'
metaflows logo
Category Started On Completed On Duration Cuckoo Version
FILE 2017-02-07 16:15:06.870880 2017-02-07 16:17:13.542560 126 seconds 2.0-dev
Machine Label Manager Started On Shutdown On
win7cuckoo win7 Clone 1 VirtualBox 2017-02-07 16:15:08 2017-02-07 16:17:13

File Details

File name 33f377c2aeae21ce78f61b13d6984817372debcf.exe
File size 1307720 bytes
File type PE32 executable for MS Windows (GUI) Intel 80386 32-bit
CRC32 51F0E8B6
MD5 c099dbc1238c1d1d48dd4906cc83c0ff
SHA1 33f377c2aeae21ce78f61b13d6984817372debcf
SHA256 81dde46e7187361f5bbcd9a9ad84b096c5f8ba2461d9b8346eacfa155cdc5c30
SHA512 368336f5b199998d4272b9bebca67912dd6b756ca332a015fda3144a2d0590e66b9afbe47d8605d26f477843cbbbb951ee52ea6f7c563236c7548885506b29cb
Ssdeep 24576:eQinOb84lFW+OWWBrg2/pi5JeNUk24ts8fLu8afFKuzO/ZMBTlP0QjcpMXVJo:e9Ob84lFTORJpOeNUk2Djjsu6/ZGpf
PEiD None matched
Yara None matched
VirusTotal File not found on VirusTotal

MetaFlows Scores

Metaflows Analysis Results (Signatures=75, Anomalies=0, PEiD=0, Yara=0, VT[1486484247]=0): Snort Events=0, AV Events=0
Total Score=75

Signatures

antivm_queries_computername details
antisandbox_foregroundwindows details
antivm_disk_size details
infostealer_keylogger details

Screenshots

No screenshots available.

Static Analysis

Version Infos

Sections

Resources

Imports

Strings

Dropped Files

b20a8d88c5509811__setup64.tmp

bae22f27c12bce1f_33f377c2aeae21ce78f61b13d6984817372debcf.tmp

9884e9d1b4f8a873__shfoldr.dll

2c6aa4174f56010b_unins000.dat

Network Analysis

Hosts Involved

DNS Requests

HTTP Requests

Behavior Summary

File-Read
  • C:\Users\Harry Dresden\AppData\Local\Temp\33f377c2aeae21ce78f61b13d6984817372debcf.exe
  • C:\Users\Harry Dresden\Desktop\ADsQOgZZGYDhN.docx
  • C:\Users\Harry Dresden\AppData\Local\Temp\is-02R5Q.tmp\33f377c2aeae21ce78f61b13d6984817372debcf.tmp
  • C:\Users\Harry Dresden\AppData\Local\Temp\33f377c2aeae21ce78f61b13d6984817372debcf.exe
File-Written
  • C:\Users\Harry Dresden\AppData\Local\Temp\is-02R5Q.tmp\33f377c2aeae21ce78f61b13d6984817372debcf.tmp
  • C:\Program Files (x86)\Kigabekac\is-JH27Q.tmp
  • C:\Program Files (x86)\Kigabekac\is-LTEGO.tmp
  • C:\Program Files (x86)\Kigabekac\is-7H7JK.tmp
  • C:\Program Files (x86)\Kigabekac\is-S4JH3.tmp
  • C:\Program Files (x86)\Kigabekac\is-VR7GU.tmp
  • C:\Program Files (x86)\Kigabekac\is-4TTOT.tmp
  • C:\Program Files (x86)\Kigabekac\is-DO7B6.tmp
  • C:\Program Files (x86)\Kigabekac\is-RDCEQ.tmp
  • C:\Program Files (x86)\Kigabekac\is-SOTT0.tmp
  • C:\Program Files (x86)\Kigabekac\is-PJPB7.tmp
  • C:\Program Files (x86)\Kigabekac\is-68V2N.tmp
  • C:\Program Files (x86)\Kigabekac\is-25L8S.tmp
  • C:\Program Files (x86)\Kigabekac\is-DNHK2.tmp
  • C:\Program Files (x86)\Kigabekac\is-6RGK8.tmp
  • C:\Program Files (x86)\Kigabekac\is-23E1S.tmp
  • C:\Program Files (x86)\Kigabekac\is-420OK.tmp
  • C:\Program Files (x86)\Kigabekac\is-8QL77.tmp
  • C:\Program Files (x86)\Kigabekac\is-AP2D5.tmp
  • C:\Program Files (x86)\Kigabekac\is-HQ7K1.tmp
  • C:\Program Files (x86)\Kigabekac\is-39QS6.tmp
  • C:\Program Files (x86)\Kigabekac\is-99KM9.tmp
  • C:\Program Files (x86)\Kigabekac\is-C063J.tmp
  • C:\Program Files (x86)\Kigabekac\is-KSHTI.tmp
  • C:\Program Files (x86)\Kigabekac\is-77EK0.tmp
  • C:\Program Files (x86)\Kigabekac\is-BUD2T.tmp
  • C:\Program Files (x86)\Kigabekac\is-L8OV8.tmp
  • C:\Program Files (x86)\Kigabekac\is-FFVED.tmp
  • C:\Program Files (x86)\Kigabekac\is-Q2G03.tmp
  • C:\Program Files (x86)\Kigabekac\is-C057K.tmp
  • C:\Program Files (x86)\Kigabekac\is-07SNC.tmp
  • C:\Program Files (x86)\Kigabekac\is-P9IK5.tmp
  • C:\Program Files (x86)\Kigabekac\is-5O2UG.tmp
  • C:\Program Files (x86)\Kigabekac\is-Q0VAJ.tmp
  • C:\Program Files (x86)\Kigabekac\is-CDT91.tmp
  • C:\Program Files (x86)\Kigabekac\is-A4EH8.tmp
  • C:\Program Files (x86)\Kigabekac\is-DP0PE.tmp
  • C:\Program Files (x86)\Kigabekac\is-NHQ8C.tmp
  • C:\Program Files (x86)\Kigabekac\is-J74L6.tmp
  • C:\Program Files (x86)\Kigabekac\is-0MCJP.tmp
  • C:\Program Files (x86)\Kigabekac\is-AQJUQ.tmp
  • C:\Program Files (x86)\Kigabekac\is-V82FE.tmp
  • C:\Program Files (x86)\Kigabekac\is-L241S.tmp
  • C:\Program Files (x86)\Kigabekac\is-I98L7.tmp
  • C:\Program Files (x86)\Kigabekac\is-APRV7.tmp
  • C:\Program Files (x86)\Kigabekac\is-RMCUP.tmp
  • C:\Program Files (x86)\Kigabekac\is-CPE62.tmp
  • C:\Program Files (x86)\Kigabekac\is-AQ1NE.tmp
  • C:\Program Files (x86)\Kigabekac\is-5CJQN.tmp
  • C:\Program Files (x86)\Kigabekac\is-GR62T.tmp
  • C:\Program Files (x86)\Kigabekac\is-N2591.tmp
  • C:\Program Files (x86)\Kigabekac\is-C1QC1.tmp
  • C:\Program Files (x86)\Kigabekac\is-VL6PV.tmp
  • C:\Program Files (x86)\Kigabekac\is-NJGKP.tmp
  • C:\Program Files (x86)\Kigabekac\is-M372L.tmp
  • C:\Users\Harry Dresden\AppData\Local\Temp\is-QCFSE.tmp\_isetup\_setup64.tmp
  • C:\Program Files (x86)\Kigabekac\is-QDTJ8.tmp
  • C:\Program Files (x86)\Kigabekac\is-OIC92.tmp
  • C:\Program Files (x86)\Kigabekac\is-BN9EH.tmp
  • C:\Program Files (x86)\Kigabekac\is-0JGUV.tmp
  • C:\Users\Harry Dresden\AppData\Local\Temp\is-QCFSE.tmp\_isetup\_shfoldr.dll
  • C:\Program Files (x86)\Kigabekac\is-P0V57.tmp
  • C:\Program Files (x86)\Kigabekac\is-A95I4.tmp
  • C:\Program Files (x86)\Kigabekac\is-RU7VN.tmp
  • C:\Program Files (x86)\Kigabekac\is-MS193.tmp
  • C:\Program Files (x86)\Kigabekac\is-8OHFM.tmp
  • C:\Program Files (x86)\Kigabekac\is-QO0S7.tmp
  • C:\Program Files (x86)\Kigabekac\is-LVQL7.tmp
  • C:\Program Files (x86)\Kigabekac\is-O4VA3.tmp
  • C:\Program Files (x86)\Kigabekac\is-5KKUN.tmp
  • C:\Program Files (x86)\Kigabekac\is-4G0TB.tmp
  • C:\Program Files (x86)\Kigabekac\is-D9LVE.tmp
  • C:\Program Files (x86)\Kigabekac\is-E233G.tmp
  • C:\Program Files (x86)\Kigabekac\is-TKVC1.tmp
  • C:\Program Files (x86)\Kigabekac\is-NSGNI.tmp
  • C:\Program Files (x86)\Kigabekac\is-S2UIN.tmp
  • C:\Program Files (x86)\Kigabekac\is-VAK92.tmp
  • C:\Program Files (x86)\Kigabekac\is-60JPM.tmp
  • C:\Program Files (x86)\Kigabekac\is-VUA5T.tmp
  • C:\Program Files (x86)\Kigabekac\is-TITKB.tmp
  • C:\Program Files (x86)\Kigabekac\is-R4ODK.tmp
  • C:\Program Files (x86)\Kigabekac\is-DMOFR.tmp
  • C:\Program Files (x86)\Kigabekac\is-O0H6C.tmp
  • C:\Program Files (x86)\Kigabekac\is-3VMB5.tmp
  • C:\Program Files (x86)\Kigabekac\is-7FCU0.tmp
  • C:\Program Files (x86)\Kigabekac\is-DOQQM.tmp
  • C:\Program Files (x86)\Kigabekac\is-T4RVO.tmp
  • C:\Program Files (x86)\Kigabekac\is-G96SN.tmp
  • C:\Program Files (x86)\Kigabekac\is-OD1AR.tmp
  • C:\Program Files (x86)\Kigabekac\is-M12BD.tmp
  • C:\Program Files (x86)\Kigabekac\is-7SQEV.tmp
  • C:\Program Files (x86)\Kigabekac\is-2KP9V.tmp
  • C:\Program Files (x86)\Kigabekac\is-441RV.tmp
  • C:\Program Files (x86)\Kigabekac\is-JIO3G.tmp
  • C:\Program Files (x86)\Kigabekac\is-ALS65.tmp
  • C:\Program Files (x86)\Kigabekac\is-JA6T9.tmp
  • C:\Program Files (x86)\Kigabekac\is-DH48P.tmp
  • C:\Program Files (x86)\Kigabekac\is-LG8GJ.tmp
  • C:\Program Files (x86)\Kigabekac\is-CJCNR.tmp
  • C:\Program Files (x86)\Kigabekac\is-PU05T.tmp
  • C:\Program Files (x86)\Kigabekac\is-OISHU.tmp
  • C:\Program Files (x86)\Kigabekac\is-O458A.tmp
  • C:\Program Files (x86)\Kigabekac\is-N9I75.tmp
  • C:\Program Files (x86)\Kigabekac\is-7B4NV.tmp
  • C:\Program Files (x86)\Kigabekac\is-KIK7F.tmp
  • C:\Program Files (x86)\Kigabekac\is-L3L7C.tmp
  • C:\Program Files (x86)\Kigabekac\is-MUH8J.tmp
  • C:\Program Files (x86)\Kigabekac\is-3024V.tmp
  • C:\Program Files (x86)\Kigabekac\is-ON291.tmp
  • C:\Program Files (x86)\Kigabekac\is-ME0JL.tmp
  • C:\Program Files (x86)\Kigabekac\is-JTO9E.tmp
  • C:\Program Files (x86)\Kigabekac\is-DQOA7.tmp
  • C:\Program Files (x86)\Kigabekac\is-4RV48.tmp
  • C:\Program Files (x86)\Kigabekac\is-F240N.tmp
  • C:\Program Files (x86)\Kigabekac\is-4IIS5.tmp
  • C:\Program Files (x86)\Kigabekac\is-IQEFF.tmp
  • C:\Program Files (x86)\Kigabekac\is-0CIVV.tmp
  • C:\Program Files (x86)\Kigabekac\is-NE17A.tmp
  • C:\Program Files (x86)\Kigabekac\is-95EFG.tmp
  • C:\Program Files (x86)\Kigabekac\is-ETQ1Q.tmp
  • C:\Program Files (x86)\Kigabekac\is-0NIJM.tmp
  • C:\Program Files (x86)\Kigabekac\is-BG6VJ.tmp
  • C:\Program Files (x86)\Kigabekac\is-862PG.tmp
  • C:\Program Files (x86)\Kigabekac\is-V2L7U.tmp
  • C:\Program Files (x86)\Kigabekac\is-I6AUV.tmp
  • C:\Program Files (x86)\Kigabekac\is-OOLV6.tmp
  • C:\Program Files (x86)\Kigabekac\is-GO4FQ.tmp
  • C:\Program Files (x86)\Kigabekac\is-8MQ8P.tmp
  • C:\Program Files (x86)\Kigabekac\is-025P7.tmp
  • C:\Program Files (x86)\Kigabekac\is-PGVN7.tmp
  • C:\Program Files (x86)\Kigabekac\is-SHJ1M.tmp
  • C:\Program Files (x86)\Kigabekac\is-8P342.tmp
  • C:\Program Files (x86)\Kigabekac\is-4RAQD.tmp
  • C:\Program Files (x86)\Kigabekac\is-0U2VU.tmp
  • C:\Program Files (x86)\Kigabekac\is-4O0DU.tmp
  • C:\Program Files (x86)\Kigabekac\is-63C3O.tmp
  • C:\Program Files (x86)\Kigabekac\is-O91IE.tmp
  • C:\Program Files (x86)\Kigabekac\is-H8HVR.tmp
  • C:\Program Files (x86)\Kigabekac\is-32L84.tmp
  • C:\Program Files (x86)\Kigabekac\is-UUF45.tmp
  • C:\Program Files (x86)\Kigabekac\is-RDB1A.tmp
  • C:\Program Files (x86)\Kigabekac\is-0HAHM.tmp
  • C:\Program Files (x86)\Kigabekac\is-OV1UB.tmp
  • C:\Program Files (x86)\Kigabekac\is-G3ODK.tmp
  • C:\Program Files (x86)\Kigabekac\is-QSBV0.tmp
  • C:\Program Files (x86)\Kigabekac\is-E80JG.tmp
  • C:\Program Files (x86)\Kigabekac\is-R6UM7.tmp
  • C:\Program Files (x86)\Kigabekac\is-HE7BN.tmp
  • C:\Program Files (x86)\Kigabekac\unins000.dat
  • C:\Program Files (x86)\Kigabekac\is-K1NPE.tmp
  • C:\Program Files (x86)\Kigabekac\is-5MQKJ.tmp
  • C:\Program Files (x86)\Kigabekac\is-JQTQ5.tmp
  • C:\Program Files (x86)\Kigabekac\is-3E2GF.tmp
  • C:\Program Files (x86)\Kigabekac\is-535GB.tmp
  • C:\Program Files (x86)\Kigabekac\is-NIS20.tmp
  • C:\Program Files (x86)\Kigabekac\is-ITKC6.tmp
  • C:\Program Files (x86)\Kigabekac\is-96917.tmp
  • C:\Program Files (x86)\Kigabekac\is-T7Q53.tmp
  • C:\Program Files (x86)\Kigabekac\is-LHBFQ.tmp
  • C:\Program Files (x86)\Kigabekac\is-1G5PB.tmp
  • C:\Program Files (x86)\Kigabekac\is-K7N9U.tmp
  • C:\Program Files (x86)\Kigabekac\is-AV13L.tmp
  • C:\Program Files (x86)\Kigabekac\is-DQ63L.tmp
  • C:\Program Files (x86)\Kigabekac\is-R0762.tmp
  • C:\Program Files (x86)\Kigabekac\is-7TD7N.tmp
  • C:\Program Files (x86)\Kigabekac\is-1GUDQ.tmp
  • C:\Program Files (x86)\Kigabekac\is-EUMB4.tmp
  • C:\Program Files (x86)\Kigabekac\is-E2DJ3.tmp
  • C:\Program Files (x86)\Kigabekac\is-DOJG1.tmp
  • C:\Program Files (x86)\Kigabekac\is-9AM82.tmp
  • C:\Program Files (x86)\Kigabekac\is-NSGFE.tmp
  • C:\Program Files (x86)\Kigabekac\is-9HS2L.tmp
  • C:\Program Files (x86)\Kigabekac\is-2C3LN.tmp
  • C:\Program Files (x86)\Kigabekac\is-UL1TG.tmp
  • C:\Program Files (x86)\Kigabekac\is-QCRHB.tmp
  • C:\Program Files (x86)\Kigabekac\is-6990A.tmp
  • C:\Program Files (x86)\Kigabekac\is-A5I5B.tmp
  • C:\Program Files (x86)\Kigabekac\is-38H4P.tmp
  • C:\Program Files (x86)\Kigabekac\is-0JOPM.tmp
  • C:\Program Files (x86)\Kigabekac\is-I7VFA.tmp
  • C:\Program Files (x86)\Kigabekac\is-NLNDG.tmp
  • C:\Program Files (x86)\Kigabekac\is-6QB6H.tmp
  • C:\Program Files (x86)\Kigabekac\is-3EJ7Q.tmp
  • C:\Program Files (x86)\Kigabekac\is-I2S9S.tmp
  • C:\Program Files (x86)\Kigabekac\is-E0G3L.tmp
  • C:\Program Files (x86)\Kigabekac\is-J0OQG.tmp
  • C:\Program Files (x86)\Kigabekac\is-INTMJ.tmp
  • C:\Program Files (x86)\Kigabekac\is-LJB9B.tmp
  • C:\Program Files (x86)\Kigabekac\is-1LSAC.tmp
  • C:\Program Files (x86)\Kigabekac\is-IARV8.tmp
  • C:\Program Files (x86)\Kigabekac\is-HH6R3.tmp
  • C:\Program Files (x86)\Kigabekac\is-B8C00.tmp
  • C:\Program Files (x86)\Kigabekac\is-53J70.tmp
  • C:\Program Files (x86)\Kigabekac\is-759RO.tmp
  • C:\Program Files (x86)\Kigabekac\is-L7DDC.tmp
  • C:\Program Files (x86)\Kigabekac\is-8EKLG.tmp
  • C:\Program Files (x86)\Kigabekac\is-O5SNM.tmp
  • C:\Program Files (x86)\Kigabekac\is-INNBN.tmp
  • C:\Program Files (x86)\Kigabekac\is-6P9RS.tmp
  • C:\Program Files (x86)\Kigabekac\is-USVR8.tmp
  • C:\Program Files (x86)\Kigabekac\is-37V2S.tmp
  • C:\Program Files (x86)\Kigabekac\is-RLNSO.tmp
  • C:\Program Files (x86)\Kigabekac\is-IRC25.tmp
  • C:\Program Files (x86)\Kigabekac\is-5BALN.tmp
  • C:\Program Files (x86)\Kigabekac\is-5HEN4.tmp
  • C:\Program Files (x86)\Kigabekac\is-35GA6.tmp
  • C:\Program Files (x86)\Kigabekac\is-0LL76.tmp
  • C:\Program Files (x86)\Kigabekac\is-KKA20.tmp
  • C:\Program Files (x86)\Kigabekac\is-DAPG0.tmp
  • C:\Program Files (x86)\Kigabekac\is-13HQ2.tmp
  • C:\Program Files (x86)\Kigabekac\is-7BKHE.tmp
  • C:\Program Files (x86)\Kigabekac\is-RAOMD.tmp
  • C:\Program Files (x86)\Kigabekac\is-V3GS2.tmp
  • C:\Program Files (x86)\Kigabekac\is-BO6ST.tmp
  • C:\Program Files (x86)\Kigabekac\is-RAJHJ.tmp
  • C:\Program Files (x86)\Kigabekac\is-4MJ4D.tmp
  • C:\Program Files (x86)\Kigabekac\is-DFA7T.tmp
  • C:\Program Files (x86)\Kigabekac\is-B41NQ.tmp
  • C:\Program Files (x86)\Kigabekac\is-JBUV4.tmp
  • C:\Program Files (x86)\Kigabekac\is-AKI79.tmp
  • C:\Program Files (x86)\Kigabekac\is-H9OBA.tmp
  • C:\Program Files (x86)\Kigabekac\is-1IK6B.tmp
  • C:\Program Files (x86)\Kigabekac\is-PQN6C.tmp
  • C:\Program Files (x86)\Kigabekac\is-0LQMG.tmp
  • C:\Program Files (x86)\Kigabekac\is-M9EHT.tmp
  • C:\Program Files (x86)\Kigabekac\is-LDTCQ.tmp
  • C:\Program Files (x86)\Kigabekac\is-V8KQG.tmp
  • C:\Program Files (x86)\Kigabekac\is-FB09Q.tmp
  • C:\Program Files (x86)\Kigabekac\is-KGCBU.tmp
  • C:\Program Files (x86)\Kigabekac\is-VK44L.tmp
  • C:\Program Files (x86)\Kigabekac\is-B1QSM.tmp
  • C:\Program Files (x86)\Kigabekac\is-O0P2D.tmp
  • C:\Program Files (x86)\Kigabekac\is-218N4.tmp
  • C:\Program Files (x86)\Kigabekac\is-BK8HR.tmp
  • C:\Program Files (x86)\Kigabekac\is-K60C3.tmp
  • C:\Program Files (x86)\Kigabekac\is-0L8M2.tmp
  • C:\Program Files (x86)\Kigabekac\is-1VC75.tmp
  • C:\Program Files (x86)\Kigabekac\is-9ANKK.tmp
  • C:\Program Files (x86)\Kigabekac\is-BP581.tmp
  • C:\Program Files (x86)\Kigabekac\is-AP4OR.tmp
  • C:\Program Files (x86)\Kigabekac\is-1PIU8.tmp
  • C:\Program Files (x86)\Kigabekac\is-8PIM3.tmp
  • C:\Program Files (x86)\Kigabekac\is-FNC1F.tmp
  • C:\Program Files (x86)\Kigabekac\is-R31EU.tmp
  • C:\Program Files (x86)\Kigabekac\is-5V1VI.tmp
  • C:\Program Files (x86)\Kigabekac\is-9OJ75.tmp
  • C:\Program Files (x86)\Kigabekac\is-7LHF6.tmp
  • C:\Program Files (x86)\Kigabekac\is-FVG5L.tmp
  • C:\Program Files (x86)\Kigabekac\is-EOJNR.tmp
  • C:\Program Files (x86)\Kigabekac\is-D3HAJ.tmp
File-Opened
  • C:\Windows\System32\en-US\netmsg.dll.mui
  • C:\Windows\SysWOW64\en-US\KERNELBASE.dll.mui
  • C:\Windows\System32\netmsg.dll
  • C:\Users\Harry Dresden\AppData\Local\Temp\33f377c2aeae21ce78f61b13d6984817372debcf.exe
  • C:\Windows\Globalization\Sorting\sortdefault.nls
  • C:\Users\Harry Dresden\Desktop\ADsQOgZZGYDhN.docx
  • C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\en-us\oregres.dll.mui
  • C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\oregres.dll
  • C:\Program Files (x86)\Kigabekac\is-JH27Q.tmp
  • C:\Program Files (x86)\Kigabekac\is-LTEGO.tmp
  • C:\Program Files (x86)\Kigabekac\is-7H7JK.tmp
  • C:\Program Files (x86)\Kigabekac\is-S4JH3.tmp
  • C:\Program Files (x86)\Kigabekac\is-VR7GU.tmp
  • C:\
  • C:\Program Files (x86)\Kigabekac\is-4TTOT.tmp
  • C:\Program Files (x86)\Kigabekac\is-DO7B6.tmp
  • C:\Program Files (x86)\Kigabekac\is-RDCEQ.tmp
  • C:\Program Files (x86)\Kigabekac\is-F240N.tmp
  • C:\Program Files (x86)\Kigabekac\is-PJPB7.tmp
  • C:\Program Files (x86)\Kigabekac\is-68V2N.tmp
  • C:\Windows\System32\en-US\netmsg.dll.mui
  • C:\Program Files (x86)\Kigabekac\is-DNHK2.tmp
  • C:\Program Files (x86)\Kigabekac\is-6RGK8.tmp
  • C:\Program Files (x86)\Kigabekac\is-23E1S.tmp
  • C:\Program Files (x86)\Kigabekac\is-420OK.tmp
  • C:\Program Files (x86)\Kigabekac\is-8QL77.tmp
  • C:\Program Files (x86)\Kigabekac\is-AP2D5.tmp
  • C:\Program Files (x86)\Kigabekac\is-HQ7K1.tmp
  • C:\Windows\System32\netmsg.dll
  • C:\Program Files (x86)\Kigabekac\is-99KM9.tmp
  • C:\Program Files (x86)\Kigabekac\is-C063J.tmp
  • C:\Program Files (x86)\Kigabekac\is-KSHTI.tmp
  • C:\Program Files (x86)\Kigabekac\is-77EK0.tmp
  • C:\Program Files (x86)\Kigabekac\is-BUD2T.tmp
  • C:\Program Files (x86)\Kigabekac\is-L8OV8.tmp
  • C:\Program Files (x86)\Kigabekac\is-FFVED.tmp
  • C:\Program Files (x86)\Kigabekac\is-Q2G03.tmp
  • C:\Program Files (x86)\Kigabekac\is-C057K.tmp
  • C:\Program Files (x86)\Kigabekac\is-07SNC.tmp
  • C:\Program Files (x86)\Kigabekac\is-P9IK5.tmp
  • C:\Program Files (x86)\Kigabekac\is-5O2UG.tmp
  • C:\Program Files (x86)\Kigabekac\is-Q0VAJ.tmp
  • C:\Program Files (x86)\Kigabekac\is-CDT91.tmp
  • C:\Windows\System32\shell32.dll
  • C:\Program Files (x86)\Kigabekac\is-A4EH8.tmp
  • C:\Program Files (x86)\Kigabekac\is-DP0PE.tmp
  • C:\Program Files (x86)\Kigabekac\is-NHQ8C.tmp
  • C:\Program Files (x86)\Kigabekac\is-J74L6.tmp
  • C:\Program Files (x86)\Kigabekac\is-0MCJP.tmp
  • C:\Windows\System32\en-US\imageres.dll.mui
  • C:\Program Files (x86)\Kigabekac\is-V82FE.tmp
  • C:\Program Files (x86)\Kigabekac\is-L241S.tmp
  • C:\Program Files (x86)\Kigabekac\is-I98L7.tmp
  • C:\Users\Harry Dresden\AppData\Local\Temp\is-02R5Q.tmp\33f377c2aeae21ce78f61b13d6984817372debcf.tmp
  • C:\Program Files (x86)\Kigabekac\is-RMCUP.tmp
  • C:\Program Files (x86)\Kigabekac\is-CPE62.tmp
  • C:\Program Files (x86)\Kigabekac\is-AQ1NE.tmp
  • C:\Program Files (x86)\Kigabekac\is-5CJQN.tmp
  • C:\Program Files (x86)\Kigabekac\is-GR62T.tmp
  • C:\Program Files (x86)\Kigabekac\is-N2591.tmp
  • C:\Program Files (x86)\Kigabekac\is-C1QC1.tmp
  • C:\Program Files (x86)\Kigabekac\is-VL6PV.tmp
  • C:\Program Files (x86)\Kigabekac\is-NJGKP.tmp
  • C:\Program Files (x86)\Kigabekac\is-M372L.tmp
  • C:\Windows\Globalization\Sorting\sortdefault.nls
  • C:\Program Files (x86)\Kigabekac\is-QDTJ8.tmp
  • C:\Program Files (x86)\Kigabekac\is-OIC92.tmp
  • C:\Program Files (x86)\Kigabekac\is-BN9EH.tmp
  • C:\Program Files (x86)\Kigabekac\is-0JGUV.tmp
  • C:\Program Files (x86)\Kigabekac\is-P0V57.tmp
  • C:\Program Files (x86)\Kigabekac\is-KIK7F.tmp
  • C:\Program Files (x86)\Kigabekac\is-RU7VN.tmp
  • C:\Program Files (x86)\Kigabekac\is-MS193.tmp
  • C:\Program Files (x86)\Kigabekac\is-8OHFM.tmp
  • C:\Windows\System32\imageres.dll
  • C:\Program Files (x86)\Kigabekac\is-LVQL7.tmp
  • C:\Program Files (x86)\Kigabekac\is-O4VA3.tmp
  • C:\Program Files (x86)\Kigabekac\is-5KKUN.tmp
  • C:\Program Files (x86)\Kigabekac\is-4G0TB.tmp
  • C:\Program Files (x86)\Kigabekac\is-D9LVE.tmp
  • C:\Program Files (x86)\Kigabekac\is-E233G.tmp
  • C:\Program Files (x86)\Kigabekac\is-TKVC1.tmp
  • C:\Program Files (x86)\Kigabekac\is-25L8S.tmp
  • C:\Program Files (x86)\Kigabekac\is-NSGNI.tmp
  • C:\Program Files (x86)\Kigabekac\is-S2UIN.tmp
  • C:\Program Files (x86)\Kigabekac\is-VAK92.tmp
  • C:\Program Files (x86)\Kigabekac\is-60JPM.tmp
  • C:\Program Files (x86)\Kigabekac\is-VUA5T.tmp
  • C:\Program Files (x86)\Kigabekac\is-TITKB.tmp
  • C:\Program Files (x86)\Kigabekac\is-R4ODK.tmp
  • C:\Program Files (x86)\Kigabekac\is-DMOFR.tmp
  • C:\Program Files (x86)\Kigabekac\is-O0H6C.tmp
  • C:\Program Files (x86)\Kigabekac\is-3VMB5.tmp
  • C:\Program Files (x86)\Kigabekac\is-7FCU0.tmp
  • C:\Program Files (x86)\Kigabekac\is-DOQQM.tmp
  • C:\Program Files (x86)\Kigabekac\is-T4RVO.tmp
  • C:\Program Files (x86)\Kigabekac\is-G96SN.tmp
  • C:\Program Files (x86)\Kigabekac\is-OD1AR.tmp
  • C:\Program Files (x86)\Kigabekac\is-M12BD.tmp
  • C:\Program Files (x86)\Kigabekac\is-7SQEV.tmp
  • C:\Program Files (x86)\Kigabekac\is-2KP9V.tmp
  • C:\Program Files (x86)\Kigabekac\is-441RV.tmp
  • C:\Program Files (x86)\Kigabekac\is-JIO3G.tmp
  • C:\Program Files (x86)\Kigabekac\is-ALS65.tmp
  • C:\Program Files (x86)\Kigabekac\is-JA6T9.tmp
  • C:\Program Files (x86)\Kigabekac\is-DH48P.tmp
  • C:\Program Files (x86)\Kigabekac\is-LG8GJ.tmp
  • C:\Program Files (x86)\Kigabekac\is-PU05T.tmp
  • C:\Program Files (x86)\Kigabekac\is-OISHU.tmp
  • C:\Program Files (x86)\Kigabekac\is-O458A.tmp
  • C:\Program Files (x86)\Kigabekac\is-N9I75.tmp
  • C:\Program Files (x86)\Kigabekac\is-7B4NV.tmp
  • C:\Program Files (x86)\Kigabekac\is-39QS6.tmp
  • C:\Program Files (x86)\Kigabekac\is-A95I4.tmp
  • C:\Users\Harry Dresden\AppData\Local\Temp\33f377c2aeae21ce78f61b13d6984817372debcf.exe
  • C:\Program Files (x86)\Kigabekac\is-L3L7C.tmp
  • C:\Program Files (x86)\Kigabekac\is-MUH8J.tmp
  • C:\Program Files (x86)\Kigabekac\is-3024V.tmp
  • C:\Program Files (x86)\Kigabekac\is-ON291.tmp
  • C:\Program Files (x86)\Kigabekac\is-SOTT0.tmp
  • C:\Program Files (x86)\Kigabekac\is-ME0JL.tmp
  • C:\Program Files (x86)\Kigabekac\is-JTO9E.tmp
  • C:\Program Files (x86)\Kigabekac\is-DQOA7.tmp
  • C:\Program Files (x86)\Kigabekac\is-4RV48.tmp
  • C:\Program Files (x86)\Kigabekac\is-CJCNR.tmp
  • C:\Program Files (x86)\Kigabekac\is-4IIS5.tmp
  • C:\Program Files (x86)\Kigabekac\is-IQEFF.tmp
  • C:\Program Files (x86)\Kigabekac\is-0CIVV.tmp
  • C:\Program Files (x86)\Kigabekac\is-NE17A.tmp
  • C:\Program Files (x86)\Kigabekac\is-95EFG.tmp
  • C:\Program Files (x86)\Kigabekac\is-ETQ1Q.tmp
  • C:\Program Files (x86)\Kigabekac\is-0NIJM.tmp
  • C:\Program Files (x86)\Kigabekac\is-BG6VJ.tmp
  • C:\Program Files (x86)\Kigabekac\is-862PG.tmp
  • C:\Program Files (x86)\Kigabekac\is-V2L7U.tmp
  • C:\Program Files (x86)\Kigabekac\is-I6AUV.tmp
  • C:\Program Files (x86)\Kigabekac\is-OOLV6.tmp
  • C:\Windows\SysWOW64\en-US\shell32.dll.mui
  • C:\Program Files (x86)\Kigabekac\is-8MQ8P.tmp
  • C:\Program Files (x86)\Kigabekac\is-025P7.tmp
  • C:\Windows\SysWOW64\en-US\KERNELBASE.dll.mui
  • C:\Program Files (x86)\Kigabekac\is-PGVN7.tmp
  • C:\Program Files (x86)\Kigabekac\is-SHJ1M.tmp
  • C:\Program Files (x86)\Kigabekac\is-8P342.tmp
  • C:\Program Files (x86)\Kigabekac\is-JQTQ5.tmp
  • C:\Program Files (x86)\Kigabekac\is-4RAQD.tmp
  • C:\Program Files (x86)\Kigabekac\is-0U2VU.tmp
  • C:\Program Files (x86)\Kigabekac\is-4O0DU.tmp
  • C:\Program Files (x86)\Kigabekac\is-63C3O.tmp
  • C:\Program Files (x86)\Kigabekac\is-O91IE.tmp
  • C:\Program Files (x86)\Kigabekac\is-H8HVR.tmp
  • C:\Program Files (x86)\Kigabekac\is-32L84.tmp
  • C:\Program Files (x86)\Kigabekac\is-UUF45.tmp
  • C:\Program Files (x86)\Kigabekac\is-RDB1A.tmp
  • C:\Program Files (x86)\Kigabekac\is-0HAHM.tmp
  • C:\Program Files (x86)\Kigabekac\is-OV1UB.tmp
  • C:\Program Files (x86)\Kigabekac\is-G3ODK.tmp
  • C:\Program Files (x86)\Kigabekac\is-QSBV0.tmp
  • C:\Program Files (x86)\Kigabekac\is-E80JG.tmp
  • C:\Program Files (x86)\Kigabekac\is-R6UM7.tmp
  • C:\Program Files (x86)\Kigabekac\is-HE7BN.tmp
  • C:\Program Files (x86)\Kigabekac\is-K1NPE.tmp
  • C:\Program Files (x86)\Kigabekac\is-5MQKJ.tmp
  • C:\Program Files (x86)\Kigabekac\is-K60C3.tmp
  • C:\Program Files (x86)\Kigabekac\is-APRV7.tmp
  • C:\Program Files (x86)\Kigabekac\is-3E2GF.tmp
  • C:\Program Files (x86)\Kigabekac\is-535GB.tmp
  • C:\Program Files (x86)\Kigabekac\is-NIS20.tmp
  • C:\Program Files (x86)\Kigabekac\is-ITKC6.tmp
  • C:\Program Files (x86)\Kigabekac\is-96917.tmp
  • C:\Program Files (x86)\Kigabekac\is-T7Q53.tmp
  • C:\Program Files (x86)\Kigabekac\is-LHBFQ.tmp
  • C:\Program Files (x86)\Kigabekac\is-1G5PB.tmp
  • C:\Program Files (x86)\Kigabekac\is-K7N9U.tmp
  • C:\Program Files (x86)\Kigabekac\is-AV13L.tmp
  • C:\Program Files (x86)\Kigabekac\is-DQ63L.tmp
  • C:\Program Files (x86)\Kigabekac\is-R0762.tmp
  • C:\Program Files (x86)\Kigabekac\is-GO4FQ.tmp
  • C:\Program Files (x86)\Kigabekac\is-7TD7N.tmp
  • C:\Program Files (x86)\Kigabekac\is-1GUDQ.tmp
  • C:\Program Files (x86)\Kigabekac\is-EUMB4.tmp
  • C:\Program Files (x86)\Kigabekac\is-E2DJ3.tmp
  • C:\Program Files (x86)\Kigabekac\is-DOJG1.tmp
  • C:\Program Files (x86)\Kigabekac\is-9AM82.tmp
  • C:\Program Files (x86)\Kigabekac\is-NSGFE.tmp
  • C:\Program Files (x86)\Kigabekac\is-9HS2L.tmp
  • C:\Program Files (x86)\Kigabekac\is-2C3LN.tmp
  • C:\Program Files (x86)\Kigabekac\is-UL1TG.tmp
  • C:\Program Files (x86)\Kigabekac\is-QCRHB.tmp
  • C:\Program Files (x86)\Kigabekac\is-6990A.tmp
  • C:\Program Files (x86)\Kigabekac\is-A5I5B.tmp
  • C:\Program Files (x86)\Kigabekac\is-38H4P.tmp
  • C:\Program Files (x86)\Kigabekac\is-0JOPM.tmp
  • C:\Program Files (x86)\Kigabekac\is-INNBN.tmp
  • C:\Program Files (x86)\Kigabekac\is-NLNDG.tmp
  • C:\Program Files (x86)\Kigabekac\is-6QB6H.tmp
  • C:\Program Files (x86)\Kigabekac\is-3EJ7Q.tmp
  • C:\Program Files (x86)\Kigabekac\is-I2S9S.tmp
  • C:\Program Files (x86)\Kigabekac\is-E0G3L.tmp
  • C:\Program Files (x86)\Kigabekac\is-J0OQG.tmp
  • C:\Program Files (x86)\Kigabekac\is-INTMJ.tmp
  • C:\Program Files (x86)\Kigabekac\is-LJB9B.tmp
  • C:\Program Files (x86)\Kigabekac\is-1LSAC.tmp
  • C:\Program Files (x86)\Kigabekac\is-IARV8.tmp
  • C:\Program Files (x86)\Kigabekac\is-HH6R3.tmp
  • C:\Program Files (x86)\Kigabekac\is-B8C00.tmp
  • C:\Program Files (x86)\Kigabekac\is-53J70.tmp
  • C:\Program Files (x86)\Kigabekac\is-759RO.tmp
  • C:\Program Files (x86)\Kigabekac\is-L7DDC.tmp
  • C:\Program Files (x86)\Kigabekac\is-8EKLG.tmp
  • C:\Program Files (x86)\Kigabekac\is-O5SNM.tmp
  • C:\Program Files (x86)\Kigabekac\is-I7VFA.tmp
  • C:\Program Files (x86)\Kigabekac\is-6P9RS.tmp
  • C:\Program Files (x86)\Kigabekac\is-USVR8.tmp
  • C:\Program Files (x86)\Kigabekac\is-37V2S.tmp
  • C:\Windows\System32
  • C:\Program Files (x86)\Kigabekac\is-RLNSO.tmp
  • C:\Program Files (x86)\Kigabekac\is-IRC25.tmp
  • C:\Program Files (x86)\Kigabekac\is-5BALN.tmp
  • C:\Program Files (x86)\Kigabekac\is-5HEN4.tmp
  • C:\Program Files (x86)\Kigabekac\is-35GA6.tmp
  • C:\Program Files (x86)\Kigabekac\is-0LL76.tmp
  • C:\Program Files (x86)\Kigabekac\is-KKA20.tmp
  • C:\Program Files (x86)\Kigabekac\is-DAPG0.tmp
  • C:\Program Files (x86)\Kigabekac\is-13HQ2.tmp
  • C:\Program Files (x86)\Kigabekac\is-7BKHE.tmp
  • C:\Program Files (x86)\Kigabekac\is-RAOMD.tmp
  • C:\Program Files (x86)\Kigabekac\is-V3GS2.tmp
  • C:\Program Files (x86)\Kigabekac\is-BO6ST.tmp
  • C:\Program Files (x86)\Kigabekac\is-RAJHJ.tmp
  • C:\Program Files (x86)\Kigabekac\is-4MJ4D.tmp
  • C:\Program Files (x86)\Kigabekac\is-DFA7T.tmp
  • C:\Program Files (x86)\Kigabekac\is-B41NQ.tmp
  • C:\Program Files (x86)\Kigabekac\is-JBUV4.tmp
  • C:\Program Files (x86)\Kigabekac\is-AKI79.tmp
  • C:\Program Files (x86)\Kigabekac\is-H9OBA.tmp
  • C:\Program Files (x86)\Kigabekac\is-1IK6B.tmp
  • C:\Program Files (x86)\Kigabekac\is-PQN6C.tmp
  • C:\Program Files (x86)\Kigabekac\is-0LQMG.tmp
  • C:\Program Files (x86)\Kigabekac\is-M9EHT.tmp
  • C:\Program Files (x86)\Kigabekac\is-LDTCQ.tmp
  • C:\Program Files (x86)\Kigabekac\is-V8KQG.tmp
  • C:\Program Files (x86)\Kigabekac\is-FB09Q.tmp
  • C:\Program Files (x86)\Kigabekac\is-KGCBU.tmp
  • C:\Program Files (x86)\Kigabekac\is-VK44L.tmp
  • C:\Program Files (x86)\Kigabekac\is-B1QSM.tmp
  • C:\Program Files (x86)\Kigabekac\is-O0P2D.tmp
  • C:\Program Files (x86)\Kigabekac\is-218N4.tmp
  • C:\Program Files (x86)\Kigabekac\is-QO0S7.tmp
  • C:\Program Files (x86)\Kigabekac\is-BK8HR.tmp
  • C:\Program Files (x86)\Kigabekac\is-AQJUQ.tmp
  • C:\Program Files (x86)\Kigabekac\is-0L8M2.tmp
  • C:\Program Files (x86)\Kigabekac\is-1VC75.tmp
  • C:\Program Files (x86)\Kigabekac\is-9ANKK.tmp
  • C:\Program Files (x86)\Kigabekac\is-BP581.tmp
  • C:\Program Files (x86)\Kigabekac\is-AP4OR.tmp
  • C:\Program Files (x86)\Kigabekac\is-1PIU8.tmp
  • C:\Program Files (x86)\Kigabekac\is-8PIM3.tmp
  • C:\Program Files (x86)\Kigabekac\is-FNC1F.tmp
  • C:\Program Files (x86)\Kigabekac\is-R31EU.tmp
  • C:\Program Files (x86)\Kigabekac\is-5V1VI.tmp
  • C:\Program Files (x86)\Kigabekac\is-9OJ75.tmp
  • C:\Program Files (x86)\Kigabekac\is-7LHF6.tmp
  • C:\Program Files (x86)\Kigabekac\is-FVG5L.tmp
  • C:\Program Files (x86)\Kigabekac\is-EOJNR.tmp
  • C:\Program Files (x86)\Kigabekac\is-D3HAJ.tmp
Directory-Created
  • C:\Users\Harry Dresden\AppData\Local\Temp\is-02R5Q.tmp
  • C:\Users\Harry Dresden
  • C:\Users\Harry Dresden\AppData\Local\Programs
  • C:\Program Files (x86)\Kigabekac
  • C:\Users\Harry Dresden\AppData\Local
  • C:\Users\Harry Dresden\AppData\Local\Programs\Common
  • C:\Users\Harry Dresden\AppData\Local\Temp\is-QCFSE.tmp\_isetup
  • C:\Users\Harry Dresden\AppData\Local\Temp\is-QCFSE.tmp
Directory-Enumerated
  • C:\Users\Harry Dresden\AppData\Local\Temp\is-02R5Q.tmp\33f377c2aeae21ce78f61b13d6984817372debcf.tmp
  • C:\Program Files (x86)\Kigabekac\unins???.*
Registry Key-Opened
  • HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
  • HKEY_LOCAL_MACHINE\Software\Borland\Locales
  • HKEY_CURRENT_USER\Software\Borland\Locales
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\PropertySystem
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\HomeGroup\SharingPreferences\S-1-5-21-3416602863-1947377224-293699093-1003
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\HomeGroup\UIStatusCache
  • HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\HomeGroupProvider\ServiceData
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\HomeGroup\NetworkLocations\Home
  • HKEY_CURRENT_USER\Software
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\NonEnum
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\PropertyBag
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\KnownFolderSettings
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\KnownFolders
  • HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Setup
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-3416602863-1947377224-293699093-1003
  • HKEY_CLASSES_ROOT\Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9}
  • HKEY_LOCAL_MACHINE\Software\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\LanguageProfile\0x00000000\{0001bea3-ed56-483d-a2e2-aeae25577436}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\Compatibility\33f377c2aeae21ce78f61b13d6984817372debcf.tmp
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}
  • HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Explorer
  • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Explorer\AutoComplete
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\KnownClasses
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
  • HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
  • HKEY_LOCAL_MACHINE\Software
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\NonEnum
  • HKEY_LOCAL_MACHINE\Software\Microsoft\RestartManager
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Paths\33f377c2aeae21ce78f61b13d6984817372debcf.tmp
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{BCBD3057-CA5C-4622-B42D-BC56DB0AE516}\PropertyBag
  • HKEY_CLASSES_ROOT\CLSID\{00BB2763-6A77-11D0-A535-00C04FD7D062}\InProcServer32
  • HKEY_LOCAL_MACHINE\System\Setup
  • HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\CurrentVersion\Explorer\AutoComplete
  • HKEY_CLASSES_ROOT\Drive\shellex\FolderExtensions
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Applications\33f377c2aeae21ce78f61b13d6984817372debcf.tmp
  • HKEY_CURRENT_USER\Software\Policies
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Paths\33f377c2aeae21ce78f61b13d6984817372debcf.tmp
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5CD7AEE2-2219-4A67-B85D-6C9CE15660CB}\PropertyBag
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{BCBD3057-CA5C-4622-B42D-BC56DB0AE516}
  • HKEY_CLASSES_ROOT\CLSID\{03C036F1-A186-11D0-824A-00AA005B4383}\InProcServer32
  • HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\PnpLockdownFiles
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\msasn1
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoComplete\Client\
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\PropertyBag
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Icons
  • HKEY_LOCAL_MACHINE\Software\Policies
  • HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoComplete
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Kigabekac_is1
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer
  • HKEY_CURRENT_USER\Control Panel\Desktop
  • HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Explorer
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\FontSubstitutes
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5CD7AEE2-2219-4A67-B85D-6C9CE15660CB}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\AutoComplete
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoComplete
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Kigabekac_is1
Registry Key-Deleted
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Kigabekac_is1
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Kigabekac_is1
Registry Key-Read
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CMF\Config\SYSTEM
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-US
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-US
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsFORPARSING
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}\ShellFolder\NoFileFolderJunction
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}\NOLEGACYWEBVIEW
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\HideFolderVerbs
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\HomeGroup\AutoCreatedInOOBE\AutoCreatedInOOBE
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}\ShellFolder\RestrictedAttributes
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}\{28636AA6-953D-11D2-B5D6-00C04FD918D0} 34
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Word.Document.12\CLSID\(Default)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}\NOTAFILESYSTEM
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}\NOIPROPERTYSTORE
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\QueryForOverlay
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{F4754C9B-64F5-4B40-8AF4-679732AC0607}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\NoFileFolderJunction
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Word.Document.12\IsShortcut
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\CEIPSampledIn
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsParseDisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\UseDropHandler
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}\ShellFolder\QueryForInfoTip
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsAliasedNotifications
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}\ShellFolder\HideFolderVerbs
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}\System.HideOnDesktop
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Pacific Standard Time\Dynamic DST\FirstEntry
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HomeGroupProvider\ServiceData\PeerGroupName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{20D04FE0-3AEA-1069-A2D8-08002B30309D}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}\SortOrderIndex
  • HKEY_CURRENT_USER\Local Settings\MuiCache\48\52C64B7E\@C:\Program Files (x86)\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-123
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}\CTXMENU_XPQCMFLAGS
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\HomeGroup\NetworkLocations\Home\{5F058833-0652-4B15-B7EA-02DD7798ACE8}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}\ShellFolder\Attributes
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\HomeGroup\UIStatusCache\OnlyMember
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\RestrictedAttributes
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}\ShellFolder\HideOnDesktopPerUser
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}\ShellFolder\WantsUniversalDelegate
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.docx\(Default)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}\OTNEEDSSFCACHE
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\HideOnDesktopPerUser
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\HomeGroup\SharingPreferences\S-1-5-21-3416602863-1947377224-293699093-1003\SharingPreferencesApplied
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Word.Document.12\FriendlyTypeName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\HideInWebView
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}\ShellFolder\HasNavigationEnum
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}\CTXMENU_NOVERBS
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}\NEEDSFILESYSANCESTOR
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsFORDISPLAY
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.docx\PerceivedType
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\HomeGroup\UIStatusCache\UIStatus
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}\ShellFolder\MapNetDriveVerbs
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\QueryForInfoTip
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Desktop
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Pacific Standard Time\Dynamic DST\2017
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}\ShellFolder\UseDropHandler
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}\ShellFolder\CallForAttributes
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\Attributes
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\HomeGroup\SharingPreferences\S-1-5-21-3416602863-1947377224-293699093-1003\ShareDocuments
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Pacific Standard Time\Dynamic DST\LastEntry
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} {0000013A-0000-0000-C000-000000000046} 0xFFFF
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\PinToNameSpaceTree
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\HasNavigationEnum
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\.docx\InfoTip
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}\EnableShareDenyNone
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}\PINDLL
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}\InprocServer32\(Default)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\CEIPEnable
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}\ShellFolder\WantsParseDisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}\ShellFolder\HideInWebView
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}\ShellFolder\WantsAliasedNotifications
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\HomeGroup\SharingInProgress\SharingInProgress
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\HomeGroup\SharingPreferences\S-1-5-21-3416602863-1947377224-293699093-1003\ShareMusic
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}\ShellFolder\PinToNameSpaceTree
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\HomeGroup\SharingPreferences\S-1-5-21-3416602863-1947377224-293699093-1003\SharePictures
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}\ShellFolder\WantsFORDISPLAY
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}\ShellFolder\WantsFORPARSING
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}\CTXMENU_LIMITEDQI
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}\NO_WEBVIEW
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}\NEEDSSTORAGEANCESTOR
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\HomeGroup\SharingPreferences\S-1-5-21-3416602863-1947377224-293699093-1003\ShareMediaToAllDevices
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}\InprocServer32\LoadWithoutCOM
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9}\DriveMask
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}\COCREATESHELLFOLDERONLY
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\MapNetDriveVerbs
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\HomeGroup\SharingPreferences\S-1-5-21-3416602863-1947377224-293699093-1003\ShareVideos
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Objects\{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}\UNBINDABLE
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\CallForAttributes
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B4FB3F98-C1EA-428D-A78A-D1F5659CBA93}\ShellFolder\QueryForOverlay
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\PropertySystem\FormatForDisplayHelper
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Word.Document.12\InfoTip
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\MUI\StringCacheSettings\StringCacheGeneration
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\Pacific Standard Time\Dynamic DST\2007
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsUniversalDelegate
  • HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000\Sequence
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Puhagasofe.sor
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Tubasohelose.key
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetFolders
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{BCBD3057-CA5C-4622-B42D-BC56DB0AE516}\Icon
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Kenofode.com
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Renopuma.cpp
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Renopito.ppt
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Gemelat.doc
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Pogalisu.bat
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoComplete\AutoSuggest
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\StreamResourceType
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Bofonana.log
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{BCBD3057-CA5C-4622-B42D-BC56DB0AE516}\StreamResource
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\Stream
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\LocalizedName
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\AccListViewV6
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5CD7AEE2-2219-4A67-B85D-6C9CE15660CB}\InitFolderHandler
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\Attributes
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\Name
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\ParsingName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Mamohisabe.csv
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Puhog.docx
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Penocofine.n
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Bepelebebeke.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Biraca.html
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Pogirof.ror
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Kekoluhamo.html
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Banalogafema.csv
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Pinimufo.doc
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Ferehobep.lum
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsAliasedNotifications
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Dagapuf
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Doneh.wps
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Nihonepofa.jar
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Bosodosadona
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Darapis.rtf
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Fadopose.com
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\InfoTip
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5CD7AEE2-2219-4A67-B85D-6C9CE15660CB}\StreamResourceType
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\ParentFolder
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Dokolepodo.doc
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Kapupamatep.pptx
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Tapanipac.asf
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Kosapes
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Purofopobob.com
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5CD7AEE2-2219-4A67-B85D-6C9CE15660CB}\Security
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Kicema.ppt
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Hapisani.cpp
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Hekata.pps
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\CommonFilesDir
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Durohupahep.csv
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\RegisteredOrganization
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\Attributes
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Pogipafode.mpg
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Kasogat.h
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Tuseh.mp3
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Kumipakerene.csv
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Gosukebe.tex
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-US
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Gocogef.fat
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Famegakaceh.pptx
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Hopara.wav
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Desisesosa.hta
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Ricus.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Bebofenemoc.vob
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\FolderTypeID
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Rilusedibi.odt
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Nahar.wpd
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Cesar.wpd
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\DevicePath
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Samurofa.pif
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5CD7AEE2-2219-4A67-B85D-6C9CE15660CB}\Attributes
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Bokususopa.wma
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Cenopupod
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Hefodem.com
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Reseril.wpd
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Bateg
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Teposoneho.mp3
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Nocopanef.wma
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Nufobolulepe.pif
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Bebogu.bat
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Description
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Dokecisenebu.wpd
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Tukadoc.srt
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Bacet.t
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Detisod.srt
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{00BB2763-6A77-11D0-A535-00C04FD7D062}\InProcServer32\(Default)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{BCBD3057-CA5C-4622-B42D-BC56DB0AE516}\Description
  • HKEY_CURRENT_USER\Control Panel\Desktop\SmoothScroll
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ListviewShadow
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5CD7AEE2-2219-4A67-B85D-6C9CE15660CB}\ParsingName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Gososatak.wpd
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Danetepel.srt
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Dofogorogot.xml
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\{5CD7AEE2-2219-4A67-B85D-6C9CE15660CB}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Barages.rtf
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ListviewAlphaSelect
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Lutocor.pps
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Lubahakipo
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\PublishExpandedPath
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\LanguageProfile\0x00000000\{0001bea3-ed56-483d-a2e2-aeae25577436}\Enable
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Icon
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{BCBD3057-CA5C-4622-B42D-BC56DB0AE516}\Name
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\StreamResource
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Comakecebol.pages
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Rarocepinir.pages
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5CD7AEE2-2219-4A67-B85D-6C9CE15660CB}\InfoTip
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{BCBD3057-CA5C-4622-B42D-BC56DB0AE516}\Roamable
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Bicadunah.cpp
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{BCBD3057-CA5C-4622-B42D-BC56DB0AE516}\LocalizedName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Fohiholigise.mp3
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\SourcePath
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Pidit.pif
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Ratirufabok
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\RestrictedAttributes
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\PreCreate
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Cemepap.wma
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Bakore.n
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Direpiletelo.pif
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\ParentFolder
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Tomaf.mof
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5CD7AEE2-2219-4A67-B85D-6C9CE15660CB}\ParentFolder
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\Roamable
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Tucadora.wav
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5CD7AEE2-2219-4A67-B85D-6C9CE15660CB}\Name
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Bekedodoka.log
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\NoFileFolderJunction
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{20D04FE0-3AEA-1069-A2D8-08002B30309D}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Bubobus.pages
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\{BCBD3057-CA5C-4622-B42D-BC56DB0AE516}
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000409
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Sodurip.pif
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledProcesses\81675387
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Camobiboget.jar
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoCommonGroups
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Nenarug
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Dohasat.docx
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\PinToNameSpaceTree
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Sesarodomup.wav
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{BCBD3057-CA5C-4622-B42D-BC56DB0AE516}\FolderTypeID
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\MachineThrottling
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\LocalRedirectOnly
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Kodikem.asf
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Nogamu.mpg
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Geneb.cpp
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Tefahob.tex
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Dedocame.m3u
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsFORPARSING
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Begirato.html
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Bacomofagec
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\RelativePath
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Kisiho.ppt
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Nicoheras.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Gebaruhucesi
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{BCBD3057-CA5C-4622-B42D-BC56DB0AE516}\ParentFolder
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Kepatipan.tex
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Gagocico.asf
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\ParsingName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Meredok.msg
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Loduhehace.m3u
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Folokeburad.mp3
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Leriler.pages
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Fehenih.l
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Kehopagon.jar
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Mokake.rtf
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5CD7AEE2-2219-4A67-B85D-6C9CE15660CB}\LocalRedirectOnly
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Digisisa.pages
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Monotuto
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Macomeluhe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Dorehukusoc.vob
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoPropertiesMyComputer
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Kolupetenef.rtf
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\InfoTip
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Semotebu.pptx
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\AutoComplete\Client\(Default)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Kahonapekemu.wpd
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Cudihab.mp3
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Lapecocecot.baca
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\unins000.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Lobafofeno.wpd
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoCommonGroups
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoPropertiesMyComputer
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Cebupuraga.bat
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Hohihopotece.m
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoPropertiesRecycleBin
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoComplete\Always Use Tab
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Nihobolen.le
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Fegasere.sdf
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Fedefog.wps
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Polubaloce.mp3
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoControlPanel
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Kanope
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\PreCreate
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{BCBD3057-CA5C-4622-B42D-BC56DB0AE516}\ParsingName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Pepeducetag.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Hasibehin.n
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Kekodomutaga.doc
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Gebemafogeme.mpg
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ProgramFilesDir
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5CD7AEE2-2219-4A67-B85D-6C9CE15660CB}\Stream
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Lemigepuro.html
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Bekebe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5CD7AEE2-2219-4A67-B85D-6C9CE15660CB}\PreCreate
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WaitToKillServiceTimeout
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Gubolugole.pages
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Dapotoki.doc
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsFORDISPLAY
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\CTF\EnableAnchorContext
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\RelativePath
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Tesose.no
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Lenotinegona.msg
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5CD7AEE2-2219-4A67-B85D-6C9CE15660CB}\Description
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoInternetIcon
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Berecofikun.vob
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Rapokebeh.vob
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetFolders
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\Security
  • HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000\RegFiles0001
  • HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000\RegFiles0000
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Kerar.odt
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\MapNetDriveVerbs
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\QueryForInfoTip
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Nisefehimare.koc
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Notoma.tahu
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Kagefafa.rtf
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Koretagof.mpg
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\Enabled
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Lulobubote
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Sanamarat.odt
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Local AppData
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5CD7AEE2-2219-4A67-B85D-6C9CE15660CB}\FolderTypeID
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5CD7AEE2-2219-4A67-B85D-6C9CE15660CB}\Category
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\UseDropHandler
  • HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000\RegProcs0000
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\CommonFilesDir
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Tidebetekige.sdf
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Turab.haru
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Category
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Kulul.mp3
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Gudegis
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Kadepeneh.doc
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Sekudeder.msg
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\PublishExpandedPath
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Roamable
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Rimonesog.wps
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Lepeledemem.asf
  • HKEY_LOCAL_MACHINE\SYSTEM\Setup\SystemSetupInProgress
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{BCBD3057-CA5C-4622-B42D-BC56DB0AE516}\InitFolderHandler
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Nesihaho.pptx
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Natacet.wma
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\HideFolderVerbs
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Lonehe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Hififegoguho.rtf
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{BCBD3057-CA5C-4622-B42D-BC56DB0AE516}\PublishExpandedPath
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Kekupo.sil
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Kefenamegofi.wpd
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Kiteratekar.ciku
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Puhehuseteno.wav
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Bimohipoce.jar
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Lebuser.hta
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{BCBD3057-CA5C-4622-B42D-BC56DB0AE516}\Category
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\RegisteredOwner
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Kefed.log
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Midude.msg
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\HideInWebView
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Lotokasahan.com
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{BCBD3057-CA5C-4622-B42D-BC56DB0AE516}\Attributes
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{BCBD3057-CA5C-4622-B42D-BC56DB0AE516}\Security
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Macipebarok.bat
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\CallForAttributes
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\LocalizedName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Bogosupedat.ppt
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Feren.cpp
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\UseDoubleClickTimer
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Padeso.odt
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Name
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\EnableBalloonTips
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Bececobok.k
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Sulelu.xml
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{BCBD3057-CA5C-4622-B42D-BC56DB0AE516}\LocalRedirectOnly
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Gomecodado.pps
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Tipihefikeh.doc
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-3416602863-1947377224-293699093-1003\ProfileImagePath
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Banolebages
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Hisokibosah.ga
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Saturafodof
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-US
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Fikecoba.asf
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5CD7AEE2-2219-4A67-B85D-6C9CE15660CB}\Icon
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Kafemulehub.bat
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\HasNavigationEnum
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Kimatoros.key
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\GlobalSession
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Borutepedabe.docx
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Gepam.srt
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Pihimamor.m3u
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Raroko.hato
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Dikasog.wav
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Kahugeh
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Kedogehoduk.sdf
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Tosiga.to
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Casolugis.wps
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Kakih
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Dibehepota
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\AutoComplete\Always Use Tab
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Kasiram.p
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Mecumalok.ha
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5CD7AEE2-2219-4A67-B85D-6C9CE15660CB}\PublishExpandedPath
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Docamosip.jar
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Gegakofaro.no
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Tapeson.com
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Dumisadaces.mema
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\InitFolderHandler
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Belolace.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Tahoma
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Nokosa.vob
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{03C036F1-A186-11D0-824A-00AA005B4383}\InProcServer32\(Default)
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoInternetIcon
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\1
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Tufepifalip.hage
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Laditobe.key
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9}\DriveMask
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Pamutolefu.wav
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsUniversalDelegate
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Debabakohoko.srt
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SESSION MANAGER\PendingFileRenameOperations
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Damede.pages
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Kupogon.lata
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\QueryForOverlay
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Puden.msg
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Pasen.log
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Cumiso.docx
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Lihalabofebi
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Patihali.key
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Hibekedefag
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\WantsParseDisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Hufonufo.doc
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Fofet.h
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Cesam.asf
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Relitogen.xml
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Serol.m3u
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\StreamResourceType
  • HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000\RegFilesHash
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Gobikodobeko.key
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5CD7AEE2-2219-4A67-B85D-6C9CE15660CB}\RelativePath
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{BCBD3057-CA5C-4622-B42D-BC56DB0AE516}\StreamResourceType
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\AutoComplete\Append Completion
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoControlPanel
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\AutoComplete\AutoSuggest
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SESSION MANAGER\PendingFileRenameOperations2
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Bogegosaso.tex
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Kenugife.pptx
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{BCBD3057-CA5C-4622-B42D-BC56DB0AE516}\RelativePath
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\InitFolderHandler
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Mamalonocis.cpp
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Tuhoc.odt
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Rimosalem.docx
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Tefahipal.tex
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Fesogefepel.kih
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Galidobot.wav
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Pibunalohop.html
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Sidogunu.doc
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Pebaheka.log
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\StreamResource
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\Icon
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Capetaroro.pps
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Rokurelon.srt
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\FolderTypeID
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Sihoku.pptx
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{BCBD3057-CA5C-4622-B42D-BC56DB0AE516}\InfoTip
  • HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000\RegSvcs0000
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Konoti
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Fogilorecate
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Fukebacag.wma
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Ratalaku.com
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Security
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{BCBD3057-CA5C-4622-B42D-BC56DB0AE516}\PreCreate
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\LocalRedirectOnly
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Tunapofipek.wps
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Ludasahakeno.wma
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Sofafonit.pptx
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\Description
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5CD7AEE2-2219-4A67-B85D-6C9CE15660CB}\LocalizedName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{BCBD3057-CA5C-4622-B42D-BC56DB0AE516}\Stream
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Fitagunu.b
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Stream
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5CD7AEE2-2219-4A67-B85D-6C9CE15660CB}\Roamable
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091}\Category
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Cupeledoco.wav
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Pasates.rtf
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Berabepegi.xml
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Lahehadamonu.geta
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder\HideOnDesktopPerUser
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Panucetakeb.odt
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Mekelagasiri.mp3
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Ludetumot.hta
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5CD7AEE2-2219-4A67-B85D-6C9CE15660CB}\StreamResource
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Mobeca.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Pemodi.pps
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Tedelonecek.wpd
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\FolderDescriptions\{5E6C858F-0E22-4760-9AFE-EA3317B67173}\Attributes
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoPropertiesRecycleBin
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemDrive%\Program Files (x86)\Kigabekac\Meconulap.com
Registry Key-Written
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\HomeGroup\UIStatusCache\OnlyMember
  • HKEY_CURRENT_USER\Local Settings\MuiCache\48\52C64B7E\LanguageList
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\HomeGroup\UIStatusCache\UIStatus
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\HomeGroup\UIStatusCache\ModifierSystem
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\HomeGroup\UIStatusCache\Modifier
  • HKEY_CURRENT_USER\Local Settings\MuiCache\48\52C64B7E\@C:\Program Files (x86)\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-123
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} {0000013A-0000-0000-C000-000000000046} 0xFFFF
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Kigabekac_is1\Inno Setup: Language
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Kigabekac_is1\DisplayVersion
  • HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000\SessionHash
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Kigabekac_is1\EstimatedSize
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Kigabekac_is1\MajorVersion
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Kigabekac_is1\NoRepair
  • HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000\Sequence
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Kigabekac_is1\MinorVersion
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Kigabekac_is1\UninstallString
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Kigabekac_is1\Inno Setup: App Path
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Kigabekac_is1\Inno Setup: Icon Group
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Kigabekac_is1\Inno Setup: User
  • HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000\Owner
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Kigabekac_is1\InstallLocation
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Kigabekac_is1\InstallDate
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Kigabekac_is1\NoModify
  • HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000\RegFilesHash
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Kigabekac_is1\Inno Setup: Setup Version
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Kigabekac_is1\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Kigabekac_is1\QuietUninstallString
  • HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000\RegFiles0000
Mutex-Accessed
  • Local\RstrMgr-3887CAB8-533F-4C85-B0DC-3E5639F8D511-Session0000
  • Local\RstrMgr3887CAB8-533F-4C85-B0DC-3E5639F8D511

Processes

registry filesystem process services network synchronization

C:\Windows\system32\lsass.exe PID: 456, Parent PID: 352

"C:\Users\Harry Dresden\AppData\Local\Temp\33f377c2aeae21ce78f61b13d6984817372debcf.exe" PID: 3308, Parent PID: 128

"C:\Users\HARRYD~1\AppData\Local\Temp\is-02R5Q.tmp\33f377c2aeae21ce78f61b13d6984817372debcf.tmp" /SL5="$F017C,1041812,56832,C:\Users\Harry Dresden\AppData\Local\Temp\33f377c2aeae21ce78f61b13d6984817372debcf.exe" PID: 1844, Parent PID: 3308

C:\Windows\Explorer.EXE PID: 2652, Parent PID: 2596

Volatility

Nothing to display.