-ab61-bbe2f5b369b3}\\Elements\\11000001\\Element",
"HKEY_LOCAL_MACHINE\\BCD00000001\\Objects\\{7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}\\Description\\Type",
"HKEY_LOCAL_MACHINE\\BCD00000001\\Objects\\{4636856e-540f-4170-a130-a84776f4c654}\\Elements\\15000013\\Element",
"HKEY_LOCAL_MACHINE\\BCD00000001\\Objects\\{9431d580-7101-11e8-ab61-bbe2f5b369b3}\\Elements\\21000001\\Element",
"HKEY_LOCAL_MACHINE\\BCD00000001\\Objects\\{9431d580-7101-11e8-ab61-bbe2f5b369b3}\\Elements\\11000001\\Element",
"HKEY_LOCAL_MACHINE\\BCD00000001\\Objects\\{9dea862c-5cdd-4e70-acc1-f32b344d4795}\\Elements\\14000006\\Element",
"HKEY_LOCAL_MACHINE\\BCD00000001\\Objects\\{9dea862c-5cdd-4e70-acc1-f32b344d4795}\\Elements\\24000010\\Element",
"HKEY_LOCAL_MACHINE\\BCD00000001\\Objects\\{9431d582-7101-11e8-ab61-bbe2f5b369b3}\\Elements\\26000022\\Element",
"HKEY_LOCAL_MACHINE\\BCD00000001\\Objects\\{9dea862c-5cdd-4e70-acc1-f32b344d4795}\\Elements\\23000006\\Element",
"HKEY_LOCAL_MACHINE\\BCD00000001\\Objects\\{7ff607e0-4395-11db-b0de-0800200c9a66}\\Elements\\250000f3\\Element",
"HKEY_LOCAL_MACHINE\\BCD00000001\\Objects\\{9dea862c-5cdd-4e70-acc1-f32b344d4795}\\Elements\\12000004\\Element",
"HKEY_LOCAL_MACHINE\\BCD00000001\\Objects\\{9431d582-7101-11e8-ab61-bbe2f5b369b3}\\Elements\\25000020\\Element",
"HKEY_LOCAL_MACHINE\\BCD00000001\\Objects\\{9431d580-7101-11e8-ab61-bbe2f5b369b3}\\Elements\\14000006\\Element",
"HKEY_LOCAL_MACHINE\\BCD00000001\\Objects\\{9dea862c-5cdd-4e70-acc1-f32b344d4795}\\Elements\\24000001\\Element",
"HKEY_LOCAL_MACHINE\\BCD00000001\\Objects\\{9431d581-7101-11e8-ab61-bbe2f5b369b3}\\Elements\\14000008\\Element",
"HKEY_LOCAL_MACHINE\\BCD00000001\\Objects\\{9dea862c-5cdd-4e70-acc1-f32b344d4795}\\Elements\\23000003\\Element",
"HKEY_LOCAL_MACHINE\\BCD00000001\\Objects\\{9431d580-7101-11e8-ab61-bbe2f5b369b3}\\Description\\Type",
"HKEY_LOCAL_MACHINE\\BCD00000001\\Objects\\{9431d581-7101-11e8-ab61-bbe2f5b369b3}\\Elements\\12000002\\Element",
"HKEY_LOCAL_MACHINE\\BCD00000001\\Objects\\{9dea862c-5cdd-4e70-acc1-f32b344d4795}\\Elements\\12000005\\Element",
"HKEY_LOCAL_MACHINE\\BCD00000001\\Objects\\{9dea862c-5cdd-4e70-acc1-f32b344d4795}\\Elements\\25000004\\Element",
"HKEY_LOCAL_MACHINE\\BCD00000001\\Objects\\{9431d581-7101-11e8-ab61-bbe2f5b369b3}\\Elements\\21000001\\Element",
"HKEY_LOCAL_MACHINE\\BCD00000001\\Objects\\{4636856e-540f-4170-a130-a84776f4c654}\\Description\\Type",
"HKEY_LOCAL_MACHINE\\BCD00000001\\Objects\\{9431d580-7101-11e8-ab61-bbe2f5b369b3}\\Elements\\26000006\\Element",
"HKEY_LOCAL_MACHINE\\BCD00000001\\Objects\\{7ff607e0-4395-11db-b0de-0800200c9a66}\\Elements\\250000f4\\Element",
"HKEY_LOCAL_MACHINE\\BCD00000001\\Objects\\{9431d581-7101-11e8-ab61-bbe2f5b369b3}\\Elements\\22000002\\Element",
"HKEY_LOCAL_MACHINE\\BCD00000001\\Objects\\{9431d581-7101-11e8-ab61-bbe2f5b369b3}\\Elements\\23000003\\Element",
"HKEY_LOCAL_MACHINE\\BCD00000001\\Objects\\{9431d581-7101-11e8-ab61-bbe2f5b369b3}\\Elements\\14000006\\Element",
"HKEY_LOCAL_MACHINE\\BCD00000001\\Objects\\{7ff607e0-4395-11db-b0de-0800200c9a66}\\Description\\Type",
"HKEY_LOCAL_MACHINE\\BCD00000001\\Objects\\{9431d581-7101-11e8-ab61-bbe2f5b369b3}\\Elements\\12000004\\Element",
"HKEY_LOCAL_MACHINE\\BCD00000001\\Objects\\{9431d581-7101-11e8-ab61-bbe2f5b369b3}\\Elements\\12000005\\Element",
"HKEY_LOCAL_MACHINE\\BCD00000001\\Objects\\{6efb52bf-1766-41db-a6b3-0ee5eff72bd7}\\Description\\Type",
"HKEY_LOCAL_MACHINE\\BCD00000001\\Objects\\{4636856e-540f-4170-a130-a84776f4c654}\\Elements\\15000011\\Element",
"HKEY_LOCAL_MACHINE\\BCD00000001\\Objects\\{7ff607e0-4395-11db-b0de-0800200c9a66}\\Elements\\250000f5\\Element",
"HKEY_LOCAL_MACHINE\\BCD00000001\\Objects\\{b2721d73-1db4-4c62-bf78-c548a880142d}\\Elements\\12000005\\Element",
"HKEY_LOCAL_MACHINE\\BCD00000001\\Objects\\{9431d583-7101-11e8-ab61-bbe2f5b369b3}\\Description\\Type",
"HKEY_LOCAL_MACHINE\\BCD00000001\\Objects\\{9431d583-7101-11e8-ab61-bbe2f5b369b3}\\Elements\\32000004\\Element",
"HKEY_LOCAL_MACHINE\\BCD00000001\\Objects\\{9431d580-7101-11e8-ab61-bbe2f5b369b3}\\Elements\\12000002\\Element",
"HKEY_LOCAL_MACHINE\\BCD00000001\\Objects\\{0ce4991b-e6b3-4b16-b23c-5e0d9250e5d9}\\Description\\Type",
"HKEY_LOCAL_MACHINE\\BCD00000001\\Objects\\{0ce4991b-e6b3-4b16-b23c-5e0d9250e5d9}\\Elements\\16000020\\Element",
"HKEY_LOCAL_MACHINE\\BCD00000001\\Objects\\{9431d582-7101-11e8-ab61-bbe2f5b369b3}\\Elements\\46000010\\Element",
"HKEY_LOCAL_MACHINE\\BCD00000001\\Objects\\{9431d582-7101-11e8-ab61-bbe2f5b369b3}\\Elements\\12000004\\Element",
"HKEY_LOCAL_MACHINE\\BCD00000001\\Objects\\{9431d583-7101-11e8-ab61-bbe2f5b369b3}\\Elements\\12000004\\Element",
"HKEY_LOCAL_MACHINE\\BCD00000001\\Objects\\{9431d580-7101-11e8-ab61-bbe2f5b369b3}\\Elements\\22000002\\Element",
"HKEY_LOCAL_MACHINE\\BCD00000001\\Description\\KeyName",
"HKEY_LOCAL_MACHINE\\BCD00000001\\Objects\\{b2721d73-1db4-4c62-bf78-c548a880142d}\\Elements\\12000004\\Element",
"HKEY_LOCAL_MACHINE\\BCD00000001\\Objects\\{b2721d73-1db4-4c62-bf78-c548a880142d}\\Elements\\12000002\\Element",
"HKEY_LOCAL_MACHINE\\BCD00000001\\Objects\\{9431d582-7101-11e8-ab61-bbe2f5b369b3}\\Elements\\12000002\\Element",
"HKEY_LOCAL_MACHINE\\BCD00000001\\Objects\\{9431d580-7101-11e8-ab61-bbe2f5b369b3}\\Elements\\12000004\\Element",
"HKEY_LOCAL_MACHINE\\BCD00000001\\Objects\\{5189b25c-5558-4bf2-bca4-289b11bd29e2}\\Description\\Type",
"HKEY_LOCAL_MACHINE\\BCD00000001\\Objects\\{7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}\\Elements\\14000006\\Element",
"HKEY_LOCAL_MACHINE\\BCD00000001\\Objects\\{b2721d73-1db4-4c62-bf78-c548a880142d}\\Elements\\11000001\\Element",
"HKEY_LOCAL_MACHINE\\BCD00000001\\Objects\\{1afa9c49-16ab-4a5c-901b-212802da9460}\\Elements\\14000006\\Element",
"HKEY_LOCAL_MACHINE\\BCD00000001\\Objects\\{1afa9c49-16ab-4a5c-901b-212802da9460}\\Description\\Type",
"HKEY_LOCAL_MACHINE\\BCD00000001\\Description\\System",
"HKEY_LOCAL_MACHINE\\BCD00000001\\Objects\\{9431d583-7101-11e8-ab61-bbe2f5b369b3}\\Elements\\31000003\\Element",
"HKEY_LOCAL_MACHINE\\BCD00000001\\Objects\\{9dea862c-5cdd-4e70-acc1-f32b344d4795}\\Elements\\11000001\\Element",
"HKEY_LOCAL_MACHINE\\BCD00000001\\Objects\\{4636856e-540f-4170-a130-a84776f4c654}\\Elements\\15000014\\Element",
"HKEY_LOCAL_MACHINE\\BCD00000001\\Objects\\{b2721d73-1db4-4c62-bf78-c548a880142d}\\Elements\\14000006\\Element",
"HKEY_LOCAL_MACHINE\\BCD00000001\\Objects\\{9431d581-7101-11e8-ab61-bbe2f5b369b3}\\Description\\Type",
"HKEY_LOCAL_MACHINE\\BCD00000001\\Objects\\{9431d580-7101-11e8-ab61-bbe2f5b369b3}\\Elements\\12000005\\Element",
"HKEY_LOCAL_MACHINE\\BCD00000001\\Objects\\{9431d582-7101-11e8-ab61-bbe2f5b369b3}\\Elements\\22000002\\Element"
]
},
"first_seen": 1583394788.688305,
"ppid": 368
},
{
"process_path": "C:\\Windows\\System32\\cmd.exe",
"process_name": "cmd.exe",
"pid": 368,
"summary": {
"dll_loaded": [
"kernel32.dll"
],
"file_opened": [
"C:\\",
"C:\\Windows\\Globalization\\Sorting\\sortdefault.nls",
"C:\\Users\\",
"C:\\Users\\cuck\\",
"C:\\Users\\cuck\\AppData\\Local\\",
"C:\\Users\\cuck\\AppData\\"
],
"command_line": [
"C:\\Windows\\system32\\bcdedit \/export C:\\FRST\\Hives\\BCD"
],
"file_exists": [
"C:\\Users\\cuck\\AppData\\Local\\Temp"
],
"regkey_read": [
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Language Groups\\1",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Command Processor\\DelayedExpansion",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Command Processor\\PathCompletionChar",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Command Processor\\DisableUNCCheck",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Command Processor\\EnableExtensions",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Command Processor\\CompletionChar",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Command Processor\\DefaultColor",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\CustomLocale\\en-US",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Command Processor\\AutoRun",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Command Processor\\CompletionChar",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\Locale\\00000409",
"HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Nls\\ExtendedLocale\\en-US",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\GRE_Initialize\\DisableMetaFiles",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Command Processor\\PathCompletionChar",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Command Processor\\DisableUNCCheck",
"HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Command Processor\\EnableExtensions",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Command Processor\\DelayedExpansion",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Command Processor\\DefaultColor",
"HKEY_CURRENT_USER\\Software\\Microsoft\\Command Processor\\AutoRun"
],
"directory_enumerated": [
"C:\\Windows\\System32\\bcdedit.COM",
"C:\\Windows\\System32\\bcdedit.exe",
"C:\\Windows\\System32\\bcdedit.*"
]
},
"first_seen": 1583394788.39143,
"ppid": 1664
},
{
"process_path": "C:\\Windows\\explorer.exe",
"process_name": "explorer.exe",
"pid": 1788,
"summary": {
"file_opened": [
"C:\\Users\\",
"C:\\Users\\cuck\\AppData\\",
"C:\\Users\\cuck\\AppData\\Local\\",
"C:\\",
"C:\\Users\\cuck\\"
],
"file_exists": [
"C:\\Users\\cuck\\AppData\\Local\\Temp\\8bea8c84332f5eaf85be32a3d67134efc603314efc297afe87b72d47bc03b79c.bin",
"C:\\cuckoo_1788.ini",
"C:\\FRST",
"C:\\cuckoo_2236.ini",
"C:\\System Volume Information"
],
"guid": [
"{660b90c8-73a9-4b58-8cae-355b7f55341b}",
"{46a6eeff-908e-4dc6-92a6-64be9177b41c}"
],
"file_failed": [
"C:\\cuckoo_1788.ini",
"C:\\System Volume Information\\desktop.ini",
"\\??\\D:"
]
},
"first_seen": 1583394797.29768,
"ppid": 1740
}
]Signatures
[
{
"markcount": 6,
"families": [],
"description": "Queries for the computername",
"severity": 1,
"marks": [
{
"call": {
"category": "misc",
"status": 1,
"stacktrace": [],
"api": "GetComputerNameW",
"return_value": 1,
"arguments": {
"computer_name": "CUCKPC"
},
"time": 1583394361.018271,
"tid": 2736,
"flags": {}
},
"pid": 1664,
"type": "call",
"cid": 2291
},
{
"call": {
"category": "misc",
"status": 1,
"stacktrace": [],
"api": "GetComputerNameW",
"return_value": 1,
"arguments": {
"computer_name": "CUCKPC"
},
"time": 1583394361.424271,
"tid": 2736,
"flags": {}
},
"pid": 1664,
"type": "call",
"cid": 2873
},
{
"call": {
"category": "misc",
"status": 1,
"stacktrace": [],
"api": "GetComputerNameW",
"return_value": 1,
"arguments": {
"computer_name": "CUCKPC"
},
"time": 1583394392.721271,
"tid": 2736,
"flags": {}
},
"pid": 1664,
"type": "call",
"cid": 9590
},
{
"call": {
"category": "misc",
"status": 1,
"stacktrace": [],
"api": "GetComputerNameW",
"return_value": 1,
"arguments": {
"computer_name": "CUCKPC"
},
"time": 1583394392.909271,
"tid": 2736,
"flags": {}
},
"pid": 1664,
"type": "call",
"cid": 10004
},
{
"call": {
"category": "misc",
"status": 1,
"stacktrace": [],
"api": "GetComputerNameW",
"return_value": 1,
"arguments": {
"computer_name": "CUCKPC"
},
"time": 1583394457.549271,
"tid": 2736,
"flags": {}
},
"pid": 1664,
"type": "call",
"cid": 175459
},
{
"call": {
"category": "misc",
"status": 1,
"stacktrace": [],
"api": "GetComputerNameW",
"return_value": 1,
"arguments": {
"computer_name": "CUCKPC"
},
"time": 1583394457.706271,
"tid": 2736,
"flags": {}
},
"pid": 1664,
"type": "call",
"cid": 175912
}
],
"references": [],
"name": "antivm_queries_computername"
},
{
"markcount": 1,
"families": [],
"description": "Checks if process is being debugged by a debugger",
"severity": 1,
"marks": [
{
"call": {
"category": "system",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741822,
"api": "IsDebuggerPresent",
"return_value": 0,
"arguments": {},
"time": 1583394356.174271,
"tid": 2736,
"flags": {}
},
"pid": 1664,
"type": "call",
"cid": 65
}
],
"references": [],
"name": "checks_debugger"
},
{
"markcount": 1,
"families": [],
"description": "Command line console output was observed",
"severity": 1,
"marks": [
{
"call": {
"category": "misc",
"status": 1,
"stacktrace": [],
"api": "WriteConsoleW",
"return_value": 1,
"arguments": {
"buffer": "The operation completed successfully.\r\n",
"console_handle": "0x0000000000000007"
},
"time": 1583394360.144574,
"tid": 2964,
"flags": {}
},
"pid": 1132,
"type": "call",
"cid": 5316
}
],
"references": [],
"name": "console_output"
},
{
"markcount": 1,
"families": [],
"description": "Collects information to fingerprint the system (MachineGuid, DigitalProductId, SystemBiosDate)",
"severity": 1,
"marks": [
{
"category": "registry",
"ioc": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Cryptography\\MachineGuid",
"type": "ioc",
"description": null
}
],
"references": [],
"name": "recon_fingerprint"
},
{
"markcount": 3,
"families": [],
"description": "Tries to locate where the browsers are installed",
"severity": 1,
"marks": [
{
"category": "file",
"ioc": "C:\\Program Files (x86)\\Google\\Chrome\\Application",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Program Files (x86)\\mozilla firefox\\defaults\\pref\\",
"type": "ioc",
"description": null
},
{
"category": "registry",
"ioc": "HKEY_LOCAL_MACHINE\\Software\\Wow6432Node\\Mozilla\\Mozilla Firefox 60.0.2",
"type": "ioc",
"description": null
}
],
"references": [],
"name": "locates_browser"
},
{
"markcount": 0,
"families": [],
"description": "One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.",
"severity": 2,
"marks": [],
"references": [],
"name": "dumped_buffer"
},
{
"markcount": 0,
"families": [],
"description": "Checks whether any human activity is being performed by constantly checking whether the foreground window changed",
"severity": 2,
"marks": [],
"references": [
"https:\/\/www.virusbtn.com\/virusbulletin\/archive\/2015\/09\/vb201509-custom-packer.dkb"
],
"name": "antisandbox_foregroundwindows"
},
{
"markcount": 1,
"families": [],
"description": "A process attempted to delay the analysis task.",
"severity": 2,
"marks": [
{
"type": "generic",
"description": "8bea8c84332f5eaf85be32a3d67134efc603314efc297afe87b72d47bc03b79c.bin tried to sleep 120 seconds, actually delayed analysis time by 120 seconds"
}
],
"references": [],
"name": "antisandbox_sleep"
},
{
"markcount": 6,
"families": [],
"description": "Queries the disk size which could be used to detect virtual machine with small fixed size or dynamic allocation",
"severity": 2,
"marks": [
{
"call": {
"category": "misc",
"status": 1,
"stacktrace": [],
"api": "GetDiskFreeSpaceW",
"return_value": 1,
"arguments": {
"root_path": "C:\\",
"sectors_per_cluster": 8,
"number_of_free_clusters": 5740134,
"total_number_of_clusters": 8362495,
"bytes_per_sector": 512
},
"time": 1583394362.549271,
"tid": 2736,
"flags": {}
},
"pid": 1664,
"type": "call",
"cid": 3322
},
{
"call": {
"category": "misc",
"status": 0,
"stacktrace": [],
"last_error": 3,
"nt_status": -1073741766,
"api": "GetDiskFreeSpaceW",
"return_value": 0,
"arguments": {
"root_path": "D:\\",
"sectors_per_cluster": 0,
"number_of_free_clusters": 1066618304,
"total_number_of_clusters": 8775288,
"bytes_per_sector": 0
},
"time": 1583394362.549271,
"tid": 2736,
"flags": {}
},
"pid": 1664,
"type": "call",
"cid": 3325
},
{
"call": {
"category": "misc",
"status": 1,
"stacktrace": [],
"api": "GetDiskFreeSpaceW",
"return_value": 1,
"arguments": {
"root_path": "D:\\",
"sectors_per_cluster": 8,
"number_of_free_clusters": 5667558,
"total_number_of_clusters": 8362495,
"bytes_per_sector": 512
},
"time": 1583394362.549271,
"tid": 2736,
"flags": {}
},
"pid": 1664,
"type": "call",
"cid": 3332
},
{
"call": {
"category": "misc",
"status": 1,
"stacktrace": [],
"api": "GetDiskFreeSpaceW",
"return_value": 1,
"arguments": {
"root_path": "C:\\",
"sectors_per_cluster": 8,
"number_of_free_clusters": 5709442,
"total_number_of_clusters": 8362495,
"bytes_per_sector": 512
},
"time": 1583394458.221271,
"tid": 2736,
"flags": {}
},
"pid": 1664,
"type": "call",
"cid": 176275
},
{
"call": {
"category": "misc",
"status": 0,
"stacktrace": [],
"last_error": 3,
"nt_status": -1073741766,
"api": "GetDiskFreeSpaceW",
"return_value": 0,
"arguments": {
"root_path": "D:\\",
"sectors_per_cluster": 0,
"number_of_free_clusters": 1066618304,
"total_number_of_clusters": 8775288,
"bytes_per_sector": 0
},
"time": 1583394458.221271,
"tid": 2736,
"flags": {}
},
"pid": 1664,
"type": "call",
"cid": 176278
},
{
"call": {
"category": "misc",
"status": 1,
"stacktrace": [],
"api": "GetDiskFreeSpaceW",
"return_value": 1,
"arguments": {
"root_path": "D:\\",
"sectors_per_cluster": 8,
"number_of_free_clusters": 5655483,
"total_number_of_clusters": 8362495,
"bytes_per_sector": 512
},
"time": 1583394458.221271,
"tid": 2736,
"flags": {}
},
"pid": 1664,
"type": "call",
"cid": 176284
}
],
"references": [],
"name": "antivm_disk_size"
},
{
"markcount": 3,
"families": [],
"description": "Steals private information from local Internet browsers",
"severity": 2,
"marks": [
{
"category": "file",
"ioc": "C:\\Users\\cuck\\AppData\\Local\\Google\\Chrome\\User Data\\Local State",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\AppData\\Local\\Google\\Chrome\\",
"type": "ioc",
"description": null
},
{
"category": "file",
"ioc": "C:\\Users\\cuck\\AppData\\Local\\Google\\Chrome\\User Data",
"type": "ioc",
"description": null
}
],
"references": [],
"name": "infostealer_browser"
},
{
"markcount": 3,
"families": [],
"description": "Creates a suspicious process",
"severity": 2,
"marks": [
{
"category": "cmdline",
"ioc": "C:\\Windows\\system32\\bcdedit \/export C:\\FRST\\Hives\\BCD",
"type": "ioc",
"description": null
},
{
"category": "cmdline",
"ioc": "C:\\Windows\\system32\\cmd.exe \/c echo 2",
"type": "ioc",
"description": null
},
{
"category": "cmdline",
"ioc": "C:\\Windows\\system32\\cmd.exe \/c C:\\Windows\\system32\\bcdedit \/export C:\\FRST\\Hives\\BCD",
"type": "ioc",
"description": null
}
],
"references": [],
"name": "suspicious_process"
},
{
"markcount": 2,
"families": [],
"description": "Executes one or more WMI queries",
"severity": 2,
"marks": [
{
"category": "wmi",
"ioc": "SELECT * FROM Win32_ComputerSystem",
"type": "ioc",
"description": null
},
{
"category": "wmi",
"ioc": "SELECT * FROM Win32_ShadowCopy",
"type": "ioc",
"description": null
}
],
"references": [],
"name": "has_wmi"
},
{
"markcount": 4,
"families": [],
"description": "Searches running processes potentially to identify processes for sandbox evasion, code injection or memory dumping",
"severity": 2,
"marks": [
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "Process32NextW",
"return_value": 1,
"arguments": {
"process_name": "WmiPrvSE.exe",
"snapshot_handle": "0x00000000000004f8",
"process_identifier": 2316
},
"time": 1583394392.940271,
"tid": 2736,
"flags": {}
},
"pid": 1664,
"type": "call",
"cid": 10076
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "Process32NextW",
"return_value": 1,
"arguments": {
"process_name": "VSSVC.exe",
"snapshot_handle": "0x00000000000004f8",
"process_identifier": 1484
},
"time": 1583394392.940271,
"tid": 2736,
"flags": {}
},
"pid": 1664,
"type": "call",
"cid": 10077
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "Process32NextW",
"return_value": 1,
"arguments": {
"process_name": "svchost.exe",
"snapshot_handle": "0x00000000000004f8",
"process_identifier": 2372
},
"time": 1583394392.940271,
"tid": 2736,
"flags": {}
},
"pid": 1664,
"type": "call",
"cid": 10078
},
{
"call": {
"category": "process",
"status": 1,
"stacktrace": [],
"api": "Process32NextW",
"return_value": 1,
"arguments": {
"process_name": "svchost.exe",
"snapshot_handle": "0x00000000000004f8",
"process_identifier": 2584
},
"time": 1583394392.940271,
"tid": 2736,
"flags": {}
},
"pid": 1664,
"type": "call",
"cid": 10079
}
],
"references": [],
"name": "injection_process_search"
},
{
"markcount": 1,
"families": [],
"description": "Checks adapter addresses which can be used to detect virtual network interfaces",
"severity": 2,
"marks": [
{
"call": {
"category": "network",
"status": 0,
"stacktrace": [],
"last_error": 0,
"nt_status": -1073741772,
"api": "GetAdaptersAddresses",
"return_value": 111,
"arguments": {
"flags": 0,
"family": 0
},
"time": 1583394384.471271,
"tid": 1496,
"flags": {}
},
"pid": 1664,
"type": "call",
"cid": 9054
}
],
"references": [],
"name": "antivm_network_adapters"
},
{
"markcount": 2,
"families": [],
"description": "The binary likely contains encrypted or compressed data indicative of a packer",
"severity": 2,
"marks": [
{
"entropy": 7.99086888582374,
"section": {
"size_of_data": "0x00145200",
"virtual_address": "0x000ef000",
"entropy": 7.99086888582374,
"name": ".rsrc",
"virtual_size": "0x001451d8"
},
"type": "generic",
"description": "A section with a high entropy has been found"
},
{
"entropy": 0.584494382022472,
"type": "generic",
"description": "Overall entropy of this PE file is high"
}
],
"references": [
"http:\/\/www.forensickb.com\/2013\/03\/file-entropy-explained.html",
"http:\/\/virii.es\/U\/Using%20Entropy%20Analysis%20to%20Find%20Encrypted%20and%20Packed%20Malware.pdf"
],
"name": "packer_entropy"
},
{
"markcount": 3,
"families": [],
"description": "Checks for the Locally Unique Identifier on the system for a suspicious privilege",
"severity": 2,
"marks": [
{
"call": {
"category": "system",
"status": 1,
"stacktrace": [],
"api": "LookupPrivilegeValueW",
"return_value": 1,
"arguments": {
"system_name": "",
"privilege_name": "SeRestorePrivilege"
},
"time": 1583394362.549271,
"tid": 2736,
"flags": {}
},
"pid": 1664,
"type": "call",
"cid": 3352
},
{
"call": {
"category": "system",
"status": 1,
"stacktrace": [],
"api": "LookupPrivilegeValueW",
"return_value": 1,
"arguments": {
"system_name": "",
"privilege_name": "SeBackupPrivilege"
},
"time": 1583394362.549271,
"tid": 2736,
"flags": {}
},
"pid": 1664,
"type": "call",
"cid": 3372
},
{
"call": {
"category": "system",
"status": 1,
"stacktrace": [],
"api": "LookupPrivilegeValueW",
"return_value": 1,
"arguments": {
"system_name": "",
"privilege_name": "SeDebugPrivilege"
},
"time": 1583394392.956271,
"tid": 2736,
"flags": {}
},
"pid": 1664,
"type": "call",
"cid": 10198
}
],
"references": [],
"name": "privilege_luid_check"
},
{
"markcount": 1,
"families": [],
"description": "Executes one or more WMI queries which can be used to identify virtual machines",
"severity": 2,
"marks": [
{
"category": "wmi",
"ioc": "SELECT * FROM Win32_ComputerSystem",
"type": "ioc",
"description": null
}
],
"references": [],
"name": "wmi_antivm"
},
{
"markcount": 1,
"families": [],
"description": "Creates an Alternate Data Stream (ADS)",
"severity": 3,
"marks": [
{
"category": "file",
"ioc": "C:\\Users\\cuck\\AppData\\Local\\Temp\\winmgmts:{impersonationLevel=impersonate}!\\root\\cimv2:Win32_ShadowCopy",
"type": "ioc",
"description": null
}
],
"references": [],
"name": "persistence_ads"
},
{
"markcount": 1,
"families": [],
"description": "Creates a windows hook that monitors keyboard input (keylogger)",
"severity": 3,
"marks": [
{
"call": {
"category": "system",
"status": 1,
"stacktrace": [],
"api": "SetWindowsHookExW",
"return_value": 49414621,
"arguments": {
"thread_identifier": 0,
"callback_function": "0x00000000ffe9ae10",
"module_address": "0x00000000ffdf0000",
"hook_identifier": 13
},
"time": 1583394484.644951,
"tid": 1828,
"flags": {
"hook_identifier": "WH_KEYBOARD_LL"
}
},
"pid": 1788,
"type": "call",
"cid": 10002
}
],
"references": [],
"name": "infostealer_keylogger"
},
{
"markcount": 5,
"families": [],
"description": "Sets or modifies WPAD proxy autoconfiguration file for traffic interception",
"severity": 3,
"marks": [
{
"call": {
"category": "registry",
"status": 1,
"stacktrace": [],
"api": "RegSetValueExA",
"return_value": 0,
"arguments": {
"key_handle": "0x0000000000000488",
"value": 1,
"regkey_r": "WpadDecisionReason",
"reg_type": 4,
"regkey": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Wpad\\{E34DF837-3A38-4E8C-83F4-ABF8AB3FB4A6}\\WpadDecisionReason"
},
"time": 1583394387.065271,
"tid": 1496,
"flags": {
"reg_type": "REG_DWORD"
}
},
"pid": 1664,
"type": "call",
"cid": 9067
},
{
"call": {
"category": "registry",
"status": 1,
"stacktrace": [],
"api": "RegSetValueExA",
"return_value": 0,
"arguments": {
"key_handle": "0x0000000000000488",
"value": "0\u00f7\t-\u00c3\u00f2\u00d5\u0001",
"regkey_r": "WpadDecisionTime",
"reg_type": 3,
"regkey": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Wpad\\{E34DF837-3A38-4E8C-83F4-ABF8AB3FB4A6}\\WpadDecisionTime"
},
"time": 1583394387.065271,
"tid": 1496,
"flags": {
"reg_type": "REG_BINARY"
}
},
"pid": 1664,
"type": "call",
"cid": 9068
},
{
"call": {
"category": "registry",
"status": 1,
"stacktrace": [],
"api": "RegSetValueExA",
"return_value": 0,
"arguments": {
"key_handle": "0x0000000000000488",
"value": 3,
"regkey_r": "WpadDecision",
"reg_type": 4,
"regkey": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Wpad\\{E34DF837-3A38-4E8C-83F4-ABF8AB3FB4A6}\\WpadDecision"
},
"time": 1583394387.065271,
"tid": 1496,
"flags": {
"reg_type": "REG_DWORD"
}
},
"pid": 1664,
"type": "call",
"cid": 9069
},
{
"call": {
"category": "registry",
"status": 1,
"stacktrace": [],
"api": "RegSetValueExW",
"return_value": 0,
"arguments": {
"key_handle": "0x0000000000000488",
"value": "Unidentified network",
"regkey_r": "WpadNetworkName",
"reg_type": 1,
"regkey": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Wpad\\{E34DF837-3A38-4E8C-83F4-ABF8AB3FB4A6}\\WpadNetworkName"
},
"time": 1583394387.065271,
"tid": 1496,
"flags": {
"reg_type": "REG_SZ"
}
},
"pid": 1664,
"type": "call",
"cid": 9070
},
{
"call": {
"category": "registry",
"status": 1,
"stacktrace": [],
"api": "RegSetValueExW",
"return_value": 0,
"arguments": {
"key_handle": "0x0000000000000484",
"value": "{E34DF837-3A38-4E8C-83F4-ABF8AB3FB4A6}",
"regkey_r": "WpadLastNetwork",
"reg_type": 1,
"regkey": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Wpad\\WpadLastNetwork"
},
"time": 1583394387.096271,
"tid": 1496,
"flags": {
"reg_type": "REG_SZ"
}
},
"pid": 1664,
"type": "call",
"cid": 9155
}
],
"references": [],
"name": "modifies_proxy_wpad"
},
{
"markcount": 24,
"families": [],
"description": "Expresses interest in specific running processes",
"severity": 3,
"marks": [
{
"category": "process",
"ioc": "dwm.exe",
"type": "ioc",
"description": null
},
{
"category": "process",
"ioc": "system",
"type": "ioc",
"description": null
},
{
"category": "process",
"ioc": "spoolsv.exe",
"type": "ioc",
"description": null
},
{
"category": "process: potential process injection target",
"ioc": "wininit.exe",
"type": "ioc",
"description": null
},
{
"category": "process",
"ioc": "searchprotocolhost.exe",
"type": "ioc",
"description": null
},
{
"category": "process: potential process injection target",
"ioc": "winlogon.exe",
"type": "ioc",
"description": null
},
{
"category": "process: potential process injection target",
"ioc": "csrss.exe",
"type": "ioc",
"description": null
},
{
"category": "process: potential process injection target",
"ioc": "explorer.exe",
"type": "ioc",
"description": null
},
{
"category": "process: potential process injection target",
"ioc": "smss.exe",
"type": "ioc",
"description": null
},
{
"category": "process",
"ioc": "searchfilterhost.exe",
"type": "ioc",
"description": null
},
{
"category": "process",
"ioc": "taskhost.exe",
"type": "ioc",
"description": null
},
{
"category": "process",
"ioc": "audiodg.exe",
"type": "ioc",
"description": null
},
{
"category": "process",
"ioc": "rundll32.exe",
"type": "ioc",
"description": null
},
{
"category": "process",
"ioc": "wmpnetwk.exe",
"type": "ioc",
"description": null
},
{
"category": "process",
"ioc": "cmd.exe",
"type": "ioc",
"description": null
},
{
"category": "process: potential process injection target",
"ioc": "lsass.exe",
"type": "ioc",
"description": null
},
{
"category": "process: potential cuckoo sandbox detection",
"ioc": "python.exe",
"type": "ioc",
"description": null
},
{
"category": "process",
"ioc": "lsm.exe",
"type": "ioc",
"description": null
},
{
"category": "process: potential process injection target",
"ioc": "services.exe",
"type": "ioc",
"description": null
},
{
"category": "process",
"ioc": "searchindexer.exe",
"type": "ioc",
"description": null
},
{
"category": "process",
"ioc": "wmiprvse.exe",
"type": "ioc",
"description": null
},
{
"category": "process",
"ioc": "conhost.exe",
"type": "ioc",
"description": null
},
{
"category": "process: potential process injection target",
"ioc": "svchost.exe",
"type": "ioc",
"description": null
},
{
"category": "process",
"ioc": "vssvc.exe",
"type": "ioc",
"description": null
}
],
"references": [],
"name": "process_interest"
}
]Yara
The Yara rules did not detect anything in the file.
Network
{
"tls": [],
"udp": [
{
"src": "192.168.56.101",
"dst": "192.168.56.255",
"offset": 546,
"time": 3.079257011413574,
"dport": 137,
"sport": 137
},
{
"src": "192.168.56.101",
"dst": "192.168.56.255",
"offset": 5874,
"time": 9.095383882522583,
"dport": 138,
"sport": 138
},
{
"src": "192.168.56.101",
"dst": "224.0.0.252",
"offset": 7718,
"time": 3.0123250484466553,
"dport": 5355,
"sport": 51001
},
{
"src": "192.168.56.101",
"dst": "224.0.0.252",
"offset": 8046,
"time": 1.0351760387420654,
"dport": 5355,
"sport": 53595
},
{
"src": "192.168.56.101",
"dst": "224.0.0.252",
"offset": 8374,
"time": 3.019944906234741,
"dport": 5355,
"sport": 53848
},
{
"src": "192.168.56.101",
"dst": "224.0.0.252",
"offset": 8702,
"time": 1.6578938961029053,
"dport": 5355,
"sport": 54255
},
{
"src": "192.168.56.101",
"dst": "224.0.0.252",
"offset": 9030,
"time": -0.10181999206542969,
"dport": 5355,
"sport": 55314
},
{
"src": "192.168.56.101",
"dst": "224.0.0.252",
"offset": 9358,
"time": 30.37153196334839,
"dport": 5355,
"sport": 55880
},
{
"src": "192.168.56.101",
"dst": "239.255.255.250",
"offset": 9678,
"time": 1.5801169872283936,
"dport": 1900,
"sport": 1900
},
{
"src": "192.168.56.101",
"dst": "239.255.255.250",
"offset": 29088,
"time": 1.065284013748169,
"dport": 3702,
"sport": 49152
},
{
"src": "192.168.56.101",
"dst": "239.255.255.250",
"offset": 37472,
"time": 3.1410439014434814,
"dport": 1900,
"sport": 53598
}
],
"dns_servers": [],
"http": [],
"icmp": [],
"smtp": [],
"tcp": [],
"smtp_ex": [],
"mitm": [],
"hosts": [],
"pcap_sha256": "53c69b88d701f77b626724f0dd82adc2ed8da7edc7572e28d384813c1a58feae",
"dns": [],
"http_ex": [],
"domains": [],
"dead_hosts": [],
"sorted_pcap_sha256": "00faebbd97dc7c8c7d64860fae3d3747a67fd2249187df650bbc32ebd00c4ba2",
"irc": [],
"https_ex": []
}Screenshots
Hashes [?]
| Property | Value |
|---|---|
| MD5 | 5c5d043ce1c8c94ae619e2024fa7443a |
| SHA256 | 8bea8c84332f5eaf85be32a3d67134efc603314efc297afe87b72d47bc03b79c |
What will you do with f_03df08?
To help other users, please let us know what you will do with f_03df08:
Malware or legitimate?
If you feel that you need more information to determine if your should keep this file or remove it, please read this guide.
And now some shameless self promotion ;)
Hi, my name is Roger Karlsson. I've been running this website since 2006. I want to let you know about the FreeFixer program. FreeFixer is a freeware tool that analyzes your system and let you manually identify unwanted programs. Once you've identified some malware files, FreeFixer is pretty good at removing them. You can download FreeFixer here. It runs on Windows 2000/XP/2003/2008/2016/2019/Vista/7/8/8.1/10. Supports both 32- and 64-bit Windows.
If you have questions, feedback on FreeFixer or the freefixer.com website, need help analyzing FreeFixer's scan result or just want to say hello, please contact me. You can find my email address at the contact page.
Comments
Please share with the other users what you think about this file. What does this file do? Is it legitimate or something that your computer is better without? Do you know how it was installed on your system? Did you install it yourself or did it come bundled with some other software? Is it running smoothly or do you get some error message? Any information that will help to document this file is welcome. Thank you for your contributions.
I'm reading all new comments so don't hesitate to post a question about the file. If I don't have the answer perhaps another user can help you.
No comments posted yet.