'
metaflows logo
Category Started On Completed On Duration Cuckoo Version
FILE 2017-01-06 20:00:05.133130 2017-01-06 20:02:11.896810 126 seconds 2.0-dev
Machine Label Manager Started On Shutdown On
win7cuckoo win7 Clone 1 VirtualBox 2017-01-06 20:00:06 2017-01-06 20:02:11

File Details

File name 9f4b4d07a69bba4b34f06ba9a9e310eda753b003.exe
File size 1547232 bytes
File type PE32 executable for MS Windows (GUI) Intel 80386 32-bit
CRC32 20436D19
MD5 dcc3ebdba4767ef6c254993adb6ba07d
SHA1 9f4b4d07a69bba4b34f06ba9a9e310eda753b003
SHA256 4fcb619bee2f403553e902db7cb3a9a51de5a83aa9a2f3f275004c03a54d3c39
SHA512 c716e0c146e1680daded1fefdfda80bad6eba0ee63740787fd9e5b0efe9bc535c46d6caa448b1c9fde75f3c8684b535fb9fc58e1134ce499df571da591fe8077
Ssdeep 24576:6FE7jDvmSm/5kti1jrfabYGNe+CHGLUgf6T6NW+1DyqM776CmlmFs6tkeun:I+jr8/SGibAp46T6NW67M76CJVy
PEiD None matched
Yara None matched
VirusTotal File not found on VirusTotal

MetaFlows Scores

Metaflows Analysis Results (Signatures=50, Anomalies=0, PEiD=0, Yara=0, VT[1483732946]=0): Snort Events=0, AV Events=0
Total Score=50

Signatures

antivm_queries_computername details
antisandbox_foregroundwindows details
antivm_disk_size details

Screenshots

No screenshots available.

Static Analysis

Version Infos

Sections

Resources

Imports

Strings

Dropped Files

19e254d5dd8fc048_unins000.dat

9884e9d1b4f8a873__shfoldr.dll

64db719c67988b10_9f4b4d07a69bba4b34f06ba9a9e310eda753b003.tmp

e4fc574a01b272c2__setup64.tmp

Network Analysis

Hosts Involved

DNS Requests

HTTP Requests

Behavior Summary

File-Read
  • C:\Users\Harry Dresden\AppData\Local\Temp\9f4b4d07a69bba4b34f06ba9a9e310eda753b003.exe
  • C:\Users\Harry Dresden\AppData\Local\Temp\9f4b4d07a69bba4b34f06ba9a9e310eda753b003.exe
  • C:\Users\Harry Dresden\AppData\Local\Temp\is-HN4B2.tmp\9f4b4d07a69bba4b34f06ba9a9e310eda753b003.tmp
  • C:\Users\Harry Dresden\Desktop\hrSXWuGNvF.docx
File-Written
  • C:\Users\Harry Dresden\AppData\Local\Temp\is-HN4B2.tmp\9f4b4d07a69bba4b34f06ba9a9e310eda753b003.tmp
  • C:\Program Files (x86)\Gafelero\is-5EV5J.tmp
  • C:\Program Files (x86)\Gafelero\unins000.dat
  • C:\Program Files (x86)\Gafelero\is-JKKDI.tmp
  • C:\Program Files (x86)\Gafelero\is-KEDBA.tmp
  • C:\Program Files (x86)\Gafelero\is-NITC5.tmp
  • C:\Users\Harry Dresden\AppData\Local\Temp\is-RUKTM.tmp\_isetup\_setup64.tmp
  • C:\Program Files (x86)\Gafelero\is-8OQJ5.tmp
  • C:\Program Files (x86)\Gafelero\is-MRG0G.tmp
  • C:\Program Files (x86)\Gafelero\is-VNL0V.tmp
  • C:\Program Files (x86)\Gafelero\is-0PJ3B.tmp
  • C:\Program Files (x86)\Gafelero\is-OE2UD.tmp
  • C:\Program Files (x86)\Gafelero\is-P61C0.tmp
  • C:\Program Files (x86)\Gafelero\is-E6VH6.tmp
  • C:\Program Files (x86)\Gafelero\is-U8BQE.tmp
  • C:\Program Files (x86)\Gafelero\is-236SM.tmp
  • C:\Program Files (x86)\Gafelero\is-703G5.tmp
  • C:\Program Files (x86)\Gafelero\is-6QQIQ.tmp
  • C:\Program Files (x86)\Gafelero\is-9NLG7.tmp
  • C:\Program Files (x86)\Gafelero\is-S3E9J.tmp
  • C:\Program Files (x86)\Gafelero\is-OGM16.tmp
  • C:\Program Files (x86)\Gafelero\is-P0NIC.tmp
  • C:\Program Files (x86)\Gafelero\is-6NHFE.tmp
  • C:\Program Files (x86)\Gafelero\is-0TJC9.tmp
  • C:\Program Files (x86)\Gafelero\is-GUAKR.tmp
  • C:\Program Files (x86)\Gafelero\is-9EDEO.tmp
  • C:\Program Files (x86)\Gafelero\is-NBJKV.tmp
  • C:\Program Files (x86)\Gafelero\is-A67CR.tmp
  • C:\Program Files (x86)\Gafelero\is-4KB5T.tmp
  • C:\Program Files (x86)\Gafelero\is-J1N0R.tmp
  • C:\Program Files (x86)\Gafelero\is-F50IO.tmp
  • C:\Program Files (x86)\Gafelero\is-FLJTJ.tmp
  • C:\Program Files (x86)\Gafelero\is-U60GB.tmp
  • C:\Program Files (x86)\Gafelero\is-L16G2.tmp
  • C:\Program Files (x86)\Gafelero\is-JCM3D.tmp
  • C:\Program Files (x86)\Gafelero\is-TF250.tmp
  • C:\Program Files (x86)\Gafelero\is-VLAPE.tmp
  • C:\Program Files (x86)\Gafelero\is-F57BD.tmp
  • C:\Program Files (x86)\Gafelero\is-B7APE.tmp
  • C:\Program Files (x86)\Gafelero\is-PPL8H.tmp
  • C:\Program Files (x86)\Gafelero\is-JRV23.tmp
  • C:\Program Files (x86)\Gafelero\is-P71KO.tmp
  • C:\Program Files (x86)\Gafelero\is-GVDK7.tmp
  • C:\Program Files (x86)\Gafelero\is-VUOP6.tmp
  • C:\Program Files (x86)\Gafelero\is-9CITD.tmp
  • C:\Program Files (x86)\Gafelero\is-N28GH.tmp
  • C:\Program Files (x86)\Gafelero\is-LU3EL.tmp
  • C:\Program Files (x86)\Gafelero\is-3B4N7.tmp
  • C:\Program Files (x86)\Gafelero\is-TT5JH.tmp
  • C:\Program Files (x86)\Gafelero\is-S42DO.tmp
  • C:\Program Files (x86)\Gafelero\is-86E89.tmp
  • C:\Program Files (x86)\Gafelero\is-KLFTF.tmp
  • C:\Program Files (x86)\Gafelero\is-HIBMF.tmp
  • C:\Program Files (x86)\Gafelero\is-HJHRM.tmp
  • C:\Program Files (x86)\Gafelero\is-SCDI0.tmp
  • C:\Program Files (x86)\Gafelero\is-H8UUJ.tmp
  • C:\Program Files (x86)\Gafelero\is-UKV3A.tmp
  • C:\Program Files (x86)\Gafelero\is-C3JIQ.tmp
  • C:\Program Files (x86)\Gafelero\is-HGG51.tmp
  • C:\Program Files (x86)\Gafelero\is-C6T86.tmp
  • C:\Program Files (x86)\Gafelero\is-FQ0KP.tmp
  • C:\Program Files (x86)\Gafelero\is-AQTBU.tmp
  • C:\Program Files (x86)\Gafelero\is-14TQA.tmp
  • C:\Program Files (x86)\Gafelero\is-GR5B2.tmp
  • C:\Program Files (x86)\Gafelero\is-L7FN5.tmp
  • C:\Program Files (x86)\Gafelero\is-RMCLQ.tmp
  • C:\Program Files (x86)\Gafelero\is-3UIRU.tmp
  • C:\Program Files (x86)\Gafelero\is-IT7QR.tmp
  • C:\Program Files (x86)\Gafelero\is-DJE33.tmp
  • C:\Program Files (x86)\Gafelero\is-FHS2G.tmp
  • C:\Program Files (x86)\Gafelero\is-MNRRM.tmp
  • C:\Program Files (x86)\Gafelero\is-HJU9R.tmp
  • C:\Program Files (x86)\Gafelero\is-O7F41.tmp
  • C:\Program Files (x86)\Gafelero\is-2DGSF.tmp
  • C:\Program Files (x86)\Gafelero\is-3PJOF.tmp
  • C:\Program Files (x86)\Gafelero\is-51OVB.tmp
  • C:\Program Files (x86)\Gafelero\is-LG8O0.tmp
  • C:\Program Files (x86)\Gafelero\is-9VEDF.tmp
  • C:\Program Files (x86)\Gafelero\is-4CHQ1.tmp
  • C:\Program Files (x86)\Gafelero\is-163A3.tmp
  • C:\Program Files (x86)\Gafelero\is-HKBMA.tmp
  • C:\Program Files (x86)\Gafelero\is-5UHT8.tmp
  • C:\Program Files (x86)\Gafelero\is-24NVU.tmp
  • C:\Program Files (x86)\Gafelero\is-BALKU.tmp
  • C:\Program Files (x86)\Gafelero\is-R8S8D.tmp
  • C:\Program Files (x86)\Gafelero\is-1JG5P.tmp
  • C:\Program Files (x86)\Gafelero\is-0K6TR.tmp
  • C:\Program Files (x86)\Gafelero\is-0J8JV.tmp
  • C:\Program Files (x86)\Gafelero\is-G8UFT.tmp
  • C:\Program Files (x86)\Gafelero\is-I9803.tmp
  • C:\Program Files (x86)\Gafelero\is-J05CH.tmp
  • C:\Program Files (x86)\Gafelero\is-JCOG5.tmp
  • C:\Program Files (x86)\Gafelero\is-BKO3P.tmp
  • C:\Program Files (x86)\Gafelero\is-BRP7C.tmp
  • C:\Program Files (x86)\Gafelero\is-5LEJC.tmp
  • C:\Program Files (x86)\Gafelero\is-JULND.tmp
  • C:\Program Files (x86)\Gafelero\is-BMNPC.tmp
  • C:\Program Files (x86)\Gafelero\is-EU83A.tmp
  • C:\Program Files (x86)\Gafelero\is-RFD9T.tmp
  • C:\Program Files (x86)\Gafelero\is-CDUR1.tmp
  • C:\Program Files (x86)\Gafelero\is-MM1DF.tmp
  • C:\Program Files (x86)\Gafelero\is-5KIV1.tmp
  • C:\Program Files (x86)\Gafelero\is-J392P.tmp
  • C:\Program Files (x86)\Gafelero\is-DEIHL.tmp
  • C:\Program Files (x86)\Gafelero\is-FK9PG.tmp
  • C:\Program Files (x86)\Gafelero\is-4E836.tmp
  • C:\Program Files (x86)\Gafelero\is-70IJC.tmp
  • C:\Program Files (x86)\Gafelero\is-NKTEL.tmp
  • C:\Program Files (x86)\Gafelero\is-O84J4.tmp
  • C:\Program Files (x86)\Gafelero\is-OIOKT.tmp
  • C:\Program Files (x86)\Gafelero\is-JPI4E.tmp
  • C:\Program Files (x86)\Gafelero\is-KELGB.tmp
  • C:\Program Files (x86)\Gafelero\is-136F2.tmp
  • C:\Program Files (x86)\Gafelero\is-3ED6T.tmp
  • C:\Program Files (x86)\Gafelero\is-C5VJ0.tmp
  • C:\Program Files (x86)\Gafelero\is-INAJA.tmp
  • C:\Program Files (x86)\Gafelero\is-J1HGL.tmp
  • C:\Program Files (x86)\Gafelero\is-A2D4S.tmp
  • C:\Program Files (x86)\Gafelero\is-M77BM.tmp
  • C:\Program Files (x86)\Gafelero\is-C07FH.tmp
  • C:\Program Files (x86)\Gafelero\is-M7UQS.tmp
  • C:\Program Files (x86)\Gafelero\is-8CMK3.tmp
  • C:\Program Files (x86)\Gafelero\is-OFSIT.tmp
  • C:\Program Files (x86)\Gafelero\is-BLS2N.tmp
  • C:\Program Files (x86)\Gafelero\is-9ESCT.tmp
  • C:\Program Files (x86)\Gafelero\is-4M3AG.tmp
  • C:\Program Files (x86)\Gafelero\is-RTTJO.tmp
  • C:\Program Files (x86)\Gafelero\is-1HUCF.tmp
  • C:\Program Files (x86)\Gafelero\is-9IJES.tmp
  • C:\Program Files (x86)\Gafelero\is-GLUFR.tmp
  • C:\Program Files (x86)\Gafelero\is-JQ4EA.tmp
  • C:\Program Files (x86)\Gafelero\is-2AP71.tmp
  • C:\Program Files (x86)\Gafelero\is-L1VQH.tmp
  • C:\Program Files (x86)\Gafelero\is-4EMUE.tmp
  • C:\Program Files (x86)\Gafelero\is-3PQUH.tmp
  • C:\Program Files (x86)\Gafelero\is-RDJ6P.tmp
  • C:\Program Files (x86)\Gafelero\is-QUQ2H.tmp
  • C:\Program Files (x86)\Gafelero\is-BSGML.tmp
  • C:\Program Files (x86)\Gafelero\is-Q19MQ.tmp
  • C:\Program Files (x86)\Gafelero\is-1J7HK.tmp
  • C:\Program Files (x86)\Gafelero\is-5QEJF.tmp
  • C:\Program Files (x86)\Gafelero\is-7IO4F.tmp
  • C:\Program Files (x86)\Gafelero\is-5JG5M.tmp
  • C:\Program Files (x86)\Gafelero\is-OC9EC.tmp
  • C:\Program Files (x86)\Gafelero\is-15UA9.tmp
  • C:\Program Files (x86)\Gafelero\is-RPAHE.tmp
  • C:\Program Files (x86)\Gafelero\is-OQ234.tmp
  • C:\Program Files (x86)\Gafelero\is-FE6DK.tmp
  • C:\Users\Harry Dresden\AppData\Local\Temp\is-RUKTM.tmp\_isetup\_shfoldr.dll
  • C:\Program Files (x86)\Gafelero\is-FM5UP.tmp
  • C:\Program Files (x86)\Gafelero\is-F6B6V.tmp
  • C:\Program Files (x86)\Gafelero\is-2BNJQ.tmp
  • C:\Program Files (x86)\Gafelero\is-HD9HG.tmp
  • C:\Program Files (x86)\Gafelero\is-NIR2A.tmp
  • C:\Program Files (x86)\Gafelero\is-OV9ND.tmp
  • C:\Program Files (x86)\Gafelero\is-O5N6B.tmp
  • C:\Program Files (x86)\Gafelero\is-5KMGK.tmp
  • C:\Program Files (x86)\Gafelero\is-480TQ.tmp
  • C:\Program Files (x86)\Gafelero\is-LABST.tmp
  • C:\Program Files (x86)\Gafelero\is-C0RV6.tmp
  • C:\Program Files (x86)\Gafelero\is-LITQV.tmp
  • C:\Program Files (x86)\Gafelero\is-5FT0A.tmp
  • C:\Program Files (x86)\Gafelero\is-TQF32.tmp
  • C:\Program Files (x86)\Gafelero\is-IETHL.tmp
  • C:\Program Files (x86)\Gafelero\is-13PGM.tmp
  • C:\Program Files (x86)\Gafelero\is-EOTIJ.tmp
  • C:\Program Files (x86)\Gafelero\is-BH0R0.tmp
  • C:\Program Files (x86)\Gafelero\is-PNA4V.tmp
  • C:\Program Files (x86)\Gafelero\is-US62T.tmp
  • C:\Program Files (x86)\Gafelero\is-4RC01.tmp
  • C:\Program Files (x86)\Gafelero\is-TSM7B.tmp
  • C:\Program Files (x86)\Gafelero\is-IV7T5.tmp
  • C:\Program Files (x86)\Gafelero\is-2Q7H6.tmp
  • C:\Program Files (x86)\Gafelero\is-NL9JN.tmp
  • C:\Program Files (x86)\Gafelero\is-9IOV4.tmp
  • C:\Program Files (x86)\Gafelero\is-0VSK1.tmp
  • C:\Program Files (x86)\Gafelero\is-EFUS1.tmp
  • C:\Program Files (x86)\Gafelero\is-10EC2.tmp
  • C:\Program Files (x86)\Gafelero\is-MF3AS.tmp
  • C:\Program Files (x86)\Gafelero\is-Q8DLV.tmp
  • C:\Program Files (x86)\Gafelero\is-JARRP.tmp
  • C:\Program Files (x86)\Gafelero\is-U9TE1.tmp
  • C:\Program Files (x86)\Gafelero\is-9M0M7.tmp
  • C:\Program Files (x86)\Gafelero\is-308AG.tmp
  • C:\Program Files (x86)\Gafelero\is-KRMIS.tmp
  • C:\Program Files (x86)\Gafelero\is-EOKAE.tmp
  • C:\Program Files (x86)\Gafelero\is-RQ1CE.tmp
  • C:\Program Files (x86)\Gafelero\is-23AKU.tmp
  • C:\Program Files (x86)\Gafelero\is-URG0C.tmp
  • C:\Program Files (x86)\Gafelero\is-THEE1.tmp
  • C:\Program Files (x86)\Gafelero\is-UC8JL.tmp
  • C:\Program Files (x86)\Gafelero\is-JD36F.tmp
  • C:\Program Files (x86)\Gafelero\is-70KJ4.tmp
  • C:\Program Files (x86)\Gafelero\is-0UH57.tmp
  • C:\Program Files (x86)\Gafelero\is-AJKN2.tmp
  • C:\Program Files (x86)\Gafelero\is-S9UII.tmp
  • C:\Program Files (x86)\Gafelero\is-7EN4M.tmp
  • C:\Program Files (x86)\Gafelero\is-PH6SE.tmp
  • C:\Program Files (x86)\Gafelero\is-8J0MT.tmp
  • C:\Program Files (x86)\Gafelero\is-MIL53.tmp
  • C:\Program Files (x86)\Gafelero\is-5M7CQ.tmp
  • C:\Program Files (x86)\Gafelero\is-H40K3.tmp
  • C:\Program Files (x86)\Gafelero\is-UQAPO.tmp
  • C:\Program Files (x86)\Gafelero\is-HF1T6.tmp
  • C:\Program Files (x86)\Gafelero\is-M2AFR.tmp
  • C:\Program Files (x86)\Gafelero\is-ILTT2.tmp
  • C:\Program Files (x86)\Gafelero\is-N72P1.tmp
  • C:\Program Files (x86)\Gafelero\is-IEVSL.tmp
File-Opened
  • C:\Users\Harry Dresden\AppData\Local\Temp\9f4b4d07a69bba4b34f06ba9a9e310eda753b003.exe
  • C:\Windows\System32\en-US\netmsg.dll.mui
  • C:\Windows\SysWOW64\en-US\KERNELBASE.dll.mui
  • C:\Windows\System32\netmsg.dll
  • C:\Windows\Globalization\Sorting\sortdefault.nls
  • C:\
  • C:\Program Files (x86)\Gafelero\is-5EV5J.tmp
  • C:\Program Files (x86)\Gafelero\is-JKKDI.tmp
  • C:\Program Files (x86)\Gafelero\is-KEDBA.tmp
  • C:\Program Files (x86)\Gafelero\is-NITC5.tmp
  • C:\Windows\System32\en-US\netmsg.dll.mui
  • C:\Program Files (x86)\Gafelero\is-MRG0G.tmp
  • C:\Program Files (x86)\Gafelero\is-VNL0V.tmp
  • C:\Program Files (x86)\Gafelero\is-0PJ3B.tmp
  • C:\Program Files (x86)\Gafelero\is-51OVB.tmp
  • C:\Program Files (x86)\Gafelero\is-P61C0.tmp
  • C:\Program Files (x86)\Gafelero\is-E6VH6.tmp
  • C:\Program Files (x86)\Gafelero\is-U8BQE.tmp
  • C:\Windows\System32\netmsg.dll
  • C:\Program Files (x86)\Gafelero\is-236SM.tmp
  • C:\Program Files (x86)\Gafelero\is-703G5.tmp
  • C:\Program Files (x86)\Gafelero\is-6QQIQ.tmp
  • C:\Program Files (x86)\Gafelero\is-9NLG7.tmp
  • C:\Program Files (x86)\Gafelero\is-S3E9J.tmp
  • C:\Program Files (x86)\Gafelero\is-OGM16.tmp
  • C:\Program Files (x86)\Gafelero\is-P0NIC.tmp
  • C:\Program Files (x86)\Gafelero\is-6NHFE.tmp
  • C:\Program Files (x86)\Gafelero\is-10EC2.tmp
  • C:\Program Files (x86)\Gafelero\is-0TJC9.tmp
  • C:\Program Files (x86)\Gafelero\is-GUAKR.tmp
  • C:\Program Files (x86)\Gafelero\is-9EDEO.tmp
  • C:\Program Files (x86)\Gafelero\is-NBJKV.tmp
  • C:\Program Files (x86)\Gafelero\is-A67CR.tmp
  • C:\Windows\System32\en-US\imageres.dll.mui
  • C:\Program Files (x86)\Gafelero\is-4KB5T.tmp
  • C:\Program Files (x86)\Gafelero\is-J1N0R.tmp
  • C:\Program Files (x86)\Gafelero\is-F50IO.tmp
  • C:\Program Files (x86)\Gafelero\is-FLJTJ.tmp
  • C:\Program Files (x86)\Gafelero\is-U60GB.tmp
  • C:\Program Files (x86)\Gafelero\is-L16G2.tmp
  • C:\Program Files (x86)\Gafelero\is-JCM3D.tmp
  • C:\Program Files (x86)\Gafelero\is-TF250.tmp
  • C:\Program Files (x86)\Gafelero\is-VLAPE.tmp
  • C:\Program Files (x86)\Gafelero\is-JARRP.tmp
  • C:\Program Files (x86)\Gafelero\is-F57BD.tmp
  • C:\Windows\Globalization\Sorting\sortdefault.nls
  • C:\Program Files (x86)\Gafelero\is-B7APE.tmp
  • C:\Program Files (x86)\Gafelero\is-PPL8H.tmp
  • C:\Program Files (x86)\Gafelero\is-JRV23.tmp
  • C:\Windows\SysWOW64\en-US\shell32.dll.mui
  • C:\Program Files (x86)\Gafelero\is-P71KO.tmp
  • C:\Program Files (x86)\Gafelero\is-GVDK7.tmp
  • C:\Program Files (x86)\Gafelero\is-VUOP6.tmp
  • C:\Program Files (x86)\Gafelero\is-9CITD.tmp
  • C:\Program Files (x86)\Gafelero\is-N28GH.tmp
  • C:\Program Files (x86)\Gafelero\is-LU3EL.tmp
  • C:\Program Files (x86)\Gafelero\is-3B4N7.tmp
  • C:\Program Files (x86)\Gafelero\is-TT5JH.tmp
  • C:\Program Files (x86)\Gafelero\is-S42DO.tmp
  • C:\Windows\System32\imageres.dll
  • C:\Program Files (x86)\Gafelero\is-86E89.tmp
  • C:\Program Files (x86)\Gafelero\is-KLFTF.tmp
  • C:\Program Files (x86)\Gafelero\is-HIBMF.tmp
  • C:\Program Files (x86)\Gafelero\is-HJHRM.tmp
  • C:\Program Files (x86)\Gafelero\is-SCDI0.tmp
  • C:\Program Files (x86)\Gafelero\is-H8UUJ.tmp
  • C:\Program Files (x86)\Gafelero\is-UKV3A.tmp
  • C:\Program Files (x86)\Gafelero\is-C3JIQ.tmp
  • C:\Program Files (x86)\Gafelero\is-HGG51.tmp
  • C:\Program Files (x86)\Gafelero\is-C6T86.tmp
  • C:\Program Files (x86)\Gafelero\is-NIR2A.tmp
  • C:\Program Files (x86)\Gafelero\is-AQTBU.tmp
  • C:\Program Files (x86)\Gafelero\is-14TQA.tmp
  • C:\Program Files (x86)\Gafelero\is-INAJA.tmp
  • C:\Program Files (x86)\Gafelero\is-8OQJ5.tmp
  • C:\Program Files (x86)\Gafelero\is-GR5B2.tmp
  • C:\Program Files (x86)\Gafelero\is-L7FN5.tmp
  • C:\Program Files (x86)\Gafelero\is-FM5UP.tmp
  • C:\Program Files (x86)\Gafelero\is-3UIRU.tmp
  • C:\Program Files (x86)\Gafelero\is-IT7QR.tmp
  • C:\Program Files (x86)\Gafelero\is-DJE33.tmp
  • C:\Program Files (x86)\Gafelero\is-FHS2G.tmp
  • C:\Program Files (x86)\Gafelero\is-MNRRM.tmp
  • C:\Program Files (x86)\Gafelero\is-HJU9R.tmp
  • C:\Program Files (x86)\Gafelero\is-O7F41.tmp
  • C:\Program Files (x86)\Gafelero\is-2DGSF.tmp
  • C:\Program Files (x86)\Gafelero\is-3PJOF.tmp
  • C:\Program Files (x86)\Gafelero\is-OE2UD.tmp
  • C:\Program Files (x86)\Gafelero\is-LG8O0.tmp
  • C:\Program Files (x86)\Gafelero\is-9VEDF.tmp
  • C:\Program Files (x86)\Gafelero\is-4CHQ1.tmp
  • C:\Program Files (x86)\Gafelero\is-163A3.tmp
  • C:\Program Files (x86)\Gafelero\is-HKBMA.tmp
  • C:\Program Files (x86)\Gafelero\is-5UHT8.tmp
  • C:\Program Files (x86)\Gafelero\is-THEE1.tmp
  • C:\Program Files (x86)\Gafelero\is-BALKU.tmp
  • C:\Program Files (x86)\Gafelero\is-R8S8D.tmp
  • C:\Program Files (x86)\Gafelero\is-1JG5P.tmp
  • C:\Program Files (x86)\Gafelero\is-0K6TR.tmp
  • C:\Program Files (x86)\Gafelero\is-0J8JV.tmp
  • C:\Program Files (x86)\Gafelero\is-J1HGL.tmp
  • C:\Program Files (x86)\Gafelero\is-I9803.tmp
  • C:\Program Files (x86)\Gafelero\is-J05CH.tmp
  • C:\Program Files (x86)\Gafelero\is-JCOG5.tmp
  • C:\Program Files (x86)\Gafelero\is-BKO3P.tmp
  • C:\Program Files (x86)\Gafelero\is-BRP7C.tmp
  • C:\Program Files (x86)\Gafelero\is-5LEJC.tmp
  • C:\Program Files (x86)\Gafelero\is-JULND.tmp
  • C:\Program Files (x86)\Gafelero\is-BMNPC.tmp
  • C:\Program Files (x86)\Gafelero\is-EU83A.tmp
  • C:\Program Files (x86)\Gafelero\is-RFD9T.tmp
  • C:\Program Files (x86)\Gafelero\is-CDUR1.tmp
  • C:\Program Files (x86)\Gafelero\is-MM1DF.tmp
  • C:\Program Files (x86)\Gafelero\is-5KIV1.tmp
  • C:\Program Files (x86)\Gafelero\is-J392P.tmp
  • C:\Program Files (x86)\Gafelero\is-DEIHL.tmp
  • C:\Program Files (x86)\Gafelero\is-FK9PG.tmp
  • C:\Program Files (x86)\Gafelero\is-4E836.tmp
  • C:\Program Files (x86)\Gafelero\is-70IJC.tmp
  • C:\Program Files (x86)\Gafelero\is-NKTEL.tmp
  • C:\Program Files (x86)\Gafelero\is-O84J4.tmp
  • C:\Program Files (x86)\Gafelero\is-OIOKT.tmp
  • C:\Users\Harry Dresden\AppData\Local\Temp\9f4b4d07a69bba4b34f06ba9a9e310eda753b003.exe
  • C:\Program Files (x86)\Gafelero\is-JPI4E.tmp
  • C:\Program Files (x86)\Gafelero\is-KELGB.tmp
  • C:\Program Files (x86)\Gafelero\is-136F2.tmp
  • C:\Program Files (x86)\Gafelero\is-3ED6T.tmp
  • C:\Program Files (x86)\Gafelero\is-C5VJ0.tmp
  • C:\Windows\SysWOW64\en-US\KERNELBASE.dll.mui
  • C:\Program Files (x86)\Gafelero\is-G8UFT.tmp
  • C:\Program Files (x86)\Gafelero\is-A2D4S.tmp
  • C:\Program Files (x86)\Gafelero\is-M77BM.tmp
  • C:\Program Files (x86)\Gafelero\is-C07FH.tmp
  • C:\Program Files (x86)\Gafelero\is-M7UQS.tmp
  • C:\Program Files (x86)\Gafelero\is-8CMK3.tmp
  • C:\Program Files (x86)\Gafelero\is-OFSIT.tmp
  • C:\Program Files (x86)\Gafelero\is-BLS2N.tmp
  • C:\Program Files (x86)\Gafelero\is-9ESCT.tmp
  • C:\Users\Harry Dresden\AppData\Local\Temp\is-HN4B2.tmp\9f4b4d07a69bba4b34f06ba9a9e310eda753b003.tmp
  • C:\Program Files (x86)\Gafelero\is-4M3AG.tmp
  • C:\Program Files (x86)\Gafelero\is-RTTJO.tmp
  • C:\Program Files (x86)\Gafelero\is-1HUCF.tmp
  • C:\Program Files (x86)\Gafelero\is-9IJES.tmp
  • C:\Program Files (x86)\Gafelero\is-GLUFR.tmp
  • C:\Program Files (x86)\Gafelero\is-JQ4EA.tmp
  • C:\Program Files (x86)\Gafelero\is-2AP71.tmp
  • C:\Program Files (x86)\Gafelero\is-L1VQH.tmp
  • C:\Program Files (x86)\Gafelero\is-4EMUE.tmp
  • C:\Program Files (x86)\Gafelero\is-3PQUH.tmp
  • C:\Program Files (x86)\Gafelero\is-RDJ6P.tmp
  • C:\Program Files (x86)\Gafelero\is-QUQ2H.tmp
  • C:\Program Files (x86)\Gafelero\is-IETHL.tmp
  • C:\Program Files (x86)\Gafelero\is-BSGML.tmp
  • C:\Program Files (x86)\Gafelero\is-Q19MQ.tmp
  • C:\Program Files (x86)\Gafelero\is-1J7HK.tmp
  • C:\Program Files (x86)\Gafelero\is-5QEJF.tmp
  • C:\Program Files (x86)\Gafelero\is-7IO4F.tmp
  • C:\Program Files (x86)\Gafelero\is-5JG5M.tmp
  • C:\Program Files (x86)\Gafelero\is-OC9EC.tmp
  • C:\Program Files (x86)\Gafelero\is-15UA9.tmp
  • C:\Program Files (x86)\Gafelero\is-RPAHE.tmp
  • C:\Program Files (x86)\Gafelero\is-OQ234.tmp
  • C:\Program Files (x86)\Gafelero\is-FE6DK.tmp
  • C:\Program Files (x86)\Gafelero\is-RMCLQ.tmp
  • C:\Program Files (x86)\Gafelero\is-F6B6V.tmp
  • C:\Program Files (x86)\Gafelero\is-2BNJQ.tmp
  • C:\Program Files (x86)\Gafelero\is-HD9HG.tmp
  • C:\Program Files (x86)\Gafelero\is-OV9ND.tmp
  • C:\Program Files (x86)\Gafelero\is-O5N6B.tmp
  • C:\Program Files (x86)\Gafelero\is-5KMGK.tmp
  • C:\Program Files (x86)\Gafelero\is-480TQ.tmp
  • C:\Program Files (x86)\Gafelero\is-LABST.tmp
  • C:\Program Files (x86)\Gafelero\is-C0RV6.tmp
  • C:\Program Files (x86)\Gafelero\is-LITQV.tmp
  • C:\Program Files (x86)\Gafelero\is-5FT0A.tmp
  • C:\Program Files (x86)\Gafelero\is-TQF32.tmp
  • C:\Windows\System32\shell32.dll
  • C:\Program Files (x86)\Gafelero\is-13PGM.tmp
  • C:\Program Files (x86)\Gafelero\is-EOTIJ.tmp
  • C:\Program Files (x86)\Gafelero\is-BH0R0.tmp
  • C:\Windows\System32
  • C:\Program Files (x86)\Gafelero\is-US62T.tmp
  • C:\Program Files (x86)\Gafelero\is-4RC01.tmp
  • C:\Program Files (x86)\Gafelero\is-TSM7B.tmp
  • C:\Program Files (x86)\Gafelero\is-IV7T5.tmp
  • C:\Program Files (x86)\Gafelero\is-2Q7H6.tmp
  • C:\Program Files (x86)\Gafelero\is-NL9JN.tmp
  • C:\Program Files (x86)\Gafelero\is-9IOV4.tmp
  • C:\Program Files (x86)\Gafelero\is-0VSK1.tmp
  • C:\Program Files (x86)\Gafelero\is-EFUS1.tmp
  • C:\Program Files (x86)\Gafelero\is-FQ0KP.tmp
  • C:\Program Files (x86)\Gafelero\is-MF3AS.tmp
  • C:\Program Files (x86)\Gafelero\is-Q8DLV.tmp
  • C:\Program Files (x86)\Gafelero\is-PNA4V.tmp
  • C:\Program Files (x86)\Gafelero\is-U9TE1.tmp
  • C:\Program Files (x86)\Gafelero\is-9M0M7.tmp
  • C:\Program Files (x86)\Gafelero\is-308AG.tmp
  • C:\Program Files (x86)\Gafelero\is-KRMIS.tmp
  • C:\Program Files (x86)\Gafelero\is-EOKAE.tmp
  • C:\Program Files (x86)\Gafelero\is-RQ1CE.tmp
  • C:\Program Files (x86)\Gafelero\is-23AKU.tmp
  • C:\Program Files (x86)\Gafelero\is-URG0C.tmp
  • C:\Program Files (x86)\Gafelero\is-24NVU.tmp
  • C:\Program Files (x86)\Gafelero\is-UC8JL.tmp
  • C:\Program Files (x86)\Gafelero\is-JD36F.tmp
  • C:\Program Files (x86)\Gafelero\is-70KJ4.tmp
  • C:\Program Files (x86)\Gafelero\is-0UH57.tmp
  • C:\Program Files (x86)\Gafelero\is-AJKN2.tmp
  • C:\Program Files (x86)\Gafelero\is-S9UII.tmp
  • C:\Program Files (x86)\Gafelero\is-7EN4M.tmp
  • C:\Program Files (x86)\Gafelero\is-PH6SE.tmp
  • C:\Program Files (x86)\Gafelero\is-8J0MT.tmp
  • C:\Program Files (x86)\Gafelero\is-MIL53.tmp
  • C:\Program Files (x86)\Gafelero\is-5M7CQ.tmp
  • C:\Program Files (x86)\Gafelero\is-H40K3.tmp
  • C:\Program Files (x86)\Gafelero\is-UQAPO.tmp
  • C:\Program Files (x86)\Gafelero\is-HF1T6.tmp
  • C:\Program Files (x86)\Gafelero\is-M2AFR.tmp
  • C:\Program Files (x86)\Gafelero\is-ILTT2.tmp
  • C:\Program Files (x86)\Gafelero\is-N72P1.tmp
  • C:\Program Files (x86)\Gafelero\is-IEVSL.tmp
  • C:\Users\Harry Dresden\Desktop\hrSXWuGNvF.docx
  • C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\en-us\oregres.dll.mui
  • C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\oregres.dll
Directory-Created
  • C:\Users\Harry Dresden\AppData\Local\Temp\is-HN4B2.tmp
  • C:\Users\Harry Dresden
  • C:\Program Files (x86)\Gafelero
  • C:\Users\Harry Dresden\AppData\Local\Programs
  • C:\Users\Harry Dresden\AppData\Local
  • C:\Users\Harry Dresden\AppData\Local\Temp\is-RUKTM.tmp
  • C:\Users\Harry Dresden\AppData\Local\Programs\Common
  • C:\Users\Harry Dresden\AppData\Local\Temp\is-RUKTM.tmp\_isetup
Directory-Enumerated
  • C:\Program Files (x86)\Gafelero\unins???.*
  • C:\Users\Harry Dresden\AppData\Local\Temp\is-HN4B2.tmp\9f4b4d07a69bba4b34f06ba9a9e310eda753b003.tmp
Registry Key-Opened
  • HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
  • HKEY_LOCAL_MACHINE\Software\Borland\Locales
  • HKEY_CURRENT_USER\Software\Borland\Locales
  • HKEY_CURRENT_USER\Software
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\NonEnum
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\PropertyBag
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\KnownFolderSettings
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\KnownFolders
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager
  • HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Setup
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-3416602863-1947377224-293699093-1003
  • HKEY_CLASSES_ROOT\Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9}
  • HKEY_LOCAL_MACHINE\Software\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\LanguageProfile\0x00000000\{0001bea3-ed56-483d-a2e2-aeae25577436}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}
  • HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Explorer
  • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Explorer\AutoComplete
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\KnownClasses
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\NonEnum
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
  • HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
  • HKEY_LOCAL_MACHINE\Software
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\Compatibility\9f4b4d07a69bba4b34f06ba9a9e310eda753b003.tmp
  • HKEY_LOCAL_MACHINE\Software\Microsoft\RestartManager
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Paths\9f4b4d07a69bba4b34f06ba9a9e310eda753b003.tmp
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{BCBD3057-CA5C-4622-B42D-BC56DB0AE516}\PropertyBag
  • HKEY_CLASSES_ROOT\CLSID\{00BB2763-6A77-11D0-A535-00C04FD7D062}\InProcServer32
  • HKEY_LOCAL_MACHINE\System\Setup
  • HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Explorer\AutoComplete
  • HKEY_CLASSES_ROOT\Drive\shellex\FolderExtensions
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
  • HKEY_CURRENT_USER\Software\Policies
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5CD7AEE2-2219-4A67-B85D-6C9CE15660CB}\PropertyBag
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{BCBD3057-CA5C-4622-B42D-BC56DB0AE516}
  • HKEY_CLASSES_ROOT\CLSID\{03C036F1-A186-11D0-824A-00AA005B4383}\InProcServer32
  • HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\PnpLockdownFiles
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Gafelero_is1
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\msasn1
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoComplete\Client\
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Applications\9f4b4d07a69bba4b34f06ba9a9e310eda753b003.tmp
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\PropertyBag
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons
  • HKEY_LOCAL_MACHINE\Software\Policies
  • HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Paths\9f4b4d07a69bba4b34f06ba9a9e310eda753b003.tmp
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoComplete
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Gafelero_is1
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer
  • HKEY_CURRENT_USER\Control Panel\Desktop
  • HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Explorer
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\FontSubstitutes
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5CD7AEE2-2219-4A67-B85D-6C9CE15660CB}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\AutoComplete
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoComplete
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\PropertySystem
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\HomeGroup\SharingPreferences\S-1-5-21-3416602863-1947377224-293699093-1003
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\HomeGroup\UIStatusCache
  • HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\HomeGroupProvider\ServiceData
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\HomeGroup\NetworkLocations\Home
Registry Key-Deleted
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Gafelero_is1
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Gafelero_is1
Registry Key-Read
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CMF\Config\SYSTEM
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-US
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-US
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Kopalonal.bat
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Gusareleb.vob
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Cutufaka.bat
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Mugufa.pptx
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Mepekekuf.f
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Meresatader.jar
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetFolders
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{BCBD3057-CA5C-4622-B42D-BC56DB0AE516}\Icon
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Cofip.pps
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Mugenekapac.te
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Temasefocafa.key
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoComplete\AutoSuggest
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{BCBD3057-CA5C-4622-B42D-BC56DB0AE516}\StreamResource
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\Stream
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\LocalizedName
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\AccListViewV6
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5CD7AEE2-2219-4A67-B85D-6C9CE15660CB}\InitFolderHandler
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Hutakilefe.h
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Besan.key
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Moreb.xml
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Pikurotoh.wps
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\Attributes
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\Name
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\ParsingName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Potogasupoh.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Pofokodosa.srt
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Febatera.m3u
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Ribepocat.mp3
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Repopi.cip
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Ralekutabof.pages
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Dupani.wpd
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\unins000.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Kofina.srt
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Mumomi.pages
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsAliasedNotifications
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Sifeg.mpg
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Sadebiru.pptx
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Roamable
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CommonFilesDir
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Becorunebul.tex
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\InfoTip
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Cekes.com
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5CD7AEE2-2219-4A67-B85D-6C9CE15660CB}\StreamResourceType
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\ParentFolder
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Bogem.html
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Mugesof.fo
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5CD7AEE2-2219-4A67-B85D-6C9CE15660CB}\Security
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Gokagubehedo.ppt
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Rigofa.wma
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Tafopitobe.asf
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Caceg.rtf
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Badimoti.mp3
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Nomot.doc
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Kerenupem.log
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\CommonFilesDir
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Lumukifiha.kof
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Corusomecac.pps
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Tekabohel.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Dulekegenika.rtf
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Rupagukor.foh
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\Attributes
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Mahorot.wav
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Dumepere.gom
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Security
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Makohu
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Dotap.hta
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Nurecogucuno.wpd
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-US
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\FolderTypeID
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\DevicePath
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Losufupig.nu
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Kasolonader.exe
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5CD7AEE2-2219-4A67-B85D-6C9CE15660CB}\Attributes
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Dabodam.wpd
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Dagarab.m3u
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Hesola.wma
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Foporacam.pages
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Nogupocican.srt
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Lurageb.mpg
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\StreamResourceType
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Sefolileco.rtf
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{00BB2763-6A77-11D0-A535-00C04FD7D062}\InProcServer32\(Default)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{BCBD3057-CA5C-4622-B42D-BC56DB0AE516}\Description
  • HKEY_CURRENT_USER\Control Panel\Desktop\SmoothScroll
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Konad.pptx
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ListviewShadow
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Polacisolo.mpg
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Cuhok.doc
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5CD7AEE2-2219-4A67-B85D-6C9CE15660CB}\ParsingName
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\{5CD7AEE2-2219-4A67-B85D-6C9CE15660CB}
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ListviewAlphaSelect
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\PublishExpandedPath
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\LanguageProfile\0x00000000\{0001bea3-ed56-483d-a2e2-aeae25577436}\Enable
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Icon
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{BCBD3057-CA5C-4622-B42D-BC56DB0AE516}\Name
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Dohed.srt
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\StreamResource
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5CD7AEE2-2219-4A67-B85D-6C9CE15660CB}\InfoTip
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{BCBD3057-CA5C-4622-B42D-BC56DB0AE516}\Roamable
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Raconebekum
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{BCBD3057-CA5C-4622-B42D-BC56DB0AE516}\LocalizedName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\SourcePath
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Korota.log
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\RestrictedAttributes
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\PreCreate
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Kunotahe.com
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Pobatir.log
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Mafoku.wpd
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Tolakesobaho.csv
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Hokehib.vob
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Tahoma
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Pobos.doc
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Fopebadapag.ge
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\ParentFolder
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5CD7AEE2-2219-4A67-B85D-6C9CE15660CB}\ParentFolder
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Lurenokemoh.rtf
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\Roamable
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5CD7AEE2-2219-4A67-B85D-6C9CE15660CB}\Name
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\NoFileFolderJunction
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{20D04FE0-3AEA-1069-A2D8-08002B30309D}
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\{BCBD3057-CA5C-4622-B42D-BC56DB0AE516}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Description
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000409
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Dakusafacira.pptx
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Toruri
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoCommonGroups
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Pilikepafos.com
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\PinToNameSpaceTree
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{BCBD3057-CA5C-4622-B42D-BC56DB0AE516}\FolderTypeID
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\MachineThrottling
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Cukitogid
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\LocalRedirectOnly
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsFORPARSING
  • HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000\RegFiles0001
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Pehipafomu.ppt
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\RelativePath
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Mefap.docx
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Lobah.srt
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Ladun.ge
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\Security
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{BCBD3057-CA5C-4622-B42D-BC56DB0AE516}\ParentFolder
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Focefuf.pptx
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\ParsingName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Pones
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Sehopeseg.napo
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Folafakuh.doc
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Susis.msg
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Kirogat.html
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Celefinufu.wps
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5CD7AEE2-2219-4A67-B85D-6C9CE15660CB}\LocalRedirectOnly
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Gebusep.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{BCBD3057-CA5C-4622-B42D-BC56DB0AE516}\ParsingName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoPropertiesMyComputer
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Radotunoloso.msg
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\InfoTip
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Sosola.asf
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\AutoComplete\Client\(Default)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Mupenupihal.com
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Futipalate.fu
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Poboh.asf
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Dogufeg.wpd
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoCommonGroups
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Kebimura.pptx
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Niloguguho.asf
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Senesogafeke
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Saserecikode.pptx
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoPropertiesMyComputer
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Kesanet.html
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Detegapup.sdf
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9}\DriveMask
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Gakib.mir
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoPropertiesRecycleBin
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoComplete\Always Use Tab
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Gikelakubup.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoControlPanel
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\PreCreate
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Numodida.bat
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Pedakebe.html
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Benoper.asf
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoPropertiesRecycleBin
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Kakigudapolo.html
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Ponuceredu
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Sufogaledu.wav
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Dotusapeka.key
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Sahulurino.odt
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Setasor.fo
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Diticurake.vob
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ProgramFilesDir
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Ledegatah.pe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5CD7AEE2-2219-4A67-B85D-6C9CE15660CB}\Stream
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Cifag.csv
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Pumafecano.doc
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WaitToKillServiceTimeout
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Pokebanikedo.rtf
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Pedapa.wps
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Riratupofo.com
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsFORDISPLAY
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\CTF\EnableAnchorContext
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\RelativePath
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Mageba.csv
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5CD7AEE2-2219-4A67-B85D-6C9CE15660CB}\Description
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Pofef.vob
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Rafotediho.cpp
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoInternetIcon
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Lomekic.odt
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetFolders
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Nadicecesela.wav
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Musedo.wpd
  • HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000\RegFiles0000
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Pebepisat
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\MapNetDriveVerbs
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\QueryForInfoTip
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Lorecafoheko.wps
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Lisaculomifu.exe
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\Enabled
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Local AppData
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5CD7AEE2-2219-4A67-B85D-6C9CE15660CB}\FolderTypeID
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Tukogafagefo.k
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5CD7AEE2-2219-4A67-B85D-6C9CE15660CB}\Category
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\UseDropHandler
  • HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000\RegProcs0000
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Hanokabena
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Category
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Fogela.fon
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\PublishExpandedPath
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Loganokarani
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\LocalizedName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Muticuloce.wpd
  • HKEY_LOCAL_MACHINE\SYSTEM\Setup\SystemSetupInProgress
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{BCBD3057-CA5C-4622-B42D-BC56DB0AE516}\InitFolderHandler
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Rasadokeb.srt
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Lahehuret.dic
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\HideFolderVerbs
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Dakeripecu.bat
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{BCBD3057-CA5C-4622-B42D-BC56DB0AE516}\PublishExpandedPath
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Nahukefu.wpd
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\InitFolderHandler
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Mubalapebom.ppt
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Nicumuno.bat
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{BCBD3057-CA5C-4622-B42D-BC56DB0AE516}\Category
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Karegecineke.ca
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\RegisteredOwner
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Somagen.deko
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\HideInWebView
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{BCBD3057-CA5C-4622-B42D-BC56DB0AE516}\Attributes
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{BCBD3057-CA5C-4622-B42D-BC56DB0AE516}\Security
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\CallForAttributes
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Safap.mab
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Dodebome.wps
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\UseDoubleClickTimer
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Name
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\EnableBalloonTips
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Fagas.mpg
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Rubapuc.digo
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Lodadafa.html
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{BCBD3057-CA5C-4622-B42D-BC56DB0AE516}\LocalRedirectOnly
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Buhotec.docx
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-3416602863-1947377224-293699093-1003\ProfileImagePath
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Kofebapi.foge
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Cagahosese
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-US
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Metofodi
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5CD7AEE2-2219-4A67-B85D-6C9CE15660CB}\Icon
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\HasNavigationEnum
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Rakar.m3u
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Tegonek.sdf
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\GlobalSession
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Mokenano.sor
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Gopimorasefe.mp3
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Momusenico.cpp
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Gubusi
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Dabinotolob.asf
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\AutoComplete\Always Use Tab
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5CD7AEE2-2219-4A67-B85D-6C9CE15660CB}\PublishExpandedPath
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledProcesses\88B89970
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Fedocoti.cpp
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Ducuhagemo.be
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Femihamomeh.jar
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Lepolalas.vob
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\InitFolderHandler
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Hadirotir.rtf
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Rahefapido
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{03C036F1-A186-11D0-824A-00AA005B4383}\InProcServer32\(Default)
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoInternetIcon
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\1
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Hubafuneme.key
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Tatacos.com
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Pohupabir.wav
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsUniversalDelegate
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SESSION MANAGER\PendingFileRenameOperations
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Pitipigu.pa
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Bihamit.sdf
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\QueryForOverlay
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Gofometal.bat
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Fenegupet.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsParseDisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Pugafusahi.rtf
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Seteledane.pps
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Mokufomasad.asf
  • HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000\Sequence
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Fuhihoboro.pps
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\StreamResourceType
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Gogalo.bep
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Kodoraci
  • HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000\RegFilesHash
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Mahamoditadu.com
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5CD7AEE2-2219-4A67-B85D-6C9CE15660CB}\RelativePath
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Lemusof.bat
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{BCBD3057-CA5C-4622-B42D-BC56DB0AE516}\StreamResourceType
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoComplete\Append Completion
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoControlPanel
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Pekoh.gu
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\AutoComplete\AutoSuggest
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Badomakepomo.cpp
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SESSION MANAGER\PendingFileRenameOperations2
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{BCBD3057-CA5C-4622-B42D-BC56DB0AE516}\RelativePath
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Colep.pptx
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Kapegu.wpd
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Tagehacuces.ppt
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Kafabe.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Socukic.com
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Secelokoheh.pif
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\RegisteredOrganization
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Nipumolitu
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Kekodoraca.html
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Falosefime.pptx
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Denon.doc
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Lemegar.ppt
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\StreamResource
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\Icon
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Lokub.mesa
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\FolderTypeID
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Guloradasali.srt
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Colanucecena.wpd
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{BCBD3057-CA5C-4622-B42D-BC56DB0AE516}\InfoTip
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Cilofohagepu.ke
  • HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000\RegSvcs0000
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Fohokikuc
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5CD7AEE2-2219-4A67-B85D-6C9CE15660CB}\PreCreate
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Dagehonesucu.mit
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Huceporac.f
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Kilam.hem
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{BCBD3057-CA5C-4622-B42D-BC56DB0AE516}\PreCreate
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\LocalRedirectOnly
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Gekop.gof
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\Description
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5CD7AEE2-2219-4A67-B85D-6C9CE15660CB}\LocalizedName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{BCBD3057-CA5C-4622-B42D-BC56DB0AE516}\Stream
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Lofahoh.wma
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Stream
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5CD7AEE2-2219-4A67-B85D-6C9CE15660CB}\Roamable
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\Category
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Macopihefe.tex
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\HideOnDesktopPerUser
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Calafof.bat
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Kupecasebin.jar
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Nerokenuh.pps
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Reloreta.xml
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5CD7AEE2-2219-4A67-B85D-6C9CE15660CB}\StreamResource
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Copidasigata.hta
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Gafelero\Medenekoh.html
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Attributes
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsFORPARSING
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}\ShellFolder\NoFileFolderJunction
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}\NOLEGACYWEBVIEW
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\HideFolderVerbs
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\HomeGroup\AutoCreatedInOOBE\AutoCreatedInOOBE
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}\ShellFolder\RestrictedAttributes
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}\{28636AA6-953D-11D2-B5D6-00C04FD918D0} 34
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Word.Document.12\CLSID\(Default)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}\NOTAFILESYSTEM
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}\NOIPROPERTYSTORE
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\QueryForOverlay
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{F4754C9B-64F5-4B40-8AF4-679732AC0607}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\NoFileFolderJunction
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Word.Document.12\IsShortcut
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\CEIPSampledIn
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsParseDisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\UseDropHandler
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}\ShellFolder\QueryForInfoTip
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsAliasedNotifications
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}\ShellFolder\HideFolderVerbs
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}\System.HideOnDesktop
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Pacific Standard Time\Dynamic DST\FirstEntry
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HomeGroupProvider\ServiceData\PeerGroupName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{20D04FE0-3AEA-1069-A2D8-08002B30309D}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}\SortOrderIndex
  • HKEY_CURRENT_USER\Local Settings\MuiCache\48\52C64B7E\@C:\Program Files (x86)\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-123
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}\CTXMENU_XPQCMFLAGS
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\HomeGroup\NetworkLocations\Home\{5F058833-0652-4B15-B7EA-02DD7798ACE8}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}\ShellFolder\Attributes
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\HomeGroup\UIStatusCache\OnlyMember
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\RestrictedAttributes
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}\ShellFolder\HideOnDesktopPerUser
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}\ShellFolder\WantsUniversalDelegate
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.docx\(Default)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}\OTNEEDSSFCACHE
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\HideOnDesktopPerUser
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\HomeGroup\SharingPreferences\S-1-5-21-3416602863-1947377224-293699093-1003\SharingPreferencesApplied
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Word.Document.12\FriendlyTypeName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\HideInWebView
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}\ShellFolder\HasNavigationEnum
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}\CTXMENU_NOVERBS
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}\NEEDSFILESYSANCESTOR
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsFORDISPLAY
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.docx\PerceivedType
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\HomeGroup\UIStatusCache\UIStatus
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}\ShellFolder\MapNetDriveVerbs
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\QueryForInfoTip
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Desktop
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Pacific Standard Time\Dynamic DST\2017
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}\ShellFolder\UseDropHandler
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}\ShellFolder\CallForAttributes
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\Attributes
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\HomeGroup\SharingPreferences\S-1-5-21-3416602863-1947377224-293699093-1003\ShareDocuments
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Pacific Standard Time\Dynamic DST\LastEntry
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} {0000013A-0000-0000-C000-000000000046} 0xFFFF
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\PinToNameSpaceTree
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\HasNavigationEnum
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.docx\InfoTip
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}\EnableShareDenyNone
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}\PINDLL
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}\InprocServer32\(Default)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\CEIPEnable
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}\ShellFolder\WantsParseDisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}\ShellFolder\HideInWebView
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}\ShellFolder\WantsAliasedNotifications
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\HomeGroup\SharingInProgress\SharingInProgress
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\HomeGroup\SharingPreferences\S-1-5-21-3416602863-1947377224-293699093-1003\ShareMusic
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}\ShellFolder\WantsFORDISPLAY
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\HomeGroup\SharingPreferences\S-1-5-21-3416602863-1947377224-293699093-1003\SharePictures
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}\ShellFolder\PinToNameSpaceTree
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}\ShellFolder\WantsFORPARSING
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}\CTXMENU_LIMITEDQI
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}\NO_WEBVIEW
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}\NEEDSSTORAGEANCESTOR
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\HomeGroup\SharingPreferences\S-1-5-21-3416602863-1947377224-293699093-1003\ShareMediaToAllDevices
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}\InprocServer32\LoadWithoutCOM
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9}\DriveMask
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}\COCREATESHELLFOLDERONLY
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\MapNetDriveVerbs
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\HomeGroup\SharingPreferences\S-1-5-21-3416602863-1947377224-293699093-1003\ShareVideos
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}\UNBINDABLE
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\CallForAttributes
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}\ShellFolder\QueryForOverlay
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\PropertySystem\FormatForDisplayHelper
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Word.Document.12\InfoTip
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\MUI\StringCacheSettings\StringCacheGeneration
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Pacific Standard Time\Dynamic DST\2007
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsUniversalDelegate
Registry Key-Written
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Gafelero_is1\InstallDate
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Gafelero_is1\MajorVersion
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Gafelero_is1\NoRepair
  • HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000\SessionHash
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Gafelero_is1\InstallLocation
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Gafelero_is1\Inno Setup: App Path
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Gafelero_is1\Inno Setup: Setup Version
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Gafelero_is1\DisplayVersion
  • HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000\Sequence
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Gafelero_is1\Inno Setup: User
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Gafelero_is1\Inno Setup: Language
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Gafelero_is1\EstimatedSize
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Gafelero_is1\UninstallString
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Gafelero_is1\DisplayName
  • HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000\Owner
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Gafelero_is1\QuietUninstallString
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Gafelero_is1\Inno Setup: Icon Group
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Gafelero_is1\NoModify
  • HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000\RegFilesHash
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Gafelero_is1\MinorVersion
  • HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000\RegFiles0000
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\HomeGroup\UIStatusCache\OnlyMember
  • HKEY_CURRENT_USER\Local Settings\MuiCache\48\52C64B7E\LanguageList
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\HomeGroup\UIStatusCache\UIStatus
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\HomeGroup\UIStatusCache\ModifierSystem
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\HomeGroup\UIStatusCache\Modifier
  • HKEY_CURRENT_USER\Local Settings\MuiCache\48\52C64B7E\@C:\Program Files (x86)\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-123
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} {0000013A-0000-0000-C000-000000000046} 0xFFFF
Mutex-Accessed
  • Local\RstrMgr-3887CAB8-533F-4C85-B0DC-3E5639F8D511-Session0000
  • Local\RstrMgr3887CAB8-533F-4C85-B0DC-3E5639F8D511

Processes

registry filesystem process services network synchronization

C:\Windows\system32\lsass.exe PID: 456, Parent PID: 352

"C:\Users\Harry Dresden\AppData\Local\Temp\9f4b4d07a69bba4b34f06ba9a9e310eda753b003.exe" PID: 2404, Parent PID: 2696

"C:\Users\HARRYD~1\AppData\Local\Temp\is-HN4B2.tmp\9f4b4d07a69bba4b34f06ba9a9e310eda753b003.tmp" /SL5="$F0166,1284205,54272,C:\Users\Harry Dresden\AppData\Local\Temp\9f4b4d07a69bba4b34f06ba9a9e310eda753b003.exe" PID: 3996, Parent PID: 2404

C:\Windows\Explorer.EXE PID: 2652, Parent PID: 2596

Volatility

Nothing to display.