MalScore

100/100

MalFamily

Nanocore

IMG2019_0989_8784.exe

Is DLL Packer Anti Debug Anti VM Signed XOR AntiVirus 38/65 Related 2393

File details Download PDF Report
File type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
File size:	1322.50 KB (1354240 bytes)
Compile time:	2019-06-28 12:21:39
MD5:	78e5b56628aed8ac05a46180a7bf1fd9
SHA1:	43494d188f583f97e4c68f8aff308c85e909e19d
SHA256:	154414ca85ebaf5ec3f7c608d96020986e04840f77ff3f2e643e38682728c8aa
Import hash:	f34d5f2d4577ed6d9ceec516c1f5a744
Sections 3	.text .rsrc .reloc
Directories 3	import resource relocation
First submission:	2019-08-20 15:00:06
Last submission:	2019-08-20 15:00:06
Filename detected:	- IMG2019_0989_8784.exe (1)

URL file hosting
hXXp://olairdryport.com/IMG2019_0989_8784.exe

Antivirus Report
Report Date	Detection Ratio	Permalink	Update
2019-08-20 08:52:05	[38/65]

PE Sections 2 suspicious
Name	VAddress	VSize	Size	MD5	SHA1
.text	0x2000	0xee0b0	975360	cb73a5b1e425f6f5eb2f3538072dfd8c	7e80bf9e3663eac14b954ef6454a678d97aefe30
.rsrc	0xf2000	0x5c2c0	377856	95cd708f4f6a5bc258a0e38ced2f36e0	53f041cb3d8fe8efe6f057b4a2b49dba9fed9112
.reloc	0x150000	0xc	512	d73f119a61e1833615d3a9a38ecdea01	39e309c0490d1444f84907dadc4846e544b0dfd9

Meta Info
No Meta found in this file

XOR
No XOR informations found in this file.

Signature
This file isn't digitally signed

Packer(s)
No packers found for this file

File found
FIle type: Object
hhctrl.ocx
FIle type: XML
System.Xml
FIle type: Library
OLEACC.dll
vsassert.dll
ACTIVEDS.dll
KERNEL32.dll
UxTheme.dll
USER32.dll
comdlg32.dll
System.Web.Mobile.dll
shfolder.dll
mqrt.dll
psapi.dll
OLEAUT32.dll
OLEPRO32.DLL
Loadperf.dll
mscoree.dll
GDI32.dll
gdiplus.dll
ntdll.dll
comctl32.dll
SHELL32.dll
ole32.dll
Msi.dll
IMM32.dll
ADVAPI32.dll
VERSION.dll

IP Found
2.8.161.12

URL(s)
http://schemas.microsoft.com/mobile/chtml10template
http://www.wapforum.org/DTD/wml_1.1.xml
http://www.wapforum.org/dtd/wml20.dtd
http://www.wapforum.org/DTD/xhtml-mobile10.dtd
http://www.w3.org/1999/xhtml
file:///
http://go.microsoft.com/fwlink/?LinkId=157231.
http://www.w3.org/TR/xhtml-basic/xhtml-basic10.dtd
http://foo
http://schemas.microsoft.com/mobile/html32template

Behavior analysis details
Machine name	Machine label	Machine manager	Started	Ended	Duration
Seven02_64	Seven02_64	VirtualBox	2019-08-20 14:52:36	2019-08-20 14:55:35	179

17 Behaviors detected by system signatures

Domain Sinkholed or blacklisted Severity: High Confidence: Very High

Alert: Honeypot blocked domain: okenwamothermary.duckdns.org
Alert: Honeypot blocked domain: blessedmoney.duckdns.org

Collects information to fingerprint the system Severity: High Confidence: High

Creates a copy of itself Severity: High Confidence: Very High

copy: C:\Users\Seven01\filename.exe

Exhibits behavior characteristic of Nanocore RAT Severity: High Confidence: Very High

Attempts to remove evidence of file being downloaded from the Internet Severity: High Confidence: Very High

file: C:\Users\Seven01\filename.exe:Zone.Identifier

Uses Windows utilities for basic functionality Severity: Medium Confidence: High

command: "schtasks.exe" /create /f /tn "UPNP Subsystem" /xml "C:\Users\Seven01\AppData\Local\Temp\tmp89F6.tmp"

Anomalous .NET characteristics Severity: Medium Confidence: Very High

anomalous_version: Assembly version is set to 0

The binary likely contains encrypted or compressed data. Severity: Medium Confidence: Very High

section: name: .rsrc, entropy: 7.61, characteristics: IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ, raw_size: 0x0005c400, virtual_size: 0x0005c2c0

A process created a hidden window Severity: Medium Confidence: Very High

Process: RegAsm.exe -> "schtasks.exe" /create /f /tn "UPNP Subsystem" /xml "C:\Users\Seven01\AppData\Local\Temp\tmp89F6.tmp"
Process: svchost.exe -> \\?\C:\Windows\system32\wbem\WMIADAP.EXE

Reads data out of its own binary image Severity: Medium Confidence: Low

self_read: process: RegAsm.exe, pid: 2896, offset: 0x00000000, length: 0x00001000
self_read: process: RegAsm.exe, pid: 2896, offset: 0x00000080, length: 0x00000200
self_read: process: RegAsm.exe, pid: 2896, offset: 0x00000178, length: 0x00000200
self_read: process: RegAsm.exe, pid: 2896, offset: 0x0000a720, length: 0x00000200
self_read: process: RegAsm.exe, pid: 2896, offset: 0x0000a73c, length: 0x00000200

At least one IP Address, Domain, or File Name was found in a crypto call Severity: Medium Confidence: Very High

ioc: v2.0.50727

Dynamic (imported) function loading detected Severity: Medium Confidence: Very High

DynamicLoader: ADVAPI32.dll/RegOpenKeyExW
DynamicLoader: ADVAPI32.dll/RegQueryInfoKeyW
DynamicLoader: ADVAPI32.dll/RegEnumKeyExW
DynamicLoader: ADVAPI32.dll/RegEnumValueW
DynamicLoader: ADVAPI32.dll/RegCloseKey
DynamicLoader: ADVAPI32.dll/RegQueryValueExW
DynamicLoader: ADVAPI32.dll/RegQueryValueExW
DynamicLoader: KERNEL32.dll/FlsAlloc
DynamicLoader: KERNEL32.dll/FlsFree
DynamicLoader: KERNEL32.dll/FlsGetValue
DynamicLoader: KERNEL32.dll/FlsSetValue
DynamicLoader: KERNEL32.dll/InitializeCriticalSectionEx
DynamicLoader: KERNEL32.dll/CreateEventExW
DynamicLoader: KERNEL32.dll/CreateSemaphoreExW
DynamicLoader: KERNEL32.dll/SetThreadStackGuarantee
DynamicLoader: KERNEL32.dll/CreateThreadpoolTimer
DynamicLoader: KERNEL32.dll/SetThreadpoolTimer
DynamicLoader: KERNEL32.dll/WaitForThreadpoolTimerCallbacks
DynamicLoader: KERNEL32.dll/CloseThreadpoolTimer
DynamicLoader: KERNEL32.dll/CreateThreadpoolWait
DynamicLoader: KERNEL32.dll/SetThreadpoolWait
DynamicLoader: KERNEL32.dll/CloseThreadpoolWait
DynamicLoader: KERNEL32.dll/FlushProcessWriteBuffers
DynamicLoader: KERNEL32.dll/FreeLibraryWhenCallbackReturns
DynamicLoader: KERNEL32.dll/GetCurrentProcessorNumber
DynamicLoader: KERNEL32.dll/GetLogicalProcessorInformation
DynamicLoader: KERNEL32.dll/CreateSymbolicLinkW
DynamicLoader: KERNEL32.dll/SetDefaultDllDirectories
DynamicLoader: KERNEL32.dll/EnumSystemLocalesEx
DynamicLoader: KERNEL32.dll/CompareStringEx
DynamicLoader: KERNEL32.dll/GetDateFormatEx
DynamicLoader: KERNEL32.dll/GetLocaleInfoEx
DynamicLoader: KERNEL32.dll/GetTimeFormatEx
DynamicLoader: KERNEL32.dll/GetUserDefaultLocaleName
DynamicLoader: KERNEL32.dll/IsValidLocaleName
DynamicLoader: KERNEL32.dll/LCMapStringEx
DynamicLoader: KERNEL32.dll/GetCurrentPackageId
DynamicLoader: KERNEL32.dll/GetTickCount64
DynamicLoader: KERNEL32.dll/GetFileInformationByHandleExW
DynamicLoader: KERNEL32.dll/SetFileInformationByHandleW
DynamicLoader: ADVAPI32.dll/EventRegister
DynamicLoader: ADVAPI32.dll/EventSetInformation
DynamicLoader: MSCOREE.DLL/
DynamicLoader: ADVAPI32.dll/RegOpenKeyExW
DynamicLoader: ADVAPI32.dll/RegQueryValueExW
DynamicLoader: ADVAPI32.dll/RegCloseKey
DynamicLoader: mscoreei.dll/RegisterShimImplCallback
DynamicLoader: mscoreei.dll/RegisterShimImplCleanupCallback
DynamicLoader: mscoreei.dll/SetShellShimInstance
DynamicLoader: mscoreei.dll/OnShimDllMainCalled
DynamicLoader: mscoreei.dll/_CorExeMain_RetAddr
DynamicLoader: mscoreei.dll/_CorExeMain
DynamicLoader: SHLWAPI.dll/UrlIsW
DynamicLoader: VERSION.dll/GetFileVersionInfoSizeW
DynamicLoader: VERSION.dll/GetFileVersionInfoW
DynamicLoader: VERSION.dll/VerQueryValueW
DynamicLoader: KERNEL32.dll/FlsAlloc
DynamicLoader: KERNEL32.dll/FlsFree
DynamicLoader: KERNEL32.dll/FlsGetValue
DynamicLoader: KERNEL32.dll/FlsSetValue
DynamicLoader: KERNEL32.dll/InitializeCriticalSectionEx
DynamicLoader: KERNEL32.dll/CreateEventExW
DynamicLoader: KERNEL32.dll/CreateSemaphoreExW
DynamicLoader: KERNEL32.dll/SetThreadStackGuarantee
DynamicLoader: KERNEL32.dll/CreateThreadpoolTimer
DynamicLoader: KERNEL32.dll/SetThreadpoolTimer
DynamicLoader: KERNEL32.dll/WaitForThreadpoolTimerCallbacks
DynamicLoader: KERNEL32.dll/CloseThreadpoolTimer
DynamicLoader: KERNEL32.dll/CreateThreadpoolWait
DynamicLoader: KERNEL32.dll/SetThreadpoolWait
DynamicLoader: KERNEL32.dll/CloseThreadpoolWait
DynamicLoader: KERNEL32.dll/FlushProcessWriteBuffers
DynamicLoader: KERNEL32.dll/FreeLibraryWhenCallbackReturns
DynamicLoader: KERNEL32.dll/GetCurrentProcessorNumber
DynamicLoader: KERNEL32.dll/GetLogicalProcessorInformation
DynamicLoader: KERNEL32.dll/CreateSymbolicLinkW
DynamicLoader: KERNEL32.dll/SetDefaultDllDirectories
DynamicLoader: KERNEL32.dll/EnumSystemLocalesEx
DynamicLoader: KERNEL32.dll/CompareStringEx
DynamicLoader: KERNEL32.dll/GetDateFormatEx
DynamicLoader: KERNEL32.dll/GetLocaleInfoEx
DynamicLoader: KERNEL32.dll/GetTimeFormatEx
DynamicLoader: KERNEL32.dll/GetUserDefaultLocaleName
DynamicLoader: KERNEL32.dll/IsValidLocaleName
DynamicLoader: KERNEL32.dll/LCMapStringEx
DynamicLoader: KERNEL32.dll/GetCurrentPackageId
DynamicLoader: KERNEL32.dll/GetTickCount64
DynamicLoader: KERNEL32.dll/GetFileInformationByHandleExW
DynamicLoader: KERNEL32.dll/SetFileInformationByHandleW
DynamicLoader: ADVAPI32.dll/EventSetInformation
DynamicLoader: clr.dll/SetRuntimeInfo
DynamicLoader: clr.dll/_CorExeMain
DynamicLoader: MSCOREE.DLL/CreateConfigStream
DynamicLoader: mscoreei.dll/CreateConfigStream_RetAddr
DynamicLoader: mscoreei.dll/CreateConfigStream
DynamicLoader: KERNEL32.dll/GetNumaHighestNodeNumber
DynamicLoader: KERNEL32.dll/FlsSetValue
DynamicLoader: KERNEL32.dll/FlsGetValue
DynamicLoader: KERNEL32.dll/FlsAlloc
DynamicLoader: KERNEL32.dll/FlsFree
DynamicLoader: KERNEL32.dll/GetSystemWindowsDirectoryW
DynamicLoader: ADVAPI32.dll/AllocateAndInitializeSid
DynamicLoader: ADVAPI32.dll/OpenProcessToken
DynamicLoader: ADVAPI32.dll/GetTokenInformation
DynamicLoader: ADVAPI32.dll/InitializeAcl
DynamicLoader: ADVAPI32.dll/AddAccessAllowedAce
DynamicLoader: ADVAPI32.dll/FreeSid
DynamicLoader: ADVAPI32.dll/AllocateAndInitializeSid
DynamicLoader: ADVAPI32.dll/OpenProcessToken
DynamicLoader: ADVAPI32.dll/GetTokenInformation
DynamicLoader: ADVAPI32.dll/InitializeAcl
DynamicLoader: ADVAPI32.dll/AddAccessAllowedAce
DynamicLoader: ADVAPI32.dll/FreeSid
DynamicLoader: KERNEL32.dll/AddSIDToBoundaryDescriptor
DynamicLoader: KERNEL32.dll/CreateBoundaryDescriptorW
DynamicLoader: KERNEL32.dll/CreatePrivateNamespaceW
DynamicLoader: KERNEL32.dll/OpenPrivateNamespaceW
DynamicLoader: ADVAPI32.dll/AllocateAndInitializeSid
DynamicLoader: ADVAPI32.dll/OpenProcessToken
DynamicLoader: ADVAPI32.dll/GetTokenInformation
DynamicLoader: ADVAPI32.dll/InitializeAcl
DynamicLoader: ADVAPI32.dll/AddAccessAllowedAce
DynamicLoader: ADVAPI32.dll/FreeSid
DynamicLoader: KERNEL32.dll/DeleteBoundaryDescriptor
DynamicLoader: KERNEL32.dll/WerRegisterRuntimeExceptionModule
DynamicLoader: KERNEL32.dll/RaiseException
DynamicLoader: MSCOREE.DLL/
DynamicLoader: mscoreei.dll/
DynamicLoader: KERNELBASE.dll/SetSystemFileCacheSize
DynamicLoader: ntdll.dll/NtSetSystemInformation
DynamicLoader: KERNELBASE.dll/PrivIsDllSynchronizationHeld
DynamicLoader: KERNEL32.dll/AddDllDirectory
DynamicLoader: KERNEL32.dll/SortGetHandle
DynamicLoader: KERNEL32.dll/SortCloseHandle
DynamicLoader: KERNEL32.dll/GetNativeSystemInfo
DynamicLoader: ole32.dll/CoInitializeEx
DynamicLoader: CRYPTBASE.dll/SystemFunction036
DynamicLoader: ole32.dll/CoGetContextToken
DynamicLoader: clrjit.dll/sxsJitStartup
DynamicLoader: clrjit.dll/getJit
DynamicLoader: KERNEL32.dll/GetNativeSystemInfo
DynamicLoader: KERNEL32.dll/GetNativeSystemInfo
DynamicLoader: KERNEL32.dll/GetNativeSystemInfo
DynamicLoader: KERNEL32.dll/GetNativeSystemInfo
DynamicLoader: KERNEL32.dll/GetNativeSystemInfo
DynamicLoader: KERNEL32.dll/GetNativeSystemInfo
DynamicLoader: MSCOREE.DLL/GetProcessExecutableHeap
DynamicLoader: mscoreei.dll/GetProcessExecutableHeap_RetAddr
DynamicLoader: mscoreei.dll/GetProcessExecutableHeap
DynamicLoader: KERNEL32.dll/FindResource
DynamicLoader: KERNEL32.dll/FindResourceA
DynamicLoader: KERNEL32.dll/SizeofResource
DynamicLoader: KERNEL32.dll/LoadResource
DynamicLoader: KERNEL32.dll/LockResource
DynamicLoader: KERNEL32.dll/LCIDToLocaleName
DynamicLoader: KERNEL32.dll/GetLocaleInfoEx
DynamicLoader: KERNEL32.dll/LocaleNameToLCID
DynamicLoader: KERNEL32.dll/GetUserDefaultLocaleName
DynamicLoader: KERNEL32.dll/GetUserPreferredUILanguages
DynamicLoader: SHELL32.dll/SHGetFolderPath
DynamicLoader: SHELL32.dll/SHGetFolderPathW
DynamicLoader: ole32.dll/CoTaskMemAlloc
DynamicLoader: ole32.dll/CoTaskMemFree
DynamicLoader: KERNEL32.dll/GetFullPathName
DynamicLoader: KERNEL32.dll/GetFullPathNameW
DynamicLoader: KERNEL32.dll/SetThreadErrorMode
DynamicLoader: KERNEL32.dll/GetFileAttributesEx
DynamicLoader: KERNEL32.dll/GetFileAttributesExW
DynamicLoader: KERNEL32.dll/CopyFile
DynamicLoader: KERNEL32.dll/CopyFileW
DynamicLoader: KERNEL32.dll/DeleteFile
DynamicLoader: KERNEL32.dll/DeleteFileA
DynamicLoader: KERNEL32.dll/WideCharToMultiByte
DynamicLoader: KERNEL32.dll/VirtualAlloc
DynamicLoader: KERNEL32.dll/LocalAlloc
DynamicLoader: ADVAPI32.dll/CryptAcquireContextW
DynamicLoader: ADVAPI32.dll/CryptCreateHash
DynamicLoader: ADVAPI32.dll/CryptDecrypt
DynamicLoader: ADVAPI32.dll/CryptDeriveKey
DynamicLoader: ADVAPI32.dll/CryptDestroyHash
DynamicLoader: ADVAPI32.dll/CryptDestroyKey
DynamicLoader: ADVAPI32.dll/CryptHashData
DynamicLoader: ADVAPI32.dll/CryptReleaseContext
DynamicLoader: USER32.dll/MessageBoxA
DynamicLoader: ole32.dll/CoInitializeEx
DynamicLoader: ole32.dll/CoCreateInstance
DynamicLoader: KERNEL32.dll/CreateMutexW
DynamicLoader: apphelp.dll/ApphelpCheckRunAppEx
DynamicLoader: apphelp.dll/ApphelpQueryModuleDataEx
DynamicLoader: apphelp.dll/ApphelpParseModuleData
DynamicLoader: apphelp.dll/ApphelpCreateAppcompatData
DynamicLoader: apphelp.dll/SdbInitDatabaseEx
DynamicLoader: apphelp.dll/SdbReleaseDatabase
DynamicLoader: apphelp.dll/SdbUnpackAppCompatData
DynamicLoader: apphelp.dll/SdbQueryContext
DynamicLoader: KERNEL32.dll/GetCurrentProcess
DynamicLoader: ADVAPI32.dll/GetKernelObjectSecurity
DynamicLoader: ADVAPI32.dll/LookupPrivilegeValue
DynamicLoader: ADVAPI32.dll/LookupPrivilegeValueW
DynamicLoader: KERNEL32.dll/GetCurrentProcess
DynamicLoader: ADVAPI32.dll/OpenProcessToken
DynamicLoader: ADVAPI32.dll/OpenProcessTokenW
DynamicLoader: ADVAPI32.dll/AdjustTokenPrivileges
DynamicLoader: ADVAPI32.dll/AdjustTokenPrivilegesW
DynamicLoader: KERNEL32.dll/CloseHandle
DynamicLoader: ntdll.dll/NtQuerySystemInformation
DynamicLoader: ntdll.dll/NtQuerySystemInformationW
DynamicLoader: KERNEL32.dll/GetCurrentProcessId
DynamicLoader: KERNEL32.dll/GetCurrentProcessIdW
DynamicLoader: KERNEL32.dll/OpenThread
DynamicLoader: ADVAPI32.dll/SetKernelObjectSecurity
DynamicLoader: ADVAPI32.dll/RegOpenKeyExW
DynamicLoader: ADVAPI32.dll/RegQueryInfoKeyW
DynamicLoader: ADVAPI32.dll/RegEnumKeyExW
DynamicLoader: ADVAPI32.dll/RegEnumValueW
DynamicLoader: ADVAPI32.dll/RegCloseKey
DynamicLoader: ADVAPI32.dll/RegQueryValueExW
DynamicLoader: ADVAPI32.dll/RegQueryValueExW
DynamicLoader: KERNEL32.dll/FlsAlloc
DynamicLoader: KERNEL32.dll/FlsFree
DynamicLoader: KERNEL32.dll/FlsGetValue
DynamicLoader: KERNEL32.dll/FlsSetValue
DynamicLoader: KERNEL32.dll/InitializeCriticalSectionEx
DynamicLoader: KERNEL32.dll/CreateEventExW
DynamicLoader: KERNEL32.dll/CreateSemaphoreExW
DynamicLoader: KERNEL32.dll/SetThreadStackGuarantee
DynamicLoader: KERNEL32.dll/CreateThreadpoolTimer
DynamicLoader: KERNEL32.dll/SetThreadpoolTimer
DynamicLoader: KERNEL32.dll/WaitForThreadpoolTimerCallbacks
DynamicLoader: KERNEL32.dll/CloseThreadpoolTimer
DynamicLoader: KERNEL32.dll/CreateThreadpoolWait
DynamicLoader: KERNEL32.dll/SetThreadpoolWait
DynamicLoader: KERNEL32.dll/CloseThreadpoolWait
DynamicLoader: KERNEL32.dll/FlushProcessWriteBuffers
DynamicLoader: KERNEL32.dll/FreeLibraryWhenCallbackReturns
DynamicLoader: KERNEL32.dll/GetCurrentProcessorNumber
DynamicLoader: KERNEL32.dll/GetLogicalProcessorInformation
DynamicLoader: KERNEL32.dll/CreateSymbolicLinkW
DynamicLoader: KERNEL32.dll/SetDefaultDllDirectories
DynamicLoader: KERNEL32.dll/EnumSystemLocalesEx
DynamicLoader: KERNEL32.dll/CompareStringEx
DynamicLoader: KERNEL32.dll/GetDateFormatEx
DynamicLoader: KERNEL32.dll/GetLocaleInfoEx
DynamicLoader: KERNEL32.dll/GetTimeFormatEx
DynamicLoader: KERNEL32.dll/GetUserDefaultLocaleName
DynamicLoader: KERNEL32.dll/IsValidLocaleName
DynamicLoader: KERNEL32.dll/LCMapStringEx
DynamicLoader: KERNEL32.dll/GetCurrentPackageId
DynamicLoader: KERNEL32.dll/GetTickCount64
DynamicLoader: KERNEL32.dll/GetFileInformationByHandleExW
DynamicLoader: KERNEL32.dll/SetFileInformationByHandleW
DynamicLoader: ADVAPI32.dll/EventRegister
DynamicLoader: ADVAPI32.dll/EventSetInformation
DynamicLoader: MSCOREE.DLL/
DynamicLoader: ADVAPI32.dll/RegOpenKeyExW
DynamicLoader: ADVAPI32.dll/RegQueryValueExW
DynamicLoader: ADVAPI32.dll/RegCloseKey
DynamicLoader: mscoreei.dll/RegisterShimImplCallback
DynamicLoader: mscoreei.dll/RegisterShimImplCleanupCallback
DynamicLoader: mscoreei.dll/SetShellShimInstance
DynamicLoader: mscoreei.dll/OnShimDllMainCalled
DynamicLoader: mscoreei.dll/_CorExeMain_RetAddr
DynamicLoader: mscoreei.dll/_CorExeMain
DynamicLoader: SHLWAPI.dll/UrlIsW
DynamicLoader: KERNEL32.dll/GetNativeSystemInfo
DynamicLoader: VERSION.dll/GetFileVersionInfoSizeW
DynamicLoader: VERSION.dll/GetFileVersionInfoW
DynamicLoader: VERSION.dll/VerQueryValueW
DynamicLoader: KERNEL32.dll/FlsAlloc
DynamicLoader: KERNEL32.dll/FlsGetValue
DynamicLoader: KERNEL32.dll/FlsSetValue
DynamicLoader: KERNEL32.dll/FlsFree
DynamicLoader: KERNEL32.dll/InitializeCriticalSectionAndSpinCount
DynamicLoader: KERNEL32.dll/IsProcessorFeaturePresent
DynamicLoader: msvcrt.dll/_set_error_mode
DynamicLoader: msvcrt.dll/?set_terminate@@YAP6AXXZP6AXXZ@Z
DynamicLoader: msvcrt.dll/_get_terminate
DynamicLoader: KERNEL32.dll/FindActCtxSectionStringW
DynamicLoader: KERNEL32.dll/GetSystemWindowsDirectoryW
DynamicLoader: MSCOREE.DLL/GetProcessExecutableHeap
DynamicLoader: mscoreei.dll/GetProcessExecutableHeap_RetAddr
DynamicLoader: mscoreei.dll/GetProcessExecutableHeap
DynamicLoader: mscorwks.dll/SetLoadedByMscoree
DynamicLoader: mscorwks.dll/_CorExeMain
DynamicLoader: mscorwks.dll/GetCLRFunction
DynamicLoader: ADVAPI32.dll/RegisterTraceGuidsW
DynamicLoader: ADVAPI32.dll/UnregisterTraceGuids
DynamicLoader: ADVAPI32.dll/GetTraceLoggerHandle
DynamicLoader: ADVAPI32.dll/GetTraceEnableLevel
DynamicLoader: ADVAPI32.dll/GetTraceEnableFlags
DynamicLoader: ADVAPI32.dll/TraceEvent
DynamicLoader: MSCOREE.DLL/IEE
DynamicLoader: mscoreei.dll/IEE_RetAddr
DynamicLoader: mscoreei.dll/IEE
DynamicLoader: mscorwks.dll/IEE
DynamicLoader: MSCOREE.DLL/GetStartupFlags
DynamicLoader: mscoreei.dll/GetStartupFlags_RetAddr
DynamicLoader: mscoreei.dll/GetStartupFlags
DynamicLoader: MSCOREE.DLL/GetHostConfigurationFile
DynamicLoader: mscoreei.dll/GetHostConfigurationFile_RetAddr
DynamicLoader: mscoreei.dll/GetHostConfigurationFile
DynamicLoader: mscoreei.dll/GetCORVersion_RetAddr
DynamicLoader: mscoreei.dll/GetCORVersion
DynamicLoader: MSCOREE.DLL/GetCORSystemDirectory
DynamicLoader: mscoreei.dll/GetCORSystemDirectory_RetAddr
DynamicLoader: mscoreei.dll/CreateConfigStream_RetAddr
DynamicLoader: mscoreei.dll/CreateConfigStream
DynamicLoader: ntdll.dll/RtlUnwind
DynamicLoader: KERNEL32.dll/IsWow64Process
DynamicLoader: KERNEL32.dll/GetSystemWindowsDirectoryW
DynamicLoader: ADVAPI32.dll/AllocateAndInitializeSid
DynamicLoader: ADVAPI32.dll/OpenProcessToken
DynamicLoader: ADVAPI32.dll/GetTokenInformation
DynamicLoader: ADVAPI32.dll/InitializeAcl
DynamicLoader: ADVAPI32.dll/AddAccessAllowedAce
DynamicLoader: ADVAPI32.dll/FreeSid
DynamicLoader: ADVAPI32.dll/AllocateAndInitializeSid
DynamicLoader: ADVAPI32.dll/OpenProcessToken
DynamicLoader: ADVAPI32.dll/GetTokenInformation
DynamicLoader: ADVAPI32.dll/InitializeAcl
DynamicLoader: ADVAPI32.dll/AddAccessAllowedAce
DynamicLoader: ADVAPI32.dll/FreeSid
DynamicLoader: KERNEL32.dll/SetThreadStackGuarantee
DynamicLoader: KERNEL32.dll/FlsSetValue
DynamicLoader: KERNEL32.dll/FlsGetValue
DynamicLoader: KERNEL32.dll/FlsAlloc
DynamicLoader: KERNEL32.dll/FlsFree
DynamicLoader: KERNEL32.dll/AddVectoredContinueHandler
DynamicLoader: KERNEL32.dll/RemoveVectoredContinueHandler
DynamicLoader: ADVAPI32.dll/ConvertSidToStringSidW
DynamicLoader: SHELL32.dll/SHGetFolderPathW
DynamicLoader: KERNEL32.dll/FlushProcessWriteBuffers
DynamicLoader: KERNEL32.dll/GetWriteWatch
DynamicLoader: KERNEL32.dll/ResetWriteWatch
DynamicLoader: KERNEL32.dll/CreateMemoryResourceNotification
DynamicLoader: KERNEL32.dll/QueryMemoryResourceNotification
DynamicLoader: ole32.dll/CoInitializeEx
DynamicLoader: CRYPTBASE.dll/SystemFunction036
DynamicLoader: UxTheme.dll/ThemeInitApiHook
DynamicLoader: USER32.dll/IsProcessDPIAware
DynamicLoader: KERNEL32.dll/QueryActCtxW
DynamicLoader: ole32.dll/CoGetContextToken
DynamicLoader: KERNEL32.dll/GetFullPathName
DynamicLoader: KERNEL32.dll/GetFullPathNameW
DynamicLoader: KERNEL32.dll/GetVersionEx
DynamicLoader: KERNEL32.dll/GetVersionExW
DynamicLoader: KERNEL32.dll/GetVersionEx
DynamicLoader: KERNEL32.dll/GetVersionExW
DynamicLoader: ADVAPI32.dll/CryptAcquireContextA
DynamicLoader: ADVAPI32.dll/CryptReleaseContext
DynamicLoader: ADVAPI32.dll/CryptCreateHash
DynamicLoader: ADVAPI32.dll/CryptDestroyHash
DynamicLoader: ADVAPI32.dll/CryptHashData
DynamicLoader: ADVAPI32.dll/CryptGetHashParam
DynamicLoader: ADVAPI32.dll/CryptImportKey
DynamicLoader: ADVAPI32.dll/CryptExportKey
DynamicLoader: ADVAPI32.dll/CryptGenKey
DynamicLoader: ADVAPI32.dll/CryptGetKeyParam
DynamicLoader: ADVAPI32.dll/CryptDestroyKey
DynamicLoader: ADVAPI32.dll/CryptVerifySignatureA
DynamicLoader: ADVAPI32.dll/CryptSignHashA
DynamicLoader: ADVAPI32.dll/CryptGetProvParam
DynamicLoader: ADVAPI32.dll/CryptGetUserKey
DynamicLoader: ADVAPI32.dll/CryptEnumProvidersA
DynamicLoader: MSCOREE.DLL/GetMetaDataInternalInterface
DynamicLoader: mscoreei.dll/GetMetaDataInternalInterface_RetAddr
DynamicLoader: mscoreei.dll/GetMetaDataInternalInterface
DynamicLoader: mscorwks.dll/GetMetaDataInternalInterface
DynamicLoader: CRYPTSP.dll/CryptAcquireContextA
DynamicLoader: CRYPTSP.dll/CryptImportKey
DynamicLoader: CRYPTSP.dll/CryptCreateHash
DynamicLoader: CRYPTSP.dll/CryptHashData
DynamicLoader: CRYPTSP.dll/CryptVerifySignatureA
DynamicLoader: CRYPTSP.dll/CryptDestroyHash
DynamicLoader: CRYPTSP.dll/CryptDestroyKey
DynamicLoader: mscorjit.dll/getJit
DynamicLoader: KERNEL32.dll/IsWow64Process
DynamicLoader: KERNEL32.dll/GetUserDefaultUILanguage
DynamicLoader: USER32.dll/RegisterWindowMessage
DynamicLoader: USER32.dll/RegisterWindowMessageW
DynamicLoader: USER32.dll/GetSystemMetrics
DynamicLoader: USER32.dll/AdjustWindowRectEx
DynamicLoader: KERNEL32.dll/GetCurrentProcess
DynamicLoader: KERNEL32.dll/GetCurrentThread
DynamicLoader: KERNEL32.dll/DuplicateHandle
DynamicLoader: KERNEL32.dll/GetCurrentThreadId
DynamicLoader: KERNEL32.dll/lstrlen
DynamicLoader: KERNEL32.dll/lstrlenW
DynamicLoader: KERNEL32.dll/GetModuleHandle
DynamicLoader: KERNEL32.dll/GetModuleHandleW
DynamicLoader: KERNEL32.dll/GetProcAddress
DynamicLoader: USER32.dll/DefWindowProcW
DynamicLoader: GDI32.dll/GetStockObject
DynamicLoader: USER32.dll/RegisterClass
DynamicLoader: USER32.dll/RegisterClassW
DynamicLoader: ole32.dll/CoTaskMemAlloc
DynamicLoader: ole32.dll/CoTaskMemFree
DynamicLoader: USER32.dll/CreateWindowEx
DynamicLoader: USER32.dll/CreateWindowExW
DynamicLoader: USER32.dll/SetWindowLong
DynamicLoader: USER32.dll/SetWindowLongW
DynamicLoader: USER32.dll/GetWindowLong
DynamicLoader: USER32.dll/GetWindowLongW
DynamicLoader: ADVAPI32.dll/RegCloseKey
DynamicLoader: ADVAPI32.dll/RegOpenKeyEx
DynamicLoader: ADVAPI32.dll/RegOpenKeyExW
DynamicLoader: ADVAPI32.dll/RegQueryValueEx
DynamicLoader: ADVAPI32.dll/RegQueryValueExW
DynamicLoader: USER32.dll/SetWindowLong
DynamicLoader: USER32.dll/SetWindowLongW
DynamicLoader: USER32.dll/CallWindowProc
DynamicLoader: USER32.dll/CallWindowProcW
DynamicLoader: USER32.dll/GetClientRect
DynamicLoader: USER32.dll/GetWindowRect
DynamicLoader: USER32.dll/GetParent
DynamicLoader: UxTheme.dll/IsAppThemed
DynamicLoader: UxTheme.dll/IsAppThemedW
DynamicLoader: KERNEL32.dll/CreateActCtx
DynamicLoader: KERNEL32.dll/CreateActCtxA
DynamicLoader: KERNEL32.dll/GetCurrentActCtx
DynamicLoader: KERNEL32.dll/ActivateActCtx
DynamicLoader: dwmapi.dll/DwmIsCompositionEnabled
DynamicLoader: USER32.dll/GetWindowTextLength
DynamicLoader: USER32.dll/GetWindowTextLengthW
DynamicLoader: USER32.dll/GetWindowText
DynamicLoader: USER32.dll/GetWindowTextW
DynamicLoader: USER32.dll/GetProcessWindowStation
DynamicLoader: USER32.dll/GetUserObjectInformation
DynamicLoader: USER32.dll/GetUserObjectInformationA
DynamicLoader: KERNEL32.dll/SetConsoleCtrlHandler
DynamicLoader: KERNEL32.dll/SetConsoleCtrlHandlerW
DynamicLoader: KERNEL32.dll/GetModuleHandle
DynamicLoader: KERNEL32.dll/GetModuleHandleW
DynamicLoader: USER32.dll/GetClassInfo
DynamicLoader: USER32.dll/GetClassInfoW
DynamicLoader: USER32.dll/RegisterClass
DynamicLoader: USER32.dll/RegisterClassW
DynamicLoader: USER32.dll/CreateWindowEx
DynamicLoader: USER32.dll/CreateWindowExW
DynamicLoader: USER32.dll/DefWindowProc
DynamicLoader: USER32.dll/DefWindowProcW
DynamicLoader: KERNEL32.dll/GetStartupInfo
DynamicLoader: KERNEL32.dll/GetStartupInfoW
DynamicLoader: USER32.dll/GetWindowPlacement
DynamicLoader: USER32.dll/GetSystemMetrics
DynamicLoader: USER32.dll/GetDC
DynamicLoader: GDI32.dll/GetDeviceCaps
DynamicLoader: USER32.dll/ReleaseDC
DynamicLoader: USER32.dll/CreateIconFromResourceEx
DynamicLoader: USER32.dll/SendMessage
DynamicLoader: USER32.dll/SendMessageW
DynamicLoader: USER32.dll/GetSystemMenu
DynamicLoader: USER32.dll/EnableMenuItem
DynamicLoader: USER32.dll/SendMessage
DynamicLoader: USER32.dll/SendMessageW
DynamicLoader: USER32.dll/SetWindowPos
DynamicLoader: USER32.dll/RedrawWindow
DynamicLoader: USER32.dll/ShowWindow
DynamicLoader: USER32.dll/SendMessage
DynamicLoader: USER32.dll/SendMessageW
DynamicLoader: USER32.dll/GetWindowThreadProcessId
DynamicLoader: USER32.dll/PostMessage
DynamicLoader: USER32.dll/PostMessageW
DynamicLoader: ole32.dll/OleInitialize
DynamicLoader: ole32.dll/CoRegisterMessageFilter
DynamicLoader: USER32.dll/PeekMessage
DynamicLoader: USER32.dll/PeekMessageW
DynamicLoader: USER32.dll/IsWindowUnicode
DynamicLoader: USER32.dll/GetMessageW
DynamicLoader: USER32.dll/TranslateMessage
DynamicLoader: USER32.dll/DispatchMessageW
DynamicLoader: USER32.dll/GetFocus
DynamicLoader: KERNEL32.dll/GetModuleFileName
DynamicLoader: KERNEL32.dll/GetModuleFileNameW
DynamicLoader: KERNEL32.dll/SetCurrentDirectory
DynamicLoader: KERNEL32.dll/SetCurrentDirectoryW
DynamicLoader: KERNEL32.dll/FindResourceEx
DynamicLoader: KERNEL32.dll/FindResourceExA
DynamicLoader: KERNEL32.dll/LoadResource
DynamicLoader: KERNEL32.dll/SizeofResource
DynamicLoader: KERNEL32.dll/LockResource
DynamicLoader: CRYPTSP.dll/CryptAcquireContextW
DynamicLoader: bcrypt.dll/BCryptGetFipsAlgorithmMode
DynamicLoader: CRYPTSP.dll/CryptGetHashParam
DynamicLoader: CRYPTSP.dll/CryptGetProvParam
DynamicLoader: CRYPTSP.dll/CryptSetKeyParam
DynamicLoader: CRYPTSP.dll/CryptDecrypt
DynamicLoader: CRYPTSP.dll/CryptEncrypt
DynamicLoader: KERNEL32.dll/ReleaseMutex
DynamicLoader: KERNEL32.dll/CreateMutex
DynamicLoader: KERNEL32.dll/CreateMutexW
DynamicLoader: KERNEL32.dll/CloseHandle
DynamicLoader: ADVAPI32.dll/RegOpenKeyEx
DynamicLoader: ADVAPI32.dll/RegOpenKeyExA
DynamicLoader: ADVAPI32.dll/RegQueryValueEx
DynamicLoader: ADVAPI32.dll/RegQueryValueExA
DynamicLoader: ADVAPI32.dll/RegCloseKey
DynamicLoader: ADVAPI32.dll/RegQueryValueEx
DynamicLoader: ADVAPI32.dll/RegQueryValueExW
DynamicLoader: KERNEL32.dll/GetCurrentProcess
DynamicLoader: shfolder.dll/SHGetFolderPath
DynamicLoader: shfolder.dll/SHGetFolderPathW
DynamicLoader: KERNEL32.dll/SetErrorMode
DynamicLoader: KERNEL32.dll/GetFileAttributesEx
DynamicLoader: KERNEL32.dll/GetFileAttributesExW
DynamicLoader: KERNEL32.dll/CreateDirectory
DynamicLoader: KERNEL32.dll/CreateDirectoryW
DynamicLoader: KERNEL32.dll/CreateFile
DynamicLoader: KERNEL32.dll/CreateFileW
DynamicLoader: KERNEL32.dll/GetFileType
DynamicLoader: KERNEL32.dll/WriteFile
DynamicLoader: KERNEL32.dll/GetTempPath
DynamicLoader: KERNEL32.dll/GetTempPathW
DynamicLoader: KERNEL32.dll/GetTempFileName
DynamicLoader: KERNEL32.dll/GetTempFileNameW
DynamicLoader: KERNEL32.dll/CloseHandle
DynamicLoader: KERNEL32.dll/GetCurrentDirectory
DynamicLoader: KERNEL32.dll/GetCurrentDirectoryW
DynamicLoader: KERNEL32.dll/CreateProcess
DynamicLoader: KERNEL32.dll/CreateProcessW
DynamicLoader: KERNEL32.dll/GetCurrentProcess
DynamicLoader: KERNEL32.dll/DuplicateHandle
DynamicLoader: ole32.dll/CoWaitForMultipleHandles
DynamicLoader: sechost.dll/LookupAccountNameLocalW
DynamicLoader: ADVAPI32.dll/LookupAccountSidW
DynamicLoader: sechost.dll/LookupAccountSidLocalW
DynamicLoader: CRYPTSP.dll/CryptAcquireContextW
DynamicLoader: CRYPTSP.dll/CryptGenRandom
DynamicLoader: ole32.dll/NdrOleInitializeExtension
DynamicLoader: ole32.dll/CoGetClassObject
DynamicLoader: ole32.dll/CoGetMarshalSizeMax
DynamicLoader: ole32.dll/CoMarshalInterface
DynamicLoader: ole32.dll/CoUnmarshalInterface
DynamicLoader: ole32.dll/StringFromIID
DynamicLoader: ole32.dll/CoGetPSClsid
DynamicLoader: ole32.dll/CoTaskMemAlloc
DynamicLoader: ole32.dll/CoTaskMemFree
DynamicLoader: ole32.dll/CoCreateInstance
DynamicLoader: ole32.dll/CoReleaseMarshalData
DynamicLoader: ole32.dll/DcomChannelSetHResult
DynamicLoader: RpcRtRemote.dll/I_RpcExtInitializeExtensionPoint
DynamicLoader: KERNEL32.dll/GetExitCodeProcess
DynamicLoader: KERNEL32.dll/GetExitCodeProcessW
DynamicLoader: KERNEL32.dll/DeleteFile
DynamicLoader: KERNEL32.dll/DeleteFileW
DynamicLoader: KERNEL32.dll/DeleteFile
DynamicLoader: KERNEL32.dll/DeleteFileA
DynamicLoader: KERNEL32.dll/GetSystemInfo
DynamicLoader: KERNEL32.dll/CreateIoCompletionPort
DynamicLoader: KERNEL32.dll/PostQueuedCompletionStatus
DynamicLoader: ntdll.dll/NtQueryInformationThread
DynamicLoader: ntdll.dll/NtQuerySystemInformation
DynamicLoader: ntdll.dll/NtGetCurrentProcessorNumber
DynamicLoader: mscoreei.dll/LoadLibraryShim_RetAddr
DynamicLoader: mscoreei.dll/LoadLibraryShim
DynamicLoader: culture.dll/ConvertLangIdToCultureName
DynamicLoader: MSCOREE.DLL/DllGetClassObject
DynamicLoader: mscoreei.dll/DllGetClassObject_RetAddr
DynamicLoader: mscoreei.dll/DllGetClassObject
DynamicLoader: diasymreader.dll/DllGetClassObjectInternal
DynamicLoader: ADVAPI32.dll/GetUserName
DynamicLoader: ADVAPI32.dll/GetUserNameW
DynamicLoader: USER32.dll/GetForegroundWindow
DynamicLoader: USER32.dll/GetWindowThreadProcessId
DynamicLoader: ADVAPI32.dll/LookupPrivilegeValue
DynamicLoader: ADVAPI32.dll/LookupPrivilegeValueW
DynamicLoader: ADVAPI32.dll/OpenProcessToken
DynamicLoader: ADVAPI32.dll/OpenProcessTokenW
DynamicLoader: ADVAPI32.dll/AdjustTokenPrivileges
DynamicLoader: ADVAPI32.dll/AdjustTokenPrivilegesW
DynamicLoader: KERNEL32.dll/CloseHandle
DynamicLoader: psapi.dll/EnumProcesses
DynamicLoader: psapi.dll/EnumProcessesW
DynamicLoader: ntdll.dll/NtQuerySystemInformation
DynamicLoader: ntdll.dll/NtQuerySystemInformationW
DynamicLoader: USER32.dll/GetKeyboardLayout
DynamicLoader: USER32.dll/GetWindowText
DynamicLoader: USER32.dll/GetWindowTextW
DynamicLoader: KERNEL32.dll/GlobalMemoryStatusEx
DynamicLoader: KERNEL32.dll/SwitchToThread
DynamicLoader: USER32.dll/RegisterRawInputDevices
DynamicLoader: USER32.dll/SetClipboardViewer
DynamicLoader: USER32.dll/SendMessage
DynamicLoader: USER32.dll/SendMessageA
DynamicLoader: ole32.dll/CoCreateGuid
DynamicLoader: ws2_32.dll/WSAStartup
DynamicLoader: ADVAPI32.dll/RegQueryValueEx
DynamicLoader: ADVAPI32.dll/RegQueryValueExW
DynamicLoader: ws2_32.dll/WSASocket
DynamicLoader: ws2_32.dll/WSASocketW
DynamicLoader: ws2_32.dll/setsockopt
DynamicLoader: ws2_32.dll/WSAEventSelect
DynamicLoader: ws2_32.dll/ioctlsocket
DynamicLoader: ws2_32.dll/closesocket
DynamicLoader: KERNEL32.dll/GetCurrentProcess
DynamicLoader: KERNEL32.dll/GetCurrentProcessW
DynamicLoader: ADVAPI32.dll/OpenProcessToken
DynamicLoader: ADVAPI32.dll/OpenProcessTokenW
DynamicLoader: KERNEL32.dll/GetFileAttributesEx
DynamicLoader: KERNEL32.dll/GetFileAttributesExW
DynamicLoader: KERNEL32.dll/GetFileSize
DynamicLoader: KERNEL32.dll/ReadFile
DynamicLoader: MSCOREE.DLL/ND_RI2
DynamicLoader: mscoreei.dll/ND_RI2_RetAddr
DynamicLoader: mscoreei.dll/ND_RI2
DynamicLoader: KERNEL32.dll/GetCurrentProcessId
DynamicLoader: KERNEL32.dll/GetCurrentProcessIdW
DynamicLoader: KERNEL32.dll/GetComputerName
DynamicLoader: KERNEL32.dll/GetComputerNameW
DynamicLoader: ADVAPI32.dll/ConvertStringSecurityDescriptorToSecurityDescriptor
DynamicLoader: ADVAPI32.dll/ConvertStringSecurityDescriptorToSecurityDescriptorW
DynamicLoader: KERNEL32.dll/LocalFree
DynamicLoader: KERNEL32.dll/CreateFileMapping
DynamicLoader: KERNEL32.dll/CreateFileMappingW
DynamicLoader: KERNEL32.dll/CloseHandle
DynamicLoader: KERNEL32.dll/MapViewOfFile
DynamicLoader: KERNEL32.dll/UnmapViewOfFile
DynamicLoader: KERNEL32.dll/VirtualQuery
DynamicLoader: ADVAPI32.dll/CreateWellKnownSid
DynamicLoader: ADVAPI32.dll/CreateWellKnownSidW
DynamicLoader: KERNEL32.dll/WaitForSingleObject
DynamicLoader: KERNEL32.dll/OpenMutex
DynamicLoader: KERNEL32.dll/OpenMutexW
DynamicLoader: KERNEL32.dll/OpenProcess
DynamicLoader: KERNEL32.dll/OpenProcessW
DynamicLoader: KERNEL32.dll/GetProcessTimes
DynamicLoader: KERNEL32.dll/GetProcessTimesW
DynamicLoader: ws2_32.dll/inet_addr
DynamicLoader: USER32.dll/WaitMessage
DynamicLoader: dnsapi.dll/DnsQuery_A
DynamicLoader: ws2_32.dll/getaddrinfo
DynamicLoader: ws2_32.dll/freeaddrinfo
DynamicLoader: ws2_32.dll/setsockopt
DynamicLoader: ws2_32.dll/bind
DynamicLoader: ws2_32.dll/WSAIoctl
DynamicLoader: ws2_32.dll/WSAGetOverlappedResult
DynamicLoader: KERNEL32.dll/FormatMessage
DynamicLoader: KERNEL32.dll/FormatMessageW
DynamicLoader: ole32.dll/CoUninitialize
DynamicLoader: OLEAUT32.dll/
DynamicLoader: KERNEL32.dll/SetThreadExecutionState
DynamicLoader: VERSION.dll/GetFileVersionInfoSizeW
DynamicLoader: VERSION.dll/GetFileVersionInfoW
DynamicLoader: VERSION.dll/VerQueryValueW
DynamicLoader: kernel32.dll/SortGetHandle
DynamicLoader: kernel32.dll/SortCloseHandle
DynamicLoader: CRYPTBASE.dll/SystemFunction036
DynamicLoader: UxTheme.dll/ThemeInitApiHook
DynamicLoader: USER32.dll/IsProcessDPIAware
DynamicLoader: sechost.dll/LookupAccountNameLocalW
DynamicLoader: ADVAPI32.dll/LookupAccountSidW
DynamicLoader: sechost.dll/LookupAccountSidLocalW
DynamicLoader: SspiCli.dll/GetUserNameExW
DynamicLoader: ole32.dll/CoUninitialize
DynamicLoader: pcwum.dll/PerfDeleteInstance
DynamicLoader: pcwum.dll/PerfStopProvider
DynamicLoader: CRYPTSP.dll/CryptReleaseContext
DynamicLoader: PROPSYS.dll/PropVariantToVariant
DynamicLoader: ole32.dll/CoDisconnectObject
DynamicLoader: wbemcore.dll/Shutdown
DynamicLoader: ole32.dll/CoUninitialize
DynamicLoader: ole32.dll/CoDisconnectObject
DynamicLoader: ole32.dll/CoReleaseMarshalData
DynamicLoader: kernel32.dll/RegDeleteValueW
DynamicLoader: OLEAUT32.dll/
DynamicLoader: WTSAPI32.dll/WTSQueryUserToken
DynamicLoader: CRYPTBASE.dll/SystemFunction036
DynamicLoader: sechost.dll/LookupAccountNameLocalW
DynamicLoader: ADVAPI32.dll/LookupAccountSidW
DynamicLoader: sechost.dll/LookupAccountSidLocalW
DynamicLoader: kernel32.dll/GetThreadPreferredUILanguages
DynamicLoader: kernel32.dll/SetThreadPreferredUILanguages
DynamicLoader: kernel32.dll/LocaleNameToLCID
DynamicLoader: kernel32.dll/GetLocaleInfoEx
DynamicLoader: kernel32.dll/LCIDToLocaleName
DynamicLoader: kernel32.dll/GetSystemDefaultLocaleName
DynamicLoader: fastprox.dll/DllGetClassObject
DynamicLoader: fastprox.dll/DllCanUnloadNow
DynamicLoader: OLEAUT32.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: kernel32.dll/RegOpenKeyExW
DynamicLoader: PSAPI.DLL/EnumProcesses
DynamicLoader: PSAPI.DLL/EnumProcessModules
DynamicLoader: PSAPI.DLL/GetModuleBaseNameW
DynamicLoader: ntdll.dll/NtQuerySystemInformation
DynamicLoader: USER32.dll/GetLastInputInfo
DynamicLoader: ole32.dll/CoGetClassObject
DynamicLoader: ole32.dll/CoGetMarshalSizeMax
DynamicLoader: ole32.dll/CoMarshalInterface
DynamicLoader: ole32.dll/CoUnmarshalInterface
DynamicLoader: ole32.dll/StringFromIID
DynamicLoader: ole32.dll/CoGetPSClsid
DynamicLoader: ole32.dll/CoTaskMemAlloc
DynamicLoader: ole32.dll/CoTaskMemFree
DynamicLoader: ole32.dll/CoCreateInstance
DynamicLoader: ole32.dll/CoReleaseMarshalData
DynamicLoader: ole32.dll/DcomChannelSetHResult
DynamicLoader: VSSAPI.DLL/CreateWriter
DynamicLoader: OLEAUT32.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: ole32.dll/CoTaskMemFree
DynamicLoader: ole32.dll/CoTaskMemAlloc
DynamicLoader: ADVAPI32.dll/LookupAccountNameW
DynamicLoader: sechost.dll/LookupAccountNameLocalW
DynamicLoader: ADVAPI32.dll/LookupAccountSidW
DynamicLoader: samcli.dll/NetLocalGroupGetMembers
DynamicLoader: SAMLIB.dll/SamConnect
DynamicLoader: RPCRT4.dll/NdrClientCall3
DynamicLoader: RPCRT4.dll/RpcStringBindingComposeW
DynamicLoader: RPCRT4.dll/RpcBindingFromStringBindingW
DynamicLoader: RPCRT4.dll/RpcStringFreeW
DynamicLoader: RPCRT4.dll/RpcBindingFree
DynamicLoader: SAMLIB.dll/SamOpenDomain
DynamicLoader: SAMLIB.dll/SamLookupNamesInDomain
DynamicLoader: SAMLIB.dll/SamOpenAlias
DynamicLoader: SAMLIB.dll/SamFreeMemory
DynamicLoader: SAMLIB.dll/SamCloseHandle
DynamicLoader: SAMLIB.dll/SamGetMembersInAlias
DynamicLoader: netutils.dll/NetApiBufferFree
DynamicLoader: SAMLIB.dll/SamEnumerateDomainsInSamServer
DynamicLoader: SAMLIB.dll/SamLookupDomainInSamServer
DynamicLoader: ole32.dll/CoCreateGuid
DynamicLoader: ole32.dll/CoCreateInstance
DynamicLoader: ole32.dll/StringFromCLSID
DynamicLoader: OLEAUT32.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: PROPSYS.dll/VariantToPropVariant
DynamicLoader: OLEAUT32.dll/
DynamicLoader: wbemcore.dll/Reinitialize
DynamicLoader: wbemsvc.dll/DllGetClassObject
DynamicLoader: wbemsvc.dll/DllCanUnloadNow
DynamicLoader: sechost.dll/LookupAccountSidLocalW
DynamicLoader: authZ.dll/AuthzInitializeContextFromToken
DynamicLoader: authZ.dll/AuthzInitializeObjectAccessAuditEvent2
DynamicLoader: authZ.dll/AuthzAccessCheck
DynamicLoader: authZ.dll/AuthzFreeAuditEvent
DynamicLoader: authZ.dll/AuthzFreeContext
DynamicLoader: authZ.dll/AuthzInitializeResourceManager
DynamicLoader: authZ.dll/AuthzFreeResourceManager
DynamicLoader: RPCRT4.dll/NdrClientCall3
DynamicLoader: RPCRT4.dll/RpcBindingCreateW
DynamicLoader: RPCRT4.dll/RpcBindingBind
DynamicLoader: RPCRT4.dll/I_RpcMapWin32Status
DynamicLoader: RPCRT4.dll/RpcBindingFree
DynamicLoader: ADVAPI32.dll/EventRegister
DynamicLoader: ADVAPI32.dll/EventUnregister
DynamicLoader: ADVAPI32.dll/EventWrite
DynamicLoader: ADVAPI32.dll/EventActivityIdControl
DynamicLoader: ADVAPI32.dll/EventWriteTransfer
DynamicLoader: ADVAPI32.dll/EventEnabled
DynamicLoader: kernel32.dll/RegCloseKey
DynamicLoader: kernel32.dll/RegSetValueExW
DynamicLoader: kernel32.dll/RegOpenKeyExW
DynamicLoader: kernel32.dll/RegQueryValueExW
DynamicLoader: kernel32.dll/RegCloseKey
DynamicLoader: wmisvc.dll/IsImproperShutdownDetected
DynamicLoader: Wevtapi.dll/EvtRender
DynamicLoader: Wevtapi.dll/EvtNext
DynamicLoader: Wevtapi.dll/EvtClose
DynamicLoader: Wevtapi.dll/EvtQuery
DynamicLoader: Wevtapi.dll/EvtCreateRenderContext
DynamicLoader: RPCRT4.dll/RpcStringBindingComposeW
DynamicLoader: RPCRT4.dll/RpcBindingFromStringBindingW
DynamicLoader: RPCRT4.dll/RpcBindingSetAuthInfoExW
DynamicLoader: RPCRT4.dll/RpcBindingSetOption
DynamicLoader: RPCRT4.dll/RpcStringFreeW
DynamicLoader: RPCRT4.dll/NdrClientCall3
DynamicLoader: RPCRT4.dll/RpcBindingFree
DynamicLoader: ole32.dll/CoCreateFreeThreadedMarshaler
DynamicLoader: OLEAUT32.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: ole32.dll/CoGetMarshalSizeMax
DynamicLoader: ole32.dll/CreateStreamOnHGlobal
DynamicLoader: ole32.dll/CoMarshalInterface
DynamicLoader: CRYPTSP.dll/CryptGenRandom
DynamicLoader: CRYPTSP.dll/CryptReleaseContext
DynamicLoader: KERNELBASE.dll/InitializeAcl
DynamicLoader: KERNELBASE.dll/AddAce
DynamicLoader: kernel32.dll/OpenProcessToken
DynamicLoader: KERNELBASE.dll/GetTokenInformation
DynamicLoader: KERNELBASE.dll/DuplicateTokenEx
DynamicLoader: KERNELBASE.dll/AdjustTokenPrivileges
DynamicLoader: KERNELBASE.dll/AllocateAndInitializeSid
DynamicLoader: KERNELBASE.dll/CheckTokenMembership
DynamicLoader: OLEAUT32.dll/
DynamicLoader: ADVAPI32.dll/RegOpenKeyW
DynamicLoader: kernel32.dll/SetThreadToken
DynamicLoader: ole32.dll/CLSIDFromString
DynamicLoader: ole32.dll/CoCreateInstance
DynamicLoader: OLEAUT32.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: wbemcore.dll/Reinitialize
DynamicLoader: authZ.dll/AuthzInitializeContextFromToken
DynamicLoader: authZ.dll/AuthzInitializeResourceManager
DynamicLoader: authZ.dll/AuthzInitializeContextFromSid
DynamicLoader: authZ.dll/AuthzInitializeContextFromToken
DynamicLoader: authZ.dll/AuthzAccessCheck
DynamicLoader: authZ.dll/AuthzFreeContext
DynamicLoader: authZ.dll/AuthzFreeResourceManager
DynamicLoader: sechost.dll/LookupAccountSidLocalW
DynamicLoader: ole32.dll/CoGetClassObject
DynamicLoader: ole32.dll/CoGetCallContext
DynamicLoader: ole32.dll/CoImpersonateClient
DynamicLoader: ole32.dll/CoRevertToSelf
DynamicLoader: OLEAUT32.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: ole32.dll/CoSwitchCallContext
DynamicLoader: ole32.dll/CoCreateGuid
DynamicLoader: wbemcore.dll/Reinitialize
DynamicLoader: OLEAUT32.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: ole32.dll/CoInitializeEx
DynamicLoader: wbemcore.dll/Reinitialize
DynamicLoader: wbemcore.dll/Reinitialize
DynamicLoader: wbemcore.dll/Reinitialize
DynamicLoader: wbemcore.dll/Reinitialize
DynamicLoader: OLEAUT32.dll/
DynamicLoader: wbemcore.dll/Reinitialize
DynamicLoader: kernel32.dll/SortGetHandle
DynamicLoader: kernel32.dll/SortCloseHandle
DynamicLoader: CRYPTBASE.dll/SystemFunction036
DynamicLoader: ntmarta.dll/GetMartaExtensionInterface
DynamicLoader: sechost.dll/LookupAccountNameLocalW
DynamicLoader: ADVAPI32.dll/LookupAccountSidW
DynamicLoader: sechost.dll/LookupAccountSidLocalW
DynamicLoader: kernel32.dll/GetThreadPreferredUILanguages
DynamicLoader: kernel32.dll/SetThreadPreferredUILanguages
DynamicLoader: kernel32.dll/LocaleNameToLCID
DynamicLoader: kernel32.dll/GetLocaleInfoEx
DynamicLoader: kernel32.dll/LCIDToLocaleName
DynamicLoader: kernel32.dll/GetSystemDefaultLocaleName
DynamicLoader: FastProx.dll/DllGetClassObject
DynamicLoader: FastProx.dll/DllCanUnloadNow
DynamicLoader: OLEAUT32.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: kernel32.dll/RegOpenKeyExW
DynamicLoader: OLEAUT32.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: sechost.dll/LookupAccountSidLocalW
DynamicLoader: ole32.dll/CLSIDFromString
DynamicLoader: OLEAUT32.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: OLEAUT32.dll/
DynamicLoader: ole32.dll/CoGetCallContext
DynamicLoader: ADVAPI32.dll/EventRegister
DynamicLoader: ADVAPI32.dll/EventUnregister
DynamicLoader: ADVAPI32.dll/EventWrite
DynamicLoader: ADVAPI32.dll/EventActivityIdControl
DynamicLoader: ADVAPI32.dll/EventWriteTransfer
DynamicLoader: ADVAPI32.dll/EventEnabled

A process attempted to delay the analysis task. Severity: Medium Confidence: Very High

Process: RegAsm.exe tried to sleep 534 seconds, actually delayed analysis time by 0 seconds

Guard pages use detected - possible anti-debugging. Severity: Medium Confidence: Very High

Creates RWX memory Severity: Medium Confidence: Medium

Attempts to connect to a dead IP:Port (1 unique times) Severity: Low Confidence: Very High

IP: 192.168.56.1:6004

SetUnhandledExceptionFilter detected (possible anti-debug) Severity: Low Confidence: Very High

Behavior analysis details
Machine name	Machine label	Machine manager	Started	Ended	Duration
Seven02_64	Seven02_64	VirtualBox	2019-08-20 14:52:36	2019-08-20 14:55:35	179

11 Summary items with data

Files

C:\Windows\System32\MSCOREE.DLL.local
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
C:\Windows\Microsoft.NET\Framework\*
C:\Windows\Microsoft.NET\Framework\v1.0.3705\clr.dll
C:\Windows\Microsoft.NET\Framework\v1.0.3705\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v1.1.4322\clr.dll
C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\clr.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
C:\Users\Seven01\AppData\Local\Temp\IMG2019_0989_8784.exe.config
C:\Users\Seven01\AppData\Local\Temp\IMG2019_0989_8784.exe
C:\Users\Seven01\AppData\Local\Temp\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\System32\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\system\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\ProgramData\Oracle\Java\javapath\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\System32\wbem\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\System32\WindowsPowerShell\v1.0\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSVCR120_CLR0400.dll
C:\Windows\System32\MSVCR120_CLR0400.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoree.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\machine.config
C:\Windows\Microsoft.NET\Framework\v4.0.30319\fusion.localgac
C:\Windows\Globalization\Sorting\sortdefault.nls
C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.dll
C:\Windows
C:\Windows\Microsoft.Net\assembly
C:\Windows\Microsoft.Net\assembly\GAC_32
C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib
C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\*
C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\96c8ba86b82ee32f586da00a8b721fda\mscorlib.ni.dll
C:\Windows\assembly
C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib
C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\96c8ba86b82ee32f586da00a8b721fda\mscorlib.ni.dll.aux
C:\Users
C:\Users\Seven01
C:\Users\Seven01\AppData
C:\Users\Seven01\AppData\Local
C:\Users\Seven01\AppData\Local\Temp
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ole32.dll
\Device\KsecDD
C:\Windows\assembly\NativeImages_v4.0.30319_32\HlSCFeWFdjfKeWgwma\*
C:\Users\Seven01\AppData\Local\Temp\IMG2019_0989_8784.INI
C:\Windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll
C:\Windows\assembly\pubpol26.dat
C:\Windows\assembly\GAC\PublisherPolicy.tme
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config
C:\Windows\Microsoft.Net\assembly\GAC_32\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\*
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8811a034e0362a8ec740c44c7136725b\System.Core.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8811a034e0362a8ec740c44c7136725b\System.Core.ni.dll.aux
C:\Windows\Microsoft.Net\assembly\GAC_32\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System
C:\Windows\assembly\NativeImages_v4.0.30319_32\System\*
C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ea5ca00aa792b96c036a1b3d57b28f9a\System.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System
C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ea5ca00aa792b96c036a1b3d57b28f9a\System.ni.dll.aux
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Xml
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
C:\Users\Seven01\AppData\Local\Temp\manifestResourceStream.Seek  }  XmlTextReader.XmlLang.dll
C:\Users\Seven01\AppData\Local\Temp\manifestResourceStream.Seek  }  XmlTextReader.XmlLang\manifestResourceStream.Seek  }  XmlTextReader.XmlLang.dll
C:\Users\Seven01\AppData\Local\Temp\manifestResourceStream.Seek  }  XmlTextReader.XmlLang.exe
C:\Users\Seven01\AppData\Local\Temp\manifestResourceStream.Seek  }  XmlTextReader.XmlLang\manifestResourceStream.Seek  }  XmlTextReader.XmlLang.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\it-IT\mscorrc.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\it-IT\mscorrc.dll.DLL
C:\Windows\Microsoft.NET\Framework\v4.0.30319\it\mscorrc.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\it\mscorrc.dll.DLL
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll
C:\Windows\Microsoft.Net\assembly\GAC_32\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\shell32.dll
C:\Users\Seven01\filename.exe
C:\Users\Seven01\filename.exe:Zone.Identifier
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
C:\Windows\AppPatch\sysmain.sdb
C:\Windows\Microsoft.NET\Framework\v2.0.50727\
C:\Windows\Microsoft.NET\Framework\v2.0.50727\*.*
C:\Windows\Microsoft.NET\Framework\v2.0.50727\ui\SwDRM.dll
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\ntdll.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\api-ms-win-appmodel-runtime-l1-1-0.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe.Local\
C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6229_none_d089f796442de10e
C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6229_none_d089f796442de10e\msvcr80.dll
C:\Windows\winsxs
C:\Windows\Microsoft.NET\Framework\v4.0.30319
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\fusion.localgac
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch
C:\Windows\assembly\NativeImages_v2.0.50727_32\index126.dat
C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.INI
C:\Windows\Microsoft.NET
C:\Windows\Microsoft.NET\Framework
C:\Windows\Microsoft.NET\Framework\v2.0.50727
C:\Windows\Microsoft.NET\Framework\v2.0.50727\ole32.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe.Config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.INI
C:\Windows\System32\l_intl.nls
C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dbfe8642a8ed7b2b103ad28e0c96418a\System.Drawing.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3afcd5168c7a6cb02eab99d7fd71e102\System.Windows.Forms.ni.dll
C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.INI
C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.INI
C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.INI
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\08d608378aa405adc844f3cf36974b8c\Microsoft.VisualBasic.ni.dll
C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.INI
C:\Windows\Globalization\it-it.nlp
C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\uxtheme.dll
C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
C:\Windows\SysWOW64\it-IT\USER32.dll.mui
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\bcrypt.dll
C:\Users\Seven01\AppData\Roaming\88A12796-24F0-4E67-B5B8-6D00E4011D2A
C:\Users\Seven01\AppData\Roaming
C:\Users\Seven01\AppData\Roaming\88A12796-24F0-4E67-B5B8-6D00E4011D2A\run.dat
C:\Users\Seven01\AppData\Roaming\88A12796-24F0-4E67-B5B8-6D00E4011D2A\Exceptions\1.2.2.0
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
C:\Users\Seven01\AppData\Local\Temp\tmp89F6.tmp
C:\Users\Seven01\AppData\Roaming\88A12796-24F0-4E67-B5B8-6D00E4011D2A\task.dat
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe:Zone.Identifier
C:\Users\Seven01\AppData\Roaming\88A12796-24F0-4E67-B5B8-6D00E4011D2A\catalog.dat
C:\Users\Seven01\AppData\Roaming\88A12796-24F0-4E67-B5B8-6D00E4011D2A\storage.dat
C:\Windows\Microsoft.NET\Framework\v2.0.50727\ClientPlugin.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\ClientPlugin\ClientPlugin.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\ClientPlugin.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\ClientPlugin\ClientPlugin.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\it-IT\mscorrc.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\it-IT\mscorrc.dll.DLL
C:\Windows\Microsoft.NET\Framework\v2.0.50727\it\mscorrc.dll
C:\Users\Seven01\AppData\Roaming\88A12796-24F0-4E67-B5B8-6D00E4011D2A\settings.bin
C:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.PDB
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.pdb
C:\Windows\symbols\exe\RegAsm.pdb
C:\Windows\exe\RegAsm.pdb
C:\Windows\RegAsm.pdb
C:\Windows\Globalization\en-us.nlp
C:\Windows\assembly\GAC_32\mscorlib.resources\2.0.0.0_it-IT_b77a5c561934e089
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it-IT_b77a5c561934e089
C:\Windows\assembly\GAC\mscorlib.resources\2.0.0.0_it-IT_b77a5c561934e089
C:\Windows\Microsoft.NET\Framework\v2.0.50727\it-IT\mscorlib.resources.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\it-IT\mscorlib.resources\mscorlib.resources.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\it-IT\mscorlib.resources.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\it-IT\mscorlib.resources\mscorlib.resources.exe
C:\Windows\Globalization\it.nlp
C:\Windows\assembly\GAC_32\mscorlib.resources\2.0.0.0_it_b77a5c561934e089
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089\mscorlib.resources.dll
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089\mscorlib.resources.INI
C:\Users\Seven01\AppData\Roaming\88A12796-24F0-4E67-B5B8-6D00E4011D2A\settings.bak
C:\Windows\System32\tzres.dll
C:\Windows\System32\it-IT\tzres.dll.mui
C:\Users\Seven01\AppData\Roaming\88A12796-24F0-4E67-B5B8-6D00E4011D2A\Logs\Seven01
C:\Users\Seven01\AppData\Roaming\88A12796-24F0-4E67-B5B8-6D00E4011D2A\Logs
C:\Windows\Microsoft.NET\Framework\v2.0.50727\Lzma#.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\Lzma#\Lzma#.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\Lzma#.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\Lzma#\Lzma#.exe
C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\psapi.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\it-IT\SurveillanceExClientPlugin.resources.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\it-IT\SurveillanceExClientPlugin.resources\SurveillanceExClientPlugin.resources.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\it-IT\SurveillanceExClientPlugin.resources.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\it-IT\SurveillanceExClientPlugin.resources\SurveillanceExClientPlugin.resources.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\it\SurveillanceExClientPlugin.resources.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\it\SurveillanceExClientPlugin.resources\SurveillanceExClientPlugin.resources.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\it\SurveillanceExClientPlugin.resources.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\it\SurveillanceExClientPlugin.resources\SurveillanceExClientPlugin.resources.exe
C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\ntdll.dll
C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\ws2_32.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bc09ad2d49d8535371845cd7532f9271\System.Configuration.ni.dll
C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.INI
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\461d3b6b3f43e6fbe6c897d5936e17e4\System.Xml.ni.dll
C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.INI
C:\Windows\Globalization\en.nlp
C:\Windows\Microsoft.NET\Framework\v2.0.50727\dnsapi.dll
C:\Windows\SysWOW64\it-IT\KERNELBASE.dll.mui
C:\Windows\sysnative\Tasks
C:\Windows\sysnative\Tasks\*
C:\Windows\sysnative\Tasks\Adobe Flash Player Updater
C:\Windows\Tasks\UPNP Subsystem.job
C:\Windows\sysnative\Tasks\UPNP Subsystem
C:\Windows\sysnative\Tasks\
\Device\LanmanDatagramReceiver
C:\Windows\sysnative\advapi32.dll
C:\Windows\sysnative\it-IT\advapi32.dll.mui
C:\Windows\sysnative\drivers\acpi.sys
C:\Windows\sysnative\drivers\it-IT\ACPI.sys.mui
C:\Windows\sysnative\drivers\ndis.sys
C:\Windows\sysnative\drivers\it-IT\ndis.sys.mui
C:\Windows\sysnative\drivers\mssmbios.sys
C:\Windows\sysnative\drivers\it-IT\mssmbios.sys.mui
C:\Windows\sysnative\drivers\hdaudbus.sys
C:\Windows\sysnative\drivers\it-IT\HDAudBus.sys.mui
C:\Windows\sysnative\drivers\intelppm.sys
C:\Windows\sysnative\drivers\it-IT\intelppm.sys.mui
C:\Windows\sysnative\drivers\portcls.sys
C:\Windows\sysnative\drivers\it-IT\portcls.SYS.mui
C:\Windows\sysnative\drivers\monitor.sys
C:\Windows\sysnative\drivers\it-IT\monitor.sys
C:\Windows\sysnative\drivers\it\monitor.sys
\??\MountPointManager
C:\Windows\sysnative\wbem\WMIADAP.exe
C:\Windows\sysnative
C:\Windows\sysnative\wbem
C:\Windows\appcompat\Programs\RecentFileCache.bcf
C:\Windows\AppPatch\AppPatch64\sysmain.sdb
C:\Windows\sysnative\wbem\
C:\Windows\SysWOW64\net.exe
C:\Windows\SysWOW64
C:\Windows\SysWOW64\
C:\Windows\SysWOW64\*.*
C:\Windows\SysWOW64\ui\SwDRM.dll
C:\Windows\SysWOW64\net1.exe
C:\Windows\Temp\fwtsqmfile00.sqm
C:\Windows\SysWOW64\sc.exe
C:\Windows\SysWOW64\it-IT\sc.exe.mui
C:\Windows\sysnative\wbem\WmiPrvSE.exe
C:\Windows\sysnative\Tasks\Microsoft\Windows\WDI\ResolutionHost
C:\Windows\sysnative\wbem\Performance\
C:\Windows\sysnative\wbem\Performance\WmiApRpl_new.h
C:\Windows\sysnative\it-IT\VssTrace.DLL.mui
\??\PIPE\samr
C:\DosDevices\pipe\
C:\Windows\sysnative\wbem\repository
C:\Windows\sysnative\wbem\Logs
C:\Windows\sysnative\wbem\AutoRecover
C:\Windows\sysnative\wbem\MOF
C:\Windows\sysnative\wbem\repository\INDEX.BTR
C:\Windows\sysnative\wbem\repository\WRITABLE.TST
C:\Windows\sysnative\wbem\repository\MAPPING1.MAP
C:\Windows\sysnative\wbem\repository\MAPPING2.MAP
C:\Windows\sysnative\wbem\repository\MAPPING3.MAP
C:\Windows\sysnative\wbem\repository\OBJECTS.DATA
\??\pipe\PIPE_EVENTROOT\CIMV2WMI SELF-INSTRUMENTATION EVENT PROVIDER
\??\pipe\PIPE_EVENTROOT\CIMV2PROVIDERSUBSYSTEM
C:\Windows\sysnative\it-IT\USER32.dll.mui
\??\WMIDataDevice

Read Files

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
C:\Users\Seven01\AppData\Local\Temp\IMG2019_0989_8784.exe.config
C:\Users\Seven01\AppData\Local\Temp\IMG2019_0989_8784.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
C:\Windows\System32\MSVCR120_CLR0400.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\machine.config
C:\Windows\Globalization\Sorting\sortdefault.nls
C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\96c8ba86b82ee32f586da00a8b721fda\mscorlib.ni.dll.aux
C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\96c8ba86b82ee32f586da00a8b721fda\mscorlib.ni.dll
\Device\KsecDD
C:\Windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll
C:\Windows\assembly\pubpol26.dat
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8811a034e0362a8ec740c44c7136725b\System.Core.ni.dll.aux
C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ea5ca00aa792b96c036a1b3d57b28f9a\System.ni.dll.aux
C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ea5ca00aa792b96c036a1b3d57b28f9a\System.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8811a034e0362a8ec740c44c7136725b\System.Core.ni.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll
C:\Windows\AppPatch\sysmain.sdb
C:\Windows\Microsoft.NET\Framework\v2.0.50727\
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6229_none_d089f796442de10e\msvcr80.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config
C:\Users\Seven01\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch
C:\Windows\assembly\NativeImages_v2.0.50727_32\index126.dat
C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll
C:\Windows\System32\l_intl.nls
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe.Config
C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dbfe8642a8ed7b2b103ad28e0c96418a\System.Drawing.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3afcd5168c7a6cb02eab99d7fd71e102\System.Windows.Forms.ni.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\08d608378aa405adc844f3cf36974b8c\Microsoft.VisualBasic.ni.dll
C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
C:\Windows\SysWOW64\it-IT\USER32.dll.mui
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
C:\Users\Seven01\AppData\Local\Temp\tmp89F6.tmp
C:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\it\mscorrc.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.pdb
C:\Windows\symbols\exe\RegAsm.pdb
C:\Windows\exe\RegAsm.pdb
C:\Windows\RegAsm.pdb
C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089\mscorlib.resources.dll
C:\Windows\System32\tzres.dll
C:\Windows\System32\it-IT\tzres.dll.mui
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bc09ad2d49d8535371845cd7532f9271\System.Configuration.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\461d3b6b3f43e6fbe6c897d5936e17e4\System.Xml.ni.dll
C:\Windows\SysWOW64\it-IT\KERNELBASE.dll.mui
C:\Windows\sysnative\Tasks\UPNP Subsystem
\Device\LanmanDatagramReceiver
C:\Windows\sysnative\advapi32.dll
C:\Windows\sysnative\drivers\acpi.sys
C:\Windows\sysnative\drivers\ndis.sys
C:\Windows\sysnative\drivers\mssmbios.sys
C:\Windows\sysnative\drivers\hdaudbus.sys
C:\Windows\sysnative\drivers\intelppm.sys
C:\Windows\sysnative\drivers\portcls.sys
C:\Windows\sysnative\drivers\monitor.sys
C:\Windows\sysnative\it-IT\advapi32.dll.mui
C:\Windows\sysnative\drivers\it-IT\ACPI.sys.mui
C:\Windows\sysnative\wbem\WMIADAP.exe
C:\Windows\appcompat\Programs\RecentFileCache.bcf
C:\Windows\AppPatch\AppPatch64\sysmain.sdb
C:\Windows\sysnative\wbem\
C:\Windows\SysWOW64\net.exe
C:\Windows\SysWOW64\
C:\Windows\SysWOW64\net1.exe
C:\Windows\Temp\fwtsqmfile00.sqm
C:\Windows\SysWOW64\sc.exe
C:\Windows\SysWOW64\it-IT\sc.exe.mui
C:\Windows\sysnative\wbem\WmiPrvSE.exe
C:\Windows\sysnative\Tasks\Microsoft\Windows\WDI\ResolutionHost
C:\Windows\sysnative\it-IT\VssTrace.DLL.mui
\??\PIPE\samr
C:\Windows\sysnative\wbem\repository\MAPPING1.MAP
C:\Windows\sysnative\wbem\repository\MAPPING2.MAP
C:\Windows\sysnative\wbem\repository\MAPPING3.MAP
C:\Windows\sysnative\wbem\repository\OBJECTS.DATA
C:\Windows\sysnative\wbem\repository\INDEX.BTR
\??\pipe\PIPE_EVENTROOT\CIMV2WMI SELF-INSTRUMENTATION EVENT PROVIDER
\??\pipe\PIPE_EVENTROOT\CIMV2PROVIDERSUBSYSTEM
C:\Windows\sysnative\it-IT\USER32.dll.mui
\??\WMIDataDevice
C:\Windows\sysnative\drivers\it-IT\ndis.sys.mui
C:\Windows\sysnative\drivers\it-IT\mssmbios.sys.mui
C:\Windows\sysnative\drivers\it-IT\HDAudBus.sys.mui
C:\Windows\sysnative\drivers\it-IT\intelppm.sys.mui
C:\Windows\sysnative\drivers\it-IT\portcls.SYS.mui

Write Files

C:\Users\Seven01\filename.exe
C:\Users\Seven01\AppData\Roaming\88A12796-24F0-4E67-B5B8-6D00E4011D2A\run.dat
C:\Users\Seven01\AppData\Local\Temp\tmp89F6.tmp
C:\Users\Seven01\AppData\Roaming\88A12796-24F0-4E67-B5B8-6D00E4011D2A\task.dat
C:\Windows\sysnative\Tasks\UPNP Subsystem
\Device\LanmanDatagramReceiver
C:\Windows\appcompat\Programs\RecentFileCache.bcf
C:\Windows\Temp\fwtsqmfile00.sqm
C:\Windows\sysnative\wbem\Performance\WmiApRpl_new.h
\??\PIPE\samr
C:\Windows\sysnative\wbem\repository\WRITABLE.TST
C:\Windows\sysnative\wbem\repository\MAPPING1.MAP
C:\Windows\sysnative\wbem\repository\MAPPING2.MAP
C:\Windows\sysnative\wbem\repository\MAPPING3.MAP
C:\Windows\sysnative\wbem\repository\OBJECTS.DATA
C:\Windows\sysnative\wbem\repository\INDEX.BTR
\??\pipe\PIPE_EVENTROOT\CIMV2WMI SELF-INSTRUMENTATION EVENT PROVIDER
\??\pipe\PIPE_EVENTROOT\CIMV2PROVIDERSUBSYSTEM
\??\WMIDataDevice

Delete Files

C:\Users\Seven01\filename.exe:Zone.Identifier
C:\Users\Seven01\AppData\Local\Temp\tmp89F6.tmp
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe:Zone.Identifier
C:\Windows\Tasks\UPNP Subsystem.job

Keys

HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Policy\
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\v4.0
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\InstallRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\CLRLoadLogDir
HKEY_CURRENT_USER\Software\Microsoft\.NETFramework
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\OnlyUseLatestCLR
Policy\Standards
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\Standards
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\Standards\v4.0.30319
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\v4.0.30319\SKUs\
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319\SKUs\default
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\NET Framework Setup\NDP\v4\Full\Release
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DisableConfigCache
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IMG2019_0989_8784.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\CacheLocation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DownloadCacheQuotaInKB
HKEY_CURRENT_USER\Software\Microsoft\Fusion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\EnableLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LoggingLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\ForceLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogFailures
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogResourceBinds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\FileInUseRetryAttempts
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\FileInUseMillisecondsBetweenRetries
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\UseLegacyIdentityFormat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DisableMSIPeek
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\NGen\Policy\v4.0
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\NGen\Policy\v4.0\OptimizeUsedBinaries
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\Servicing
HKEY_LOCAL_MACHINE\Software\Microsoft\StrongName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\AltJit
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\PublisherPolicy\Default
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\Latest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\index26
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\LegacyPolicyTimeStamp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Core__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Core__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Configuration__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Configuration__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Xml__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Xml__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Numerics__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Numerics__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\v4.0_policy.4.0.System.Security__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.4.0.System.Security__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\Policy\APTCA
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1822907384-1282624486-319450072-1000\Installer\Assemblies\C:|Users|Seven01|AppData|Local|Temp|IMG2019_0989_8784.exe
HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\C:|Users|Seven01|AppData|Local|Temp|IMG2019_0989_8784.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Users|Seven01|AppData|Local|Temp|IMG2019_0989_8784.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1822907384-1282624486-319450072-1000\Installer\Assemblies\Global
HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\Global
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Locale\Alternate Sorts
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Language Groups
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000410
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\1
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\AppCertDlls
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SafeBoot\Option
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\TransparentEnabled
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\AuthenticodeEnabled
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\AppCompatibility
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\AppCompat
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\RegAsm.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\{a7a85eba-a2d1-41ec-a656-ba2c9221e354}
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\{a7a85eba-a2d1-41ec-a656-ba2c9221e354}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DisableLocalOverride
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\Standards\v2.0.50727
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide\AssemblyStorageRoots
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStart
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStartAtJit
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Policy\AppPatch
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\AppPatch\v4.0.30319.00000
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Policy\AppPatch\v4.0.30319.00000\mscorwks.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RegAsm.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\VersioningLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\Internet
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets\LocalIntranet
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1822907384-1282624486-319450072-1000
HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\v2.0.50727\Security\Policy
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\LatestIndex
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126\NIUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126\ILUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\LastModTime
HKEY_LOCAL_MACHINE\Software\Microsoft\Fusion\GACChangeNotification\Default
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\mscorlib,2.0.0.0,,b77a5c561934e089,x86
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5aa75839\10fdf3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Windows.Forms__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Windows.Forms,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Drawing__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Drawing,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Xml__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Xml,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Configuration__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Configuration,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Deployment__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Deployment,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Runtime.Serialization.Formatters.Soap__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Runtime.Serialization.Formatters.Soap,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.Accessibility__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\Accessibility,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Security__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Security,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DllNXOptions\mscorjit.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DllNXOptions\System.ni.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DllNXOptions\System.Drawing.ni.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DllNXOptions\System.Windows.Forms.ni.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.8.0.Microsoft.VisualBasic__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\Microsoft.VisualBasic,8.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Web__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Web,2.0.0.0,,b03f5f7f11d50a3a,x86
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Management__b03f5f7f11d50a3a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Management,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Runtime.Remoting__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Runtime.Remoting,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DbgJITDebugLaunchSetting
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DbgManagedDebugger
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\Enabled
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MachineGuid
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA
HKEY_CURRENT_USER\Control Panel\International
HKEY_CURRENT_USER\Control Panel\International\sYearMonth
HKEY_CURRENT_USER\Software\Classes
HKEY_CURRENT_USER\Software\Classes\AppID\RegAsm.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\OLE\AppCompat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\AppCompat\RaiseDefaultAuthnLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\DefaultAccessPermission
HKEY_CURRENT_USER\Software\Classes\Interface\{00000134-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc\Extensions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\NdrOleExtDLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\RemoteRpcDll
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BFE
HKEY_LOCAL_MACHINE\Software\Microsoft\SQMClient\Windows\DisabledProcesses\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledProcesses\1DF4D951
HKEY_LOCAL_MACHINE\Software\Microsoft\SQMClient\Windows\DisabledSessions\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\MachineThrottling
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\GlobalSession
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\4ecde57e\31d9ddbb
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Managed\S-1-5-21-1822907384-1282624486-319450072-1000\Installer\Assemblies\C:|Windows|Microsoft.NET|Framework|v2.0.50727|RegAsm.exe.Config
HKEY_CURRENT_USER\Software\Microsoft\Installer\Assemblies\C:|Windows|Microsoft.NET|Framework|v2.0.50727|RegAsm.exe.Config
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|Windows|Microsoft.NET|Framework|v2.0.50727|RegAsm.exe.Config
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DllNXOptions\culture.dll
HKEY_CLASSES_ROOT\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\InprocServer32\(Default)
HKEY_CLASSES_ROOT\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\Server
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\Server\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DllNXOptions\diasymreader.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.mscorlib.resources_it-IT_b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5e8c75c\40dcb014
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.mscorlib.resources_it_b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\5e8c75c\1ffc8ca7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\a054161\46043f61
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\219e9581\29613036
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\219e9581\26d59603
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\InstallationType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\159a66b8\424bd4d8
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\159a66b8\424bd4d8\87
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\159a66b8\424bd4d8\87\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\159a66b8\424bd4d8\87\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\159a66b8\424bd4d8\87\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\159a66b8\424bd4d8\87\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\159a66b8\424bd4d8\87\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\159a66b8\424bd4d8\87\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\159a66b8\424bd4d8\87\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\159a66b8\424bd4d8\87\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\159a66b8\424bd4d8\87\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\75638fee\7566cac\84
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\75638fee\7566cac\84\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\75638fee\7566cac\84\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\75638fee\7566cac\84\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\75638fee\7566cac\84\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\75638fee\7566cac\84\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\policy.2.0.System.Data.SqlXml__b77a5c561934e089
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Data.SqlXml,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.NET CLR Networking\Performance
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET CLR Networking\Performance\Library
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET CLR Networking\Performance\IsMultiInstance
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET CLR Networking\Performance\First Counter
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.net clr networking\Performance
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET CLR Networking\Performance\CategoryOptions
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET CLR Networking\Performance\FileMappingSize
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET CLR Networking\Performance\Counter Names
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SQMClient\Windows
HKEY_LOCAL_MACHINE\Software\Microsoft\SQMClient\Windows
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\CEIPEnable
HKEY_CURRENT_USER\Software\Classes\AppID\schtasks.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\GRE_Initialize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Flash Player Updater
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Flash Player Updater\Id
HKEY_LOCAL_MACHINE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\SchedulingEngineKnob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures\UPNP Subsystem.job
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures\UPNP Subsystem.job.fp
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\LocaleName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UPNP Subsystem
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BDCA4E97-DB85-4E8E-BF98-2CA65DA4EFBD}\Path
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BDCA4E97-DB85-4E8E-BF98-2CA65DA4EFBD}\Hash
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UPNP Subsystem\Id
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UPNP Subsystem\Index
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BDCA4E97-DB85-4E8E-BF98-2CA65DA4EFBD}\Triggers
HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc\SecurityService
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\SecurityService\DefaultAuthLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\PROVIDERS\Performance
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\PROVIDERS\Performance\Performance Refresh
HKEY_LOCAL_MACHINE\Software\Microsoft\WBEM\WDM\DREDGE
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ACPI
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ACPI\MofImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ACPI\ImagePath
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NDIS
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NDIS\MofImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NDIS\ImagePath
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\mssmbios
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mssmbios\MofImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mssmbios\ImagePath
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\HDAudBus
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HDAudBus\MofImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HDAudBus\ImagePath
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\intelppm
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\intelppm\MofImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\intelppm\ImagePath
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\portcls
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\monitor
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\monitor\MofImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\monitor\ImagePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\WDM\DREDGE\C:\Windows\system32\advapi32.dll[MofResourceName]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\WDM\DREDGE\C:\Windows\system32\it-IT\advapi32.dll.mui[MofResourceName]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\WDM\DREDGE\C:\Windows\system32\drivers\ACPI.sys[ACPIMOFResource]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\WDM\DREDGE\C:\Windows\system32\drivers\it-IT\ACPI.sys.mui[ACPIMOFResource]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\WDM\DREDGE\C:\Windows\system32\drivers\ndis.sys[MofResourceName]
HKEY_LOCAL_MACHINE\Software\Microsoft\WBEM\CIMOM
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Logging
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Log File Max Size
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\KnownSvcs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Working Directory
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\WMIADAP.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\net.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\net1.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\IpHlpSvc\EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\IpHlpSvc\FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\IpHlpSvc\EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\IpHlpSvc\ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\IpHlpSvc\MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\IpHlpSvc\FileDirectory
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\iphlpsvc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\iphlpsvc\Parameters
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\iphlpsvc\Parameters\ServiceDllUnloadOnStop
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\LastServiceStart
HKEY_LOCAL_MACHINE\Software\Classes
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0000000C-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0000000C-0000-0000-C000-000000000046}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0000000C-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\Software\Microsoft\WBEM\ESS
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\ESS\//./root/CIMV2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\ESS\//./root/CIMV2\SCM Event Provider
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B7B31DF9-D515-11D3-A11C-00105A1F515A}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B7B31DF9-D515-11D3-A11C-00105A1F515A}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B7B31DF9-D515-11D3-A11C-00105A1F515A}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\Software\Microsoft\Wbem\Transports\Decoupled\Server
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Server\MarshaledProxy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\PreviousServiceShutdown
HKEY_LOCAL_MACHINE\system\Setup
HKEY_LOCAL_MACHINE\SYSTEM\Setup\SystemSetupInProgress
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ProcessID
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\winmgmt
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Winmgmt\Parameters
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Winmgmt\Parameters\ServiceDllUnloadOnStop
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\sc.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\WmiPrvSE.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\WDI\ResolutionHost
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\WDI\ResolutionHost\Id
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9435F817-FED2-454E-88CD-7F78FDA62C48}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9435F817-FED2-454E-88CD-7F78FDA62C48}\Hash
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9435F817-FED2-454E-88CD-7F78FDA62C48}\Triggers
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\WMIADAP.EXE
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Hostname
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\System\DNSclient
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Domain
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D4781CD6-E5D3-44DF-AD94-930EFE48A887}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D4781CD6-E5D3-44DF-AD94-930EFE48A887}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D4781CD6-E5D3-44DF-AD94-930EFE48A887}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\CustomLocale
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\it-IT
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\ExtendedLocale
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\it-IT
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\it
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\it
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9556DC99-828C-11CF-A37E-00AA003240C7}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9556DC99-828C-11CF-A37E-00AA003240C7}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9556DC99-828C-11CF-A37E-00AA003240C7}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\Progid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\Progid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocHandler32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\EnableObjectValidation
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{027947E1-D731-11CE-A357-000000000001}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{027947E1-D731-11CE-A357-000000000001}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{027947E1-D731-11CE-A357-000000000001}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\Progid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\Progid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocHandler32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1C1C45EE-4395-11D2-B60B-00104B703EFD}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1C1C45EE-4395-11D2-B60B-00104B703EFD}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1C1C45EE-4395-11D2-B60B-00104B703EFD}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{423EC01E-2E35-11D2-B604-00104B703EFD}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{423EC01E-2E35-11D2-B604-00104B703EFD}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{423EC01E-2E35-11D2-B604-00104B703EFD}\ProxyStubClsid32\(Default)
HKEY_CURRENT_USER
HKEY_USERS\.DEFAULT\Control Panel\International
HKEY_USERS\.DEFAULT\Control Panel\International\LocaleName
HKEY_USERS\.DEFAULT\Control Panel\International\sCountry
HKEY_USERS\.DEFAULT\Control Panel\International\sList
HKEY_USERS\.DEFAULT\Control Panel\International\sDecimal
HKEY_USERS\.DEFAULT\Control Panel\International\sThousand
HKEY_USERS\.DEFAULT\Control Panel\International\sGrouping
HKEY_USERS\.DEFAULT\Control Panel\International\sNativeDigits
HKEY_USERS\.DEFAULT\Control Panel\International\sCurrency
HKEY_USERS\.DEFAULT\Control Panel\International\sMonDecimalSep
HKEY_USERS\.DEFAULT\Control Panel\International\sMonThousandSep
HKEY_USERS\.DEFAULT\Control Panel\International\sMonGrouping
HKEY_USERS\.DEFAULT\Control Panel\International\sPositiveSign
HKEY_USERS\.DEFAULT\Control Panel\International\sNegativeSign
HKEY_USERS\.DEFAULT\Control Panel\International\sTimeFormat
HKEY_USERS\.DEFAULT\Control Panel\International\sShortTime
HKEY_USERS\.DEFAULT\Control Panel\International\s1159
HKEY_USERS\.DEFAULT\Control Panel\International\s2359
HKEY_USERS\.DEFAULT\Control Panel\International\sShortDate
HKEY_USERS\.DEFAULT\Control Panel\International\sYearMonth
HKEY_USERS\.DEFAULT\Control Panel\International\sLongDate
HKEY_USERS\.DEFAULT\Control Panel\International\iCountry
HKEY_USERS\.DEFAULT\Control Panel\International\iMeasure
HKEY_USERS\.DEFAULT\Control Panel\International\iPaperSize
HKEY_USERS\.DEFAULT\Control Panel\International\iDigits
HKEY_USERS\.DEFAULT\Control Panel\International\iLZero
HKEY_USERS\.DEFAULT\Control Panel\International\iNegNumber
HKEY_USERS\.DEFAULT\Control Panel\International\NumShape
HKEY_USERS\.DEFAULT\Control Panel\International\iCurrDigits
HKEY_USERS\.DEFAULT\Control Panel\International\iCurrency
HKEY_USERS\.DEFAULT\Control Panel\International\iNegCurr
HKEY_USERS\.DEFAULT\Control Panel\International\iCalendarType
HKEY_USERS\.DEFAULT\Control Panel\International\iFirstDayOfWeek
HKEY_USERS\.DEFAULT\Control Panel\International\iFirstWeekOfYear
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ThrottleDrege
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\Progid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\Progid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32\ServerExecutable
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\AppID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalService
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\DllSurrogate
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\RunAs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\ActivateAtStorage
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\ROTFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\AppIDFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LaunchPermission
HKEY_LOCAL_MACHINE\Software\Microsoft\OLE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\LegacyAuthenticationLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\LegacyImpersonationLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\AuthenticationLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\RemoteServerName
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\SRPTrustLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\PreferredServerBitness
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LoadUserSettings
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\Elevation
HKEY_LOCAL_MACHINE\Software\Microsoft\WBEM\Tracing\WMI
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\SessionEnabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\Level
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\AreaFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\Session
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\LogFile
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\BufferSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\MinimumBuffers
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\MaximumBuffers
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\MaximumFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\LogFileMode
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\FlushTimer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\AgeLimit
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Windows Error Reporting\WMR
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\SYSTEM\Setup
HKEY_LOCAL_MACHINE\SYSTEM\Setup\UpgradeInProgress
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Safeboot\Option
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VSS\VssAccessControl
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Rpc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VSS\Settings
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Settings\ActiveWriterStateTimeout
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VSS\Diag
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\(Default)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VSS\Diag\WMI Writer
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Settings\TornComponentsMax
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{00000100-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{00000100-0000-0000-C000-000000000046}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{00000100-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{609B9555-4FB6-11D1-9971-00C04FBBB345}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{609B9555-4FB6-11D1-9971-00C04FBBB345}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{609B9555-4FB6-11D1-9971-00C04FBBB345}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{609B9557-4FB6-11D1-9971-00C04FBBB345}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{609B9557-4FB6-11D1-9971-00C04FBBB345}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{609B9557-4FB6-11D1-9971-00C04FBBB345}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F309AD18-D86A-11D0-A075-00C04FB68820}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F309AD18-D86A-11D0-A075-00C04FB68820}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F309AD18-D86A-11D0-A075-00C04FB68820}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\TreatAs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\Progid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\Progid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\InProcServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\InProcServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\InprocHandler32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\InprocHandler
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\IdentifierLimit
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\QueryLimit
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\PathLimit
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ArbThrottlingEnabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ArbSystemHighMaxLimitFactor
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ArbTaskMaxSleep
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ArbSystemHighThreshold1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ArbSystemHighThreshold1Mult
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ArbSystemHighThreshold2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ArbSystemHighThreshold2Mult
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ArbSystemHighThreshold3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ArbSystemHighThreshold3Mult
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Unchecked Task Count
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Repository Directory
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Build
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Logging Directory
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\MOF Self-Install Directory
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Default Repository Driver
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ConfigValueCoreFsrepVersion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Repository Cache Spill Ratio
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\CheckPointValue
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\SnapShotValue
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\CheckRepositoryOnNextStartup
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\NumWriteIdCheck
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Max Class Cache Size
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Max Class Cache Item Age (ms)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\NextAutoRecoverFile
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Enable Provider Subsystem
HKEY_LOCAL_MACHINE\Software\Microsoft\Wbem\Transports\Decoupled\Client
HKEY_LOCAL_MACHINE\Software\Microsoft\Wbem\Transports\Decoupled\Client\{79585FF1-D3C3-49FB-94F8-BBC54F5947DB}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{79585FF1-D3C3-49FB-94F8-BBC54F5947DB}\CreationTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{79585FF1-D3C3-49FB-94F8-BBC54F5947DB}\Provider
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{79585FF1-D3C3-49FB-94F8-BBC54F5947DB}\Scope
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{79585FF1-D3C3-49FB-94F8-BBC54F5947DB}\Locale
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{79585FF1-D3C3-49FB-94F8-BBC54F5947DB}\User
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{79585FF1-D3C3-49FB-94F8-BBC54F5947DB}\MarshaledProxy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{79585FF1-D3C3-49FB-94F8-BBC54F5947DB}\ProcessIdentifier
HKEY_LOCAL_MACHINE\Software\Microsoft\Wbem\Transports\Decoupled\Client\{843E6761-D1D8-4D3A-A619-5C9A782BDC5B}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{843E6761-D1D8-4D3A-A619-5C9A782BDC5B}\CreationTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{843E6761-D1D8-4D3A-A619-5C9A782BDC5B}\Provider
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{843E6761-D1D8-4D3A-A619-5C9A782BDC5B}\Scope
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{843E6761-D1D8-4D3A-A619-5C9A782BDC5B}\Locale
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{843E6761-D1D8-4D3A-A619-5C9A782BDC5B}\User
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{843E6761-D1D8-4D3A-A619-5C9A782BDC5B}\MarshaledProxy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{843E6761-D1D8-4D3A-A619-5C9A782BDC5B}\ProcessIdentifier
HKEY_LOCAL_MACHINE\Software\Microsoft\Wbem\Transports\Decoupled\Client\{D676AA31-4EBB-4674-985A-B0FC121B47D7}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{D676AA31-4EBB-4674-985A-B0FC121B47D7}\CreationTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{D676AA31-4EBB-4674-985A-B0FC121B47D7}\Provider
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{D676AA31-4EBB-4674-985A-B0FC121B47D7}\Scope
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{D676AA31-4EBB-4674-985A-B0FC121B47D7}\Locale
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{D676AA31-4EBB-4674-985A-B0FC121B47D7}\User
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{D676AA31-4EBB-4674-985A-B0FC121B47D7}\MarshaledProxy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{D676AA31-4EBB-4674-985A-B0FC121B47D7}\ProcessIdentifier
HKEY_LOCAL_MACHINE\Software\Microsoft\Wbem\Transports\Decoupled\Client\{EEB987D7-815B-4DB0-B315-98F4329A1106}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{EEB987D7-815B-4DB0-B315-98F4329A1106}\CreationTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{EEB987D7-815B-4DB0-B315-98F4329A1106}\Provider
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{EEB987D7-815B-4DB0-B315-98F4329A1106}\Scope
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{EEB987D7-815B-4DB0-B315-98F4329A1106}\Locale
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{EEB987D7-815B-4DB0-B315-98F4329A1106}\User
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{EEB987D7-815B-4DB0-B315-98F4329A1106}\MarshaledProxy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{EEB987D7-815B-4DB0-B315-98F4329A1106}\ProcessIdentifier
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Server\CreationTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Server\ProcessIdentifier
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\EnableEvents
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ConfigValueEssToBeInitialized
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Low Threshold On Events (B)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\High Threshold On Events (B)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Max Wait On Events (ms)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Merger Query Arbitration Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ConfigValueEssNeedsLoading
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\List of event-active namespaces
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\ESS\//./root/subscription
HKEY_LOCAL_MACHINE\software\microsoft\wbem\cimom
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\SetupDate
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Max Async Result Queue Size
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\cimv2
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\cimv2
HKEY_LOCAL_MACHINE\Software\Microsoft\Wbem\CIMOM
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\FinalizerBatchSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ClientCallbackTimeout
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\FinalizerQueueThreshold
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Max Tasks
HKEY_LOCAL_MACHINE\Software\Microsoft\OleAut
HKEY_CLASSES_ROOT\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}\InProcServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}\InprocServer32\(Default)
HKEY_CLASSES_ROOT\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}\InprocServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}\InprocServer32\Synchronization
HKEY_CLASSES_ROOT\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}\AppId
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\minint
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\wmi
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\wmi
HKEY_CLASSES_ROOT\CLSID\{D2D588B5-D081-11d0-99E0-00C04FC2F8EC}\InProcServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D2D588B5-D081-11D0-99E0-00C04FC2F8EC}\InprocServer32\(Default)
HKEY_CLASSES_ROOT\CLSID\{D2D588B5-D081-11d0-99E0-00C04FC2F8EC}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D2D588B5-D081-11D0-99E0-00C04FC2F8EC}\InprocServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D2D588B5-D081-11D0-99E0-00C04FC2F8EC}\InprocServer32\Synchronization
HKEY_CLASSES_ROOT\CLSID\{D2D588B5-D081-11d0-99E0-00C04FC2F8EC}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D2D588B5-D081-11D0-99E0-00C04FC2F8EC}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D2D588B5-D081-11D0-99E0-00C04FC2F8EC}\AppId
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\Root
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\Root
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{07435309-D440-41B7-83F3-EB82DB6C622F}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{07435309-D440-41B7-83F3-EB82DB6C622F}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{07435309-D440-41B7-83F3-EB82DB6C622F}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{21CD80A2-B305-4F37-9D4C-4534A8D9B568}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{21CD80A2-B305-4F37-9D4C-4534A8D9B568}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{21CD80A2-B305-4F37-9D4C-4534A8D9B568}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{06413D98-405C-4A5A-8D6F-19B8B7C6ACF7}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{06413D98-405C-4A5A-8D6F-19B8B7C6ACF7}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{06413D98-405C-4A5A-8D6F-19B8B7C6ACF7}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F50A28CF-5C9C-4F7E-9D80-E25E16E18C59}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F50A28CF-5C9C-4F7E-9D80-E25E16E18C59}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F50A28CF-5C9C-4F7E-9D80-E25E16E18C59}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6B3FC272-BF37-4968-933A-6DF9222A2607}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6B3FC272-BF37-4968-933A-6DF9222A2607}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6B3FC272-BF37-4968-933A-6DF9222A2607}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0FC8C622-1728-4149-A57F-AD19D0970710}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0FC8C622-1728-4149-A57F-AD19D0970710}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0FC8C622-1728-4149-A57F-AD19D0970710}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FEC1B0AC-5808-4033-A915-C0185934581E}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FEC1B0AC-5808-4033-A915-C0185934581E}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FEC1B0AC-5808-4033-A915-C0185934581E}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{EB658B8A-7A64-4DDC-9B8D-A92610DB0206}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{EB658B8A-7A64-4DDC-9B8D-A92610DB0206}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{EB658B8A-7A64-4DDC-9B8D-A92610DB0206}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Sink Transmit Buffer Size
HKEY_LOCAL_MACHINE\Software\Microsoft\Wbem\Cimom
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\DefaultRpcStackSize
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\CMF\Config
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CMF\Config\SYSTEM
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\LSA\AccessProviders
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\AccessProviders\MartaExtension
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\wmiprvse.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\InprocHandler32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\InprocHandler
HKEY_LOCAL_MACHINE\Software\Microsoft\WBEM\WDM
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\WDM\IDE\DiskVBOX_HARDDISK___________________________1.0_____\5&33d1638a&0&0.0.0_0-{05901221-D566-11d1-B2F0-00A0C9062910}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\WDM\C:\Windows\system32\advapi32.dll[MofResourceName]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\WDM\C:\Windows\system32\it-IT\advapi32.dll.mui[MofResourceName]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\WDM\C:\Windows\system32\drivers\ACPI.sys[ACPIMOFResource]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\WDM\C:\Windows\system32\drivers\it-IT\ACPI.sys.mui[ACPIMOFResource]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\WDM\C:\Windows\system32\drivers\ndis.sys[MofResourceName]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\WDM\C:\Windows\system32\drivers\it-IT\ndis.sys.mui[MofResourceName]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\WDM\C:\Windows\system32\DRIVERS\mssmbios.sys[MofResource]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\WDM\C:\Windows\system32\DRIVERS\it-IT\mssmbios.sys.mui[MofResource]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\WDM\C:\Windows\system32\DRIVERS\HDAudBus.sys[HDAudioMofName]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\WDM\C:\Windows\system32\DRIVERS\it-IT\HDAudBus.sys.mui[HDAudioMofName]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\WDM\C:\Windows\system32\DRIVERS\intelppm.sys[PROCESSORWMI]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\WDM\C:\Windows\system32\DRIVERS\it-IT\intelppm.sys.mui[PROCESSORWMI]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\WDM\C:\Windows\System32\Drivers\portcls.SYS[PortclsMof]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\WDM\C:\Windows\System32\Drivers\it-IT\portcls.SYS.mui[PortclsMof]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\WDM\C:\Windows\system32\DRIVERS\monitor.sys[MonitorWMI]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{49353C93-516B-11D1-AEA6-00C04FB68820}

Read Keys

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\InstallRoot
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\CLRLoadLogDir
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\UseLegacyV2RuntimeActivationPolicyDefaultValue
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\OnlyUseLatestCLR
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\NET Framework Setup\NDP\v4\Full\Release
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DisableConfigCache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\CacheLocation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DownloadCacheQuotaInKB
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\EnableLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LoggingLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\ForceLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogFailures
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\LogResourceBinds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\FileInUseRetryAttempts
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\FileInUseMillisecondsBetweenRetries
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\UseLegacyIdentityFormat
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\DisableMSIPeek
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DevOverrideEnable
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\NGen\Policy\v4.0\OptimizeUsedBinaries
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\AltJit
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\Latest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\index26
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\PublisherPolicy\Default\LegacyPolicyTimeStamp
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000410
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\1
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\TransparentEnabled
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\AuthenticodeEnabled
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\{a7a85eba-a2d1-41ec-a656-ba2c9221e354}
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\{a7a85eba-a2d1-41ec-a656-ba2c9221e354}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DisableLocalOverride
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStart
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\GCStressStartAtJit
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\VersioningLog
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NoClientChecks
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\LatestIndex
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126\NIUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index126\ILUsageMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\7950e2c5\83\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\183e33de\83\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\mscorlib,2.0.0.0,,b77a5c561934e089,x86
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\61e7e666\c991064\7a\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\475dce40\2d382ce6\85\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\1bd7b0d8\87\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2dd6ac50\163e1f5e\80\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\1c83327b\86\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\41c04c7e\7f3b6ac4\78\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\1b2590b1\7c\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\2bd33e1c\79\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\3f50fe4f\88\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6f1da7aa\88\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\3cca06a0\6dc7d4c0\7b\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\a5cd4db\7e\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Windows.Forms,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Drawing,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Xml,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Configuration,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Deployment,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Runtime.Serialization.Formatters.Soap,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\Accessibility,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Security,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DllNXOptions\mscorjit.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DllNXOptions\System.ni.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DllNXOptions\System.Drawing.ni.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DllNXOptions\System.Windows.Forms.ni.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\4f99a7c9\2e\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\46ad0879\6f\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\38a3212c\44\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\455bab30\6e\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\53bea2b0\2e\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\Microsoft.VisualBasic,8.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Web,2.0.0.0,,b03f5f7f11d50a3a,x86
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Management,2.0.0.0,,b03f5f7f11d50a3a,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Runtime.Remoting,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DbgJITDebugLaunchSetting
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\DbgManagedDebugger
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\Enabled
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MachineGuid
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA
HKEY_CURRENT_USER\Control Panel\International\sYearMonth
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\AppCompat\RaiseDefaultAuthnLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\DefaultAccessPermission
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{00000134-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\NdrOleExtDLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Extensions\RemoteRpcDll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledProcesses\1DF4D951
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\MachineThrottling
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\DisabledSessions\GlobalSession
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DllNXOptions\culture.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\Server\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DllNXOptions\diasymreader.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\InstallationType
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\159a66b8\424bd4d8\87\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\159a66b8\424bd4d8\87\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\159a66b8\424bd4d8\87\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\159a66b8\424bd4d8\87\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\159a66b8\424bd4d8\87\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\159a66b8\424bd4d8\87\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\159a66b8\424bd4d8\87\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\159a66b8\424bd4d8\87\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\159a66b8\424bd4d8\87\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\ConfigMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\ConfigString
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\MVID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\EvalationData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\ILDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\NIDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\6faf58\19ab8d57\86\MissingDependencies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\75638fee\7566cac\84\DisplayName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\75638fee\7566cac\84\Status
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\75638fee\7566cac\84\Modules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\75638fee\7566cac\84\SIG
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\75638fee\7566cac\84\LastModTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fusion\GACChangeNotification\Default\System.Data.SqlXml,2.0.0.0,,b77a5c561934e089,MSIL
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET CLR Networking\Performance\Library
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET CLR Networking\Performance\IsMultiInstance
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET CLR Networking\Performance\First Counter
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET CLR Networking\Performance\CategoryOptions
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET CLR Networking\Performance\FileMappingSize
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET CLR Networking\Performance\Counter Names
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows\CEIPEnable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Flash Player Updater\Id
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\SchedulingEngineKnob
HKEY_USERS\S-1-5-21-1822907384-1282624486-319450072-1000\Control Panel\International\LocaleName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\SecurityService\DefaultAuthLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\PROVIDERS\Performance\Performance Refresh
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ACPI\MofImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ACPI\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NDIS\MofImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NDIS\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mssmbios\MofImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mssmbios\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HDAudBus\MofImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HDAudBus\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\intelppm\MofImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\intelppm\ImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\monitor\MofImagePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\monitor\ImagePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\WDM\DREDGE\C:\Windows\system32\advapi32.dll[MofResourceName]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\WDM\DREDGE\C:\Windows\system32\it-IT\advapi32.dll.mui[MofResourceName]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\WDM\DREDGE\C:\Windows\system32\drivers\ACPI.sys[ACPIMOFResource]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\WDM\DREDGE\C:\Windows\system32\drivers\it-IT\ACPI.sys.mui[ACPIMOFResource]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\WDM\DREDGE\C:\Windows\system32\drivers\ndis.sys[MofResourceName]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Logging
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Log File Max Size
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\KnownSvcs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Working Directory
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\IpHlpSvc\EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\IpHlpSvc\FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\IpHlpSvc\EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\IpHlpSvc\ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\IpHlpSvc\MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\IpHlpSvc\FileDirectory
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\iphlpsvc\Parameters\ServiceDllUnloadOnStop
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\LastServiceStart
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0000000C-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B7B31DF9-D515-11D3-A11C-00105A1F515A}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Server\MarshaledProxy
HKEY_LOCAL_MACHINE\SYSTEM\Setup\SystemSetupInProgress
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Winmgmt\Parameters\ServiceDllUnloadOnStop
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\WDI\ResolutionHost\Id
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9435F817-FED2-454E-88CD-7F78FDA62C48}\Hash
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9435F817-FED2-454E-88CD-7F78FDA62C48}\Triggers
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ProcessID
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Hostname
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip\Parameters\Domain
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D4781CD6-E5D3-44DF-AD94-930EFE48A887}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\it-IT
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\it-IT
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\it
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\it
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9556DC99-828C-11CF-A37E-00AA003240C7}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D68AF00A-29CB-43FA-8504-CE99A996D9EA}\InprocServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\EnableObjectValidation
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{027947E1-D731-11CE-A357-000000000001}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B1CAD8C-2DAB-11D2-B604-00104B703EFD}\InprocServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1C1C45EE-4395-11D2-B60B-00104B703EFD}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{423EC01E-2E35-11D2-B604-00104B703EFD}\ProxyStubClsid32\(Default)
HKEY_USERS\.DEFAULT\Control Panel\International\LocaleName
HKEY_USERS\.DEFAULT\Control Panel\International\sCountry
HKEY_USERS\.DEFAULT\Control Panel\International\sList
HKEY_USERS\.DEFAULT\Control Panel\International\sDecimal
HKEY_USERS\.DEFAULT\Control Panel\International\sThousand
HKEY_USERS\.DEFAULT\Control Panel\International\sGrouping
HKEY_USERS\.DEFAULT\Control Panel\International\sNativeDigits
HKEY_USERS\.DEFAULT\Control Panel\International\sCurrency
HKEY_USERS\.DEFAULT\Control Panel\International\sMonDecimalSep
HKEY_USERS\.DEFAULT\Control Panel\International\sMonThousandSep
HKEY_USERS\.DEFAULT\Control Panel\International\sMonGrouping
HKEY_USERS\.DEFAULT\Control Panel\International\sPositiveSign
HKEY_USERS\.DEFAULT\Control Panel\International\sNegativeSign
HKEY_USERS\.DEFAULT\Control Panel\International\sTimeFormat
HKEY_USERS\.DEFAULT\Control Panel\International\sShortTime
HKEY_USERS\.DEFAULT\Control Panel\International\s1159
HKEY_USERS\.DEFAULT\Control Panel\International\s2359
HKEY_USERS\.DEFAULT\Control Panel\International\sShortDate
HKEY_USERS\.DEFAULT\Control Panel\International\sYearMonth
HKEY_USERS\.DEFAULT\Control Panel\International\sLongDate
HKEY_USERS\.DEFAULT\Control Panel\International\iCountry
HKEY_USERS\.DEFAULT\Control Panel\International\iMeasure
HKEY_USERS\.DEFAULT\Control Panel\International\iPaperSize
HKEY_USERS\.DEFAULT\Control Panel\International\iDigits
HKEY_USERS\.DEFAULT\Control Panel\International\iLZero
HKEY_USERS\.DEFAULT\Control Panel\International\iNegNumber
HKEY_USERS\.DEFAULT\Control Panel\International\NumShape
HKEY_USERS\.DEFAULT\Control Panel\International\iCurrDigits
HKEY_USERS\.DEFAULT\Control Panel\International\iCurrency
HKEY_USERS\.DEFAULT\Control Panel\International\iNegCurr
HKEY_USERS\.DEFAULT\Control Panel\International\iCalendarType
HKEY_USERS\.DEFAULT\Control Panel\International\iFirstDayOfWeek
HKEY_USERS\.DEFAULT\Control Panel\International\iFirstWeekOfYear
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ThrottleDrege
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32\ServerExecutable
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\AppID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalService
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\DllSurrogate
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\RunAs
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\ActivateAtStorage
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\ROTFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\AppIDFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LaunchPermission
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\LegacyAuthenticationLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\LegacyImpersonationLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\AuthenticationLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\RemoteServerName
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\SRPTrustLevel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\PreferredServerBitness
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LoadUserSettings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\SessionEnabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\Level
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\AreaFlags
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\Session
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\LogFile
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\BufferSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\MinimumBuffers
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\MaximumBuffers
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\MaximumFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\LogFileMode
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\FlushTimer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Tracing\WMI\AgeLimit
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\WMR\Disable
HKEY_LOCAL_MACHINE\SYSTEM\Setup\UpgradeInProgress
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Settings\ActiveWriterStateTimeout
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\(Default)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Settings\TornComponentsMax
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{00000100-0000-0000-C000-000000000046}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{609B9555-4FB6-11D1-9971-00C04FBBB345}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{609B9557-4FB6-11D1-9971-00C04FBBB345}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F309AD18-D86A-11D0-A075-00C04FB68820}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\InProcServer32\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\InProcServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\InProcServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\IdentifierLimit
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\QueryLimit
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\PathLimit
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ArbThrottlingEnabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ArbSystemHighMaxLimitFactor
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ArbTaskMaxSleep
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ArbSystemHighThreshold1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ArbSystemHighThreshold1Mult
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ArbSystemHighThreshold2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ArbSystemHighThreshold2Mult
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ArbSystemHighThreshold3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ArbSystemHighThreshold3Mult
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Unchecked Task Count
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Repository Directory
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Build
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Logging Directory
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\MOF Self-Install Directory
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Default Repository Driver
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ConfigValueCoreFsrepVersion
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Repository Cache Spill Ratio
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\CheckPointValue
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\SnapShotValue
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\CheckRepositoryOnNextStartup
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\NumWriteIdCheck
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Max Class Cache Size
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Max Class Cache Item Age (ms)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\NextAutoRecoverFile
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Enable Provider Subsystem
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{79585FF1-D3C3-49FB-94F8-BBC54F5947DB}\CreationTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{79585FF1-D3C3-49FB-94F8-BBC54F5947DB}\Provider
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{79585FF1-D3C3-49FB-94F8-BBC54F5947DB}\Scope
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{79585FF1-D3C3-49FB-94F8-BBC54F5947DB}\Locale
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{79585FF1-D3C3-49FB-94F8-BBC54F5947DB}\User
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{79585FF1-D3C3-49FB-94F8-BBC54F5947DB}\MarshaledProxy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{79585FF1-D3C3-49FB-94F8-BBC54F5947DB}\ProcessIdentifier
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{843E6761-D1D8-4D3A-A619-5C9A782BDC5B}\CreationTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{843E6761-D1D8-4D3A-A619-5C9A782BDC5B}\Provider
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{843E6761-D1D8-4D3A-A619-5C9A782BDC5B}\Scope
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{843E6761-D1D8-4D3A-A619-5C9A782BDC5B}\Locale
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{843E6761-D1D8-4D3A-A619-5C9A782BDC5B}\User
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{843E6761-D1D8-4D3A-A619-5C9A782BDC5B}\MarshaledProxy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{843E6761-D1D8-4D3A-A619-5C9A782BDC5B}\ProcessIdentifier
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{D676AA31-4EBB-4674-985A-B0FC121B47D7}\CreationTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{D676AA31-4EBB-4674-985A-B0FC121B47D7}\Provider
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{D676AA31-4EBB-4674-985A-B0FC121B47D7}\Scope
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{D676AA31-4EBB-4674-985A-B0FC121B47D7}\Locale
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{D676AA31-4EBB-4674-985A-B0FC121B47D7}\User
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{D676AA31-4EBB-4674-985A-B0FC121B47D7}\MarshaledProxy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{D676AA31-4EBB-4674-985A-B0FC121B47D7}\ProcessIdentifier
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{EEB987D7-815B-4DB0-B315-98F4329A1106}\CreationTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{EEB987D7-815B-4DB0-B315-98F4329A1106}\Provider
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{EEB987D7-815B-4DB0-B315-98F4329A1106}\Scope
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{EEB987D7-815B-4DB0-B315-98F4329A1106}\Locale
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{EEB987D7-815B-4DB0-B315-98F4329A1106}\User
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{EEB987D7-815B-4DB0-B315-98F4329A1106}\MarshaledProxy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Client\{EEB987D7-815B-4DB0-B315-98F4329A1106}\ProcessIdentifier
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\EnableEvents
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ConfigValueEssToBeInitialized
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Low Threshold On Events (B)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\High Threshold On Events (B)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Max Wait On Events (ms)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Merger Query Arbitration Enabled
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\SetupDate
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Max Async Result Queue Size
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\cimv2
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\cimv2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\FinalizerBatchSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ClientCallbackTimeout
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\FinalizerQueueThreshold
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Max Tasks
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}\InprocServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}\InprocServer32\Synchronization
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{661FF7F6-F4D1-4593-B59D-4C54C1ECE68B}\AppId
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\wmi
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\wmi
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D2D588B5-D081-11D0-99E0-00C04FC2F8EC}\InprocServer32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D2D588B5-D081-11D0-99E0-00C04FC2F8EC}\InprocServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D2D588B5-D081-11D0-99E0-00C04FC2F8EC}\InprocServer32\Synchronization
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D2D588B5-D081-11D0-99E0-00C04FC2F8EC}\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D2D588B5-D081-11D0-99E0-00C04FC2F8EC}\AppId
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\Root
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\Root
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{07435309-D440-41B7-83F3-EB82DB6C622F}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{21CD80A2-B305-4F37-9D4C-4534A8D9B568}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{06413D98-405C-4A5A-8D6F-19B8B7C6ACF7}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ConfigValueEssNeedsLoading
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F50A28CF-5C9C-4F7E-9D80-E25E16E18C59}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6B3FC272-BF37-4968-933A-6DF9222A2607}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0FC8C622-1728-4149-A57F-AD19D0970710}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FEC1B0AC-5808-4033-A915-C0185934581E}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{EB658B8A-7A64-4DDC-9B8D-A92610DB0206}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Sink Transmit Buffer Size
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\DefaultRpcStackSize
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\CMF\Config\SYSTEM
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\AccessProviders\MartaExtension

Write Keys

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BDCA4E97-DB85-4E8E-BF98-2CA65DA4EFBD}\Path
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BDCA4E97-DB85-4E8E-BF98-2CA65DA4EFBD}\Hash
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UPNP Subsystem\Id
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UPNP Subsystem\Index
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BDCA4E97-DB85-4E8E-BF98-2CA65DA4EFBD}\Triggers
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\LastServiceStart
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\PreviousServiceShutdown
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ProcessID
HKEY_LOCAL_MACHINE\Software\Microsoft\Wbem\Transports\Decoupled\Server
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Server\CreationTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Server\MarshaledProxy
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Transports\Decoupled\Server\ProcessIdentifier
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\ConfigValueEssNeedsLoading
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\List of event-active namespaces
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\ESS\//./root/CIMV2\SCM Event Provider
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\WDM\IDE\DiskVBOX_HARDDISK___________________________1.0_____\5&33d1638a&0&0.0.0_0-{05901221-D566-11d1-B2F0-00A0C9062910}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\WDM\C:\Windows\system32\advapi32.dll[MofResourceName]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\WDM\C:\Windows\system32\it-IT\advapi32.dll.mui[MofResourceName]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\WDM\C:\Windows\system32\drivers\ACPI.sys[ACPIMOFResource]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\WDM\C:\Windows\system32\drivers\it-IT\ACPI.sys.mui[ACPIMOFResource]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\WDM\C:\Windows\system32\drivers\ndis.sys[MofResourceName]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\WDM\C:\Windows\system32\drivers\it-IT\ndis.sys.mui[MofResourceName]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\WDM\C:\Windows\system32\DRIVERS\mssmbios.sys[MofResource]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\WDM\C:\Windows\system32\DRIVERS\it-IT\mssmbios.sys.mui[MofResource]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\WDM\C:\Windows\system32\DRIVERS\HDAudBus.sys[HDAudioMofName]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\WDM\C:\Windows\system32\DRIVERS\it-IT\HDAudBus.sys.mui[HDAudioMofName]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\WDM\C:\Windows\system32\DRIVERS\intelppm.sys[PROCESSORWMI]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\WDM\C:\Windows\system32\DRIVERS\it-IT\intelppm.sys.mui[PROCESSORWMI]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\WDM\C:\Windows\System32\Drivers\portcls.SYS[PortclsMof]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\WDM\C:\Windows\System32\Drivers\it-IT\portcls.SYS.mui[PortclsMof]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\WDM\C:\Windows\system32\DRIVERS\monitor.sys[MonitorWMI]

Delete Keys

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures\UPNP Subsystem.job
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures\UPNP Subsystem.job.fp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\LastServiceStart
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\WDM\C:\Windows\system32\drivers\it-IT\ndis.sys.mui[MofResourceName]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\WDM\C:\Windows\system32\DRIVERS\monitor.sys[MonitorWMI]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\WDM\C:\Windows\system32\drivers\ndis.sys[MofResourceName]

Mutexes

frenchy_shellcode_003
Global\CLR_CASOFF_MUTEX
Global\{08568ce6-4702-4ae6-ab08-1a82772989bb}
Global\.net clr networking
Global\ADAP_WMI_ENTRY
Global\RefreshRA_Mutex
Global\RefreshRA_Mutex_Lib
Global\RefreshRA_Mutex_Flag

Resolved APIs

advapi32.dll.RegOpenKeyExW
advapi32.dll.RegQueryInfoKeyW
advapi32.dll.RegEnumKeyExW
advapi32.dll.RegEnumValueW
advapi32.dll.RegCloseKey
advapi32.dll.RegQueryValueExW
kernel32.dll.FlsAlloc
kernel32.dll.FlsFree
kernel32.dll.FlsGetValue
kernel32.dll.FlsSetValue
kernel32.dll.InitializeCriticalSectionEx
kernel32.dll.CreateEventExW
kernel32.dll.CreateSemaphoreExW
kernel32.dll.SetThreadStackGuarantee
kernel32.dll.CreateThreadpoolTimer
kernel32.dll.SetThreadpoolTimer
kernel32.dll.WaitForThreadpoolTimerCallbacks
kernel32.dll.CloseThreadpoolTimer
kernel32.dll.CreateThreadpoolWait
kernel32.dll.SetThreadpoolWait
kernel32.dll.CloseThreadpoolWait
kernel32.dll.FlushProcessWriteBuffers
kernel32.dll.FreeLibraryWhenCallbackReturns
kernel32.dll.GetCurrentProcessorNumber
kernel32.dll.GetLogicalProcessorInformation
kernel32.dll.CreateSymbolicLinkW
kernel32.dll.EnumSystemLocalesEx
kernel32.dll.CompareStringEx
kernel32.dll.GetDateFormatEx
kernel32.dll.GetLocaleInfoEx
kernel32.dll.GetTimeFormatEx
kernel32.dll.GetUserDefaultLocaleName
kernel32.dll.IsValidLocaleName
kernel32.dll.LCMapStringEx
kernel32.dll.GetTickCount64
advapi32.dll.EventRegister
mscoree.dll.#142
mscoreei.dll.RegisterShimImplCallback
mscoreei.dll.OnShimDllMainCalled
mscoreei.dll._CorExeMain
shlwapi.dll.UrlIsW
version.dll.GetFileVersionInfoSizeW
version.dll.GetFileVersionInfoW
version.dll.VerQueryValueW
clr.dll.SetRuntimeInfo
clr.dll._CorExeMain
mscoree.dll.CreateConfigStream
mscoreei.dll.CreateConfigStream
kernel32.dll.GetNumaHighestNodeNumber
kernel32.dll.GetSystemWindowsDirectoryW
advapi32.dll.AllocateAndInitializeSid
advapi32.dll.OpenProcessToken
advapi32.dll.GetTokenInformation
advapi32.dll.InitializeAcl
advapi32.dll.AddAccessAllowedAce
advapi32.dll.FreeSid
kernel32.dll.AddSIDToBoundaryDescriptor
kernel32.dll.CreateBoundaryDescriptorW
kernel32.dll.CreatePrivateNamespaceW
kernel32.dll.OpenPrivateNamespaceW
kernel32.dll.DeleteBoundaryDescriptor
kernel32.dll.WerRegisterRuntimeExceptionModule
kernel32.dll.RaiseException
mscoree.dll.#24
mscoreei.dll.#24
ntdll.dll.NtSetSystemInformation
kernel32.dll.SortGetHandle
kernel32.dll.SortCloseHandle
kernel32.dll.GetNativeSystemInfo
ole32.dll.CoInitializeEx
cryptbase.dll.SystemFunction036
ole32.dll.CoGetContextToken
clrjit.dll.sxsJitStartup
clrjit.dll.getJit
mscoree.dll.GetProcessExecutableHeap
mscoreei.dll.GetProcessExecutableHeap
kernel32.dll.FindResourceA
kernel32.dll.SizeofResource
kernel32.dll.LoadResource
kernel32.dll.LockResource
kernel32.dll.LCIDToLocaleName
kernel32.dll.LocaleNameToLCID
kernel32.dll.GetUserPreferredUILanguages
shell32.dll.SHGetFolderPathW
ole32.dll.CoTaskMemAlloc
ole32.dll.CoTaskMemFree
kernel32.dll.GetFullPathNameW
kernel32.dll.SetThreadErrorMode
kernel32.dll.GetFileAttributesExW
kernel32.dll.CopyFileW
kernel32.dll.DeleteFileA
kernel32.dll.WideCharToMultiByte
kernel32.dll.VirtualAlloc
kernel32.dll.LocalAlloc
advapi32.dll.CryptAcquireContextW
advapi32.dll.CryptCreateHash
advapi32.dll.CryptDecrypt
advapi32.dll.CryptDeriveKey
advapi32.dll.CryptDestroyHash
advapi32.dll.CryptDestroyKey
advapi32.dll.CryptHashData
advapi32.dll.CryptReleaseContext
user32.dll.MessageBoxA
ole32.dll.CoCreateInstance
kernel32.dll.CreateMutexW
apphelp.dll.ApphelpCheckRunAppEx
apphelp.dll.ApphelpQueryModuleDataEx
apphelp.dll.ApphelpParseModuleData
apphelp.dll.ApphelpCreateAppcompatData
apphelp.dll.SdbInitDatabaseEx
apphelp.dll.SdbReleaseDatabase
apphelp.dll.SdbUnpackAppCompatData
apphelp.dll.SdbQueryContext
kernel32.dll.GetCurrentProcess
advapi32.dll.GetKernelObjectSecurity
advapi32.dll.LookupPrivilegeValueW
advapi32.dll.AdjustTokenPrivileges
kernel32.dll.CloseHandle
ntdll.dll.NtQuerySystemInformation
kernel32.dll.GetCurrentProcessId
kernel32.dll.OpenThread
advapi32.dll.SetKernelObjectSecurity
kernel32.dll.InitializeCriticalSectionAndSpinCount
kernel32.dll.IsProcessorFeaturePresent
msvcrt.dll._set_error_mode
msvcrt.dll.?set_terminate@@YAP6AXXZP6AXXZ@Z
kernel32.dll.FindActCtxSectionStringW
mscorwks.dll._CorExeMain
mscorwks.dll.GetCLRFunction
advapi32.dll.RegisterTraceGuidsW
advapi32.dll.UnregisterTraceGuids
advapi32.dll.GetTraceLoggerHandle
advapi32.dll.GetTraceEnableLevel
advapi32.dll.GetTraceEnableFlags
advapi32.dll.TraceEvent
mscoree.dll.IEE
mscoreei.dll.IEE
mscorwks.dll.IEE
mscoree.dll.GetStartupFlags
mscoreei.dll.GetStartupFlags
mscoree.dll.GetHostConfigurationFile
mscoreei.dll.GetHostConfigurationFile
mscoreei.dll.GetCORVersion
mscoree.dll.GetCORSystemDirectory
mscoreei.dll.GetCORSystemDirectory_RetAddr
ntdll.dll.RtlUnwind
kernel32.dll.IsWow64Process
kernel32.dll.AddVectoredContinueHandler
kernel32.dll.RemoveVectoredContinueHandler
advapi32.dll.ConvertSidToStringSidW
kernel32.dll.GetWriteWatch
kernel32.dll.ResetWriteWatch
kernel32.dll.CreateMemoryResourceNotification
kernel32.dll.QueryMemoryResourceNotification
uxtheme.dll.ThemeInitApiHook
user32.dll.IsProcessDPIAware
kernel32.dll.QueryActCtxW
kernel32.dll.GetVersionExW
advapi32.dll.CryptAcquireContextA
advapi32.dll.CryptGetHashParam
advapi32.dll.CryptImportKey
advapi32.dll.CryptExportKey
advapi32.dll.CryptGenKey
advapi32.dll.CryptGetKeyParam
advapi32.dll.CryptVerifySignatureA
advapi32.dll.CryptSignHashA
advapi32.dll.CryptGetProvParam
advapi32.dll.CryptGetUserKey
advapi32.dll.CryptEnumProvidersA
mscoree.dll.GetMetaDataInternalInterface
mscoreei.dll.GetMetaDataInternalInterface
mscorwks.dll.GetMetaDataInternalInterface
cryptsp.dll.CryptAcquireContextA
cryptsp.dll.CryptImportKey
cryptsp.dll.CryptCreateHash
cryptsp.dll.CryptHashData
cryptsp.dll.CryptVerifySignatureA
cryptsp.dll.CryptDestroyHash
cryptsp.dll.CryptDestroyKey
mscorjit.dll.getJit
kernel32.dll.GetUserDefaultUILanguage
user32.dll.RegisterWindowMessageW
user32.dll.GetSystemMetrics
user32.dll.AdjustWindowRectEx
kernel32.dll.GetCurrentThread
kernel32.dll.DuplicateHandle
kernel32.dll.GetCurrentThreadId
kernel32.dll.lstrlen
kernel32.dll.lstrlenW
kernel32.dll.GetModuleHandleW
kernel32.dll.GetProcAddress
user32.dll.DefWindowProcW
gdi32.dll.GetStockObject
user32.dll.RegisterClassW
user32.dll.CreateWindowExW
user32.dll.SetWindowLongW
user32.dll.GetWindowLongW
user32.dll.CallWindowProcW
user32.dll.GetClientRect
user32.dll.GetWindowRect
user32.dll.GetParent
uxtheme.dll.IsAppThemed
kernel32.dll.CreateActCtxA
kernel32.dll.GetCurrentActCtx
kernel32.dll.ActivateActCtx
dwmapi.dll.DwmIsCompositionEnabled
user32.dll.GetWindowTextLengthW
user32.dll.GetWindowTextW
user32.dll.GetProcessWindowStation
user32.dll.GetUserObjectInformationA
kernel32.dll.SetConsoleCtrlHandler
user32.dll.GetClassInfoW
kernel32.dll.GetStartupInfoW
user32.dll.GetWindowPlacement
user32.dll.GetDC
gdi32.dll.GetDeviceCaps
user32.dll.ReleaseDC
user32.dll.CreateIconFromResourceEx
user32.dll.SendMessageW
user32.dll.GetSystemMenu
user32.dll.EnableMenuItem
user32.dll.SetWindowPos
user32.dll.RedrawWindow
user32.dll.ShowWindow
user32.dll.GetWindowThreadProcessId
user32.dll.PostMessageW
ole32.dll.OleInitialize
ole32.dll.CoRegisterMessageFilter
user32.dll.PeekMessageW
user32.dll.IsWindowUnicode
user32.dll.GetMessageW
user32.dll.TranslateMessage
user32.dll.DispatchMessageW
user32.dll.GetFocus
kernel32.dll.GetModuleFileNameW
kernel32.dll.SetCurrentDirectoryW
kernel32.dll.FindResourceExA
cryptsp.dll.CryptAcquireContextW
bcrypt.dll.BCryptGetFipsAlgorithmMode
cryptsp.dll.CryptGetHashParam
cryptsp.dll.CryptGetProvParam
cryptsp.dll.CryptSetKeyParam
cryptsp.dll.CryptDecrypt
cryptsp.dll.CryptEncrypt
kernel32.dll.ReleaseMutex
advapi32.dll.RegOpenKeyExA
advapi32.dll.RegQueryValueExA
shfolder.dll.SHGetFolderPathW
kernel32.dll.SetErrorMode
kernel32.dll.CreateDirectoryW
kernel32.dll.CreateFileW
kernel32.dll.GetFileType
kernel32.dll.WriteFile
kernel32.dll.GetTempPathW
kernel32.dll.GetTempFileNameW
kernel32.dll.GetCurrentDirectoryW
kernel32.dll.CreateProcessW
ole32.dll.CoWaitForMultipleHandles
sechost.dll.LookupAccountNameLocalW
advapi32.dll.LookupAccountSidW
sechost.dll.LookupAccountSidLocalW
cryptsp.dll.CryptGenRandom
ole32.dll.NdrOleInitializeExtension
ole32.dll.CoGetClassObject
ole32.dll.CoGetMarshalSizeMax
ole32.dll.CoMarshalInterface
ole32.dll.CoUnmarshalInterface
ole32.dll.StringFromIID
ole32.dll.CoGetPSClsid
ole32.dll.CoReleaseMarshalData
ole32.dll.DcomChannelSetHResult
rpcrtremote.dll.I_RpcExtInitializeExtensionPoint
kernel32.dll.GetExitCodeProcess
kernel32.dll.DeleteFileW
kernel32.dll.GetSystemInfo
kernel32.dll.CreateIoCompletionPort
kernel32.dll.PostQueuedCompletionStatus
ntdll.dll.NtQueryInformationThread
ntdll.dll.NtGetCurrentProcessorNumber
mscoreei.dll.LoadLibraryShim
culture.dll.ConvertLangIdToCultureName
mscoree.dll.DllGetClassObject
mscoreei.dll.DllGetClassObject
diasymreader.dll.DllGetClassObjectInternal
advapi32.dll.GetUserNameW
user32.dll.GetForegroundWindow
psapi.dll.EnumProcesses
user32.dll.GetKeyboardLayout
kernel32.dll.GlobalMemoryStatusEx
kernel32.dll.SwitchToThread
user32.dll.RegisterRawInputDevices
user32.dll.SetClipboardViewer
user32.dll.SendMessageA
ole32.dll.CoCreateGuid
ws2_32.dll.WSAStartup
ws2_32.dll.WSASocketW
ws2_32.dll.setsockopt
ws2_32.dll.WSAEventSelect
ws2_32.dll.ioctlsocket
ws2_32.dll.closesocket
kernel32.dll.GetFileSize
kernel32.dll.ReadFile
mscoree.dll.ND_RI2
mscoreei.dll.ND_RI2
kernel32.dll.GetComputerNameW
advapi32.dll.ConvertStringSecurityDescriptorToSecurityDescriptorW
kernel32.dll.LocalFree
kernel32.dll.CreateFileMappingW
kernel32.dll.MapViewOfFile
kernel32.dll.UnmapViewOfFile
kernel32.dll.VirtualQuery
advapi32.dll.CreateWellKnownSid
kernel32.dll.WaitForSingleObject
kernel32.dll.OpenMutexW
kernel32.dll.OpenProcess
kernel32.dll.GetProcessTimes
ws2_32.dll.inet_addr
user32.dll.WaitMessage
dnsapi.dll.DnsQuery_A
ws2_32.dll.getaddrinfo
ws2_32.dll.freeaddrinfo
ws2_32.dll.bind
ws2_32.dll.WSAIoctl
ws2_32.dll.WSAGetOverlappedResult
kernel32.dll.FormatMessageW
ole32.dll.CoUninitialize
oleaut32.dll.#500
kernel32.dll.SetThreadExecutionState
sspicli.dll.GetUserNameExW
pcwum.dll.PerfDeleteInstance
pcwum.dll.PerfStopProvider
cryptsp.dll.CryptReleaseContext
propsys.dll.PropVariantToVariant
ole32.dll.CoDisconnectObject
wbemcore.dll.Shutdown
kernel32.dll.RegDeleteValueW
oleaut32.dll.#9
wtsapi32.dll.WTSQueryUserToken
kernel32.dll.GetThreadPreferredUILanguages
kernel32.dll.SetThreadPreferredUILanguages
kernel32.dll.GetSystemDefaultLocaleName
fastprox.dll.DllGetClassObject
fastprox.dll.DllCanUnloadNow
oleaut32.dll.#283
oleaut32.dll.#284
kernel32.dll.RegOpenKeyExW
psapi.dll.EnumProcessModules
psapi.dll.GetModuleBaseNameW
user32.dll.GetLastInputInfo
vssapi.dll.CreateWriter
oleaut32.dll.#6
oleaut32.dll.#2
advapi32.dll.LookupAccountNameW
samcli.dll.NetLocalGroupGetMembers
samlib.dll.SamConnect
rpcrt4.dll.NdrClientCall3
rpcrt4.dll.RpcStringBindingComposeW
rpcrt4.dll.RpcBindingFromStringBindingW
rpcrt4.dll.RpcStringFreeW
rpcrt4.dll.RpcBindingFree
samlib.dll.SamOpenDomain
samlib.dll.SamLookupNamesInDomain
samlib.dll.SamOpenAlias
samlib.dll.SamFreeMemory
samlib.dll.SamCloseHandle
samlib.dll.SamGetMembersInAlias
netutils.dll.NetApiBufferFree
samlib.dll.SamEnumerateDomainsInSamServer
samlib.dll.SamLookupDomainInSamServer
ole32.dll.StringFromCLSID
oleaut32.dll.#4
oleaut32.dll.#7
propsys.dll.VariantToPropVariant
wbemcore.dll.Reinitialize
wbemsvc.dll.DllGetClassObject
wbemsvc.dll.DllCanUnloadNow
authz.dll.AuthzInitializeContextFromToken
authz.dll.AuthzInitializeObjectAccessAuditEvent2
authz.dll.AuthzAccessCheck
authz.dll.AuthzFreeAuditEvent
authz.dll.AuthzFreeContext
authz.dll.AuthzInitializeResourceManager
authz.dll.AuthzFreeResourceManager
rpcrt4.dll.RpcBindingCreateW
rpcrt4.dll.RpcBindingBind
rpcrt4.dll.I_RpcMapWin32Status
advapi32.dll.EventUnregister
advapi32.dll.EventWrite
advapi32.dll.EventActivityIdControl
advapi32.dll.EventWriteTransfer
advapi32.dll.EventEnabled
kernel32.dll.RegCloseKey
kernel32.dll.RegSetValueExW
kernel32.dll.RegQueryValueExW
wmisvc.dll.IsImproperShutdownDetected
wevtapi.dll.EvtRender
wevtapi.dll.EvtNext
wevtapi.dll.EvtClose
wevtapi.dll.EvtQuery
wevtapi.dll.EvtCreateRenderContext
rpcrt4.dll.RpcBindingSetAuthInfoExW
rpcrt4.dll.RpcBindingSetOption
ole32.dll.CoCreateFreeThreadedMarshaler
ole32.dll.CreateStreamOnHGlobal
kernelbase.dll.InitializeAcl
kernelbase.dll.AddAce
kernel32.dll.OpenProcessToken
kernelbase.dll.GetTokenInformation
kernelbase.dll.DuplicateTokenEx
kernelbase.dll.AdjustTokenPrivileges
kernelbase.dll.AllocateAndInitializeSid
kernelbase.dll.CheckTokenMembership
oleaut32.dll.#285
advapi32.dll.RegOpenKeyW
kernel32.dll.SetThreadToken
ole32.dll.CLSIDFromString
oleaut32.dll.#17
oleaut32.dll.#20
oleaut32.dll.#19
oleaut32.dll.#25
oleaut32.dll.#286
authz.dll.AuthzInitializeContextFromSid
ole32.dll.CoGetCallContext
ole32.dll.CoImpersonateClient
ole32.dll.CoRevertToSelf
oleaut32.dll.#8
ole32.dll.CoSwitchCallContext
ntmarta.dll.GetMartaExtensionInterface

Execute Commands

"C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe"
"schtasks.exe" /create /f /tn "UPNP Subsystem" /xml "C:\Users\Seven01\AppData\Local\Temp\tmp89F6.tmp"
\\?\C:\Windows\system32\wbem\WMIADAP.EXE wmiadap.exe /F /T /R
C:\Windows\system32\wbem\wmiprvse.exe -Embedding

Started Services

Nothing to display

Created Services

Nothing to display

Behavior analysis details
Machine name	Machine label	Machine manager	Started	Ended	Duration
Seven02_64	Seven02_64	VirtualBox	2019-08-20 14:52:36	2019-08-20 14:55:35	179

2 Host(s) detected

IP Address	Hostname	Reverse DNS
8.8.8.8		dns.google.
8.8.4.4		dns.google.

Host(s) by Country

Hosts	Country 1
2	United States

Import Hash: f34d5f2d4577ed6d9ceec516c1f5a744
Submission	File name	MD5
2016-01-04 10:21:41	ryvyop.exe	a07dd930d896556d7fbedf26b5d71053
2016-01-04 10:28:50	zerolocker.exe	bd0a3c308a6d3372817a474b7c653097
2016-01-04 10:32:13	PTS.exe	f05d8e8e663b1d3787c78c9342e02601
2016-01-04 10:37:47	updater_x86.exe	cef16aaa56aa47e375bb35e9660230fe
2016-01-04 15:38:39	nova cópia de P.O.exe	7ed4e68ff75ac990fcbc047ee75bbeeb
2016-01-25 15:31:17	CSGO TypicalBOT.exe	19fc48f26d00b2676b29a6c6cb105947
2016-02-02 15:16:07	LLR142.exe	2d47fa30aa45d516ae0bc8b594a595fe
2016-02-29 10:12:05	jeee.exe	2e96fa9304c31daf13dcb37e9136b2f5
2016-04-11 11:35:49	Installazione.exe	02b78d4d8fef05845134048d2697be2e
2016-04-12 09:26:08	571983.8040.exe	882aef05b28d003c661cccca58dc12ed
2016-06-20 14:45:02	pnysat.exe	de3b681b9cf1047bb6db1827c577d7e4
2016-06-20 15:36:04	PROGRAMMING.exe	9a06cf9a99c09f2f191c7d0a3a02e1e5
2016-06-21 19:21:02	s.exe	c9c9716b34e93a8a69bcbe51d9c38367
2016-06-21 19:24:02	t.exe	a932cf3c3265a0a5877d8323f85d0b7f
2016-06-23 13:30:02	Mechanism.exe	f414fe5302216bcf6674cf1dcabaebfe
2016-06-23 20:57:04	spe.exe	c96b4f29f20db9270ef8066775f2e603
2016-06-23 21:00:03	win.exe	70b5a608c792a807c7fdfb7ad786fce6
2016-06-23 21:09:05	kunde.exe	d5ea316da41904c647d59e0eeb167f97
2016-06-24 23:15:02	anonpop.exe	cdd68c998c57e3c8a26f94c3aaacc580
2016-06-27 14:15:05	soldier.exe	2b478db2af56153a2cee33f71213cc2f
2016-06-28 01:36:03	slim.exe	3867c87a582f65156e89adfb39e99838
2016-06-28 10:54:05	uchee.exe	881e968ddf34c38943a56651a3870174
2016-06-28 16:15:04	nigga.exe	c5c0ee62b0ec50c681539f64ddd4d87d
2016-06-28 20:36:05	opera.exe	36b99b35835db1694457dda5d628104b
2016-06-28 20:39:05	shooo.exe	e9d593a394e62fde7fea76fdf3ced4fd
2016-06-30 14:03:04	orderr.exe	cdf4d907bc8a173fea454dc33d4edf76
2016-06-30 14:06:04	order.exe	77381d5ad94b32aeb2f376cb2133331f
2016-06-30 14:09:02	ss.exe	9558fca2b182f491a45249a3cfb547d4
2016-06-30 19:51:04	orderr.exe	985a276b7cdf188f7729f90a628ad938
2016-06-30 19:54:04	order.exe	e41d68bcf112ff63e5e454f802e60b5c
2016-06-30 19:57:03	order.exe	aea4fcd5f12fcb277f7c25741b6b4d9c
2016-06-30 20:00:04	order.exe	fc1e712ae0ca61540e94fcf9d9d581e5
2016-06-30 20:03:04	order.exe	ccf54256a15d898eee17be3546130977
2016-06-30 20:06:04	order.exe	505932cec770e1c21616d9076355fb40
2016-06-30 20:09:04	order.exe	0dcb4916ab15a39b9780aff454d228dc
2016-06-30 20:12:04	order.exe	5bbec95c53e5281b607aea9795b4b3bd
2016-06-30 20:15:04	order.exe	dcd2f94610cb3f3546dd585c17071cf5
2016-06-30 20:18:04	order.exe	cb8a237ab1587b467131fb84025f96f2
2016-06-30 20:21:04	order.exe	882f3fea08adb86c77cb49f5beaa7140
2016-06-30 20:24:04	order.exe	863890910dc1432a1a6dd6114aaecc2c
2016-06-30 20:27:04	order.exe	390a378288b0fdeb1bd043f0b348c4b3
2016-06-30 20:30:04	order.exe	332aece4c61ad76e3d63db2a0803e009
2016-06-30 20:33:04	order.exe	3a286f3768b345dd76a4352f20feb494
2016-06-30 20:36:04	order.exe	de2f48997a947ae652208f249219fe6f
2016-06-30 20:39:05	order.exe	41ef837433847acf45cee2c98b32afb4
2016-06-30 20:42:04	order.exe	629226c111c31d24499fe0cefda84b0d
2016-06-30 20:45:04	order.exe	1c029e828c3b6847cde372e90ac26370
2016-06-30 20:48:05	order.exe	001f34d3948bdf225599a4d5d312c149
2016-06-30 20:51:03	order.exe	f94da27cf6e2a3bd0c33bce2ab1f7324
2016-06-30 20:54:03	order.exe	ceb66744ac8e24b44bfe657795e049b3
2016-06-30 20:57:04	order.exe	05d3649510dc5ee449505a910690d561
2016-06-30 21:00:04	order.exe	15a3c7858edf89cc13ab89c431c1c3a6
2016-07-01 17:48:02	wall.exe	688bbb81093e611562ee28460b7e3641
2016-07-04 09:47:50	papa.exe	b7d315b8b877a775f22ad5255672603f
2016-07-04 10:12:04	onowu.exe	87442fade5338dfab197aa9a0a819c61
2016-07-04 10:15:03	cross.exe	91e8a7c8675b4a58f4eb675654feb896
2016-07-04 10:18:03	bro.exe	a251cd9fb2a543f5a8f3fbf470a958ab
2016-07-04 10:21:03	boy.exe	0db9433ce379a0ec2f3fba2a26394500
2016-07-04 10:24:01	botnet.exe	92eaac8b2266fb2514e66a8e2cf98f13
2016-07-04 11:21:23	ofi.exe	398680cbdd017f7b99e9add1477939a8
2016-07-04 11:21:38	Docx-output003093-pdf.scr	c7c50ca090bde3c6b8860a1e1155bd22
2016-07-04 16:27:03	kqlcwt.exe	03598ac96100cf4cb41e01e3f4f43ef1
2016-07-05 15:09:06	MSASCui.exe	4c85ea07344eaa34e6eb1ab302f308b7
2016-07-05 15:30:06	handler.exe	fa6741b1b991109af5294d8987250582
2016-07-05 15:33:06	handler8.exe	312812b53d45bf543cc12a0c7576a022
2016-07-05 15:48:04	98745.exe	0cc5621e2bc00c6fd3a0a8bbdf929589
2016-07-05 20:21:04	c3654bc71e28b4722b52d77267e16ca1c683e.exe	4d8c3bbe432078a30d62aa760079fbcf
2016-07-05 20:24:03	c36546fb054730d6672c3c434cf5e86133230.exe	e2bb67fce3234902708f3b92af384197
2016-07-05 20:27:03	c36540c84be956a0d76ec2777c9c1f1e09b4c.exe	94de6a10fa855e8652ef778e97f828eb
2016-07-05 20:30:02	c3654c1160f3ba1ee7ae08885036177792dc6.exe	9fc6649def2753fa45c41752e1979de4
2016-07-06 00:39:07	AudioDriver.exe	559a1407f876dda7d97937dbdb73f15a
2016-07-06 00:42:04	freshll.exe	8bec87cc121086a4b1e73b8b1264b989
2016-07-06 00:45:03	tophLL.exe	6a752964fde14cff3a537c9e2e4482eb
2016-07-06 00:48:04	LL.exe	eb366cbc54fd9464c5dd93abdfcbf2d7
2016-07-06 00:51:03	CryptLL.exe	122a1273eee2a119f18363ef6bf03b2a
2016-07-06 00:54:03	29thJUNE.exe	e5ff2c65bc40057dcbb17439875ec2ac
2016-07-06 01:00:04	forUSA.exe	10401a126ea1acbb93b4122605eef96e
2016-07-06 01:03:02	felix.exe	90bcacade40c6464c31f7c039fbee121
2016-07-06 01:06:03	felix.exe	4cae7a04ddf6bd0a8299860bd3df9d85
2016-07-06 19:48:12	t3.exe	f9d3ac5089f9ef9d8bcb464ea70028ea
2016-07-06 19:51:09	t4.exe	4b38a2387e5afd75891d8124fab8dec8
2016-07-07 00:30:02	t.exe	4bcec61a939260dbea704c14e7705cb3
2016-07-07 00:33:02	s.exe	78b29ce29d9c806a34e893ea59a41672
2016-07-07 00:36:02	gogo.exe	5bef93bc8ead8382bbe62bfecf5bcf69
2016-07-07 00:39:02	fuckyou.exe	867b80e5af43d6887edc210501c8fe0a
2016-07-07 19:15:05	updater.exe	6a518b3a04f9da7f05701e7a0d78a678
2016-07-07 19:18:02	ewinoz.exe	56f7e9e9ad6a61089e849cfeca8d5719
2016-07-07 19:21:06	email.exe	199fc3fdc3bd77d7f0c04232b15a3b12
2016-07-07 19:24:17	dmaniServer.exe	c5a04783ee7d2af47538973a99bd1cca
2016-07-08 10:09:10	PapiPPServer.exe	c8dc08f2db6d7a42a6f55df01bdc3a0e
2016-07-08 19:24:02	t.exe	803a9951c75174f67740ce852f8899a5
2016-07-12 19:36:03	w.exe	620fd2666f81e4a161932700756415f8
2016-07-12 19:54:03	s.exe	e0e8df5aea51558053fda6a5f7c3e176
2016-07-12 19:57:03	ss.exe	56399f49c466b9e71ce961a23c6b30eb
2016-07-19 19:06:04	setup1.exe	8506b77e471d562a02b9585481dce876
2016-07-20 14:21:02	sBuild1.exe	c29ce857c329d48f03c50098ed7deb8a
2016-07-21 20:39:04	RATRAW.exe	2bcd129d31f91065df625f28867bebdf
2016-08-01 11:51:52	smcix.exe	b1629b9c58bb3cedcda41967d5af77a5
2016-08-01 15:03:04	mi.exe	509c1a4ca1dfd590eca0b4f163621354
2016-08-01 15:06:04	jizzy.exe	9341dbfc7cd4c279a27748ed5b6f5dd0
2016-08-01 15:09:03	ike.exe	7b93950c2d4af5d7d056eea0738a0450
2016-08-01 15:12:04	elber.exe	6d2ae57a0e8ebb97d1f2f1e3e72f4fb1
2016-08-01 15:15:04	agogo.exe	01207d00b135c7dbc63cf305a129d2de
2016-08-01 15:18:03	realized.exe	10cef82c2cb89ac5156e47b3b4cea1e2
2016-08-01 15:21:04	oga.exe	a953f509f6f4911bde005bea33d86851
2016-08-01 16:56:19	elber.exe	d83ca17e0f9360e835ee05ac03462b79
2016-08-01 16:58:51	final.exe	4e11631e334c3444134e31a4fd74cd09
2016-08-01 16:59:02	gareth.exe	7a2b902ffc731a8bbf85fb5d66433567
2016-08-01 16:59:14	ike.exe	660aff1107d98cd2c8f3db0de11685ea
2016-08-01 16:59:33	jizzy.exe	3c47377e73cb866c7f587bb29265bf1f
2016-08-01 17:01:07	oga.exe	c5e094423ac4e26c5dbc42c57ae9fda1
2016-08-01 17:01:59	yg.exe	ac8ecd5ddf28959dba7de22a3062bac6
2016-08-01 17:06:30	chi.exe	3064bf15f892d77e8689be7baf209e47
2016-08-01 17:06:51	agogo.exe	071818530e23df059dde379fd28bfdab
2016-08-01 17:11:52	yg.exe	5e2cfbe77d46da72fab334deebe931f7
2016-08-03 09:21:03	order.exe	c584117c347dcf4ea86a6d7786671e92
2016-08-03 09:24:02	invoice.exe	f5f5d3b1c26e4df4788ec6b814b2ef95
2016-08-03 09:27:02	order.exe	58fa7de17498e8b68f95358e58fa5e46
2016-08-03 15:03:07	win.exe	e6ea76248337b6f07e53d11efacbdff5
2016-08-03 15:06:06	chrome.exe	48f9fbc5bbfc96fb3431ef39fd8c0d8f
2016-08-08 11:51:03	cafb541e.exe	47a88065c7bcb01c1ffc1c6b9cac7961
2016-08-22 23:24:03	t1.exe	aad1ebef49354d533937a4a776e041d8
2016-08-23 04:03:03	sample.exe	00184ab4e7eeadbc75de7c5eade980d4
2016-08-23 18:24:04	slideshow.exe	69888e41f513cca0f37afcc6880255b3
2016-08-23 18:39:22	3.scr	adcaaf6f9788e7bb3d404db032d67c43
2016-08-23 18:42:04	t.exe	ca3a32aa24d70e9d2e952c842cd0545f
2016-08-24 18:24:02	ss	fb1bbfa8b7a37122b6b237615f7c1ad9
2016-08-24 18:27:01	s	ed780068842fbeb2051d400924d14955
2016-08-24 18:30:02	1	ee6c06a31c6daf83adff3030f3b3cb64
2016-08-24 18:33:02	work.exe	af6c5fd94882cfe0c7abbab43229e9aa
2016-08-25 18:21:02	order.exe	594297e9a312f641aec5609f83fdd973
2016-08-29 13:51:09	stanhawk.exe	25dffd41e6e4ac878318551eb2bc7bfa
2016-08-29 14:00:10	testeme.exe	521f6d8777174d225a1f1b87a51a05a1
2016-08-29 14:03:05	startup%20yes.exe	37fd7205a677a53c500961a6dcf81ae2
2016-08-29 14:06:09	scan0021.exe	173de6d737993b9da11d02ac1ac898e4
2016-08-29 14:09:10	bspye.exe	90d5a62981262bd676ef3d3cb70d2d28
2016-08-29 14:12:09	OfreshLL.exe	3547500dddc5241f67acc01a07104a3a
2016-08-29 14:15:09	Final-LL.exe	6ac314cb671771e35559429590c64215
2016-08-29 14:18:22	1.exe	3a6ae42c86a800c48921c13cec25cb7d
2016-08-29 14:24:06	AMANOK-LL.exe	4b3c531bc19955b5ac4c781b9c893752
2016-08-29 14:27:10	sharpLL1.exe	d6bdce50021bde169bf244aaeaa908cb
2016-08-29 14:33:21	rename.exe	0a4741643053c6840f56420cdd1e936e
2016-08-29 14:36:18	iSystem.scr	846d58d9e58ba37e32a50258dddf5c9b
2016-08-29 14:39:15	fetch.exe	aee616b23ecfd20d1fb800277be0e000
2016-08-29 14:42:16	LL-crypted.exe	29f0898f7d690f60e62241cca4be901d
2016-08-31 13:57:03	7.exe	1f7f8aa88589d57390a1375628758b21
2016-08-31 14:00:02	6.exe	25329a73e5f3f279884271590ff75484
2016-08-31 14:03:07	5.exe	7d1b0776f9504718807085418f686d15
2016-08-31 14:06:08	4.exe	19fe716b7364509e83538ced392726cf
2016-08-31 14:09:08	3.exe	cee8685c442f95818d1d0dafbad6097b
2016-08-31 14:12:03	2.exe	a5ff6906a86c2f34113b4f52a5c8b5b4
2016-08-31 14:15:03	1.exe	61bee727c22b4161d97c8e02169202ae
2016-08-31 14:18:02	tup.exe	a03032a97bdc4b1c002a5d68ac75a12a
2016-09-01 15:15:08	CriticalGen.exe	7e01233645216b6a40d634d0fc73001c
2016-09-02 03:33:03	ORDER%20ITEMS.pif	91714ff5d013a6c2aefc599c14a8d0e2
2016-09-07 02:33:33	5.exe	e8776eb41d79b8d9d1740261a3b8af43
2016-09-07 02:36:05	4.exe	197c9447ba2a5f95d220229ec0266f0d
2016-09-07 02:39:03	s.exe	2e4da953f0721c2c66b5b34dc758cd70
2016-09-07 02:42:05	1.exe	b867c333511ab450bae5dbf2113700fe
2016-09-07 02:45:05	2.exe	edd8ddea50d3307cc4fe0122133f8056
2016-09-07 21:36:02	DOC_DOC.exe	afbf6600343e987ed14a3f7cc48d4dbb
2016-09-08 11:51:03	Invoice%20J-801265.pdf.exe	fd4dc9b2bff8d75a704e8fe33c63da4b
2016-09-08 11:54:02	ss.exe	7a706f323e2800be7ad393577ef3002a
2016-09-08 11:57:03	tup.exe	cdb1d079f03509e7ff25c76b7d98ef43
2016-09-08 17:24:02	ss.exe	651b57f42eb936776ea90e698a53c996
2016-09-08 17:27:02	tt.exe	5b99b211a6d06422ad1b1fd4ea86aa36
2016-09-08 17:30:01	t.exe	c94b85487d3acdb39d96185794728274
2016-09-08 17:33:01	s.exe	aae5aa33973db91cecadca07f0672c26
2016-09-10 16:21:02	07b1af98.exe	230f0213e350415357bd2280ec10dabe
2016-09-10 21:06:03	pgrqu.exe	57e375901dd0cada5095ea6ad01b4a90
2016-09-11 16:18:10	5.exe	04be6198b40f05643450cd3273e13faa
2016-09-12 16:12:04	senario104.jpg	7714fccf2d8f60a76f2f77ba55666437
2016-09-15 17:48:11	solfzz.exe	2eff08c8f70571fad4926f6729819416
2016-09-17 01:21:03	wizzupdater.exe	5f15ac42f2db59632154e374b452f743
2016-09-20 20:45:02	videoplugin_win7_.exe	6b65c98e45e7bc9086ccf02e04379e4a
2016-09-29 19:24:03	bwsmmp.exe	eac5f4b4187126abee33b1239838a2be
2016-09-30 18:03:06	imm.exe	16a1cf9c0ae8f3404f170062500bc91e
2016-09-30 18:36:07	soap.exe	fee217f256d715d0c4fe31405aa65234
2016-10-04 22:39:02	GoogleDNSHelper.exe	7b43d3abf1a6fa6776df85567954574e
2016-10-06 13:22:07	UCRename.exe	b697beeb040f4c720529a6242bac6a8b
2016-10-06 13:24:05	UCCounting.exe	9cdcc960d70796918cb31145f74707fd
2016-10-06 13:26:06	UCContinue.exe	704df86a3637b8886540983118bd304b
2016-10-06 13:28:06	UCCheckSystem.exe	5c1071636b14ce79abf1aea9467f1868
2016-10-13 21:36:06	next-get-alt.exe	eef89ba7663b3ad4cb64a93067c8abaf
2016-10-26 09:03:02	zero-install.exe	2d040f75dfb93fb91fa86dc9acd21c57
2016-11-04 08:18:06	craft1.exe	56bf4f99c49a7878b477ca6686c5e736
2016-11-17 11:52:07	EguasoftBasketballScoreboardCustomPro.exe	092f9d2743b2ec462c06f701df48c6a2
2016-11-17 12:00:12	done.exe	0072834412cc09329a3b498c6edb6449
2016-11-22 20:42:05	raw.exe	0b765e8ac512475c0b8bd85ce1c32c7f
2016-11-24 04:15:05	g1.exe	30d460225fe03dc35593402374efb954
2016-11-24 04:27:04	office.exe	3eba24880db35f26fec4bc2a7e4ac508
2016-11-24 20:03:03	iee.exe	b49e44d33c446c1182dbdbf21957a10b
2016-11-25 12:49:18	15.exe	a78eca051f7a37d7b4d9bc79959cdbef
2016-11-25 13:54:04	get.exe	fc9f0f4b7a2be6e19d799053d23818de
2016-12-02 23:33:04	avidump.exe	eb7c9cd12d9de69bc3fef57b171300b3
2016-12-02 23:42:02	rt.exe	74e78ccde239dc06f2f4214f66549536
2016-12-06 15:12:05	warwick.exe	1ddd824cfb1806d828866888d2ea6f93
2016-12-06 20:21:06	kitkat.jpg	4f62cc412da853a88c56918b55085ff9
2016-12-06 20:24:02	RepeatInstallUrl.exe	670590ae2e50c4162396b14a1590c04b
2016-12-08 21:03:02	bank.exe	6f670d9e5193906331079e0a83233e15
2016-12-09 17:30:03	20a.exe	089f6d5057bc6234c94d81142aadf430
2016-12-09 17:33:02	smit.exe	8922f64eb8e330e25e5fa035747c0b02
2016-12-09 17:36:02	35.exe	0208232d13502e68dec5c07d41911c9b
2016-12-10 16:12:02	driver.exe	0c3600aa4cf1aa00371eefef071b5d52
2016-12-10 21:12:03	3.exe	b74bac4b321000c37ae60594354bf13f
2016-12-14 10:39:07	fdgvfgrfd.exe	741e3ea41323adebb83a973b4b60cb55
2016-12-15 00:42:03	shit.exe	a6174ed191f0bf9e88126e3fb2b0ac01
2016-12-19 22:39:03	appda.exe	e932ab121b335964e032dd360793399e
2016-12-19 23:06:03	s.exe	efa3f27595fdd3219ed1330de38dc775
2016-12-28 15:12:02	t.exe	5fc10a5e31ac1e339c92d397ec4f5e88
2017-01-04 19:42:05	items.exe	e57799b2d0e7ab79609f995ca327124e
2017-01-09 15:00:08	s.exe	96ab18ed3b806245fac847b2844cc752
2017-01-09 15:21:02	vin22073167.exe	0695674e66201ac6de38fab1eba1230c
2017-01-09 15:24:02	service.exe	554a57a7b316d236bc60490b97e339d4
2017-01-09 17:15:04	hotbest.exe	5bb183bf3533c9490cce79fd9738c686
2017-01-10 16:33:09	55.exe	edc94982e4b857a58947c235acb762f6
2017-01-13 10:35:56	sample.exe	b39a673a5d2ceaa1fb5571769097ca77
2017-01-13 10:38:01	jebzmh.exe	b533b082ed1458c482c3663ee12dc3a4
2017-01-13 10:40:44	4be22645fa65d7dbb173a51ce9ed6509c600c61df8ed4a131d66d9745a707510.exe	d8432ddec880800bfa060af1f8c2e405
2017-01-13 10:43:00	file.exe	cc0afec652b9a397532685277d7b79c8
2017-01-13 16:03:02	LL_Kazy_Crypted.exe	7aa9472a8974717cd9248d33f3036ce1
2017-01-13 16:09:02	clean.exe	9ca55b46d50043a7055590d40a379c8e
2017-01-13 16:18:02	whitemoves_LL_Crypted.exe	0d76812a77abe8424c29e7d3d540cead
2017-01-13 16:21:02	phcaen.exe	afb3725ae341fb58c03d9ec3368c5762
2017-01-16 17:24:05	456.exe	7b01f2747310b33963381315d8cc8124
2017-01-17 12:42:02	pdfserviceadob.exe	38d9c8816e244fb733e9c9178e424d1e
2017-01-21 23:12:02	ikcsbn.exe	19927de468f347a363e4870c20550b7a
2017-01-23 14:45:10	PO439.exe	5b7184b825866b331b646b976e52165d
2017-01-23 19:06:02	abda.exe	530bcc7e1782ae1c16391d1d3bd38624
2017-01-23 19:09:03	tydanj.exe	46078a92c76ea26b8282dbfffbfb6f50
2017-01-23 19:12:02	smis.exe	2ca6228d7cb36535c19627154e590526
2017-01-23 19:15:02	dgy.exe	13b38a0a468aa0fed7fa03f726f4725c
2017-01-23 19:18:02	obei.exe	f8b743c79b3c2b3a6d76992a699ceb23
2017-01-23 19:21:02	mabn.exe	37f6f01682e494d465d971fda501956d
2017-01-23 19:25:10	microword.exe	0e955a3c666254419ce8243d41898808
2017-01-24 19:06:04	agent.exe	6c18dbf7112b9a1a41c718612d4a53c1
2017-01-26 18:42:06	gp2n1asmsoneNOte.exe	a589dba63f53cce51b4ff16fca47839b
2017-02-02 17:12:03	wodse.exe	e651dca5c850451cdba7f25cbb4134e7
2017-02-22 15:54:12	testnews.exe	b4eabb212f4324ca6cf9bd3e128ce272
2017-02-22 16:00:03	super.exe	61aea9472ec4729b50ff7ef04cff5ce0
2017-03-10 09:42:13	file.pif	ff249d7312d718f7b270322487ec9b72
2017-03-28 16:47:17	EC779.EXE	9874d11bd6bfe5662d22df63f32c588a
2017-03-29 16:39:34	client.exe	78adc6ac4cf7a51f7da68a06acac09e9
2017-04-11 14:08:16	OfferInstaller_dotnet2.exe	5abf5e44b169139e1da5b8b92378ed0b
2017-05-02 01:48:02	ccd.exe	fbf096d1315004a7aa6b2f53597d1ea6
2017-05-03 22:27:03	pfiles.exe	fa04fcc28ce1047740385b1d36a7f329
2017-05-24 10:22:22	EternalRock21.exe	c52f20a854efb013a0a1248fd84aaa95
2017-05-24 10:33:10	EternalRock1.exe	76e94e525a2d1a350ff989d532239976
2017-05-24 10:37:13	EternalRock2.exe	53f23e72664dc9efd4251ba1b120d932
2017-05-24 10:37:36	EternalRock4.exe	32be774b3464637074299e1f16f4b8ea
2017-05-24 10:38:28	EternalRock7.exe	0e83b186a4d067299df2db817b724eb7
2017-05-24 10:39:07	EternalRock9.exe	5381aa6cc426f13df69a956984614855
2017-05-24 10:39:26	EternalRock11.exe	5f714b563aafef8574f6825ad9b5a0bf
2017-05-24 10:39:54	EternalRock15.exe	198f27f5ab972bfd99e89802e40d6ba7
2017-05-24 10:40:41	EternalRock19.exe	35c29de908e04eca97b39b96b3cadc2d
2017-05-24 10:40:49	EternalRock20.exe	8632e7433fd46a491d4fb8cad11ab8c5
2017-05-24 10:41:10	EternalRock22.exe	b61068f85f030ee23d5b33b5b0c03930
2017-05-24 10:41:34	EternalRock25.exe	7f9596b332134a60f9f6b85ab616b141
2017-05-24 10:41:46	EternalRock26.exe	43451a1691ff539bccff261ecf6e5912
2017-05-24 10:42:08	EternalRock27.exe	5e8e046cb09f73b1e02aa4ac69c5765e
2017-05-30 03:48:04	b7.exe	97980de9fef180b0794feb1cb8c77487
2017-06-05 23:57:10	Dyidrv.exe	c6c6740453d3aea46cd05a31322b1c03
2017-06-07 01:57:05	sutes.exe	90445d4cecd3154ea0d80e59030b18d2
2017-06-09 00:06:05	mikyfile.exe	ea633911f766ce9012d3d077c53bf8b6
2017-06-12 14:44:44	WindowsU2D.exe	433468a49389c396059fe57532701544
2017-06-13 07:15:02	STA.exe	4e9ad3a14823ffb64c21568ae74f02e6
2017-06-14 05:48:10	today.exe	ef234f23724dc00e693bdb1b1218c1e8
2017-06-14 05:51:04	ee.exe	cb78889d61c9c6d91f96162001847393
2017-06-14 12:21:25	harry.exe	1d5391d12095411945ea7223a9393078
2017-06-24 20:48:09	s500.exe	5254ad8a9634da8e4b48ca18727caa7e
2017-06-26 14:45:07	DocLondn458948.exe	14b6aa6da1f3eff8b12a0d02c7324c92
2017-06-27 17:55:46	svchost.exe	d2ec63b63e88ece47fbaab1ca22da1ef
2017-07-02 16:33:03	app.exe	4c57df6841cea547307d5815147fd92e
2017-07-03 16:21:06	7c8701febd.exe	303140d9dccea718d55b4e767e460e2f
2017-07-13 20:54:04	filess.exe	ccd7967a0f67f4e6e357e4132eca01e2
2017-07-13 21:54:06	HSBC-payment-advise.exe	ad9b8f26c74c7be13923f00085b9632a
2017-07-14 13:36:03	TT%20Copy.exe	1b97e84fd02c685f4903831284119443
2017-07-14 13:39:01	payments.exe	91e9e3cc7a1843027ac77377144566ce
2017-07-14 13:42:02	boboprotect.exe	8238276ce326793b492b5bfcf02102c9
2017-07-14 13:45:02	TTcopy.exe	b2dbb79ba3acc9f5f037b1a3a68810ca
2017-07-14 13:48:02	pay.exe	49b89e8c1db5c51300519ea6d5b1143e
2017-07-16 06:00:04	Details_of_payment-copy_Nos__534.xls.exe	3eab5d298c5423ff30cef60036c43472
2017-07-16 06:06:05	bin.exe	1e3f0cda1e1920d5922afe786383ea61
2017-07-16 08:18:02	adwcleaner%20last.exe	2d4e151f6f774efa90b3359a79baff27
2017-07-26 10:54:02	satbin.exe	2067d1cb1a25c6d6d371339fad9123ba
2017-08-02 14:21:08	mnm.exe	2bbbb520e5c7129f24491d4a6c80df1f
2017-08-26 13:00:05	Seal_Encrypts.exe	165622754f824013e5045cc3b252daf5
2017-08-29 00:51:06	network.exe	484014cfcb70a39296ca04415f71a750
2017-08-30 00:51:03	immcld.exe	64584e3e6a53cf2b078f363575826c8b
2017-08-31 00:42:03	quotation.exe	34ee279f6006907db002c144aa621d04
2017-09-01 01:06:02	AdsShow.exe	e0638234fb697f2c4ff961fee8f702f6
2017-09-05 20:12:08	wire%20draft.scr.exe	eca76979b83142f1a9531a0c7ab01779
2017-09-05 20:15:03	wire.exe	30a76f7935aa35cb2a5e6b1bd4d6aa49
2017-09-09 00:48:03	dvnl.exe	f6cc60ca4e8467325f5b7cda0054c19e
2017-09-09 00:51:03	gdwin.exe	e940bc847fe3dee59c95e24509a7aa94
2017-09-20 18:42:08	payment.exe	529039ea1e25c7d74567e9ee935a4778
2017-09-20 18:48:05	payment.exe	656feb55eade6808af9aa5c5d1f00fab
2017-09-20 18:51:02	order.exe	7feccbef4ed3a323ed763d24d022e4df
2017-09-20 18:54:09	payment.exe	e8e1c00a586bf69bb7bd967ebbfb162e
2017-09-24 15:42:05	saa.exe	b7d598174f269019592dfadf98741f54
2017-09-24 15:45:04	out.exe	aea474acdcd38dd1e977d18d71b42a3b
2017-09-24 15:51:05	AT.exe	574b6291056e7b0a466c75e79d00fad1
2017-09-25 22:15:09	builder.exe	0ed2773438d578e9fd7e9c0e92902820
2017-09-28 10:06:07	agent77.exe	9ed5b26e4f30b0b93f3c20dc9601c69b
2017-10-02 14:12:04	black_test.exe	d6c4ca1164323b956f0e3607af4e7997
2017-10-03 12:33:02	aktualizacja.exe	398fcb548f9b342d667f46610807ff82
2017-10-03 12:39:10	kjxmqy.exe	1e51f05e3a6ee009a1a32e2d56c40baf
2017-10-03 19:12:05	loool.exe	380979b9e21db307888adec96ee96f14
2017-10-03 19:15:06	file.exe	f29f5352450cee9efa9e9f24d479cfa1
2017-10-06 15:36:03	pi.exe	990f411560079a463ebb21f03fc8182d
2017-10-08 11:45:03	windowsupdate.exe	deac6c1d261149f4b415e875cc1aaef1
2017-10-09 13:51:03	chuks.exe	ca10e677fcff24dc8883ec49dd2c5a8e
2017-10-11 17:51:05	val.exe	8978c08e23045b8bb172eaed50146f06
2017-10-11 17:54:03	rector.exe	695913d69cefcba07f86c32d4de73ff1
2017-10-11 17:57:02	042.exe	a2ff7286733081bdee0489c9ef2eab7c
2017-10-11 18:00:07	fhgngbc.exe	63be5c3e1f60dce83c8806b062360941
2017-10-13 10:33:04	blah.exe	954eaa749f5f945e14a56f52a188f449
2017-10-16 18:36:02	DocSN15102017.exe	c67453fcaf6e6ff841ea100215ff6827
2017-10-20 14:42:01	satbin.exe	5e6e64fd9c5d7cb2c3ad82eacd6284f9
2017-10-23 13:51:03	trickkk.exe	da92d531fd643d8040b4b89f98ce6b38
2017-10-24 15:33:09	7.exe	4fa16a08af75a4aea6999d1a40fba3b9
2017-10-24 15:36:03	6.exe	d1c811c9c8719b8e894a08acd10f579c
2017-10-24 15:39:06	5.exe	b013489f185b7b421b34bd938a727a10
2017-10-24 15:42:06	4.exe	5c46f753384c60820ea2a433d1b310fe
2017-10-24 15:45:03	3.exe	09fc57b5a9af04817be35008abf100ed
2017-10-24 15:48:02	2.exe	6d2f129e495ab2416b0eb63eb87ede9f
2017-10-24 15:51:06	1.exe	7e583d53cbc2223c42e872879a44f3ae
2017-10-24 15:54:09	up.exe	5104af98775d0beef9f29f0717859497
2017-10-25 01:45:03	e.exe	3f741360050136ff28725a9b070455d9
2017-10-25 01:48:04	rrrrrr.exe	05eee79a864f4a575bf6041bede017f7
2017-10-25 22:15:24	db.exe	22d551f1b252eb88794a816aa1461b26
2017-10-26 13:54:05	pputty.exe	256d4639b4514c420f482cc9e795cac3
2017-10-26 13:57:03	arm.exe	461ed2b0c9849227064de735314d37eb
2017-10-27 21:03:02	done.exe	6e6d200a4e081a4f08b30d2780e0ca9a
2017-10-28 17:09:03	dosemu.exe	c1e8dfad2f325fd08778ca47118e6b40
2017-10-30 21:09:04	BankSlip.exe	776cdb53808fd8430d89d16b6c91c490
2017-10-31 15:18:01	0404a.exe	b8fed2d08ccca13137053bf7c81eab55
2017-10-31 15:21:05	aritess.exe	3b5fbb514cec5d5f9ea08c209dc6379c
2017-10-31 15:24:06	stillmath.exe	e50372f6b7568586ee7ea895f0fb174c
2017-11-01 14:09:02	ddos.exe	f791d6fffd8e286ce5c00b5319b50b3d
2017-11-01 14:21:03	rat.exe	82a602c8f6c804f5f390ee094564bd7b
2017-11-01 14:30:03	20.exe	bf823e46093bdb021a322d8e38b94373
2017-11-01 14:33:03	80.exe	773c8caaeb4fcffb6aff1e8325c8df2c
2017-11-01 14:51:03	klws.exe	1ddf0cc50a2d10f346dfa7099dc2ea1b
2017-11-01 19:54:03	20171101085438	2ab5c24fe0b43a94c17825a54a33abfa
2017-11-02 00:48:03	1.mp3	bcc6c7010e50f8f35dafdcc569ca1961
2017-11-02 18:54:04	neeir.exe	0133258f945c16fb7cefee7b9bf9be66
2017-11-02 18:57:04	probs.exe	a7d3b4fe8b4105421e81e2032fd12324
2017-11-02 19:03:04	appData%20(32%20bit).exe	93c5dce2799a86bd87f58aa21dda63d5
2017-11-02 19:12:03	ene.exe	8a078cb4eb0bda1b30a5b3d56eea65e5
2017-11-03 01:18:06	ransom.exe	447af103027bb7cfa1c09538b38a6007
2017-11-05 02:12:05	host.exe	5c928aa9b14eb7a96ab1a80075a4caab
2017-11-06 19:12:06	eze.exe	71d5851e2e0f82eba144e8a10b05fe61
2017-11-07 00:51:04	sys.exe	c960a1344683267b36866fe8fe7eccef
2017-11-07 15:57:08	newtest.exe	56662356b4a9ed129e71dc8487d10d0d
2017-11-07 21:12:03	ego2much.exe	7618b22273d48f247c2834706ed0e566
2017-11-08 22:24:04	aritess1.exe	ec83fc499aee4f1a7b517b6650c316bd
2017-11-09 19:42:08	uuuu.exe	6ed74c713f74e2c5216e23a0c08b8c40
2017-11-10 17:42:03	PhCh%e2%80%aexcod..exe	9c7dba56e25b6fddf1cba95c66f05e60
2017-11-10 17:45:02	Methode_du_paragraphe_argumente%e2%80%aexcod..exe	c52c015be3a633b1173ce1d3bb6a1b00
2017-11-10 17:48:01	Methode_du_paragraphe_argumente%e2%80%aexcod..exe	5aaadfc64da9389fb9274187bab4d2bf
2017-11-10 17:51:01	Correction%e2%80%aexcod._niS.exe	dc79a1471e9c4b792ecd3194af664701
2017-11-11 17:33:03	holanew.exe	2ae2325033413f257037227f0e05ad63
2017-11-14 11:24:03	2.exe	72dd35b0e0a6dcfed3c61e25caafdf44
2017-11-14 15:53:15	base64.exe	69d8cd278ebf55254fd768ef50d55621
2017-11-14 16:00:08	ike.exe	69d45924cd8998fe5a5ea6a50c3f98fd
2017-11-15 19:27:03	zzzz.exe	877c0e368b45d48370691cb0f3cacac9
2017-11-17 12:54:05	testforexe.exe	d6704e4e0b3b343cff4dfaf9c5767c7d
2017-11-17 19:30:09	EmberComing.exe	19d617f11c04dd60e3a2ec8c7e131b7f
2017-11-19 19:18:02	update2.exe	a0ff986347c1fd57294511803bc2d4d7
2017-11-19 19:21:01	update10.exe	c3112f978fc1d99b928dba970a8fc886
2017-11-19 19:24:01	update1.exe	1742b7045e66b0b33d810330056bd6ac
2017-11-19 19:36:03	tyuvsn.exe	5029198b44fb643abc3cc2eb61694559
2017-11-20 11:21:10	ppt.php	19ef546f93889e2ba6d96b633f92d98f
2017-11-20 11:24:10	7q.exe	b3ef79444a8c2e364e1c3ee61b230527
2017-11-20 11:27:04	@.exe	b83e4a43e157108a79a3f8c219064e7d
2017-11-20 11:30:03	att.exe	c95eebf0848b9b8e6d66d3dd2a1b9afb
2017-11-20 11:33:03	g.exe	119555d3ec3fd34ef73d508fcc6995c5
2017-11-20 11:36:52	sk.exe	76e280921dafc3cf1bcc4bf354cef369
2017-11-20 11:37:14	of.exe	ee4719f27ce8d30339f032973b1f8b16
2017-11-20 11:37:30	jjn.exe	48d3efffd3a644c122ad8571d340246e
2017-11-20 11:38:13	cpt.exe	5abea2f9a0aece3b29fa571b4d15c887
2017-11-20 11:39:02	hty.exe	323dd67275520f14395f119b9196c6db
2017-11-20 11:39:30	cbb.exe	7fd3b0305ec040639520d39851974b89
2017-11-20 11:39:57	D2.exe	60a495bbf6f57ebb58d9a0f0367d837a
2017-11-21 03:42:03	smoke.exe	a98124b7707f80d7874e6028799fd2b2
2017-11-23 17:00:04	IM.exe	44409de558e746916eb6338ff6c280ce
2017-11-25 04:03:03	qpartovuu.exe	cccc2db99701db3ac5852ffa48e6556e
2017-11-25 15:54:18	seagate.exe	fdf777c8c92355ad95c5ab7e4aa0a32a
2017-11-27 12:51:02	fuksifk.exe	d6e801a39fb1c60dde5d7365d0e8d632
2017-11-27 12:57:05	V4.exe	04f1689f91632dcd2132be2ff3aa1e12
2017-11-27 13:00:02	V2.exe	adfefbca3796691521ea74b8421bb9f9
2017-11-27 13:09:04	do.exe	996f31a8014d0d546acf98a4fa9d89c7
2017-11-27 13:12:02	mb.exe	5354a1ab7cb23bc81b7aa663a52c4820
2017-11-27 13:21:02	svc.exe	e508994a3219af7495f85591552651a4
2017-11-27 13:24:09	birese.exe	dd51d65e94fca6db26f10cc306643991
2017-11-30 13:09:17	csrvc.exe	b0838808c1d7eebbe4143bbac3b2e9cd
2017-11-30 13:15:44	Windows Chat Support.exe	f368b490cea45a980c86e212e91730d8
2017-11-30 13:16:10	Troubleshoot.exe	402f03469e52961429c88b6f549d4ff2
2017-11-30 13:16:22	adwizz.exe	8606b485b012595d85cd21edaad99808
2017-11-30 13:21:39	scshtrv.exe	c3030edd3bbc78a94f1a568a8a6bc119
2017-11-30 13:21:50	BSOD.exe	1654eae1a720f617034250a244d2bc30
2017-12-04 17:00:03	fafa.exe	c7e720bc4139039b5d27323d451f5347
2017-12-05 15:09:04	XDFBGJGF.exe	2d5426cd7fed8c0d0e01f6b99b6e5f4a
2017-12-05 15:15:07	c3.exe	5039117f9c2b894127b40815190ea19c
2017-12-07 22:24:07	Fremontod.exe	57dc1364a65766445c1c555f5695b0ee
2017-12-09 19:48:04	gaud.exe	c575e868cfda9c54c652520116399024
2017-12-12 20:24:02	1.exe	2cbc203aa9608408193403adcda7de9c
2017-12-13 14:09:02	droper1.exe	f0d92e555bd9d786980739d4842f9599
2017-12-14 13:09:21	awhy.exe	ab426b32e4e1567db6ecb7d48bdcd64d
2017-12-14 13:12:24	eng.exe	1cd13c94f70a672f8dc30be37ba93232
2017-12-14 13:15:24	mtt.exe	14b7c8036c8487e0e7d3f0c410b9a91e
2017-12-14 13:18:26	wa.exe	024cf2c94c771fffe32ec010d9fb786b
2017-12-14 13:21:27	help.exe	1645f2771891db76683bec08fd77e614
2017-12-14 13:25:07	pay.exe	986512dd402e789e20e706a7597137cd
2017-12-18 13:15:09	HDLO.exe	2a8c99a5d050cf0cb3d988d9d82dfea5
2017-12-19 18:00:04	tttttt.exe	50a652b21941da40d9fca80d12bd35f8
2017-12-22 11:51:05	11.exe	fc544e20d7296973a0e6fb666bd0726c
2017-12-22 11:54:02	112.exe	2123f60ad0934252d66f3e416800d99f
2017-12-22 12:18:02	a.exe	96485e7338ca6441b3cf3b603949b2b3
2017-12-24 03:03:07	susutesla.exe	83b02d936185cece54768ec4b635ec0d
2017-12-28 17:33:05	mine.exe	a5072dc5fb2501dce5e076d82719b200
2017-12-29 20:08:05	from_pastebin_b64encoded.exe	2543867fa8979783e30438ab9c300d2c
2017-12-30 03:33:02	Server.exe	62109846d41e8973d7366980a78857ff
2017-12-31 16:03:05	LXX.exe	4ff11e5ea3b715e21908bb1eacccf27c
2018-01-01 13:21:04	Avg.exe	7eba396e934dce2bffb847e79b047f06
2018-01-01 13:24:01	Server.exe	d1530432ba3d046c5cc4b32bd67cafa2
2018-01-01 13:27:01	inside.exe	aa2223355ce7eaca08272dab131d0a43
2018-01-01 13:33:02	Loki_original.exe	5455364b437d431400267a9092d65442
2018-01-03 16:27:02	rawbot.exx	28f0f62a392c051875038c8f6327388a
2018-01-03 16:30:01	botlocal.exe	56d615f048323c9ee654a9285e00af90
2018-01-03 16:33:02	botint.exe	6a6cd3e08052acea083b871b21337719
2018-01-03 16:36:01	SECRET123.exe	c121c4b6f81b682355e2e524ecb82ecc
2018-01-04 02:45:04	out7364273.exe	7943cb105dd39977df534ced7c625690
2018-01-11 16:45:04	lodurb.exe	58685083b698610e970f5b0766517eb0
2018-01-14 16:24:12	bind.exe	31b9bfaea5d5497f00a7c0ab00d0e47f
2018-01-14 22:51:02	4.exe	12ee889f3a4da0ad4431f67b30b8279e
2018-01-15 15:45:12	naija2.exe	c4b41d73fff2dda6aaf0ff868888da26
2018-01-15 15:51:19	sugarl.exe	8f6f46e53e463bde024775e7279f249d
2018-01-16 15:33:03	yestogocrypt.exe	92e23815b236fa313506d534f2384f04
2018-01-16 21:00:06	fretuguuy.exe	187aa5bb5b1fcbd1c95bf07e8dd41a2d
2018-01-17 14:51:03	LoaderBot.exe	d53504fbe4e02806a1d9c931ce4e9585
2018-01-19 19:20:56	LoaderBot.exe	cb678c68fcbc5f5915e2c4baacbd5a1c
2018-01-21 01:33:10	87844.exe	89abee532ab6532b360b79e2394ebb4c
2018-01-23 22:21:06	maine.exe	09f1305bf6446675becbce188eaa23b7
2018-01-24 11:46:33	rony2.exe	24217bb462138ff00a45e66a500f9280
2018-01-24 14:06:04	chrome.exe	1efca8245d8deec9a133a2a12d7b10cd
2018-01-24 14:09:03	Test.exe	1e5a88fc919f1dde5ce8c69cac45dc94
2018-01-24 19:12:02	svhost.exe	ac569fd164d0b3231a5caa52a7d7e02e
2018-02-07 01:21:08	vnow.exe	bddd8d5f29b42339d86b2316cd60d629
2018-02-07 01:24:02	project.exe	7e0a5b6f8b6425ad20fd2f8d212cd4d0
2018-02-07 01:27:03	prepro.exe	7a29988411eb992e659a1e73c647c7af
2018-02-07 01:30:03	nnewnewcryp.exe	0fa8735f4e8ba0015856f25327668279
2018-02-07 01:33:03	newlog.exe	f6c3700fecafc9a337a2d3610ca472c5
2018-02-07 01:36:03	newkaz.exe	271ee3aa3731219627995d7ce64ef7a1
2018-02-07 01:39:03	newest.exe	57d63a23a440d9eddae61ce0a5d9491a
2018-02-07 01:42:02	godfcryp.exe	22cb34813e874ed5b069bcfa4cadee23
2018-02-07 01:45:03	fot.exe	b128d4aeda16b1c5ff7c68143f61a283
2018-02-07 01:48:02	broscrp.exe	20f2e97128851b76fc643ceab2e5d2b9
2018-02-07 01:51:03	botdcryp.exe	98ab23d0f86c63e69f4c48b066763f4b
2018-02-07 01:54:02	bob.exe	c953507d30d40e41074b862a36f8e7b5
2018-02-08 15:32:02	4A72D2.exe	8f0a43e62d111501357a8b1fee5372f4
2018-02-08 17:21:03	blind.exe	ff16061482a1ce8e15c584aa9aaef55a
2018-02-08 22:30:08	poloport.exe	cefd943367d9ebe51f30c18053812003
2018-02-08 22:33:06	goldx.exe	ec2012f60b778e3045f5c1b1a9cf3c85
2018-02-08 22:36:03	orderoriginal.exe	60d1d55b9b5f7e75dd3941055771ebc2
2018-02-09 13:33:05	jtfscr.scr.exe	9f855ae9d01b630feee03c25d9fc01b6
2018-02-09 13:36:04	jtforce_signed.exe	8796ec107b2edc3a02f94909f4404d99
2018-02-09 13:39:03	PurchaseOrdersigned.exe	816717dd34c1fb56cfe4c9c1f1c8faaa
2018-02-09 13:42:05	design.exe	43dd83f946eccf99cc9b3bd0ea75457f
2018-02-09 13:45:02	purchasee.exe	1427f5ecc249be068b11da0614b1ad6f
2018-02-09 13:51:05	mabtera.exe	65066ae1d8f1aae5f2a0c08483a08fd3
2018-02-09 23:42:03	Order.exe	acfab34d7de53099be1a5e431fe9da38
2018-02-11 20:51:03	AAA.exe	3c6b8d07597e9a43a3a3349bf9ea9928
2018-02-11 20:54:03	Brochure.scr	6dc544f2fe3aecff02138f1880ce5ba7
2018-02-11 21:00:03	orcflame.exe	a76b55b0ec0595797bfdbbe999c3bd7d
2018-02-12 20:03:22	MasterG.exe	a9975d0fa1caea6dee9ccd43ba8c672b
2018-02-12 20:03:58	Mugabe.exe	02c547368076c93a76b115f3f9956f41
2018-02-12 20:05:33	Timeflies.exe	bba3bf70677f130212bef8b54f7f94fc
2018-02-12 20:06:00	angrybird.exe	7ab80740e44a246481f4f48bd319b96d
2018-02-14 14:51:10	polists.exe	d6fb42edf3ecc65aec2431afe6cf2701
2018-02-15 11:21:03	ymc.exe	0be741b4efbd5b0e8e078ca82f53f319
2018-02-15 11:24:03	stev.exe	b137f480f95bf4ea08351107e21a5335
2018-02-15 11:27:03	starboy.exe	5de529649099c0939abddfc06d0c1ceb
2018-02-15 11:30:04	roman.exe	7c1a4c9622e4b76e03aa95e55d9ff895
2018-02-15 11:33:03	khalifer.exe	cbc07da2b936772cb8ea4bc06283e307
2018-02-15 11:36:03	jaga.exe	d89ec8211056a2b12293534c4c44929c
2018-02-15 11:39:04	controler.exe	bf0731cba56e2d3af4ae63b12f2d9751
2018-02-15 11:42:03	coded.exe	5538a6511ba7d4602bee073143f9d4e5
2018-02-15 11:45:03	chisom.exe	92572f8b89b391abb79a7ae51644cee9
2018-02-15 11:48:04	chidi.exe	e1cbec9e98c2a7d81ba5b493f3a49a5d
2018-02-15 11:51:03	alex.exe	b410d6237e70eb719570f04675d32285
2018-02-16 14:48:04	Payment_Option.exe	d2e84596cbfbd138c82023a75e26489e
2018-02-16 18:36:29	ban.exe	a28a7c48412ec7327ed5a881925b7d71
2018-02-16 18:37:11	boy.exe	92376f1add91daf34d723a3869405cc6
2018-02-16 18:37:48	ded.exe	41057f7a3e365110d2745ab516083c21
2018-02-16 18:38:10	evo.exe	0ef7043a24a627c9f011de739fb6b3d0
2018-02-16 18:38:34	fer.exe	a682e99a867287caf7b9d53fb2117ebd
2018-02-16 18:38:58	idi.exe	5ca5658dfc3caab33c85b45024b9a3e8
2018-02-16 18:39:21	lex.exe	5e204979a32a9f7dfcaa8462274a14cc
2018-02-16 18:39:54	man.exe	bcdd86256a47742877cfbc9d377367d8
2018-02-16 18:40:34	oler.exe	32024c6919d4995fa51cfaf4a1d98ac1
2018-02-16 18:40:55	som.exe	312c628d449048cfe6d7779abcc45c86
2018-02-16 18:41:21	win.exe	653d490a3b9b0924a582df196b518bfb
2018-02-16 18:41:43	ymc.exe	950e6c6deddd9cf4b3b6ff51720d5d9c
2018-02-16 20:06:04	WindowsDefender.exe	07121f08945fc8853e60830f694b54bb
2018-02-19 21:24:04	usgg.exe	078524be7d57b9d4f05d74e7f940c49e
2018-02-19 21:48:35	bran444.exe	4534e0f0b52c68d6c85abe23a7e84219
2018-02-20 12:57:02	zoro.exe	da9f1fd295967bda72c3dbc74f3b7d00
2018-02-20 13:00:03	xela.exe	712f92012debe7718f98455662ae99e9
2018-02-20 13:03:07	refi.exe	a225d4cf073757083a309663f02c58f1
2018-02-20 13:06:05	oves.exe	5c1021ae204c48f6a475c65b060ee839
2018-02-20 13:09:05	oleri.exe	d9eea652e097a3f9f950fc6998682ad0
2018-02-20 13:12:05	niw.exe	67dd3dec0f00be436a15f1a455551334
2018-02-20 13:15:05	idihc.exe	b093dda14ab2bcceaf790f760db88d6c
2018-02-20 13:18:05	dedoc.exe	f4a8e9410628abd944b4e5d599823487
2018-02-20 13:21:07	cmy.exe	f78631aca9bd9ab5becfb068ee6825df
2018-02-20 13:24:05	chis.exe	207b78b947340ed9bd5028f2e5e7fe6b
2018-02-20 13:33:06	63.exe	b91ef5418904c2e0ed9f3f0508961520
2018-02-20 18:09:04	Abbb444333.exe	e6cae6e3ec1fc374334787ef7bc7f707
2018-02-21 01:45:16	dwalefm123.exe	92877bb5698cad5fae016beef553a256
2018-02-21 01:48:10	dman222.exe	64d5cc20ad34d04472294166cf5a8fc2
2018-02-21 01:53:22	dewaa111.exe	0e57711c6a5dfc9d896c322abdaad2a2
2018-02-21 13:30:03	Office312.exe	a4d1b27a3573545426fcc79c08a2edd6
2018-02-21 13:33:02	breadme321.exe	edf0fab732dac945eeba5ebc610eacbd
2018-02-21 18:51:10	MRK779245.exe	bb7ae1e15988ed7f218e76442c09edb5
2018-02-22 00:03:04	PSA18.exe	c7f1dbf1184138cd0a6dcf90f4266e01
2018-02-22 00:06:02	file02929s.exe	901d5e84791d20bb7ee866c5bbd24828
2018-02-22 00:09:03	llllll.exe	3275abbde232304fd67faadb62021fa7
2018-02-22 00:12:02	mittie.exe	93ac7cdba50aaa1d26c26034443f3f71
2018-02-22 00:15:02	raqeebnew.exe	680de7fe17a10be52ac4c9c7200ca39a
2018-02-22 15:45:15	n.exe	63b493b15bcb69ede539cca8357a2327
2018-02-23 13:21:07	dhl.exe	7dd6f69c2e8875c075ec228395885fdb
2018-02-23 13:27:05	lenz2222.exe	3f7180fa0cde09ce556a4230d21708d9
2018-02-26 13:54:05	Productlist.exe	55ca18e03909bbe7b8a7d73cb1f64615
2018-02-26 13:57:03	Procducts.exe	85c3bcdf4e0f409a875d4e75a746d61e
2018-02-26 14:00:03	Orders.exe	b3a507e0fdcf0c7771080d3b3415fc2c
2018-02-26 14:03:08	detailed.exe	fbc65494253f30705016057aa905b855
2018-02-26 14:06:03	doc.exe	be646fc978b7ca935fe427369e33c55b
2018-02-26 14:09:04	nawa.exe	557e0c20b36326732daee624153e473b
2018-02-26 20:34:01	agftelsa.exe	385d5b2e8abdfb32f6a00bc3f89a351f
2018-02-27 12:21:17	obii.exe	19e79e25cd39976b2ca9c07e91a2b757
2018-02-27 12:24:02	p2.exe	390b369755d893c5dda36e666364b18e
2018-02-27 23:33:06	teslamyworld.exe	7af7b5de0d1451eee0020a441277c5df
2018-02-28 12:18:06	goblininvestment.exe	59b9367dbadf13b7cb6d15d3998d5892
2018-02-28 17:33:11	svchost.exe	1c8d8a4210e768ebc55c1fd00c2c8fa9
2018-02-28 17:48:03	thurstelsa.exe	08954b35b2ee4f36d4e45a3cc84c4397
2018-02-28 17:51:02	chinatelsa.exe	71e04e3d0fd97aef1c164bb99230b27c
2018-02-28 17:54:03	Janamonth.exe	f0e7c4ae81fe06df952a03e7b7f1f723
2018-03-02 14:45:49	Chris69.exe	8f66a152c43947b1243a59e8a23c06b0
2018-03-07 17:21:04	fsrf.exe	1db01fb97dc5365aef8a7cc4a4e2af0a
2018-03-07 22:36:05	checc.exe	454a3b7bfef81adfa340cc2141c587a5
2018-03-09 16:21:03	drop.exe	4b58c9fd01d61e8973005933c074b6d3
2018-03-12 14:24:03	urgent.exe	ed2a22dd4c316dcd2cfe3bda21e5faeb
2018-03-12 14:30:03	khalifer.exe	c8fb97a8a400781bf8f7e3d2ab66e95a
2018-03-12 14:33:03	jaga.exe	7c0f36e996d94d01723372eda8309d81
2018-03-12 14:39:03	alex.exe	8485f2b20cbeef1301aa4c75baf71aa8
2018-03-12 14:42:03	ahji.exe	46ffb1fb32ed3769c93862b8c94434fe
2018-03-12 14:45:03	Scancopy0312018.exe	76049ea5eed00df7ce910b49fb171c3d
2018-03-14 12:51:05	putty.exe	81b2ec652c4c07d310291cc43fec0a89
2018-03-14 12:54:04	olamide.exe	fb6ce3ba501919c6f5a8ee98f44d634a
2018-03-14 18:03:04	kccInvoice.exe	a111e207f495b18de5f6466e56f19f4a
2018-03-14 18:06:02	Scanba647364DOC.exe	67d5840410afae82743d01ded7df4da8
2018-03-15 15:03:03	bn.exe	f8d716e541b5016f603c7f6bfbec3db6
2018-03-15 15:09:03	Quotation-Oasis-Projects.exe	64eb40cdc28a9f3b3847eef14c5a174c
2018-03-15 15:12:04	fb.exe	843485dbff12620fb58532fab189a3fe
2018-03-15 15:15:02	cnxuoir.exe	ffa3fb48a339894ea095d4daf804011c
2018-03-15 15:18:02	swift.exe	a7cb109485d73f7adaf68652d04e254b
2018-03-16 11:24:02	Flash.exe	de92204ac5537f2cce8db7eede59f216
2018-03-16 16:21:05	mosessssssssssssssssssssssss.exe	81e104d01fb9e6cb37147936a288c999
2018-03-19 15:21:03	HOLLYWOOD.exe	b4a63d13eee189a5920f7a4802f812c7
2018-03-19 15:24:05	chuks.exe	2bd265771d5935f74a547dc08ceec3eb
2018-03-19 16:19:31	Win32.WannaPeace.exe	eefa6f98681d78b63f15d7e58934c6cc
2018-03-19 20:33:35	axeopma.exe	247de42a20090ab931f9fc0abc8ebeb6
2018-03-22 17:42:01	chds.exe	fce344ec7f6879f961bca5c7b6a8d5aa
2018-03-23 15:51:08	bat.exe	34a18d979f33393c24d5a14503031ff5
2018-03-23 16:21:06	Updated1.exe	2e5515e904aee021c0d7d2928c79ab9b
2018-03-23 16:27:05	phtoshop.exe	585a7796703434f21de2188a5e294aa8
2018-03-23 16:30:03	offices.exe	e5e56f9374a5a6dd331a0f57883bcbb5
2018-03-23 16:33:07	Re-Loader.exe	686a5620c3da7834205c14d95d2a2d10
2018-03-23 16:39:02	J4v4s0ck3t50v3r5371n5.exe	34c802b36ace4b14986942da497743f5
2018-03-23 16:48:05	ziraat_limpi.exe	dc4200ac514006f084ead7f83b84c928
2018-03-23 16:51:03	ygg.exe	a66c1ca60c1036a8a2e8082626e254e3
2018-03-23 16:54:03	whee.exe	dacd3c7daebf6004064bccf48bf3c074
2018-03-23 16:57:02	skk.exe	248217f5933aee60a0c53ef9ccfb5837
2018-03-23 17:00:03	okilo.exe	2b9ae643a92a909eed70bfa83fc27f6f
2018-03-23 17:03:03	okey.exe	46d4b50fa34ba117a92d33931d68f565
2018-03-23 17:09:03	mii.exe	b639cd208f8220e766b25eb97457bcde
2018-03-23 17:12:03	jo.exe	dc66d298f12764114c8212e4bbf3ed00
2018-03-23 17:15:03	iked.exe	e1618002c8700b4ae261b1e5aea00e42
2018-03-23 17:18:02	free.exe	b8c2a58e357b3ee544f4f21f200fd8c0
2018-03-23 17:21:03	file.exe	f9408e1696237a0c8fcf6f7aa8c9e8c0
2018-03-23 17:24:02	figg.exe	a7b6cccbc2b756a930fb5d22eaf49a22
2018-03-23 17:27:02	elbb.exe	26ce4683f9d6b2c0fa4ed102dbcaf944
2018-03-23 17:30:03	decx.exe	89c04063f2fbb061d30cd978e7a9d46f
2018-03-23 17:33:03	chii.exe	ae7e66ce008be31c0bd97eeede1474e9
2018-03-23 17:36:03	bobb.exe	bd2cffc1a2c3a19f201aa929822c7bba
2018-03-23 17:39:03	ago.exe	5b7cd8a228f6932ddd8750d2c5fba53d
2018-03-23 17:42:02	sutu.exe	9db060b94694f0552d8a4d429c0710fd
2018-03-23 17:45:02	aritu.exe	217708a4dd156626f7fc13b537d57c7f
2018-03-26 22:00:05	adobe.123	d998799170a3d285bd14905e83bf425c
2018-03-26 22:15:10	vauchi.exe	09d18ef22f72390eee7cf4e10be20f89
2018-03-26 22:18:06	ngumastzxb.exe	a8e66e793c958599bebd2273b2bc2d13
2018-03-26 22:21:05	nwedu.exe	d3e346c36ade079cb99cea42c099f805
2018-03-26 22:24:04	nmobite.exe	9dc9370028305ea21bfa0fdd66afb326
2018-03-26 22:27:04	kclaz.exe	6a25fcd863217bfde0fe435c8a5ab053
2018-03-26 22:30:04	oparaaaboyooo.exe	77c9bff32e8616900fd367582f75575c
2018-03-26 22:33:04	anoziexsebx.exe	1a80e943cf73f4400dd323554ba81ef3
2018-03-26 22:51:04	DOCUMENT.exe	c2740e77bb668a04662745486b2db50f
2018-03-26 23:30:03	test8.exe	1b77111c6f6f4a18ce4815e569e6ea2e
2018-03-26 23:45:04	SCAN-IMG_9087437-PDF.exe	e9cff6251603ff2d4f7ade0288ecf42f
2018-03-27 16:30:08	kemi.exe	abd0a62be28231fa92379f044f1ad7f2
2018-03-27 16:57:03	skkx.exe	a0efbeedd3c7965f8006c097d73dc4d4
2018-03-27 19:18:02	svc64.exe	0b4dff474876dc48f6e23841709ce3cb
2018-03-27 19:21:01	svc32.exe	58e04b209bac2725139342259ac45870
2018-03-27 19:30:02	google%20update.exe	8f7bc3437b64a056a860def231afae55
2018-03-27 19:45:05	virus.exe	9e1f9ced3771270599c7d500ee772e8d
2018-03-27 20:39:03	yg.exe	2c70a406cc46a2c37de4e998987cc642
2018-03-27 20:42:02	whex.exe	8ea08162747fe9cc8d96f312af4c1000
2018-03-27 20:45:02	whee.exe	c59670891b9f5bc63101326e11a45d83
2018-03-27 20:48:02	thee.exe	1ab5afdb8c98594a1b6bc4e3322662b2
2018-03-27 20:57:03	skk2.exe	57b20e3d4d8da951b815f18441e36d23
2018-03-27 21:00:03	sk2.exe	68a6911c58e431f2b6505aff20e7dabe
2018-03-27 21:03:03	okre.exe	d7f1e828987d77f7bd6f283cc80d9f80
2018-03-27 21:06:03	okki.exe	ff07459649bd38e6ece03b097bcc05b8
2018-03-27 21:09:03	okk2.exe	2756c187fbd2f7b1bc1c2b208eddd875
2018-03-27 21:12:02	okill.exe	929792dc7370f58531a9ae0482949bcf
2018-03-27 21:15:03	okii.exe	d6294bde892ac0fd75b23614245cb9f4
2018-03-27 21:18:02	okff.exe	3711ae71aa5a5ddf47f88ab08f5e0f9e
2018-03-27 21:21:02	okeke.exe	73762b9243eb0685ac3cc545bb224f1f
2018-03-27 21:24:02	mix.exe	e448f6747277337d370e8ec53c78fbbf
2018-03-27 21:27:02	joo.exe	b724685454d075024f7cb35d5ca23498
2018-03-27 21:30:03	jo.exe	445b32cca5b85d9331028d2806dffe03
2018-03-27 21:33:03	jizz.exe	d3f5147bd456e7ed3bab303ab01e52be
2018-03-27 21:36:03	jep.exe	1dd6186fc46b383e4da156908f1b2847
2018-03-27 21:39:02	ikx.exe	e56f57da052407dfa21672b5177ae7b5
2018-03-27 21:42:02	fret.exe	02e475cff44acb970f77268d27911f90
2018-03-27 21:45:03	free.exe	efa1af3f1b4d7485c7f228b6dd0631c3
2018-03-27 21:48:02	figg.exe	a5c5372a5bebb1735d38b22ad1ef96e1
2018-03-27 21:51:03	figc.exe	2feec5c1b7347fa88191d74757975095
2018-03-27 21:54:02	emyy.exe	a0e05d09c7e97c345da0c3cd35c041c6
2018-03-27 21:57:02	emy.exe	ec26a06ccc883c6f7b604ef5879677c9
2018-03-27 22:00:03	ellb.exe	16bcb2fa16859bf0ac8944bf875d04f0
2018-03-27 22:03:02	elbx.exe	45e0c1de47d3d6184d06564800176904
2018-03-27 22:06:03	eizzy.exe	834cb9c64fd501452f09d47abdcca383
2018-03-27 22:09:02	decz.exe	2e73b641edd83ef8a25356f60b2135cb
2018-03-27 22:12:03	decc.exe	f0b5894cef25d606e1eac726d5182765
2018-03-27 22:15:03	dec2.exe	4309e4769131dd458a9fcb07a81dfb69
2018-03-27 22:18:02	chix.exe	ba301eea09b01f6712ab306eda0b11ce
2018-03-27 22:21:03	chii.exe	c63c0198a024c0f8143d59a2499caf8b
2018-03-27 22:24:03	chib.exe	c5c0370a15454ca6096de3f269d498b2
2018-03-27 22:27:03	chhi.exe	5caefb76941d2a67a187fd4bd21747ea
2018-03-27 22:30:03	bobb.exe	01f7881f6364ff42c51b3957e8891a8b
2018-03-27 22:33:03	bob.exe	68edb34a3da1e301b0559745dacc5605
2018-03-27 22:36:02	agoo.exe	ed8d92546b0122cdd50e30dd375e6212
2018-03-28 00:00:03	928923	3ed891595a4136d07a93ddda2fddef26
2018-03-28 00:06:10	bypass.zip	273882cb95a94a78590676278ab4768a
2018-03-28 00:09:03	RATNIK.exe	62cf1a3a043f586bf2adb4423cbda42e
2018-03-28 02:36:02	eizz.exe	8ecde46db39afbbb130b6f36013c79d2
2018-03-28 02:39:04	shellz.exe	2f5a2ef699f99374072ddf9f3c7a2bbd
2018-03-29 03:03:04	bauchi1.exe	9d1f2fcba0db07cf36399d5f2795914a
2018-03-29 03:21:01	logggs.exe	ca9853eda6441f5eb880e94dcd83be2c
2018-03-29 10:18:02	50.exe	aca385ebb6000b89152701f6870c1696
2018-03-29 14:45:08	ObaReadme12345.exe	c3253ad0974253b26599a35e6bd2205f
2018-04-03 12:18:03	abbb23455433.exe	0faa783fe3f89f627fc839440790a01b
2018-04-04 04:27:05	MOBIET.exe	e33b37b93ff2f6156ee25289bddb33f6
2018-04-04 12:15:04	job.exe	1b9e40a763de768d475da35966364fcf
2018-04-05 00:18:11	ghghdshch130.exe	96afc9cdef3c623e0c5420e339c57283
2018-04-05 13:39:04	6.exe	bc0d9c5250c435e2b08aad396db5fbea
2018-04-05 13:45:03	4.exe	3c7e5080c12f4e9a63d5a770fa57051c
2018-04-05 17:30:03	OBA948337272272.exe	63788a9c7385a3f66f715b4331be5347
2018-04-05 23:33:05	teslahotel.exe	e0270a486c029cbacd8992d8a3e76887
2018-04-05 23:45:04	Job.exe	c0dca2f5b4ffc602441731b7e399c7e6
2018-04-06 15:54:04	mice1.exe	04abd87e9e3a1bc95333a6740ca71c84
2018-04-06 16:03:03	Rose%20Os.exe	0d5f9bf70637e0b761b2c247e16d95bf
2018-04-06 16:06:03	finebobo.exe	413963fc9d89c589b8ef86bff12e28f2
2018-04-06 16:18:03	sweet.exe	75c847837080536ce9d1676e23c5a16a
2018-04-06 16:21:05	ozunu.exe	a3581f2af8670d3181f4393ed550f3ee
2018-04-07 19:24:15	Tilatii111_signed.exe	f9f74f590dca8b2970d55e694f142ee1
2018-04-09 10:42:03	cash.exe	624fe62b014d70be4beb1821788c4007
2018-04-09 15:33:02	elb.exe	effa008d1d9479c9fe76ec906356bfb3
2018-04-10 12:45:02	35478.exe	000311c67d70867fa85d785206de80f6
2018-04-11 12:27:08	okil.exe	f7155be30ac802edcc8d78f6b402a1ef
2018-04-11 12:30:05	jiz.exe	15c925c43834f8c9117a7ce6b8c10881
2018-04-11 12:42:04	fluxstub.stub	4ffb34c0d829924bd293383b93736c61
2018-04-12 02:09:06	fntwr.exe	fe82cdc93b118de77a387596f4ab28c9
2018-04-12 02:12:03	server.exe	ab34766c5576c24c966b35bea2127089
2018-04-12 02:27:04	okkkkkkkk.exe	50c2221345a927e9b1f20f49f4e32230
2018-04-12 08:45:06	fes.exe	7c57c615432a2262c638238bf1625cbf
2018-04-12 08:51:06	ags.exe	b1cb387243e37a53e8adf44a6e6d9ee1
2018-04-12 12:15:57	scan0336485075941120418.exe	84d6ad7d2ce40336b2d552d9811a18f3
2018-04-13 09:15:04	index.php?id=e0c199b36b383f2b59adb0823f6e2135a668762a1250e0b4a63f68b3ec3f37b4	ddb2fe695edb5ded29389ad905cbe749
2018-04-13 16:21:02	PO355279.exe	04893c9e01b41fa620f9895d696d61e1
2018-04-13 16:24:11	svchost.exe	b2f191927b78564337c098900caf7400
2018-04-13 16:27:02	a-.exe	50418fe197695184ec800ab8b51ee6cb
2018-04-13 16:36:02	19.exe	fe6ecbbb14ebd6368aaa5b4fde592dae
2018-04-13 16:45:02	14.exe	392d7d7f1914dd823d01554471881c42
2018-04-13 18:45:05	min1.exe	c215a9e085e3fb4cc93452136acdc4ae
2018-04-14 09:30:08	CD2.exe	c8442d19094cb6f30ceb6206296d0b71
2018-04-14 09:36:04	ee2.exe	f4bd8c674243dd4629dffdf63626614c
2018-04-14 14:12:04	jT2.exe	41c23f9088a58d2f311d0f4afca22b8f
2018-04-14 14:21:05	nj.exe	826f2bbbf6ec4fb4257a3745c217a64e
2018-04-14 14:24:04	c2.exe	01249483b55efe92ff535dd0ffa25307
2018-04-14 14:27:04	123.exe	f64a6ee560bca663ba0094e37f24967f
2018-04-14 14:30:04	exp.exe	f184f55efcfc55893bac7f4a1dba2c8b
2018-04-14 14:39:04	c44.exe	85cfadbe875824737ca5a10e6855f36d
2018-04-14 14:42:05	u2.exe	0b8d1aedf4c08ca20c40da96d3d740d3
2018-04-14 14:45:03	gt.exe	422320fdf8e1f51c44f298eecc6e76ce
2018-04-14 14:48:04	12d.exe	e87887697ee952ece3847472ac83d62a
2018-04-14 14:54:04	btC.exe	b82c09d13e216769bd333b6cd5f57f82
2018-04-14 14:57:03	99T.exe	66b1bdec5db688c877985aace6e24fcf
2018-04-14 15:00:04	a2.exe	a123b7ffa3deeb0b489ba8ea4726229b
2018-04-14 15:03:03	off.exe	8b5bfe8eecc646bfcb950b3f6909d917
2018-04-14 15:06:03	B6U.exe	13e181d2a320e809e92364f060328bff
2018-04-14 15:09:03	f3.exe	7623ce0f094bbf3a85ee324a7b66edb9
2018-04-14 15:15:05	NEW%20PO.exe	a9c33aeb40fb24e68e583e95b9dc7906
2018-04-14 20:09:02	build1.exe	5b13e1bcc26f7dbf8201169bbc0b4264
2018-04-14 20:12:02	build.exe	0766f3d3a085ff223182010af4678eef
2018-04-16 19:27:03	jo.exe	11fc567794a331b24ac173eec6f941cd
2018-04-16 19:30:03	jiz.exe	78d869f81f0a666018caa3a1f11a715e
2018-04-16 19:33:03	kc.exe	80af921f034ee440872d7beadc8e6781
2018-04-16 19:42:03	sodo.exe	a7fd480472ea3c4138d374fb1be5f7cc
2018-04-16 19:45:03	bob.exe	22f2bbbbc871f5440bdef6e22b6a4ca6
2018-04-16 19:48:03	emyy.exe	9d376b373e47604035b5d8f52fb1bd8b
2018-04-16 19:51:03	figx.exe	1dd59b46c55d33af810deb7379d8a75f
2018-04-16 19:54:03	ikx.exe	2bd3522fe621e9f89c5e241495c5b3ce
2018-04-16 19:57:03	jbt.exe	2736bf941b165729789885bd9a44a627
2018-04-16 20:00:03	joo.exe	c4e19cd8425cdf95d8eddb816f8faa50
2018-04-16 20:03:02	skc.exe	0c8e5176a24e0b71bb221f6779323da0
2018-04-16 20:48:03	adobe.exe	73955155eea1ff12f7edd3159abd2512
2018-04-17 10:27:03	Nj7-nwdns4422.exe	9657ba054390fab9059593cac2d31e0a
2018-04-17 10:30:07	w-.exe	f901b42116f1f8a52cc3abe6d8181135
2018-04-17 10:45:10	344638805252.exe	1c0b8c366932a1b7f403869f02f0c244
2018-04-17 15:45:05	sales.exe	03de12c843cecfb24f3c176ad320774c
2018-04-17 16:15:03	4.exe	304e3ae41237a1076f0a1fc5e78e4ead
2018-04-18 14:51:03	pig.exe	8fd9554784e7c5dc7eaf40fa8c41a1ac
2018-04-18 14:54:03	vbc.exe	62467bb7ad7d2dd61339a95db886a487
2018-04-18 14:57:02	vbs.exe	542b6d5021774086fd0318e78c772525
2018-04-18 15:03:03	watch.exe	8af845e27ea32ceaf0df7201d8f55eef
2018-04-18 15:36:11	max.exe	81614c65192690b345d40e4f7f61c372
2018-04-18 15:39:14	linit.exe	8b70d9183b829c6c958b5ecabe95832f
2018-04-18 15:42:15	andre2.exe	ab545d0d59fa7f38d9590e89a6d48501
2018-04-18 15:45:09	andre1.exe	9a199ad31bf034d4ffc88589f81e9d65
2018-04-18 21:00:03	pgn.exe	b982af50d10892672ce3e34971c92e9f
2018-04-18 21:03:02	jsg.exe	8d45cbd91af90c46df018dbb07fc786f
2018-04-18 21:06:03	jsjg.exe	cce56261d82fed42deaba306ea3147ae
2018-04-18 21:15:03	png.exe	1274b4a82dfc4f5dc8edb823693e0f09
2018-04-18 21:18:03	ppg.exe	769c02924c1973bda865f907618ce435
2018-04-18 21:24:03	pppt.exe	c9328ae9fd1b72b73f0c12215f07701f
2018-04-18 21:30:03	sgv.exe	8674e8fd878a92e92a479b931235bb72
2018-04-18 21:33:03	pt.exe	e7b96664df9f3a09e78e100f8f59ce29
2018-04-19 12:39:06	Billion.exe	1a29823f99b9514f61ae5a2933be8191
2018-04-19 12:48:03	word.exe	b00fa776cad747da404458979b90c331
2018-04-19 12:54:04	yg_kenal.exe	09571672aec8049a954cc3f0b9d3b14b
2018-04-19 12:57:04	boby.exe	d9dd495f577d243c3f493f63d96ae656
2018-04-19 13:00:03	chi.exe	fd23baa9cb72d505209d64c7e8f23a45
2018-04-19 13:03:04	dec.exe	10898243229aa14111bda339595659da
2018-04-19 13:06:03	fig_kenal.exe	d5c2cd3dab2c91c246983c0bda2fe403
2018-04-19 13:09:04	ikec.exe	806a6544447fc352c99b0bcf6a816960
2018-04-19 13:12:03	okilo_kenal.exe	85730fa13a4b63bb5d368ae83fd48106
2018-04-19 16:15:03	order.exe	4f67f664ecb5af6670362ff84f019dea
2018-04-19 16:24:05	new17.exe	733d540ac387af35f3b5bad67b6bffb2
2018-04-19 21:09:05	select.exe	25e41eae46cb78b3db68a9a584f9d911
2018-04-20 11:45:03	decc.exe	a205f280222e218872803657c44a941f
2018-04-20 11:48:04	jn.exe	f3b2a0cbb4d2dfd48ddfee6424a654ed
2018-04-20 11:51:03	mii.exe	4e22777268cb73a0d723224a11128035
2018-04-20 11:54:03	okii.exe	254c8e0c4ea6647ad89424fa27c7fba7
2018-04-20 18:00:43	2018importantupdates.exe	b7f83d777901bf5ef4ef43390451cc96
2018-04-23 12:39:02	2.exe	90c03126881ad731686a06029ac8c439
2018-04-23 12:45:01	4.doc	10f6bf1292118e02826d6711c997fa6a
2018-04-23 12:48:02	4.exe	c6516cfc541d1ca2aaeb3bb9354be19e
2018-04-23 12:51:01	5.doc	9dac713e41ce78a5a84b580f659244bb
2018-04-23 13:33:33	ban.exe	927313d5546862ecf37970cb9bbf9525
2018-04-24 13:54:04	bind.exe	85fcdc1eed1798ca33cac9a3bb6a7718
2018-04-24 17:36:02	STEVE.exe	569406e4dad174e1a93b21e728e719c1
2018-04-24 17:48:06	Loader.exe	3169517b4efaf2964e6079217f43acf0
2018-04-25 11:54:03	obi.exe	589eae5a19c8744686a9f3fe883a3207
2018-04-25 11:57:03	fada.exe	c80fb1eeb3ae1c297f21b1a01527050b
2018-04-25 12:03:03	ff.exe	df923a984777680919d1c67a975aa376
2018-04-25 12:24:02	000.123	29c3122a162e176d96a598260ad1502b
2018-04-25 12:27:02	Cv26Cpy	5be5a1f0dfc4ae6dab6dcd1a50cd2f2f
2018-04-25 17:39:05	24.exe	b78cf1a172ab553e54a45a3446f909c6
2018-04-25 21:48:05	r.exe	aaab9063b467d718f09a440200ed8b45
2018-04-26 12:42:04	tested.exe	7d576b3385523b3e3ab1475c6f7fdb99
2018-04-26 19:21:05	4.exe	548ea0ed1a16fb41620415349b02d781
2018-04-26 23:33:08	obc.exe	cb59ba1506204e720978fd84ec80eab2
2018-04-26 23:54:04	KOIJHUYGFTRD.exe	abbf5511d7dd16a6c3bf1822cfd693db
2018-04-27 00:18:05	0000.exe	bf8f74eb5dee1bb05729a4092481f8c5
2018-04-27 00:21:09	fkg.exe	f3e75bfb3c2db89270475faacc0ab519
2018-04-27 09:06:02	6.doc	da2bccb8c3bab13bb93a150849843b25
2018-04-27 09:12:02	1.exe	ea776af4ded7a6c84aa5a97ed69e9dbe
2018-04-27 09:27:03	vbc7.exe	1e1ae714a78d5672d7c6c1abd1bb75b6
2018-04-27 09:33:03	jgp.exe	c5cc63b565d9844525e9490f972f8d91
2018-04-27 09:39:02	vbc5.exe	e554ef9729f8ce7481875a8e79782cac
2018-04-27 13:48:14	poo.exe	e127ce81272268b90914e16fb9993f7f
2018-04-27 13:51:08	po.exe	bd982b5c96a987735af31b9bcf68f268
2018-04-27 13:54:06	p1.exe	b2aa6bd41f3a8b4a0aef513189ca4fd6
2018-04-27 13:57:07	p.exe	5d36aa1fea2ce38148c245b93da0e4ae
2018-04-27 14:09:07	cv.exe	e8a1026d6d025f281c596870fc1185ad
2018-04-27 14:33:08	firefox-update-guide.exe	c7cdc26095bf16e36457bb1f2509be16
2018-04-27 22:33:10	windows%20defender.exe	a88e445f028a77ca2d78400984554b91
2018-04-27 22:36:03	dllhost.exe	6157b1b75158a6aab48926690638378b
2018-04-28 00:00:05	ruy.exe	30bb8de34570df19499392ecb6e38f76
2018-04-29 14:06:03	7.exe	170068ff957644747f3ba1bda893a306
2018-04-30 15:21:03	NOTE.exe	18eedaa80fcd3df3fe531a55e3538a6f
2018-04-30 15:27:04	aksu.exe	952b3175b5f09b4d5434f43d45d43c57
2018-04-30 19:03:03	fr12aaa.exe	151b93106759d45e49497675f026a76b
2018-04-30 19:15:02	10.exe	e3666ecb82584556a39520ea0e788ccc
2018-04-30 19:27:03	9.exe	b2c6201fbf33abdaacb838ad410ecab8
2018-04-30 20:45:36	ggg.exe	9cac744095b6f061f0d4a1ae1d06de94
2018-05-02 11:21:07	netpp.exe	12457923ecb62e66b302ce66672a9411
2018-05-02 13:36:10	ApntEx.exe	f2c2559d714056adcdc939ddf0577341
2018-05-02 14:18:03	explorer.exe	8c25d4276cab432d5c5ad813be4cf2a0
2018-05-02 16:12:10	Invoice_TR2000076585.exe	f8d7ae8d0bbbe31bc7620f893fb289f6
2018-05-02 16:27:04	Docs.exe	387a91b8838822545a839dda83b9c57d
2018-05-03 16:00:04	wealth.123	2d88fec194225a419b391ebbb2472ba3
2018-05-03 16:09:03	ahm.exe	b5f182fdb6a92a48d151bd2281f92e85
2018-05-03 16:12:03	don.exe	6a2c2b021b25da0f433c1224a6aa7931
2018-05-03 16:15:03	fast.exe	26009fde9a7f47f8e376253f3a2d4282
2018-05-03 16:21:03	ob.exe	e59e34230a606484ca7f5d0d161de367
2018-05-03 16:27:03	tonyeng.exe	5a64b7f6e992902904ece01379cd1127
2018-05-03 16:30:03	world.exe	bb73586cedd8767a216880ba2a7c7750
2018-05-03 16:33:06	ORDER.exe	d9edbfddad6c8e3614651445203bcb48
2018-05-03 16:36:02	carmen.exe	1c623485b37aea0fdfcf1f91ccffbbd2
2018-05-03 18:57:05	plugin.exe	f0c9b65512b6e739c1692eee1a41b8d2
2018-05-03 19:33:08	MATERIALS.exe	2475fda58a0ac4c571deb76001a6d81d
2018-05-03 19:39:06	pl.exe	fdd96d03b772b5bd5a76b7b310b023d9
2018-05-06 15:33:03	filer.exe	be6fa90863f328a042a6973a97500e87
2018-05-06 15:39:03	expleze.exe	c8818f0327ff44e33829ab49b6153c66
2018-05-06 15:54:04	tax.exe	367c5c6dcb2c82eb7bb863086e34f66d
2018-05-06 16:00:04	lambe.exe	1954aa127889dff5ab305f6f8afd14c0
2018-05-06 16:03:04	abu.exe	9fe67112dce594369662336a6e8f7b23
2018-05-06 16:06:03	baker.exe	f7a655ef4f08e54e04f643d0f1927b84
2018-05-06 20:33:04	payment.exe	674de5033c26c516ac745e1568baf9c0
2018-05-07 02:15:03	sun.exe	001933b3101f2b333544a89d206383e4
2018-05-07 02:18:02	log.exe	7689084a60f4481351bbbe4ef36b08a1
2018-05-07 02:30:03	home.exe	24ff61047a8d6a2bd9e282aa78e51964
2018-05-07 02:36:03	sun.exe	807e36099afb31e1d16a3b1ed0517d55
2018-05-07 02:48:02	loh.exe	bdc7ddfc8d98b94a2a0f9311e18ff50e
2018-05-07 03:27:02	home.exe	c6dfc506c1d474edb559c9f700fa6d40
2018-05-07 11:06:08	Order.exe	28ddb3f1013592bb1b4413ee39009a57
2018-05-07 11:27:10	trxns.exe	4733e78c47aca6cbd5b5bb092e562478
2018-05-07 11:30:09	transactions.exe	3372a805c849004ed6adf83bf62bdfaa
2018-05-07 11:33:05	orderCP.exe	7199b0b2c94eb8727ff0a9446d16c718
2018-05-07 11:36:07	order110.exe	c882debc49ff54f4cbd385eb39dbaca5
2018-05-07 11:39:10	order.exe	4a37b128190ebeb46b11976ef6dd702b
2018-05-07 11:42:08	newp.exe	8b683771c162d0f751ec0eed59ab8471
2018-05-07 11:45:08	netnew.exe	75d302f87cedf67103b7a40234dc2f4e
2018-05-07 11:48:08	netly.exe	a9ea5e73237d3e45ef3b2bab04612266
2018-05-07 11:51:08	imnty.exe	0415673ca7394d42f1e71d8eeb713d51
2018-05-07 11:54:10	imcp.exe	8e67e154ad9fa0f273832e99a661cc3c
2018-05-07 11:57:09	imcccp.exe	917a710a90cf864397280cf6dae469d6
2018-05-07 12:00:08	aggt.exe	f0c9ffce124aa0fce22f9838af812bd7
2018-05-07 12:03:06	PurchaseOrder.exe	fc1e2dfd378b36fa73e9fbde8e3ad597
2018-05-07 12:06:08	PO101.exe	53e5daacbf8f1658a0dd8eb1cce10037
2018-05-07 12:09:08	PO.exe	92b31e271142cc31ef0334a9c91a0ca6
2018-05-07 12:12:10	ID.exe	a0e983ac9bc736fc036deb22f66fac7b
2018-05-07 17:30:03	urzoze.exe	5a8bd143e2f0f197608d52f80d69990c
2018-05-07 18:04:10	swift.exe	21c0027924a5a4a70cd1e61220716224
2018-05-07 18:06:03	4.exe	8acb1a113d20530f501fc371622ff0db
2018-05-07 22:21:06	onvinmao.exe	d697363cbc0300e3bd0953f1ccad9e11
2018-05-07 22:24:04	acvoy.exe	ef6b5acc3560ab386423327f4d1b554e
2018-05-07 22:27:04	avbuuux.exe	b22f10d57350ef4a2663e94d989bacca
2018-05-07 22:30:04	mAXN.exe	dd56c276f568bbcd7fda81acc99004a0
2018-05-07 22:33:04	MACOBI.exe	435e37bf5ce7ae6cc774ec329034f7fe
2018-05-07 22:36:05	diergoo.exe	e635e65ef68472e88e78413129f71aa9
2018-05-08 10:51:04	explorer.exe	c69fe97bdb3753c347a8631311698fe0
2018-05-08 11:10:08	Quotation_Sheet_Scan73838,PDF.exe	e2b6f16b2c8ed6fe9a33004cd82a8932
2018-05-08 11:18:05	tt.exe	a25efbdcb8f27d07c04091cb5f6a44b0
2018-05-08 11:21:06	mx.exe	d687d8a4cf297dfb458707fbc160ebd3
2018-05-08 16:00:04	NEWPO.exe	8aec558a53654fd490aaa58cbae1fc0d
2018-05-08 17:00:02	adobe.exe	f6d82415bafc37418d9ea4357ee834d3
2018-05-08 22:03:04	9.exe	f6ceed83aca6ac5ab1c6b3b38e6825d7
2018-05-08 22:48:03	mekacryt.exe	8e495ada8db963825a774a659c48f5a8
2018-05-08 22:54:02	eme%20tesla1.exe	25666e0ba20220c025f56c79023abd91
2018-05-08 23:39:03	0001.exe	4d469669b057723e536f9c11506fdba2
2018-05-09 16:45:03	Protected.exe	55eff4b8cf32e1144bd789691bc8e3e8
2018-05-09 18:30:08	01298435.exe	fc581054b160686d4cf0f4977cd46b4b
2018-05-09 18:33:09	dc.exe	a2857bce03989d51400094303ae2382b
2018-05-10 11:39:08	derver.EXE	86cc407f3a46c32e7d3168d50b6bf195
2018-05-10 11:54:09	ORDUS.exe	4473e4e0aacd251550f9fb5d3498d34a
2018-05-10 12:03:07	w3.exe	0bd6c88fea0ef557fba63e10e6f085cb
2018-05-10 12:21:12	wassus.exe	42ee81705a4c1621d9823de7f197d7bc
2018-05-10 12:30:40	teststub.exe	79bad068bf77f41d900c38b176fcea41
2018-05-10 12:45:08	wedhk.exe	b922994082835998c5c86eb1ae1da06b
2018-05-10 12:51:06	ibb0187234.exe	d1fac7f95097c33e23156d7ab158f008
2018-05-10 12:54:05	ibb.exe	b5556d707de842281f61a21f107ee8d3
2018-05-10 12:57:03	HKTRF01823.exe	48efec59ba4d386f652da433a042db80
2018-05-10 13:00:03	HKTHUR019432.exe	02b61c4bd363169175bb6513b35f29c2
2018-05-11 02:48:04	office.exe	e67f78a1ad2be092bff4b5a77f75a95f
2018-05-11 04:39:08	team.exe	44231706f35ab33b00c196a592a5b822
2018-05-11 07:30:09	pikin.exe	e192b603ab23cc8eab085cad7add91b0
2018-05-11 07:36:03	NEWPO.exe	181e0ed8c8f09db4749f83ca87bf3e2d
2018-05-11 17:27:38	Products_List_Quotation_Sheet,xls.exe	6d2f206025cfe7f878495bfc3e09206b
2018-05-11 19:21:11	SERVER1.exe	0d975d18b48be7a18ac10f29a57cede7
2018-05-11 19:24:06	Servermarch10.exe	8922b3f2e4a32ac5bac9ce82a39ca9f1
2018-05-11 20:09:02	DRAWING%20MATERIALS.exe	e2a988e5b401ffdeb288e248389f81e1
2018-05-11 21:51:03	read.exe	a6572e51c797d2ecfe8f7c007c730462
2018-05-11 22:27:07	ncase.exe	a1247ec5d64c00b2efca1fda7ea29c5e
2018-05-12 02:42:32	platunum1.exe	4a3a7984b850ab7836c9e61743d1332a
2018-05-12 03:03:05	olamide.exe	837f0015453e2fe843a4cd5672c5a4c8
2018-05-12 17:30:07	robots.exe	a381684bf1f5f47a0f68d8c40d8d3b50
2018-05-12 17:39:07	uomn.exe	9d2366040e224f97a96c62dcf2428004
2018-05-12 22:24:04	mail.exe	fe091c3fb818f59ea770f0cd50f346bf
2018-05-12 22:39:03	jmaima.abc	f557dde31fdf94a5e3bde1fc8ed94bdd
2018-05-13 12:45:06	wealth.123	d3f0a5be2dbea267f5048b317c49d441
2018-05-14 08:03:04	teremerejodi.exe	ba1d34fe94fe7b6e979fbe2289420b7f
2018-05-14 08:06:04	maalgudam.exe	a880a44d148ab956972365df412f0a34
2018-05-14 08:09:04	olwieress.exe	537596ef8ab32909ac0cab0b2044bfd6
2018-05-14 08:12:04	tracking.exe	debacd07ef5278ce387d1283b1cf2661
2018-05-14 08:15:04	khatjotery.exe	1aa58befc5531e24e0ecd6964250f32c
2018-05-14 08:18:04	hujayega.exe	790a55bc54058bd672fd169201d2c98c
2018-05-14 08:21:09	sirri.exe	3c9273c1022bbc4c3b5469c8ca65023f
2018-05-14 08:30:04	iih.exe	59460b1ce0dcb2f8300f4534e61a4a10
2018-05-14 13:12:03	iul.exe	a8e187400ccedf1d3134c238455bd792
2018-05-14 14:09:06	5yezcG6	ba81a5edc34a735dc5a88419243167bf
2018-05-14 21:00:03	et.exe	9eb99c67c0b6ab2a85cd7dd44adbbc8e
2018-05-14 21:03:04	gh.exe	ef2c7bf69513cf30d5320579df36d8f3
2018-05-14 21:06:09	TTPaymentProofAndRemittanceCopy.exe	6276d59d3aeafdad32117975d293eb6e
2018-05-15 01:27:02	surecrew.exe	bb53429c934474eb4ae15362b0b0fed9
2018-05-15 01:42:02	imm.exe	acf4810fac7e2973532fe7c2828644a5
2018-05-15 01:51:03	FINAL.exe	cb0e4c77c8fcbb34bc947e0ff75d4dfa
2018-05-15 04:06:02	olamide.exe	819ff07dfe557f55282df56a94f6ec80
2018-05-15 04:09:09	LEJ.exe	6ca0ec1daad95faebfb4ebebb41aafea
2018-05-15 08:57:03	snoop.exe	0c836cda6823cc0b4b77008312e9720c
2018-05-15 09:09:03	14.exe	97a4a5fa687287e4f0bd3c7e6dc504b7
2018-05-15 09:27:05	Install.exe	e4e77928bf3cd940d09563127bb16c6a
2018-05-15 09:39:08	denis.exe	e3031cf128f0704aa5ad9cf7efc4dfa0
2018-05-15 09:45:12	Doc-2018-0206_signed.exe	639d7b9343aa6f578bfdb09607874c9b
2018-05-15 14:18:06	hity.exe	885a6b438fe3c23b4d8d09c43034d173
2018-05-15 15:33:02	server_fud1.exe	650ddc432872d7ff7088e3376a26acd1
2018-05-16 00:00:07	stunt.exe	2b62478ff645653e0c6eda955a154ea9
2018-05-16 00:15:03	li1i.exe	cca13401371eac655ce0e1f8fe80ba58
2018-05-16 00:48:04	Order04.exe	717791192fbd7a01e220fa7fba1d3fa1
2018-05-16 00:51:02	mofe.exe	1fb98bcf4d8f45c121b4ef208ea8c7e2
2018-05-16 04:39:02	Good.exe	15e43421578b69651fd9fbc1ebc5af5e
2018-05-16 05:24:02	tus.exe	681b9f5117425cd425ef9b3731135bf2
2018-05-16 05:27:03	trad.exe	f5b3e2458ce25b837788254706f419d1
2018-05-16 09:24:12	tx.exe	70774c09cd557ec674d9ef20cafae2e8
2018-05-16 18:09:03	ndalai.exe	46170d5634458889f1a5c45f67ff0cb1
2018-05-16 19:33:04	ordering.exe	1e574b676befa0441d0a5755f2389b10
2018-05-16 20:39:03	ugooo.exe	d0033f0de443164272d2ce64c8359858
2018-05-16 20:45:06	scan%20copy84756786545.exe	a2ac43f1303b5d26d2707d210261f391
2018-05-16 23:39:03	pi1l.exe	8f0065ec279ccc6a382c64dc86eeb77a
2018-05-17 00:36:02	May%20PO.exe	766e8c115aa7cbc24e33b387d354bf43
2018-05-17 00:39:03	wq.exe	e6677822a190e4f33c2f30398f4671d6
2018-05-17 00:42:05	file.exe	0841043e885a453e04f5dcdd43a288c9
2018-05-17 02:33:03	The%20Highlighted%20Materials.exe	169b5af4ee194653eb133d5c1fb7c913
2018-05-17 05:06:03	sou.exe	aeb39ae3517b4ff55de87dc1ce3724be
2018-05-17 05:18:01	000000000.exe	1a811761cd9bfb75569fb56766fed530
2018-05-17 10:15:14	ppo.exe	db6f7ee21578a39f3622be9ed4963a48
2018-05-17 17:51:02	JHkYfFu	363f0a29e1e3f5a76d750bdabb53fbd1
2018-05-17 18:00:03	0i1l.exe	2d4e96f779082a59fff07378aef1b800
2018-05-17 18:03:05	loder.exe	14a7fcc57b45ed50764a12e135d8ebcb
2018-05-17 21:18:03	nett.exe	771050f703dfe0072a4f2a6ec7b1f86a
2018-05-17 21:21:04	pp.exe	0ad9a73872803f10601b98c7b3a84a83
2018-05-17 21:24:03	fraudulenttrxns.exe	d275285df07c7ea145db1025983e1b73
2018-05-17 21:30:04	nenet.exe	998be96ef62c5a22e6023bcb6daed8a8
2018-05-17 21:36:03	nwrem.exe	bf442b28ab0cdca16b81e3bbd6425392
2018-05-18 04:06:05	htt.exe	1713aa07b9e97409c1ff2048a3c7805f
2018-05-18 04:12:06	y.exe	ccf8043ab8857a44caa02fda2259e92b
2018-05-18 04:15:08	po.exe	ac5034baaea3df6ec5c5b49678f364cb
2018-05-18 11:03:04	mri.exe	aa74e18045bc64781763e6034f3ddfaf
2018-05-18 11:30:03	Calculator.jpeg	b023eee4bdb33f406c5093384759d08d
2018-05-18 15:39:03	tony.exe	3f84743ff541cf3ed62b11097757632d
2018-05-18 15:42:03	success.exe	de225405f8e348bfbb5ba8abdc092b48
2018-05-18 15:45:03	hono.exe	5f6adfd8adc46a9195b1ee20d37b3984
2018-05-18 15:48:02	bttc.exe	0b4816df743c4bee529bfcefc20dd23f
2018-05-18 15:51:03	btccash.exe	c7ee9d428222f1c920cd8aaae026b4de
2018-05-18 15:54:02	btc.exe	9ed4dfbc061045da55d9a2acf165ed52
2018-05-18 15:57:03	bossemmy.exe	febed648257274d46d864132745b6a05
2018-05-18 16:00:03	Invoice_tr2018.exe	e432274f6128d2647009934f821d0ea0
2018-05-18 16:24:02	jj.exe	a8e5fe02b93a9f32fd7444ab5d8c5e95
2018-05-18 16:27:03	EQNEDT32.exe	4afe8137c62c19c2618365ba937388fc
2018-05-18 17:03:34	tsn.exe	7fa275c4720679c386f65b9fd7355951
2018-05-18 17:09:03	milo1.exe	c5501dcda7b59756449f20efd676cd15
2018-05-18 17:12:02	milo.exe	b0f776c8a5e56354c006036f360fffe7
2018-05-18 17:15:03	me.exe	f107a8d33adeb3249e3b590329b691d9
2018-05-18 17:18:02	ddd2.exe	8d3f91c66372e89770cf34574cdc9c7c
2018-05-18 17:24:02	New-order-pdf.exe	c01ed28282861c64c111d5f7d82d7d59
2018-05-18 20:57:13	ccu.exe	190934e5abcc77147e3eac7bb10f4574
2018-05-18 21:12:06	winsock.exe	556b5f4ce2b3c47bc3a3e052202597d3
2018-05-18 21:24:08	winscr.exe	17c45dd7d20e118d3254e5e7646af5af
2018-05-18 21:42:04	zeal.exe	732ad6e95c86b3be894fe6ffa27eb683
2018-05-18 21:45:03	edu.exe	32b2668174be406d98bde8c055e809d6
2018-05-18 21:48:05	Emeka.exe	059bb09924b0d8cb7a8cffb72fd0bb03
2018-05-20 01:12:04	ariwete1.exe	c99633f5b044ccfa89c1d3972498e3ba
2018-05-20 10:33:03	gg.exe	ed65794e3c61ad547f97f491009fa237
2018-05-20 10:36:04	QZXFGPXX.exe	a3fb4842b5df7ace8a9822ae1976ecff
2018-05-20 20:24:02	Lenzman.exe	bf310cbe055417eeba73d98d105d6075
2018-05-21 12:12:03	ALPHA_PO-16201844580.pdf.exe	a757e6f65cc6226a8dc6d9b0c6da3673
2018-05-21 16:18:02	atulls.exe	85c3e2a8af7434a0c0c91dbe0ae8ef0e
2018-05-21 16:21:03	Order.exe	2d388bcf0ed35792db09f15f5f462133
2018-05-21 16:30:03	svchost.exe	88575fa4ffcf6842ea92f65beb084b1c
2018-05-21 16:51:06	run1.exe	b288b4599cd44b337aaf87da50fe038b
2018-05-21 17:27:03	hope.exe	3440809244788d0278815edf5d4c8294
2018-05-21 17:45:05	1KTAuRG	21565b4eb6fefe4ff4d21c22c9f30391
2018-05-21 22:12:08	winin.exe	352c94d7274f0db55cc2a7de88d1a461
2018-05-21 22:15:05	luke.exe	0428bc92d6500c100e70d5e4c3cd4d36
2018-05-22 09:54:03	justbelieve.exe	c00d1ef5a50611ac453005893fb32cde
2018-05-22 21:06:02	test.exe	d27234372a53a7c6d8a668231e734698
2018-05-22 21:39:03	order.exe	313a1db859472ba4cc8863d78cc30edd
2018-05-22 21:42:03	fis.exe	b4f403caaa7dd77c4c27bf02687e5af2
2018-05-22 22:12:03	elber_topst.exe	fa80f24fc04d7b657d0b968dd63f9750
2018-05-22 22:57:07	fis.exe	c6650e415309c2b196aa486735dad543
2018-05-22 23:00:05	p.exe	c9fa3ce57dcd3c12ec16577150684703
2018-05-22 23:03:03	da.exe	2d90560e91a732d7c44674e3f606f620
2018-05-22 23:18:07	Order.exe	66a1bd9e39a31126b9221782821ce50f
2018-05-23 05:27:11	CR8.exe	a61f077e0275dab781038b9c4b82885c
2018-05-23 06:48:08	winlogonn.exe	2629f3e38170f563b5c8a75ad69d6c90
2018-05-23 06:51:07	dwm.exe	57a2d46109c29a9ce0b3716aee6b3d22
2018-05-23 06:54:06	POS.exe	abcea83cb1a4ae9aa7413a1963283d1d
2018-05-23 07:03:07	INVOICE.exe	e36f34ebc8254248243141369fdf7634
2018-05-23 07:15:04	shit.exe	6fd1f77d26738cf938efa0e5eddc30ba
2018-05-23 07:27:02	albert.exe	84f5a10bb016c49598fbbdd5a5d71e14
2018-05-23 07:30:18	3.exe	4c5dc8f2d1df1a74df4b1730a2a756e8
2018-05-23 12:30:16	13.exe	58574b6dc105478f0807ea148349c59f
2018-05-23 12:36:19	21.exe	d6cabf8ccf6234a76fef52b30f60e798
2018-05-23 12:42:26	19.exe	4c153c44de8ed3cac3954f7e997ea8f7
2018-05-23 12:54:54	17.exe	292be3082c620ed488793547ccee40ea
2018-05-23 13:08:10	11.exe	8cf1c74955a561ce883a703b1faff789
2018-05-23 13:18:25	10.exe	dd7cdadeae9b4ffc62ac460aeb0213b9
2018-05-23 13:19:58	8.exe	462b767e71149ee7d99e089a3666134f
2018-05-23 13:30:38	2.exe	713e8df6bd82d3260543d0d969905d5b
2018-05-23 14:24:09	1s.exe	d8a713e9aed88093668ec0f19d54e513
2018-05-23 17:57:08	svchost.exe	bf7187d256718c5ade93f520671a4ff3
2018-05-23 18:00:04	Adobe.exe	c894032ba97590c35549713817f0b6de
2018-05-23 18:51:06	opll.exe	519f65c9d76cecb8f2ea85ed5dd32a32
2018-05-23 19:30:06	swiftsz.exe	5c48c9984a3b4bdfc177948ad6fa2a86
2018-05-23 19:54:03	4.exe	d58b262d554730be5e29f7aafefebc9f
2018-05-23 19:57:05	paidcopy.exe	4337923547cb41e7154154dde5b24a8b
2018-05-23 20:09:02	bles.exe	235bd8991d75bbecacf4cf4e89236130
2018-05-23 20:36:08	3.exe	3744ffc1f6219702ac75d05265b4c092
2018-05-23 20:48:07	7.exe	741e507930cfd9a81c9d50ac9f3ad4d7
2018-05-23 20:51:03	8.exe	fb36d6140fb192ca27df75b26e05a4a6
2018-05-23 21:00:03	11.exe	904453e88a179fcab967e54eefbf4c85
2018-05-24 03:15:02	Myjex.exe	8cffc8f53e1e0b93dbbc3b1249dedb63
2018-05-24 03:18:07	Mylex.exe	310612f007cad632a9d2c3db9db2a157
2018-05-24 03:21:07	Nazfilx.exe	bd190a8db314768d2afe800176437944
2018-05-24 03:24:04	Server.exe	b9d0e59b693e28208c1ef2a8dbb820ee
2018-05-24 03:27:05	ServerNj.exe	4d8c1c0bee0ab2ac964f3793c2fd2499
2018-05-24 19:42:04	CR3.exe	0a5c8b87ad01fa14f77cb5c74d0cb43e
2018-05-24 21:21:02	00000LenzM.123	81362f74cc518876fb94917b2b9f9fa9
2018-05-24 21:27:03	001.exe	6ffa9f2924c3d21ce1c8149786ef1f71
2018-05-24 23:15:09	z.exe	a9040f642dd122636f61c52778873138
2018-05-24 23:51:03	2.exe	5499cc737dae9949b4df8ba725c95c05
2018-05-25 08:03:01	WindowsApp1.exe	265bf05e0c6105ee0833e7ae501d3db1
2018-05-25 19:03:02	WindowsApp1.exe	a80d5c2447c955865ad6d40b712bd8ee
2018-05-25 19:54:02	po.exe	a25d035c838157e70afadd3b1b140f5f
2018-05-26 07:51:04	Aritu1.exe	de82934b9c552a078544c611a7976963
2018-05-26 13:21:05	iwantapple.exe	35849f1e5f89af715735afbdeaf4d183
2018-05-26 17:36:04	Protected.exe	19871dd79a15a41e7ec9563075f97e7a
2018-05-26 17:42:03	newmarch.exe	2e67e781c0cfb37d5e03cc6860e573f0
2018-05-26 18:06:02	file1.exe	eb0e42323cb2de27e5a6407cc4f71ec3
2018-05-27 03:42:03	uc.exe	efab1253628984641d41b1c1d641eca2
2018-05-27 18:18:06	cjnew.exe	6300f96828d8aae5bcf12e7083610465
2018-05-27 18:39:02	albet.exe	00a82341fcf8fad8529c8daf1fae9dea
2018-05-27 18:42:04	fran.exe	18c51943aac9798b30acd0a9a8f93a62
2018-05-27 18:45:02	sNdttpC	50a412bc7d2506c30347e21e1d85908a
2018-05-27 18:48:05	tui.exe	8d13bc5012aecb410bc3e5b77bf86997
2018-05-27 19:15:03	adobe.123	d3c7842495e4fcf393508918bd002ac4
2018-05-27 19:21:07	windows.exe	41ebe685cf5937c0511c404ff9912175
2018-05-27 19:24:06	done.exe	aa13f27d17df27f5c8097848044d252f
2018-05-27 19:27:09	minerupdate.exe	4fa1915159ca5d200a5d9c946ccf0bb3
2018-05-28 09:03:06	AGENTFILE.exe	2b6439cd7d93f95df0e30b1525f41ac4
2018-05-28 09:18:03	Kings%20Doc.exe	7d3c2c2ede343c6be0efcad1d4305c6f
2018-05-28 09:24:03	today.exe	d16ce2629e9535534b963bb2b536d522
2018-05-28 14:45:05	MUSE14789.exe	bb0088e584ab7cce3bf54d7bc9202a56
2018-05-28 15:06:03	btty.exe	35dc702c5964933b45c4364f27a65898
2018-05-28 15:09:02	slil.exe	39273288addd175bf28165460b30c45e
2018-05-28 16:27:03	gym.exe	11d56c7b9b131120863f66a97ffd1cd7
2018-05-28 16:30:03	k815gBU	864fc17abaa8c01716ae6822648b388c
2018-05-28 23:57:03	Materials%20Needed.exe	3cdb38adb0aeccd1e0be80228fb7887b
2018-05-29 04:24:08	RA.exe	37e9e02c9e17bd27ed78d1196c7ac0b1
2018-05-29 04:27:04	Materials%20Drawing%20Specification.exe	24b1bb09aebaeb96564b9508f0f13891
2018-05-29 04:36:04	uc.exe	010dce8f1727f2ac367098673b556849
2018-05-29 09:12:07	PO8899.exe	a05a65d69dda6039fd59eaded15c79dc
2018-05-29 09:45:04	done.exe	70d6a3004d46a3a65440a8a2681a9507
2018-05-29 09:48:03	windows.exe	e9a5268cb49813cbb6d0388ae6de96e5
2018-05-29 14:48:03	werdftyxcv.exe	23ccdbf6db957beee15afc7cac91b27d
2018-05-29 14:51:07	gloi.exe	39ffa3dd5db6edf0f208d118be8cb64a
2018-05-29 14:54:04	tt.exe	0400a3300ae7454d9638654071352968
2018-05-29 14:57:03	IMG99000.exe	3ed6d12d935919a70c664f18dd230b81
2018-05-29 15:21:04	paplaz.exe	8f465e7689b313ddd8bbf45b452b6752
2018-05-29 15:30:05	abchai.exe	8875ae2d57289e7589027bd085c7c17a
2018-05-29 15:33:04	buoyoplza.exe	434395db09e27d70ad1f0ddfd1a90f36
2018-05-29 15:36:04	dovg.exe	91c9561e605b9d13935aaa772c9ab575
2018-05-29 15:39:05	maxninini.exe	687cad4427cf912d7207865942276fa4
2018-05-29 15:42:06	mbiyoungito.exe	83753b4a5ab781c5fc0a65dd2806dc14
2018-05-29 15:45:05	obaiiqoqui.exe	377660c9592494ac89bf8fe690e356e2
2018-05-29 16:36:03	solu.exe	acbdf3bb6b4eecd621b71eb99192b7f5
2018-05-29 16:39:03	rank.exe	7f7a749bd2c2224a561e2d2be4114185
2018-05-29 17:00:11	minerupdate2.exe	1f9e441e24c6042c7343c10fc6074767
2018-05-29 17:09:03	IMG900099.exe	f2182a2beff6a3d626733243b75cd96d
2018-05-29 20:33:13	imgclone.exe	5430c25a993989a9489ed62a311e2f81
2018-05-29 22:15:07	invoice.exe	409f0649d4b144b5aa14c6a12857ca6c
2018-05-30 12:30:03	iexplorer.exe	49920d3ad9a4ec311c12b00600a8ef50
2018-05-30 12:42:02	015643672432450.exe	47c0afb728117b9d267d67c2f2677d1a
2018-05-30 12:48:02	purchase%20order.exe	e9c87c368fc199a4e2fdb5771ef902e4
2018-05-30 12:57:03	uo.exe	6d8ab5af874bc3bcdf1df536430235fa
2018-05-30 13:09:07	inv.exe	cc5d016bf64951685246199ca9364a07
2018-05-30 13:12:07	cll.exe	a20a0bad66634a870ced59675c98f949
2018-05-30 13:15:02	newimage.exe	0375083a5f17035e28f9f227b3f0101a
2018-05-30 15:42:05	Gervinho.exe	1e66e0aa79a4dc195569ecafa0c4ba76
2018-05-30 19:36:03	jhn.exe	8a002abdee988603ba652e7260bbd973
2018-05-31 01:03:02	hift.exe	28e2e63361821ebdac9d3a777bb31f7e
2018-05-31 01:39:05	55.exe	d83f9599671f8d0da4be17d77617f5eb
2018-05-31 09:51:40	ConnectorAgent-7.1.1.5205.exe	4b1b7aa5e43dbb2d941ebc1ee1494fa6
2018-05-31 09:57:36	purchase%20order.exe	1d39bb0967900185d6f9981e408776ec
2018-05-31 11:15:04	Deck.exe	087c8ee2753e8c95115ab681a44c7552
2018-05-31 11:21:03	ofd.exe	458d9d3a9abcc86f27671d3fd6ce2dd5
2018-05-31 14:12:04	Apps.exe	ec100fe1401b5ab44d20ae247d92ce16
2018-05-31 15:09:07	order.exe	e3490c20bd637a6037f4720913893b71
2018-05-31 15:15:14	NFG1.exe	e1d315b9fad25172db30386f281bd6d2
2018-05-31 15:33:04	4.exe	3abe771de758841de8b767a6b0c3092b
2018-05-31 15:36:04	5.exe	1b2a3a848f87cbbcc42537e99251f3bb
2018-05-31 15:48:02	1.doc	7dc7dacb6f25d53aa2decaffea34756d
2018-06-01 03:03:04	teslaswift.exe	9d9f240c54b5a9a1ba913d7184966e71
2018-06-01 03:21:05	oo.exe	6126b157dc4070e55da4c8fb01570590
2018-06-01 05:45:03	Limpapauya.exe	ef00c99f7f5f725e9631e3cdef44fb22
2018-06-01 05:54:05	tn.exe	e0ad6b9671bb6abdebb2ddf4b28f342a
2018-06-01 06:00:06	withheld.exe	307764e35a478e422c77d87513124a08
2018-06-01 06:06:04	banacheeta.exe	a488a0c02f1b7a065ba61d219ae3efab
2018-06-01 09:09:04	res.exe	1856ba7de4a465c9b1a7959cd3e02551
2018-06-01 09:15:03	nkfile.exe	bc6fb32faf6601757fe2871625b09e1b
2018-06-01 13:36:05	holst.exe	eef586ec6fa928378ffbc667ed43362d
2018-06-01 13:42:09	g.exe	b99cee8603eb58c97143d9575136f761
2018-06-01 13:57:03	bokf.exe	1c0983e3ea8fef075351004b0936d3a1
2018-06-01 14:00:04	EmiratesNBDTransferAdvicePDF.exe	58d8e45e2efdbbdd4e385eef528618c5
2018-06-01 14:21:08	w.jpg	16d748352329dd9038fd1d562be4e56e
2018-06-01 14:48:04	sawi.exe	37b26a7eabeec8376d2f7bcabe1b6085
2018-06-01 23:15:07	CJDUOOUT.exe	39d6e11b2238e788ce7264e496af499d
2018-06-01 23:18:07	SBOUT.exe	94c4e4fe18361f6178884fc662db8acc
2018-06-01 23:21:05	PGNANOOUT.exe	0e86367e6ab3f180df8006c3061d60c9
2018-06-01 23:24:08	PGDOUOUT.exe	00bce26e2a1013c5acf40519f3fa9db4
2018-06-01 23:27:09	NCOUT.exe	094443f2fd890352f712a3fff79d4c5e
2018-06-01 23:30:08	MGOUT.exe	3c6ae6b660c46f28d2aa9c173807cd1b
2018-06-01 23:33:05	KDATC.exe	05802c35fefeefc47992d59c053e57e6
2018-06-01 23:36:08	CJNANOOUT.exe	0d1908cd1c7861e216c70bf6796c8f27
2018-06-02 18:12:02	000000.exe	97c97a9360d53df04d5fc969f799b08a
2018-06-03 05:00:04	ppa.exe	eb46203637016e8f3fa5f5e524de8811
2018-06-03 05:03:03	commj.exe	beff601484de891d67599e7dc52841c9
2018-06-03 05:06:04	JIF1.exe	3b23dc374ff67cce7ea56e7c2d023164
2018-06-03 05:15:03	66.exe	1d6154aa33977229d441cb2e2a2c79f5
2018-06-03 09:48:06	StartupWin.exe	747f1ed0b7c761f6348db4eac0cc84b9
2018-06-03 09:54:03	3.exe	847133f1bb51d39a2bb1b7a5bf0e979e
2018-06-03 10:00:02	nd.exe	91efed7bb6493d373d8fda375bc8338c
2018-06-03 14:33:03	PHYNO.exe	f500a723652ca0ceefd43fa50797c908
2018-06-03 15:36:02	njm.exe	aaef8a8764b2771793b4986840c2a89c
2018-06-03 19:27:04	test.exe	b3625cd7f9348ad659ed056423b7d010
2018-06-03 19:30:03	coast.exe	5534621d1818b6d246e7ce52a311bf9f
2018-06-04 04:54:05	scan008.exe	23c61fed0fd3b2cb9537a0dc610cfcca
2018-06-04 04:57:02	tif.exe	c5474ec51c52d1a42fd7a6e4202e5151
2018-06-04 05:00:03	sky.exe	6c61ba01924ba4afb3e2ae915d744c5a
2018-06-04 05:03:02	ritz.exe	7c049e9f1b7f0cfd03611890cc916aef
2018-06-04 05:06:02	mog.exe	fddd2b645c98319d10fc9816449c6ff2
2018-06-04 05:09:01	nice.exe	798b126c3c91770ea6e044e02aa81a97
2018-06-04 05:12:02	inedit.exe	cf097b9e16509081dfc8f2dbfaf4ef39
2018-06-04 05:15:02	datry.exe	93dcc205965b4b90032879b8818727f7
2018-06-04 10:39:03	nbp.exe	47d64846e17e347e63fc491f63108ea6
2018-06-04 11:00:02	updaters.exe	3eeece733449517d643ad8e35ff9f55a
2018-06-04 14:42:05	slushbtc.exe	000c29ad905dc50673f564c5ebabc0d0
2018-06-04 20:15:04	some.exe	eb584bc9deb825e125cf0732cba4f234
2018-06-04 20:18:04	albe.exe	bc9f20bb1225a0f1d33d7a1275bfcc50
2018-06-04 20:21:03	bill.exe	49e4fb34bc2dd5c346eeecf8c05bc5bd
2018-06-04 20:24:03	fran.exe	6883fbc62fd02833f28d44624bd0e5c2
2018-06-04 20:27:03	olu.exe	f7236436dce057005e5fda9bd0b9456b
2018-06-04 20:51:02	ring.exe	75f7c142b1d77f3f8fb0446390ecebe0
2018-06-05 03:30:03	flag.exe	f9a2cbbaeae0112641305ca357e4df86
2018-06-05 03:33:07	Builder.exe	a2f5f1bb94c16e7068c73ae0f78841f1
2018-06-05 03:51:03	Gen.exe	6681023899190ee38e10978341e7f86d
2018-06-05 06:54:03	PO-04062018.exe	e5be80183a03600941750e05467c07f3
2018-06-05 11:18:03	Ayamgoro.exe	3ab62a4c61eb740918a7ed93e4c10840
2018-06-05 16:57:03	guoa.exe	35320903bf23ea49734f041a42a1d7aa
2018-06-05 17:00:05	caz.exe	a4b793d63825d01fc706b6234c5d2547
2018-06-05 18:39:08	codeofconduct.exe	3d0c60d2be831327a4e92ddd6df6c8c6
2018-06-05 18:54:07	copy.exe	ac1e54220c9317c708c5f96f1c3e227c
2018-06-05 20:30:04	14.exe	46b255cb008d99da1d0fe1eb51006a6a
2018-06-05 21:21:03	pa.exe	77351f871094f35eca8157d91c407ee7
2018-06-05 22:09:02	taskmgr.exe	8fc226cdf6fe2f2e1c5298b7e5924e95
2018-06-05 22:33:04	YP1vi4S	4b8afd134052648b48536901f10ad1a0
2018-06-05 23:54:06	image.exe	64bda68dfff6e2ca7319ccc1b9962c14
2018-06-06 00:33:07	finalbuild.exe	a1f70231ea8abe5cd9860c7217513b23
2018-06-06 00:36:03	uyi.exe	76902ca8bc4ef01a002df0cbf047c0d4
2018-06-06 14:48:03	zBPvy49	3af50ece7f36a54a605e641f8d837415
2018-06-06 16:48:02	2NMwXLY	6239be602468e66dc2ebff530892aa7a
2018-06-06 16:51:02	amXVGJB	7137c690dee326bddded3100cee42297
2018-06-06 17:27:08	Document.pdf	cc122943225cf40ca403e2ee72304b7b
2018-06-06 17:39:02	lSllsBN	571c53ccb51b00efe3b975ebe8219da1
2018-06-06 17:45:03	tLydlRe	e5af3ea83c8169809a958087c02fa61d
2018-06-06 17:51:03	invoice1.exe	1b7f1ee2a722a99d93768bb6a49a9b44
2018-06-06 18:27:06	wet3.exe	0f8572c94b8f080d42963ac4812ec631
2018-06-06 18:30:05	wet2.exe	3ace8c4c36a886f429cdc3a97bb152f0
2018-06-06 18:36:04	comeonit.exe	418f1f65e33788e9cf07c8b8c0486c55
2018-06-06 18:39:04	Hibuddy.exe	d3ac7a8c93530f5b689695e4159fbf75
2018-06-06 19:48:04	YWMUNUJU.exe	dc88bed8a1c52869696b7508d157d38f
2018-06-06 19:54:04	enable.exe	a87b6b7fc61f253a19981be025898798
2018-06-06 19:57:03	quote.exe	19a022e9ee73b56285fa5265b24006ec
2018-06-06 20:00:03	upload.exe	b127951e2cbabafb85f112e89fc7807a
2018-06-06 20:06:04	phlyahai.exe	32e3dbd9974cb626d1659028643a48f1
2018-06-06 20:15:09	vti.exe	6e04230dccdab9c981d1ff1b435571ff
2018-06-06 23:39:03	wrd.exe	b0e1cbf2d575b2ad969eb7c39a47b185
2018-06-06 23:54:08	PO33344.exe	bbfbda085e25a916cd854b912c821147
2018-06-07 00:00:03	015543672432450.exe	95869f254c4cc69d8017c65a09a83e70
2018-06-07 00:03:02	Purchase%20Order.exe	c75f1047c3239756faa34200a4c654d5
2018-06-07 00:06:02	Purchase%20Order.exe	9a991ad6cb62e3d64a6c14a1e46f56d6
2018-06-07 00:18:02	JZi491F	1ba3431189b7c556a469c44f573ed455
2018-06-07 00:21:03	qEu0xCz	d6b5c6bb055486294a1884cd37bf078a
2018-06-07 00:27:02	Uq8gUtC	9460e88871c248436f9fc2d6872ec9d9
2018-06-07 01:45:02	kik.exe	adefe1847a9a55a47588445932e4d48b
2018-06-07 12:00:03	sxAV7n8	f9d37ce6630af320eca1259aeee36e4c
2018-06-07 14:00:12	MTOVZKkk.exe	d02f16ba642be6ced0ad240f1561896b
2018-06-07 14:15:18	explorer.exe	6fcf4e4f1e3af00d9251737f4ba2f42b
2018-06-07 17:36:02	PO.exe	43bf9ca3e0496c7b8a81ab34397903ec
2018-06-08 07:54:08	maxi.exe	f34a6b7e9579668da5d88905c8a04885
2018-06-08 08:39:03	hujy.exe	cae69057d765afab2b71bff962a6a773
2018-06-10 18:06:04	xx.exe	2a45671d01b0b0fa7751206ebd7a389e
2018-06-10 19:03:05	Party.exe	7c0b2ca14fcd7bb30ccec20f9a129931
2018-06-10 19:09:02	laform.exe	db948cc4a2a4d8bebd6d02c7312e065f
2018-06-10 19:24:08	jer.exe	7d1625c266562128511ede3c604a5389
2018-06-10 19:27:08	off3.exe	3e91ec78b3c9a509d2a29f22b22bcd61
2018-06-10 19:33:03	ALVINRIC.exe	470636811361e57b48d72095905cc829
2018-06-11 06:48:04	chr.exe	5f13708819f6e0ab2dee5d638b4d7789
2018-06-11 07:45:08	windows.exe	5c81e05a54c2fb0f041983a1c3d88e5e
2018-06-11 10:30:03	gracee.exe	dee9794d0ce57780b50a037a2a6eac58
2018-06-11 13:45:03	respect.exe	113a478f48dd3ba295ce092cae7eab6e
2018-06-11 14:00:03	bnv.exe	25b5bf2aa613befa0b7eaf916c151b1b
2018-06-11 15:00:20	images0093.exe	0ae6cbb4038cf76d21b1f70cb4c7bd57
2018-06-11 15:03:21	Reorder.exe	b4ef9d1b88b498368f1bd8bb363ab1e0
2018-06-11 15:06:20	orderRFQ.exe	05e04e4899717bb957f10afe36d60de3
2018-06-11 15:09:19	RFQ6.exe	7a1290ede18dfb2d8167f4f6e2375d63
2018-06-11 15:18:20	RFQ06.exe	a62d3693db8085e2fe0ff93e5469881a
2018-06-11 15:21:34	RFQ.exe	484b1732cd33e2ffe35fae446b41bb20
2018-06-11 18:36:05	nazxnan.exe	2746e11bd63f23470250d42fe2a53776
2018-06-11 20:48:03	PO44555.exe	df6493f3ffe8ed4dde66a00f83306e6f
2018-06-11 21:03:02	NCAqBGa	37b7b0ac8109777d7dc2f51bc9d0fbcc
2018-06-11 21:21:02	Bumvum.exe	9e4187cb9af585ee1486a7036ac24309
2018-06-11 21:24:05	dngab.exe	49d00de33e1560bf9c0c07afbd50fb34
2018-06-11 21:27:07	33p.exe	a4c6d16b0d2bea65777200e08870778b
2018-06-11 22:27:04	ULTIX.exe	3bcaae5bd356235b33e8176f743da6e6
2018-06-13 11:33:04	Scan_094002.exe	ac21318d740ad83e21191c1040d04076
2018-06-13 11:36:03	connect.exe	7f1958bb2a7870c338f0369e2723a396
2018-06-13 11:42:04	coala_crypted.exe	7ef7d07bb5cebed1e14cea4e59673d8a
2018-06-13 12:03:02	9AUgzGq	4e97c9fee30f00cc0d9c03053a6f1e4f
2018-06-13 12:27:02	pWbKdxH	b439e292ec822a96c9e180b3327e5992
2018-06-13 12:30:02	gE2ct1X	8c5816b08a826181c5b21aaeca799617
2018-06-13 12:51:07	Purchase%20Order.exe	f8a5ce33d14725da0ab0839366924250
2018-06-13 12:57:02	yBiKxfh	ac7cfc5070d1c40fa65498cb9909f61b
2018-06-13 13:09:04	Signed%20PI.exe	deab6d15bae0a844dbce0e7fc97d64a6
2018-06-13 13:36:04	bomb.exe	fb5a9f8780282b3b61bcfc2fd475d0b9
2018-06-13 13:39:03	COSTEC.exe	21a1161ad07f751a2a7ce23b0851bbf7
2018-06-14 04:36:02	0ujzLjC	8f90a697cc08b15c8766152d6721c3a2
2018-06-14 04:39:03	BcHACzo	1ed95c14be03fa2f34a00e37bf7c7a9a
2018-06-14 04:45:03	yUpPfnH	548ffe7d6dd2380217513e96d0d03e22
2018-06-15 01:18:06	hvnc.exe	d7d2989b4d1af6f8e45af3de5e4f793b
2018-06-15 01:48:08	winsock.exe	9b6cf2c0aaf1a8286305bdb7afea8efd
2018-06-15 01:57:03	0vfsn7d	4025a88ffbd6378b35f83707cbedfeb3
2018-06-15 02:15:02	KyXkAwO	9ac2037a17063eea104f6a0f11238776
2018-06-15 02:18:03	nXCRe1a	16bcf29866dfef6239ee8749a0bdebaa
2018-06-15 02:21:09	bar.exe	66cc10592941fe1bf2aa61496481bfd6
2018-06-15 02:33:05	data.exe	85e9b4cc6f3461065ce1612836251947
2018-06-15 04:39:02	frnk.exe	5823f9bb838da1c546edc672cf84c765
2018-06-15 04:48:02	albert.exe	a0c01d477c7ee9c185a711d4d42781c2
2018-06-15 19:36:02	2.exe	17dfd69fb52d321a2d9a9e171127fac8
2018-06-15 19:45:05	wx.exe	18eafb58f550a3fd222f2eb7073c9618
2018-06-20 11:52:07	testt.exe	f861c62222d82105836eb8c08d8f6690
2018-06-20 18:06:03	phynollllll.exe	98de304c109d58a1209fde216ad5a573
2018-06-21 01:36:07	obivna.exe	055503a2ce2e4d809d6d2250808b9f17
2018-06-21 01:39:06	buyo.exe	47726559ec4187519c1a021fa3516cdd
2018-06-21 01:42:03	avuvi.exe	ce5b11513e17efe114b0a730e32d570a
2018-06-21 01:45:02	dawfg.exe	a8de798a93b2797c0cf8c5050fb31117
2018-06-21 01:48:03	mxannan.exe	6a021233bac6200bc450ca19a0419e3e
2018-06-21 01:51:03	mzoobii.exe	f83465326ac70c4999072b6089783abf
2018-06-21 01:54:02	diecon.exe	2dfb7490cf756d3c2a431b38401dfc74
2018-06-21 02:03:07	kulis.exe	a9261f07af65703721fc90874c208988
2018-06-21 22:51:05	qury.exe	0dbf58d174e22519f799125bfebac6f4
2018-06-22 00:09:04	1.doc	63f0ec471ed34fc0cf0211553a6e7a21
2018-06-22 00:42:05	8.exe	3355a9bcb3457ee4b8f54f8df7bcf456
2018-06-22 00:45:04	10.exe	c4e6be066579822408f3fb1dec8bea94
2018-06-22 00:48:02	11.exe	3073fdd8a27bbbb93e7437b16eee74f0
2018-06-22 00:51:05	12.exe	af00b03d50e7cb126ca64db9ec4286c5
2018-06-22 10:24:04	data.exe	f70e5719404e90e2a5dfe9ebf73c6753
2018-06-22 10:30:02	filyxHU	93ebd1e10a344031f91d821ac836bebf
2018-06-22 10:36:02	efu0lMa	a6deecc0bdb7e226ab94e10203d0d594
2018-06-23 03:48:05	TRIALPLUS3.exe	002fa1d7b3dcf548bc71f03cb9be6396
2018-06-23 04:30:03	Purchase%20Order.exe	fb46a8f834f4b217617ca8beb08fc82f
2018-06-23 04:39:04	scan4.0.exe	a0c1a54b9c7899dcf67fb504ab207a03
2018-06-23 04:42:02	scan2.0.exe	bfa0f9fd7b658283757515e02d0c08dc
2018-06-24 10:12:05	bir.exe	e0cfa8adb65b9e17872b26ccfb5648fe
2018-06-24 12:48:09	cor.exe	6a71e89c041a18a3857bc328c59c881b
2018-06-24 12:51:03	phynonation.exe	5e1eb5de3bf3daba5b4a8530432e235b
2018-06-24 12:54:02	aksu.exe	a2dd8f318a3e3b1cccdd91880e835c4a
2018-06-25 08:48:11	SERVER1.exe	a11eab85e85936ac7fd6dfb004580099
2018-06-25 09:33:02	7.exe	5e0d6f47f34443ee4a08f0458dbb58dc
2018-06-25 10:39:03	osy2.exe	76f4c10fb435bc07071a2fc29aefdc76
2018-06-25 10:45:04	osy1.exe	548ac732820e029e81b3701f53d40db2
2018-06-25 17:06:02	TBYc9iY	fa783913147494c625e7e07717e05ec0
2018-06-25 21:42:09	Our%20Order.exe	e35f3c5db0be3a9a274d5e4dae817dd7
2018-06-26 02:06:07	okmnjb.exe	b92efe55bffed03322d76f90a5bd73c6
2018-06-26 14:57:03	adobe.123	ea5e27842b61286954a532f438844d2a
2018-06-26 17:51:09	admin.exe	f5081dc1115e74ceee116f089cfe8b96
2018-06-26 17:54:03	Quotation.exe	a1fc84f24f715d88c388810f52672783
2018-06-28 01:57:09	ers.exe	753b6e87f955dad98e36ce9a4dd3b6c7
2018-06-28 02:18:02	system.123	beeffcab3e77e7b5f31c820858ead698
2018-06-28 04:27:01	qAzyshN	c709725aada3a8083acb5cf6e6f485b1
2018-06-28 11:06:05	kok.exe	8eb8b220a1648a081e32c6f3dadb55d1
2018-06-29 17:30:04	New%20Order.exe	a0925ed753f258a6ad941dac2362846e
2018-06-29 17:51:06	hg.exe	7ec76f62130e62ace68487f4db27c7f7
2018-06-29 17:54:08	ghh.exe	584a1d7127ad0f2c57a7bea1e527997d
2018-06-29 17:57:07	likethat.exe	e536c865da3936cc300ac7f0eb273e3d
2018-06-29 19:45:07	PL.exe	eb56b0a3cc374cb2c626263c3823ce29
2018-06-29 20:21:01	ytus2.exe	9585f20330f8e98ba595881635d9059a
2018-06-29 20:24:02	config_new.txt	910fe0bfd1167b15e179de08db752745
2018-06-30 17:00:03	Order.exe	95fb4a270199cee40a137e6d35067a84
2018-06-30 19:54:12	msi.exe	7138b5845bcd73a544c9e6cb484f85d8
2018-06-30 20:06:03	DREMCOUT1.exe	b7a4a1c213e71579782149e2ba6cf279
2018-06-30 20:12:04	DDHATX.exe	df41ae6501a2613bb13cad7fd29666e2
2018-06-30 20:15:03	NSE.exe	0984b4d1d591f1c391ebed9fb0a32975
2018-06-30 21:30:03	ziz.exe	11bfa52250b6fc56070fbac8eb0391fc
2018-06-30 22:45:03	SWIFT_COPY.exe	9669c3f38b343b6fccf0ac973f95df28
2018-06-30 23:21:03	fridaygood.exe	21c3be034f353b0984c66e033ed3145d
2018-07-04 07:27:03	mondayteamview.exe	1ed9f4a7ca1b0e8312ed99901a2f122d
2018-07-04 07:57:02	ff.exe	7779ac627913c32b4f650caf3dc9681d
2018-07-04 08:06:08	sundaymove.exe	a02dd67fc4e14de652bd6d039e03f45f
2018-07-04 08:12:03	server%20me.exe	92ff0a0f0c60c0f6a3ef16f3c585b35e
2018-07-04 08:24:02	tTdFXjm	9f4fe5afa475a85dd23f9fae3ee46f2b
2018-07-04 11:51:09	stub.exe	6c73fa61d98f5063f60cc712fc4ebe69
2018-07-05 21:48:07	photo.exe	7ad1a877bb8c48a2016ac7e52b28f64f
2018-07-05 21:51:03	vt3.exe	1822b6e91483badcbf31aa869462fe51
2018-07-05 22:09:08	winapihost.exe	7c0176ede8e8920b559eb7c7a7cd72d5
2018-07-06 00:36:08	1000366164.exe	c91079b0a1e4c1156652213c30cc5526
2018-07-06 07:39:06	mt20200012.exe	096968ff322e774212e2ccf8a131c5c0
2018-07-07 13:06:07	ifxe.exe	bc0b5a982af034d2b6d5992e0af86a71
2018-07-08 06:36:06	dp10.exe	b9c0550a6ad6f4ed7a19170d3ff1ca4f
2018-07-08 17:39:02	STjqja.jpg	3e05bbc0b0f5d2046c5922c4ffad207e
2018-07-08 17:42:02	r8OSpd.jpg	8dac3bd23e46d8a73acc093e17678e2d
2018-07-08 18:15:02	A27edw.jpg	35093a22d7ba4effde002c3d1345eacc
2018-07-08 23:42:05	wed.exe	eeb701069cc2b32aec5f5949bbb67d94
2018-07-09 22:51:06	okllll.exe	03c11d9060022c8e76d8642f5b7bab4b
2018-07-09 22:54:04	KYC-INQUIRY847.exe	25f290634a8092cc13820b1ade6ec33c
2018-07-09 22:57:05	KYC-INQUIRY0718.exe	09e836d94778ef15f0bebabd9814ed79
2018-07-09 23:00:04	99388.exe	ff3e1869d673c28b87e42c776e7a0f04
2018-07-09 23:03:04	432.exe	13213a79eb7a7d4c931bc81c9fa63038
2018-07-09 23:06:03	889.exe	7ed19b911fcbc4dd2015ac995fd2e42c
2018-07-09 23:09:03	i1.exe	8ec65b785938717294c75c2b6a15a0ce
2018-07-09 23:12:07	r789.exe	e8fcccc14df4c8fbde4223b16fdb4e63
2018-07-09 23:15:03	1.exe	07d887ce0ba2736fa8fbc5139ad74c3d
2018-07-09 23:18:05	345661.exe	6d6e6d27380ce69f043be7dc379fbf15
2018-07-09 23:21:05	6.exe	e1719ee53cad171914f93ac0fe8b4fa2
2018-07-10 00:18:02	LqvgHe.jpg	c3fd40e0bf88dc1bf3d836ba41a00f5f
2018-07-10 00:21:02	jyeUi.jpg	e71e0e614e8a5e655412653cc7d03682
2018-07-10 00:24:02	3qDdK8.jpg	58c30ad3552baddf8f9a7f77585cf02b
2018-07-10 01:36:02	Q7ghr.jpg	c45cb642024ff9eabf889790206de3d9
2018-07-10 01:48:02	2azeeb.jpg	07de727152550ad410fa5e8649d53bf8
2018-07-10 02:12:04	10.exe	eb38e581ba2c7d46a2373dc9abc02b3b
2018-07-10 11:36:04	fred.exe	77031e1f87a144b9138dc68d65dac9f7
2018-07-11 10:36:04	Yemen(PO).exe	f98efacc3263adaf66fcc53a185af32c
2018-07-11 10:42:18	nbbes.exe	9cb67f38e71aceb945acecde8a12555e
2018-07-11 12:21:03	f2.exe	f2270110781aacd010fcbd439524948d
2018-07-11 12:24:02	1.exe	c4ef8a360a3bf1f3b4867eb6f3f220d6
2018-07-12 11:51:06	windows.exe	742b756f815fffd67c1d0a12978c6daa
2018-07-12 12:33:03	akp.exe	16c1238a0b0a66ba81ce61eeb5747570
2018-07-12 22:39:05	nj.exe	9c87029c2177a35019d127fd26908c60
2018-07-12 22:54:03	ippg.exe	e59be25c4ea5619befe455f48a48042f
2018-07-13 08:54:06	kio.exe	28b416577001c65686ab14b46fbd28be
2018-07-14 18:30:07	vib.exe	c7cd32fac2d8632a098aadf06c20e94c
2018-07-14 18:33:05	uc009.exe	11dc2852e8798fe2fdbaae2efaa6fd81
2018-07-15 01:15:03	we.exe	6095fe3d4f1acd221bf54a429ca3a94f
2018-07-15 09:30:05	frbelg.exe	8c374a4e0e546f8aeea87cb75d900bc3
2018-07-16 05:18:04	hdaudio.exe	4ada547b549098c32112e932cd3e9197
2018-07-16 13:15:05	PAYMENT.exe	91dafaca05e34adcd25ec3f42d64a0f9
2018-07-16 20:42:02	joe.exe	1edb3b4d1bea11dede192b3972dd94c8
2018-07-16 20:51:02	francis.exe	9ddea84ff363e29818899bca5c963057
2018-07-16 21:03:03	bobb.exe	2065b66c075ded933e69607e7b07e20c
2018-07-17 01:42:03	dp.exe	e8d034a10d9f1328d70e0e6ff86af115
2018-07-17 01:45:08	best.exe	d7078f34bfa30ec5781ffb8f4508365e
2018-07-17 06:36:04	file.exe	4bc606753d24e3474e2ce433b14dc14a
2018-07-17 14:39:04	im6.exe	10349a36cbd8aa3a5f13b3a591432218
2018-07-17 14:42:03	nj.exe	7b777263642cd694415accdb45b19de6
2018-07-17 14:45:03	WM.exe	742fa4d87468c0627133ec45629c692d
2018-07-18 21:33:08	WM.exe	5acab836a897e8d8a626b9fa50f3ffe1
2018-07-19 13:30:04	rrioou.exe	a4c9dfe13bbc1e2f99e1fc4db0066c2d
2018-07-20 21:00:02	work.exe	299c2ece106b74ea9b579a9789b55393
2018-07-20 21:03:02	akp.exe	a6233c4796a7e3e0b84c5032133cadb1
2018-07-20 21:06:05	Receipt.exe	b0a3dba6ceb97918afbaa425944ec9bf
2018-07-21 22:54:04	cofan.exe	4efa303240a37341c17a209eb9ea62b7
2018-07-22 02:30:02	inv.exe	fb9462ffcb63a21dec44addba1766cb3
2018-07-22 08:39:07	Purchaseorder.exe	30ddb91da7ca469fc1fb2be3a1187b6e
2018-07-22 08:42:04	DDR.exe	65ea4df74a0f5d9374603c75dbba6df8
2018-07-22 09:00:04	mondaybenice.exe	6ce1792f0211d28331176bd750ec8100
2018-07-22 17:18:05	hicksaw.exe	4d7088d97fa250bf827c6d11b985a690
2018-07-22 23:21:03	rr.exe	bc1e927911906936207467d6bee56e60
2018-07-24 05:24:05	albert.exe	98aafa8a5db4f6e4a6c4bb0b63b9ed61
2018-07-24 16:24:05	axineeh.exe	90478fa4eb4e4c9a47a35793a02972fc
2018-07-24 16:29:37	Quotation Sheet_#RFQ180724,doc.exe	30837905381a7fd152baed405f2737a7
2018-07-24 19:57:03	1.doc	527b56c74b5106ee36e6e4ec098ffa53
2018-07-24 20:03:04	5.doc	d9f0fabb132ace5a7cc56349afa98ccf
2018-07-25 15:39:03	im.exe	e59304e841f10964072c98d9706e1feb
2018-07-25 19:48:03	grace.exe	8dcb784dbe51732b41e581885372c162
2018-07-25 23:33:02	obi.exe	5f9e7a8b3b1b7d6ed5613a27ed2122e3
2018-07-26 01:06:12	nze.exe	e579a44ef0de41a0a59f6991e7b4f03c
2018-07-26 01:18:02	jiz.exe	ede34aa53d2b6656086dfeaa910e2831
2018-07-26 09:48:03	svchost.exe	770a65c92c3b0d56614c3acb4de26e52
2018-07-26 11:42:07	Server.exe	2fb5d4f274be4e909ccc45b2c26a5be2
2018-07-28 14:00:03	elber.exe	80226fecdddc58b655625a6703b3a221
2018-07-30 12:13:48	Quotation Sheet-Products,xls.exe	dfb8998ef0e49c09947af249600bc3a0
2018-07-30 12:14:01	Quotation Sheet-RFQ180730,doc.exe	a11d66acadcf6a9647921f90a3b22991
2018-08-01 15:54:04	Purchase.exe	fb02f38856dc8ce1b5fc690d1a7a80b8
2018-08-01 19:54:09	yugoq.exe	af63402fcbfd031be518e99ef0ed6a35
2018-08-01 19:57:08	urchq.exe	169c0aaa7e5c288f77e932e93abd60c7
2018-08-01 20:00:07	tozma.exe	039c683cc8325277d4fe42208c1695a8
2018-08-01 20:03:10	johnq.exe	7fc4bf0a055b120273fd8514824aec5f
2018-08-01 20:06:11	flowq.exe	74e437dbc74defb8aade142fb54f7d16
2018-08-01 20:12:09	chuks.exe	afbc621540758fe11333b3cd28b2d2f9
2018-08-01 20:15:03	qt12W9y	6d4b54f36b53fd03595e9213bc45c5b9
2018-08-02 10:15:08	officeqq.exe	951b41a9f6cf1d84e9ffd88c847800aa
2018-08-04 17:48:03	call.exe	3ffeab8e40d7d503a2d4491399d7da2c
2018-08-05 11:36:06	FXSCOVER.exe	0fce96a8f1d3dd15eebded4dd9a2a987
2018-08-05 17:24:03	davidq.exe	454cebd45aca96508df5d0618243cbc6
2018-08-05 17:27:09	johnqq.exe	1554f3b630ce6269efd6ad229a10954c
2018-08-05 17:33:05	tozmaq.exe	2bfa82159ce239bdb414dfadfd45c3f0
2018-08-05 17:48:08	LOL123.exe	67eafe2e34c1923d04f87223161b32f1
2018-08-06 22:21:08	flowqqqqqqq.exe	23c96fd9f736110711cdc71537dc0c61
2018-08-06 22:24:09	ucheqqqqqqq.exe	4f1d7dc1462d0ad70854b0aaef5cb53d
2018-08-06 23:36:03	boss.exe	43a77b02a86b8c16fd88629ef8c5326b
2018-08-07 09:36:03	McAfee.exe	5670c594e1b9f63e5703e7a0ca2541c9
2018-08-07 10:00:03	5b57984c.exe	06f06b4405fe3c647b5b6c34b4cdad63
2018-08-07 15:18:05	q21.exe	7afb8c62540c9e7d113b6612470d3060
2018-08-08 19:09:04	qsr.exe	769c280c5eff2d1598c5de438b567d8a
2018-08-08 19:12:03	vbc.exe	9bcc457ffd5258761ce4e1feb7356581
2018-08-08 23:33:04	buzu.exe	936ca90be44c8394b99c4714bc45b409
2018-08-09 00:15:04	DeviceEject.exe	9b6ca52e22e3063e1fb2608b6c1c9a2c
2018-08-09 21:18:08	ucheqqqqqqq.exe	dfddfaed7d6af22391a63439367609ae
2018-08-12 01:27:23	STUB.exe	83ab320e4a3fd49aa42c0f4838a8cac2
2018-08-13 06:03:03	WindowsApp17.exe	a41f14d03069fe11be0476371142f798
2018-08-13 06:06:06	Apkwins465.exe	f020ac2bb24700cd2774bb191132c633
2018-08-13 11:00:03	Windows_Updater.exe	9123d3fc088c490298d2550c0ce10af5
2018-08-13 11:06:04	csvq.exe	84c466791696e8ea8d4b0196ccfec30f
2018-08-18 04:30:05	fuckedup.exe	f577f68077e1d586be5ad97c5a1ca24c
2018-08-24 18:33:09	uiijjy.exe	fda0881a94ce1f45f6171065ecd28294
2018-08-25 00:45:03	chfrnd.exe	c86dde14c73a61b2a6acfa0df7d4c36e
2018-08-30 05:06:03	5b60a155.exe	08d961d34c2c2e04264bc68bc92ea8ca
2018-08-30 13:09:09	mix.exe	d0cfa2b3ac3b6a82bb4bf1cb1f68aa33
2018-08-31 05:36:04	documents.exe	3df3dbadd76ff60df853b632d164a7b6
2018-09-06 17:42:03	1OneDrive.exe	72a02c386046a85ca142d95d0bc0c9c2
2018-09-09 19:24:04	TRIP2323232.exe	09dc8e282c7ef169d4b97f389df5bc0e
2018-09-09 19:27:04	SYM10001.exe	b599d7b91385fce1c4c7affe485e4f55
2018-09-09 19:30:04	RU55534544444434.exe	f79d45b9f8c03f01e7f80fdbd3dfa7d1
2018-09-09 19:33:05	RFQ.exe	6cf44c7cbb4a86e2e0bcbfa6b5bfbb3b
2018-09-09 19:36:06	GREEN.exe	1834ecf107b4610f6fef59deff0a35e7
2018-09-09 19:39:06	Boss11111222222.exe	e3c1735c35570ef225ea2d8a2a2e9efe
2018-09-09 19:42:14	212121212112.exe	d32d7c0691f49015d29ea0fa8b326a67
2018-09-09 19:45:04	98765123.exe	28d80dc1da233e4298fc7ac90222e41a
2018-09-09 19:48:04	5552222.exe	fb650cab98a73f383c48e952c5dd09b2
2018-09-09 19:51:05	RE938373311.exe	275ffee40ff08f8e0d73d44e2314c3df
2018-09-12 13:39:03	alba.exe	2d211950bd8f591aeea82fd3462de34a
2018-09-12 20:48:03	AudioDriver.exe	f53f6f5c8f1f594d528897e6c9fcb37c
2018-09-12 21:12:08	gpg.exe	e34b79f2356cfac117ad96c5602dd2bc
2018-09-15 02:33:06	nownoneed.exe	28f43c4cb4f6abe06c4788a129860d45
2018-09-15 02:36:04	nmolinew.exe	cbddb94d66a9ba11e6cb51e787af1f0f
2018-09-17 22:12:08	setup.exe	264c95b31c856b33608521da713304b9
2018-09-17 22:24:04	PurchaseOrder.exe	87df56561f7926ae3419dc90521e37d4
2018-09-22 11:00:04	mrd.exe	9ae7b6bee225569d83d02ebfcd2116b4
2018-09-22 11:03:02	5b77101b.exe	9541498837fc5be84e7cc96f572450bd
2018-09-27 04:09:10	doc.exe	c28cd37019c977a5a411bf72607e0a3e
2018-10-04 12:09:04	PO00099.exe	11d5a77f4eaa3fcf203fe88821f53191
2018-10-05 05:30:02	PO20188.jpg	38ea528ddcc8e339c29c7ec31862cf8f
2018-10-06 15:09:06	putty.exe	3817393c212c2d1f2c471472f5cbd34e
2018-10-09 08:15:05	kreport2.exe	244c8651131d55b4637060d287aa7771
2018-10-10 16:09:03	lyd.exe	03323a3f752a1f1287de1ac9efa2e91d
2018-10-10 16:12:03	lm.exe	c71d20c012f7b4350c4a934afcd130f2
2018-10-11 12:06:06	johnqq.jpg	331067058c60a0f4e1c320337a04dbb8
2018-10-11 12:09:04	davidq.jpg	f87e1a7c0e1f10b691182d72cb6bc139
2018-10-11 12:15:04	tozmaq.jpg	4fbb9d4d2fad1db80e47b7d1376a2a9a
2018-10-11 12:30:04	0.exe	8ab102447c9c9f9e6f0a2870f108705a
2018-10-11 12:39:03	DANAAT.exe	43afc961700abb497f37efb467465f66
2018-10-11 12:48:04	yugoqq.exe	7f1348548e97e3c9d6cd6d879677e2a4
2018-10-11 20:24:03	mrd.exe	42bed89d7853a7c5c7343d4799b8215b
2018-10-12 08:50:24	p5.exe	1d6dafaa7edae47cd986c02b41b015a9
2018-10-12 08:57:55	okk.exe	7475c47d3f5b16347cedddb0857ff926
2018-10-16 18:09:18	eherr.exe	ec1150c2f29f9da28b0cbbe064be28ad
2018-10-16 20:42:03	p4KTU9.jpg	3beb1fd8946ef3d9378bf3d42476a631
2018-10-16 21:00:04	nonso.exe	3603d7391d971d5ae37ee33b944d1a49
2018-10-16 21:06:03	eZEaXa.jpg	cbbd19f52a031ad8fa8f423f532bbf6e
2018-10-16 21:09:03	QbRoh.jpg	d7af84e668f8c20f082b9c868d7ade57
2018-10-16 21:12:03	D7k1s1.jpg	92968e73f0eaf8aa1bcba5af34ea73d6
2018-10-16 22:00:04	rick.exe	81a36e65a4125c7563762571ddb7fe4c
2018-10-16 22:06:05	noh.exe	9e81c23eef28a75c414b66dda2de9e87
2018-10-16 22:24:07	dasa.exe	b2a115ad0acfa5a5bdda60ceac56f5ed
2018-10-16 23:51:08	33663446.exe	5552cb537c9b7272e9dbe79ed3489ca2
2018-10-16 23:54:22	1119.exe	e3ee18d6633100345ea28fa258a1a724
2018-10-16 23:57:09	466566.exe	34f98861b13f108902d98cf50db17d6a
2018-10-17 00:00:07	6650.exe	22e7e1540b731eb9df59e41871360510
2018-10-17 00:03:09	879.exe	4f17b3a5af9cc81ac8ad5024891e4793
2018-10-17 00:06:08	111111111.exe	b6d27d9de9c98e06a834b4a5e3fdc8a3
2018-10-17 00:09:09	4932.exe	05273284c474ac31172918f7bb9cdb1b
2018-10-17 00:12:08	95002.exe	e658977fa659ffb4c73070edfe5c6d81
2018-10-17 00:15:07	54550.exe	ee552d335864da6e5f15a628ab0832ef
2018-10-17 02:09:04	2.jpg	15eb73b2fcf5bf9fa09b636a6b7718c2
2018-10-17 07:15:04	z0dm5a.jpg	898446324be148af2b7f41028ed4477a
2018-10-17 08:42:04	vfgrox.jpg	df52240013cecc641b97b14ab8d4233d
2018-10-17 11:03:03	Dvg8Sy.png	86af569475dea22d160dbde5a48dd12e
2018-10-17 12:54:04	crypted.exe	1b2eee357a40a967fcbd8c18a2a29eb8
2018-10-17 12:57:03	putme.exe	24eca305562ce8bd4f36ac89298175d6
2018-10-17 18:33:04	BhhMEx.png	de4e8b172c5ff8f1c2a1a5241bfbc2fe
2018-10-17 19:12:07	ccccc.exe	43c1fa37a457ffd874f0a9436454ebe0
2018-10-17 19:15:03	R9mYYH.jpg	5b4b715c551523a3acb4d7a5fae1ee51
2018-10-17 19:51:07	246.exe	f24adbf2223c7c77621578e3aa68cc6f
2018-10-18 01:27:05	cli.exe	962e4c6e19e169a9a54f7ec84cac1f69
2018-10-18 07:45:03	mFzYpE.jpg	e383fa1a3c33f026431a49ed612a5fa1
2018-10-18 11:54:07	PurchaseOrder.exe	c0822e1638895b32109157fb3b4d659c
2018-10-18 17:36:06	npd.exe	6cdfd7cf3a91280e7c7dbb72b4132e4a
2018-10-18 17:42:10	XXL.jpg	b7bfbe5327957e4d9d3d6d8b224eab37
2018-10-18 20:15:04	hjy.exe	44e5e8b3ea5ecc5930212ac64f1e9aeb
2018-10-19 14:42:08	HTTP%20Builder.exe	c78c01323ec873831d7096545f91fa81
2018-10-19 14:45:04	test.exe	63d091b95bb25f7b420fbe12a7d7c20a
2018-10-19 15:12:04	11.exe	83cb899b4b3574322711037b658759ea
2018-10-19 15:30:11	crypted44.exe	b6378496a96429130a79be27cea99170
2018-10-19 18:36:06	crypt.exe	561bacfd0faf8f5ac4ab771d19f78064
2018-10-19 19:00:04	Crackme.exe	bcf752ee4288d6dc8b825d1bbfb92798
2018-10-19 20:18:08	cj1.exe	a711e426784ac1f8a19f59cffb4eaac3
2018-10-19 21:24:15	cb_signed.exe	4b67a5c9f3cbc26fa1ba8c4a6c2b0887
2018-10-19 22:24:08	svchost.exe	8d9db899260fa0a42eaf69ff35072a31
2018-10-19 22:27:07	im2.exe	4e596ca4358fdc962b8fa523321738b7
2018-10-20 01:51:04	order.exe	9df6bdb6654f7784146d40f7ec89bb07
2018-10-20 01:57:04	CEDAR.exe	b184318d030a8703bd85e72462e545dd
2018-10-20 04:48:04	mzie.exe	e3e29a9714ef3036987540fe5b7f5150
2018-10-20 04:54:04	PPO.exe	f9d8536cb0eb2a37776417aa7dff73a8
2018-10-20 06:21:04	00084675.exe	b9174a0a24a4871c6f04558a227738a0
2018-10-20 06:45:04	spacex.exe	d157e5dbfbf0825524463a43630ab182
2018-10-20 07:12:08	mine001.exe	3e4ff5d64f05cd6a72a6f2981695945e
2018-10-22 20:12:03	DZzwtn.png	8e0064eac5bfe2887fd3c3f00efdaa8c
2018-10-22 23:30:04	iljjj.exe	05015e172ed75fe4b0ead128008afbdf
2018-10-23 07:33:04	abs.exe	efa9f2e305d3ef894e2a3dee90b4375b
2018-10-23 07:39:15	ul.exe	223a3c56d700cb7491b9ebda4316cbc4
2018-10-23 14:21:03	M8VxM3.png	fdf7f1a7d03ccd7525811b6236fc676c
2018-10-23 14:45:08	mine001.exe	1760423fc915f109c02a23a06a3d66e9
2018-10-23 19:42:04	miq.exe	a89e0d0cea8c140c5cbf33ed2a7afd58
2018-10-23 19:51:04	lav.exe	efcd27163da590db4b4da47b67fad24c
2018-10-23 20:00:04	jiz.exe	10a3de5c146e8d4fc5bce18b8485ccc6
2018-10-23 20:57:04	bob.exe	a28c96f9af9266e40a9990d547cb9194
2018-10-23 21:00:04	bgo.exe	3851d2d3688ebaf443143069af5d8343
2018-10-24 11:12:11	crypt.exe	8e71db7720a2b18ec15a4b890afc4ef0
2018-10-24 11:15:07	cryp9.exe	1178bb45b7ab1d6e3487fc67be3d0505
2018-10-24 11:18:06	122222222222333.exe	0e8bd35ef43d424f440a3164b6be511f
2018-10-24 12:48:04	onebillon.exe	4e029a677a9d1015cd811c1f00405209
2018-10-24 12:51:04	biggerfish.exe	cebf3a1f3090055a3498cd556f6ec15c
2018-10-24 15:00:03	Ot6yql.png	4a4c0dc53ec9bd17fc9524c858f0fa87
2018-10-24 17:06:09	go.exe	31a7c7d51105d7ace6d6d7b62ce39346
2018-10-24 17:18:03	donsimon.exe	f63065c14f5e3ef60f3ee1572139c37b
2018-10-24 17:27:04	po%23788.exe	15a07ce8a83189c7d97a2ccc34feeb6e
2018-10-24 17:39:06	order.exe	596fd871488e04beb4cfe5e3dabf7722
2018-10-24 17:42:04	swift.exe	86d39d2e53d8e0aa349237ba02bd02b0
2018-10-24 17:45:03	Q83ygN.png	f057927392d7c46e7a434c02be801976
2018-10-24 20:24:03	gammadyne.exe	9ec45808e480a25e335047150ef7ae8e
2018-10-25 12:39:04	server1.jpg	9f256fbbb542e4ccbe8262d4fc471a2b
2018-10-25 13:24:09	suggynx.exe	855630c8aa2e701f3b77d1b0fb692e45
2018-10-25 16:42:20	hm.exe	163c9e51a6d520445a517a7c82ebd73e
2018-10-26 01:54:21	vcl.exe	97d25a21a8618e7d22b448810825de41
2018-10-26 04:42:18	llk.exe	ce1d914d1dcba3401d87f7415c399d56
2018-10-26 04:45:18	kh.exe	ec883a2fd21cdf2ce48209dec44ef896
2018-10-26 04:48:19	sh.exe	41c7096caf5ab63519d30cdbb8633696
2018-10-26 04:51:19	shaco.exe	86bf633c6d81a838f6350da169dd6d8a
2018-10-26 08:27:05	owt.exe	cb8f3646b1f9120e39b0df7736813817
2018-10-26 13:18:03	crhomes.exe	2b0d70e62632e7177c6b3949c80f2970
2018-10-26 15:51:05	Compr.jpg	d5a171616082ca55b1ac6f0e9c308854
2018-10-28 19:09:06	svchost.exe	c3f5ff914fe4b41d94efa67f9c82a1d8
2018-10-28 19:36:04	solar.msl	379ceab5791d4374f545c7423fc0294a
2018-10-28 20:09:05	start.exe	6b6ffa40fe36321574dc640080aed79e
2018-10-28 20:21:03	start.msi	75323b68de9eca662d67ae249270e20b
2018-10-28 20:33:03	Server1.exe	b98c459d2b8f77b323ad88b051f45e65
2018-10-28 23:39:05	defender_c_g.exe	12169faaddd418ac543042b09c21df38
2018-10-28 23:45:20	DEFENDER_S.EXE	cb2aeb6588f5e753b758370c09ff9b0e
2018-10-29 01:45:04	2.exe	2d8b0ac7ef872168c56db4dfc915cb97
2018-10-29 03:09:09	ejike.exe	84619f80f9e8a5854d681bb195a24baf
2018-10-29 03:15:11	templefile.exe	776f8dbdf12268fae75e727802d02f88
2018-10-29 03:18:12	WindBot.exe	0d003c5e2db9135c384ccefb782a5cf4
2018-10-29 11:30:04	2.exe	c70376670231e2f593386ba9f1620d22
2018-10-29 13:30:10	ordercopy.exe	6b6faf7b58b30419dcb14c182e940e5b
2018-10-29 13:33:10	listitems.exe	b3d2be3116df4d7977129e5c2365cbfc
2018-10-29 17:27:07	qquiwO88A9nirtJ.exe	843cf9b98774aa08fbedf337a701b330
2018-10-29 17:54:03	TmxeD.png	5bd59bc022761d859e8fa67e113d393d
2018-10-29 18:24:10	todb.exe	bb33cd69264d8df8740c4e01fbc25c39
2018-10-29 19:27:06	test.exe	d1bf8a970610264b4958834bb0129c7f
2018-10-29 19:30:14	stub_signed.exe	1cd1210530284679ca3a330fca7019b4
2018-10-29 19:33:07	stub.exe	8e98c8b1880a48f0c391613db737f6ad
2018-10-29 19:36:11	invoice_signed.exe	abc18be3eee56474346ec3ab80653b2e
2018-10-29 19:48:10	Uncleared_Accounts&OctoberInvoice.exe	1666e0be287e26edbdc2e60a3a2b1df8
2018-10-29 21:24:05	21321.exe	a3e71acf4cb478d9d108d393f65017d8
2018-10-29 22:33:08	al.exe	6cb200d1a72871193e9c18bf25d54673
2018-10-29 22:36:06	last.exe	cde8c7633b599834ba5bb56578899a17
2018-10-29 22:39:05	new.exe	396de11b1400ebdf58f381e0c02d43f6
2018-10-29 22:45:04	caleb.exe	f9f038c22b38e5f636e6f7ac24b5aab6
2018-10-30 13:06:04	uk.exe	5661e75ea414b24045f16e67a3eebafc
2018-10-30 20:39:04	putty.jpg	c0537fd9e1eae23fb5cc659c8b08ed10
2018-10-30 22:27:07	cfgb.scr	10d9300bbb67ca1f82c5f2b027e83f37
2018-10-31 04:42:09	pdf.exe	6207454498608392a40fce6675556dbc
2018-10-31 08:03:03	p_395kzojk1.jpg	281562063dc32d2c9f03a564f585c733
2018-10-31 08:06:02	p_422xlwbo1.png	9afec18da33e125e1fb5285072eb5c57
2018-10-31 08:45:03	Hard.exe	9cde939d6a1a9c26fe0fab7873d80ebb
2018-10-31 20:33:05	clip.exe	719dd34dab5c9b8e2eeb5cba0a8a6d3b
2018-10-31 20:36:05	vcc.exe	8d2eb451a9308a5c02b7139e90eb7d4c
2018-10-31 20:45:09	%e2%80%aegpj..exe	b23ded7e08c1c1996e9942f0a806e5a7
2018-10-31 20:57:03	FnIam4.jpg	b82cd5b9bd0f2ef4cadbc3fda32e43c8
2018-10-31 21:09:04	ari.exe	91be39552ab3023e0af682f6ff046373
2018-10-31 21:27:04	nos.exe	bbd1c948420e73b7aa62037c2e6789a8
2018-10-31 22:00:05	chip.exe	b86c4645877eeaffcd83b13acddd6756
2018-10-31 22:06:03	gudyJi.jpg	ca3e916e0ac6cb1a594a48732fe54954
2018-10-31 22:12:05	nano.exe	bd0abf92444d841ceddea780f34999da
2018-11-01 09:18:10	cr7.exe	bc11c61f38f6675747542128d04d953f
2018-11-01 09:21:11	payment%20slip.exe	104a9ee229a1aa14b619554a7a703461
2018-11-01 09:42:13	SOA.exe	eb27c45cea23e521c18b39921abbcb49
2018-11-01 18:48:03	p_82367ep41.jpg	2df62ac7b559030c6f0d2430ee3d8bd2
2018-11-01 18:51:03	p_102230sjx1.jpg	b44b466c29d4b483b32994df047d4735
2018-11-01 18:54:03	p_920uefkfpx3xc1.jpg	ac6a3f0e43c4419610e7e02322646e0f
2018-11-02 00:12:08	kings.exe	dc6d59d5da35e1d424163969374a0387
2018-11-02 00:15:05	nwama.exe	4a657deff9cbc7cbab8d8f53fef6df25
2018-11-02 00:18:06	sima.exe	815a226c78e7f8c3cac95c2152bc4665
2018-11-02 00:48:08	vbc.exe	579f26ced19a2f6959215d69a5d91e1b
2018-11-02 01:30:05	tm.exe	3f77cf2bf59a28ae69b8bc87fb3fc4d1
2018-11-02 01:36:06	jpg2.exe	15612126b4dea86af4cc2dc8fb551090
2018-11-02 05:45:05	Doc007892.exe	5ca4c5f7882fc294a2a194b6d2cf9b7f
2018-11-02 05:48:05	SPI8142018A.exe	5276419580f63b496639a901fdfe8172
2018-11-02 09:06:07	Doc20189700.exe	7bce7d55931c5f34701501a38aa95cd3
2018-11-02 11:15:04	arinze.exe	42879e5b5ca042068b0025c7b4698f77
2018-11-02 11:27:05	zaglema.exe	e6add0f4eca27597591c5ff3290f6717
2018-11-02 11:42:11	tmp.exe	09ef9306539a1cd532d9985f3a2856a6
2018-11-02 12:24:06	ee.png	121294d658ca17555251a4e33cdf2123
2018-11-02 13:21:04	petercody.exe	b4dd18d49796a3005dbcd696ce82459b
2018-11-02 13:51:04	dramab.exe	643370808d5a76f4e803d02e59abd0db
2018-11-02 13:54:04	jay.exe	b3ecb25902d0a254d29aa0e918e8fdc7
2018-11-02 13:57:04	frankjoe.exe	833b14edc04e1691d4be77bd5abd8985
2018-11-02 14:03:04	jeff.exe	e2865271a70abf7116dd9325f7529d0b
2018-11-02 15:33:04	ejike.exe	67b632763c35e3920e8c9af673b9b4fd
2018-11-02 16:15:05	Spider%20Hack%20Tools%20Plus.exe	a1619317fbfd48b128326fd38c9e1e40
2018-11-02 17:39:05	Quotation.exe	3fdd93452d5d98db82edd1a9a46b6f01
2018-11-02 17:42:04	Quo9050186.exe	929cd8a3ff7bc7f85fa25d2c5c3c9379
2018-11-02 17:45:04	pf.exe	1de45bde439a3904517353cb08e197b9
2018-11-02 17:48:10	c.jpg	53774d4cbd044b26ed09909c7f4d32b3
2018-11-02 22:57:07	arigato.exe	a9f4c138818f170a4bfc036bf169a8bf
2018-11-02 23:03:10	Client.all.exe	e97da2af0fe30743740ced1fc213488f
2018-11-02 23:39:09	sss.png	07585e87cb70bf1b30e5723a6be47f13
2018-11-03 00:57:02	Pf40Vm.jpg	289aa0cc2e2a0a3be567ce6e8883da2e
2018-11-03 20:54:13	PO-ZDX78600_pdf.exe	20b87fbb983b33db50c082d426fb0879
2018-11-04 04:00:05	kelvin.exe	f367238aba3346d0d760675ec0af90f9
2018-11-04 05:54:04	po1.png	a6714144a0fd12eba05d2e292e413574
2018-11-04 12:15:05	SOA.exe	8c800ffad75d8a06314715452ea997d2
2018-11-04 13:48:04	flow.exe	5d6ad1f5b286dc235fc0391311ea0631
2018-11-04 13:51:04	Purchase%20Order.exe	07086eafd9df9870e02d2aea71cc2fd7
2018-11-04 15:33:05	PO.exe	33912647349293e530fd8979d076b36b
2018-11-04 16:48:03	p_1021nyrf11.jpg	d77d3262c4b7b9eb9e1a826715bbdba8
2018-11-05 03:30:33	cjhgjh.png	66dccc73f4c826267f33cb4beac2b3f7
2018-11-05 07:45:05	avhmcy.exe	2a725ab4e1e5d1449ea94f12292ec86e
2018-11-05 07:51:05	yygruz.exe	c71b17cf45d7fb2f2977170ae7010cda
2018-11-05 14:03:04	qMeNXQ.jpg	5f556350e6956106bc52ef1cac4e36f7
2018-11-05 14:24:08	ck.exe	feb30172d3c792077132d4f5c0fc7095
2018-11-05 14:27:06	lk.exe	d6f6a5af8586bb0c2b230afe2378cae7
2018-11-05 14:30:06	el.exe	0903293a028b830ac6a2a470bd9402b7
2018-11-05 15:06:09	fbi.exe	7235dc9abe0bb5db5c44d1af95175a08
2018-11-05 15:12:08	Invoice.exe	758bdcd4b29b0459ed7295ec0acc32ff
2018-11-05 16:03:05	SOA.exe	0ce3ab3f90886cd5b4414cd7276b0846
2018-11-05 18:30:04	Rev_PI-09032.exe	b9a3910f352695f5c2bea4fa945a9df5
2018-11-05 18:33:12	flashplayer.exe	8e99ac8175dd1f7553e105a937893bab
2018-11-05 20:36:03	IUQaba.png	4c368432fb0a70e8117f39ede489f71d
2018-11-05 21:06:05	app.exe	c4749db4079de2caa841dd1be5272e45
2018-11-05 21:09:04	client.exe	6932533f49ebb15b8cc088444983a261
2018-11-05 21:12:09	svchost.exe	dc47a88212cf43fe426b491afd9c5e99
2018-11-05 21:18:03	pvU4at.png	221949c69aa5e93d492d59c009a73121
2018-11-05 22:33:04	raw3.exe	48263a3440ab0b496a151c9a43cd3d79
2018-11-06 00:06:05	ss.png	521a8ad405c1ddb159f4eedcfbb17241
2018-11-06 02:27:03	2.exe	3a8c2d63fcfc208a06079dc8b5d08124
2018-11-06 02:33:04	Purchase%20Order.exe	8e381a03e88f5a4cdf3d25146d6a093e
2018-11-06 08:18:04	ngSqge.jpg	ae1f655137de8996d77157a5f66c32b0
2018-11-06 08:48:14	new%20order%20confirmation.exe	3bc3240f9d414e0d7b8cfd3ffc5d4906
2018-11-06 08:54:05	Purchase%20Order.exe	164a1e7c1e3242ed7308c9279025587c
2018-11-06 12:12:04	4nlg9S.jpg	10979112e34d90924ce49c49c8f86271
2018-11-06 12:30:07	cocro.exe	f7382a1a863a8efeedc4c5199a5a5a15
2018-11-06 15:33:03	BI54iv.jpg	ded2544ef7c59ea7d6e6720a2bd0ddec
2018-11-06 23:09:14	Aras_Kargo_Bildirim.exe	b7b39fa7fae259cf10ff8f294e01a329
2018-11-07 12:00:04	3242343243.exe	48ff3776bf9697d21b66db3ac415ba53
2018-11-07 12:57:06	60.exe	add3eb4b5f4ff9e95c5bdc520dcdcece
2018-11-07 16:09:08	Aras_Kargo_Bildirim.exe	b22bb99b3d7d3ee07a9ea8aeb6da24a1
2018-11-08 02:30:07	jccro.exe	c8f44f835149c3d9a7fa1aa4fa938ebc
2018-11-08 12:03:02	bXhHo7.jpg	6fae28a25f5ef4d2828d4587d0428e70
2018-11-08 12:06:04	ml.exe	14a7d1b40264d2814f4831049e1e6c79
2018-11-08 12:09:05	n.exe	b4f1aa0a66b6266a7705543dba497226
2018-11-08 12:15:05	1.exe	cf4e557fae0400be25950605b6b166a2
2018-11-08 12:42:08	ebin.exe	8337750fa2e99f5d38e9f832f8be2fe8
2018-11-08 12:45:06	nbin.exe	7b3f6550abbf431ad7a2cf1dead5a0bb
2018-11-08 12:48:09	nanopill.exe	9f4c415f7fcfcc57faf0801b51581e91
2018-11-08 13:06:04	nytbin.exe	c587d0b498c4f1b9c104b907832bf362
2018-11-09 00:45:04	alcro.exe	a1e2abb719d3aaf8598154cf2f05b95b
2018-11-09 03:00:04	radxl.jpg	4a4418eedf92d9c40bc2e3bc5e4765ae
2018-11-09 11:54:04	best4all.exe	f324a2b84a71d0dab854798297ec5d51
2018-11-10 21:15:04	uoGeRj.jpg	30cd3b06b8dc5afd21c7eb65d233163d
2018-11-12 12:33:03	ndu.exe	3d937c27883d24e31fc90cde09fab6ab
2018-11-12 12:57:04	PugNto.jpg	ff0afeb2e1ecb89d42ff2bfce8fef52b
2018-11-12 14:48:04	z11zi.exe	deb0fe55c002975c49bdfe1db738e761
2018-11-12 17:57:04	vbc.exe	0aafa3deff1c14b00cf8b2fb0c4a366e
2018-11-12 18:00:04	agnt.exe	b36914a454ad9c88e99eaf3b0a46cf42
2018-11-13 00:03:03	Useless_Loading_Bar.exe	54d37cb3e754c7b6374ef6770ad41040
2018-11-13 00:21:10	a.jpg	271612558d61d96cdc731666e482d3ae
2018-11-13 00:24:05	xwizard.exe	c7854bfb83e3d6a3c2849867d8bce688
2018-11-13 00:27:05	xpsrchvw.exe	c19780d09c3ca3c3ed938dfa032f4d46
2018-11-13 00:30:06	write.exe	c01c337a5b9318b175004efacf2c604c
2018-11-13 00:33:05	uio.jpg	ef44a23cca84803fc4989936c357654a
2018-11-13 00:36:03	taskkill.exe	547b5fa9a4126611b855527d82d8e292
2018-11-13 00:51:05	dcu.exe	30c30e1ee62d2d2d4e313ff9691b70d5
2018-11-13 03:00:03	Wv9ACL.jpg	d63ba344dd222690652b3a93aada4fde
2018-11-13 09:48:06	docxx.exe	80762e118f9f95573a986590f47378b7
2018-11-13 09:51:05	doc.exe	12f91672287e28451edb464f65abe819
2018-11-14 01:39:04	ETL2BZ.jpg	a9ec9a0c77ad958a4c443979abda9502
2018-11-14 03:15:03	p_897ao4tp1.jpg	f256abf7b1bc79d6e87fb9bca01f05b8
2018-11-14 21:15:04	marcus.exe	19f8d6f3db54f342111fb31e70052a49
2018-11-14 22:27:04	kendrick.exe	a9209ccaf4bdd0d78cdccb638435ba56
2018-11-14 22:30:04	dramafrnd.exe	75d2f7e4efad58a372fb044fce8f91cd
2018-11-15 03:12:06	p_1042v9c0c1.jpg	44f3a040393c88dcb5277ee7fce82211
2018-11-15 03:33:04	svc.exe	3f2ed700fb99fcde336f6c1ae7df5eb3
2018-11-15 22:27:03	OQAq8a.jpg	8d0505060f0f2282ce99d705e6812b67
2018-11-16 01:42:08	FUD1111.exe	5b67f0e2488e94ba4107d6a4504e8cb2
2018-11-16 06:33:03	ehiz.exe	1f0e59cbafc91f2601798239aeb8e361
2018-11-17 09:33:05	updater.exe	aa73fd88db26bb43bd5e133fb0dc397f
2018-11-17 09:36:03	1.exe	a97cf3fdac54a472076f91bb64f43016
2018-11-17 11:06:03	DhyoTe.jpg	fb063c63ceaad68a05f1ec1ed3a0f9bc
2018-11-17 11:45:03	111111111.exe	e60b27359515e7fdf8e02e87b65430a6
2018-11-20 02:57:04	lsb97n.jpg	011c9344620bfd478f5d5cd2e086906f
2018-11-20 14:08:30	res.exe	7a1e66b3ff87010df7a65254c602c3e2
2018-11-21 03:39:05	ee.exe	0166e811c83b7c396bfcc37b8cbf74fe
2018-11-21 03:42:06	mkl.exe	42e69f5e25494e1ad773b81cc548841a
2018-11-22 17:03:05	docx.exe	828aecfc008397fd38d5131a51f49d42
2018-11-23 01:09:04	YW6zOI	e394b4050e7e35a5a6672228b10fd6c4
2018-11-23 01:57:04	BGIYT0.jpg	b3ac228aa5ee202c03d0dc4fc911cc7a
2018-11-23 08:51:04	bin.exe	84df5bd5d460fcc279c96ca71e731f84
2018-11-23 11:24:09	BL.exe	e54a9db2b6629d6d55e0220851e62ed4
2018-11-23 17:27:04	dhl.exe	311c81f0ac007acf327335c85620ca01
2018-11-23 21:51:04	dll.exe	61e69b6ecf176fc74179fffab0fc4292
2018-11-26 16:57:04	ZD1iPU.jpg	ddd261a6bd8ebcd6cdd8348e02f5dcd5
2018-11-26 21:57:08	file2.exe	87e0c180228ea0c4e46975fc5ac6b2c1
2018-11-27 20:18:04	muruako.exe	7774429f80647641d6a6098c15a5d8ba
2018-11-28 00:15:04	IN_093.exe	d8a223716391dafd36d68a73f1e1a72c
2018-11-28 05:00:04	obm.exe	c54fa7b04d1846514cdf2655fe3368be
2018-11-28 05:03:06	baichi.exe	c5ff95dc2d5c2655264e32215c8ea31f
2018-11-28 07:06:07	Invoice20180205.exe	dfa9ee7c22e93b3ff8a0a21c74b916c9
2018-11-28 16:51:06	r2.exe	b44cb04d7b386816db7805acc0d4d07b
2018-11-28 18:24:05	yes.exe	30054e8ab134e9ebd9b20701d8e62d81
2018-11-29 01:42:03	aEqo87.jpg	1a1ee2bd1f9f211aa77dc4efa97c19ef
2018-11-29 03:51:08	%e2A%aegpjexe	9c8cb2cca9bb51702bd4b3fe9e337888
2018-11-29 06:21:03	rZyOEz.jpg	c30a9bbaa94f7a67207267ee515734db
2018-11-30 02:42:03	U7fD1i.jpg	87aebd323f2231f7dfdef80c162d9325
2018-11-30 04:30:04	otf.exe	0761472899b79af0dc97318cf25afa36
2018-11-30 05:06:07	josh.exe	aa75b7530bf11431e835111274292e35
2018-11-30 05:09:08	excel1234.exe	dd2b4797905fbfddb01593a7821b48ab
2018-11-30 15:54:05	soft1.exe	0ef724276b3aa26af86f5d8dec90ba17
2018-11-30 16:57:05	nvc1.exe	c64fc94b2587878c01378ff3fcef6b3c
2018-11-30 19:06:03	Already.exe	2e85749f14e9ceaeed8e77ead8515348
2018-11-30 19:09:03	today.exe	8f6a5e88df392a5b93699a703639b353
2018-11-30 19:15:03	wiz.exe	fa35fc7e5934ae6a6ab61f7ce0958815
2018-12-01 02:54:07	SCAN-IMG00001.exe	3865b2f214a29870f202e29be014744f
2018-12-01 02:57:03	toquIS.jpg	c0fc04ea92743c453662c724737cea2e
2018-12-01 03:42:06	IMG-0004-PDF.exe	73fad7f43d84bcda12adbfa6cd8e9ea6
2018-12-01 03:45:05	jfile.exe	cfa2a5efab619a29ee8a2a3446fecad1
2018-12-01 03:48:06	Scanned.exe	d30bd44d161347d5ecf0aa5f6ee9506e
2018-12-01 03:51:05	loki.exe	ccfdd35e1c0647e7b383180f8cb07f0a
2018-12-01 03:54:05	document1-11-19-2018.exe	70e336879fb16c0e85763d9853167c5f
2018-12-01 03:57:05	document.exe	dfb46c099bd536469d8f02b847558aa6
2018-12-01 04:03:05	SCAN-00001.exe	2578debd234465c8aa7bcdf53bc3858a
2018-12-01 04:06:06	DOCUMENT1.exe	a5ca29da165f863997a8ff59d06ef0b6
2018-12-01 04:09:06	IMG-0005-PDF.exe	0025306c92ef036623fdd9c8680eb7f6
2018-12-01 04:12:05	docus.exe	28558cb675285ad2605c85b344360953
2018-12-01 04:15:07	server.exe	298d23c0ecd0b23b303eed58288e8209
2018-12-01 04:18:05	chulks.exe	e0f3a7906e43d056bb3dcd59e09ce303
2018-12-01 06:36:05	Installer.exe	04b3fc3d766901faac890089c343d4d6
2018-12-05 13:00:04	cKZX03.jpg	9f640856688e8c984072fd765921142b
2018-12-05 14:35:28	documenti.exe	2288ae3cc673244a3324f85a6f1e3a33
2018-12-05 14:35:44	Richiesta urgente di docency.exe	db553286a76871759ebdbc088f2408fa
2018-12-06 00:18:03	W3WOTo.jpg	50abb56811f14b4c4a6e4d36e737fa90
2018-12-06 13:57:04	cable.exe	2dfad2921659565e30bbd906ecf61bc4
2018-12-06 15:06:06	update1.exe	224e2e9855f849f638bc2625f9fadfb4
2018-12-06 17:15:03	MtRo5.jpg	90ba69e1a01ce9838d3efc47ea44c2c7
2018-12-07 06:24:20	sysinterrupts.exe	215c21158c1d15563340388ec2b42dcd
2018-12-07 08:54:03	GCQ2V2.jpg	b4f7d6c32fd88f6f0743eb92dead9508
2018-12-08 00:18:04	o701HI.jpg	88f92e58bd3ca6643ce92ef105b547c3
2018-12-08 00:39:03	i76eVI.jpg	c249f73201eb29b9fbe3fe463972a93c
2018-12-08 03:33:05	xoio.exe	ca878ab3c5970368907fc5ed1e5b2783
2018-12-08 19:45:03	EJ6Q7V.jpg	76a333eeff5d9e00fa0a807c5ebf4402
2018-12-08 20:54:03	p_1055q1ssb1.jpg	6ef12f96e1a99984a96d6e1657389566
2018-12-09 00:03:08	Payment.exe	2e1dcdfa81e62e4b3a9f0942f294bf0a
2018-12-09 00:27:05	clear.exe	bd47162ec710da989e5e7a83696277f8
2018-12-09 03:27:10	image.exe	287782734f94678617b7028b029320ab
2018-12-09 11:12:04	icce.exe	507f816268a4a65859093a3d7dec2820
2018-12-09 13:15:04	maTC3Y.jpg	f615246b5bc99163330e508d068bc3d3
2018-12-09 21:18:03	password.exe	1dbe12f94d0860e432e2d67b0b79ffed
2018-12-10 15:00:04	temple.exe	fdadff0917048bcb670e896c765b6978
2018-12-11 10:06:07	file.exe	f687578228589112de2af8853c6aea3d
2018-12-11 11:51:03	Curwd.jpg	00dc08f45daea9f3f19edb3991e5f383
2018-12-12 00:06:03	cYJdsf.png	1c38a5c4d5c7fce6a8c09d4bb4202455
2018-12-12 00:09:08	kiio.png	41d368733e6415665c2888c965eaab29
2018-12-12 00:15:06	palma.exe	f8230924c3102434959e2c9bd1725174
2018-12-12 00:33:03	grG92y.jpg	e154ef52bf7c63d898c2873a525b8168
2018-12-12 14:36:10	new.exe	79a2ee66b4cf53490092f51b15dda05e
2018-12-12 17:15:03	yBJZiZ.jpg	3801e479ee6c2e68305cb15da3735049
2018-12-12 18:12:09	justnow.exe	27bbabe96a13b1cb7234003f7d0c6e12
2018-12-12 23:57:07	tt.exe	369e381a5b208e2b75963ece037f38df
2018-12-18 04:00:10	DOR.exe	825c3eadec053655b07dec298796484b
2018-12-18 16:15:05	d.jpg	df91ac31038dda3824b7258c65009808
2018-12-20 13:24:16	winsys.exe	5d618badaf0d80e30c44540d44471b68
2018-12-21 04:51:07	goal.exe	6912902bfa56ec90f8603d026a978ee0
2018-12-22 09:51:05	sgfhh.exe	57c9ca749c7bbd6539c40a5d7d3530a4
2018-12-22 09:54:06	puddy.exe	d7033e166205ea25734c8c4da56ceb7f
2018-12-22 10:00:06	sickbay.exe	176ee0a6e84e1c62e400b983b5956c5c
2018-12-26 02:33:09	hidden-tear.exe	6443f20eac835cab2b8e22c542281e29
2018-12-26 07:45:09	HiddenTear.exe	4a8228f5109bc509936eb5286d86322a
2018-12-29 22:18:05	FLASHUPDATE_068.EXE	f75dd96fe11f91c342d35c5a05c6c688
2018-12-29 22:21:04	flashupdate_044.exe	da44080a3f10e6f579f4c6b31ad8779c
2018-12-29 22:27:04	flashupdate_022.exe	57e66eb958f00a58df90b24ce6a45f18
2018-12-29 22:33:03	flashupdate_073.exe	82711cfb028c8201f5bd769130e64c5b
2018-12-29 22:36:04	flashupdate_063.exe	fc7b109df71378fa118ab9e8eaabc52a
2018-12-29 22:39:04	flashupdate_027.exe	be2d45091723f8e6a78fe46bd07b6144
2018-12-29 22:42:03	flashupdate_076.exe	5a947f6eb204e7b77cc59af1d578e9c3
2018-12-29 22:45:03	flashupdate_083.exe	5e5cd99f8ff67ace052ae92fc2dc7857
2018-12-29 22:48:04	flashupdate_072.exe	677872f6f71d6cdb6f79bda230ef12b8
2018-12-29 22:51:03	flashupdate_029.exe	cb672bdbc85c872637812e3d2cdc4a2b
2018-12-29 22:57:04	flashupdate_038.exe	353c972d301cb37166add5ce4fe5b2a4
2018-12-29 23:03:03	flashupdate_028.exe	f05e798d735422454beb719d0c17f679
2018-12-29 23:06:04	flashupdate_081.exe	242890ee6fb0e6668bf09b2024aaf45b
2018-12-30 00:06:07	RedirectService.exe	5aac4998509c066b8acfdcf461ceaac9
2018-12-30 00:12:04	flashupdate_091.exe	02f7471aeb60e531d3fbbc3b4c7551d8
2018-12-30 00:24:03	flashupdate_071.exe	cae0b9aee54fcb80191da3c2e3813df0
2018-12-30 00:33:03	flashupdate_067.exe	aae27cba6ea7e66e32082966a5853c61
2018-12-30 00:36:04	flashupdate_077.exe	4eb8267d44afa8d3fca259c8c45cbd78
2018-12-30 00:39:03	FLASHUPDATE_016.EXE	c925e5ebf4bac8fe3df4018165e39ba3
2018-12-30 08:57:10	789.exe	feb7d5bc3f8c1bac7869e0723802a384
2018-12-30 09:24:06	RedirectAds.exe	14370a60e4ed1cec026362b8359d57da
2018-12-31 05:57:04	mark.exe	fc4f504538b1dace6d7ef784cb55a492
2018-12-31 16:06:04	cc.exe	34df9acb2cf238af89534746bec33054
2019-01-02 12:18:10	mmmm.exe	8e1c74f13ca40cbe88189ce21829f974
2019-01-03 19:42:16	LeopardRemote.exe	32131a06af8036a9de98839105f16713
2019-01-03 23:12:18	PSEO.exe	0985d098f03f46cafaf92681d0589c12
2019-01-06 18:42:06	MicrosoftOffice.exe	c3ab046844a32b5df201cd7d5929f36a
2019-01-07 11:45:04	22cted.exe	bd24e429e0e30a5fd400dc4b40a2b464
2019-01-07 23:06:04	nanoz.exe	4c7ba315d05e34f2d940481ee4615240
2019-01-08 03:57:06	setup.exe	692921943e8230c6ea44054ce62212e5
2019-01-08 20:42:04	MTKMediaEditor.exe	55091a83cd907ef9598d73b61b829170
2019-01-09 10:03:14	cig.dat	ea3859eba7d847ee1ce9be393bd657d1
2019-01-09 15:21:06	jason.exe	1e309647f51dd353b97cdb200aab10b1
2019-01-09 16:42:07	svchosts.exe	e8f2d24339a36e86affa75f3614e1f4a
2019-01-09 17:36:06	stub.exe	ec262d2f33d76817e351ba24ace468b8
2019-01-09 20:39:06	AutoUpdate.exe	ec3be851dc9794cc1c4491f7743a3458
2019-01-09 22:15:06	AutoUpdate.exe	fb1f1475f9dfda390f731fffd5f769ed
2019-01-10 06:00:07	Apostila-cursos-onlinesp.exe	07afd4aa6e92ef8771483a58ea88541f
2019-01-10 07:54:06	jvi.exe	59fdd5e90392581e6ba985c814b4ddef
2019-01-10 07:57:05	x.exe	6e99440bfbe1db3ad8f68f3499957e43
2019-01-10 08:00:04	lll.exe	d235dde755b593f9b1027254e0ebb3c0
2019-01-10 08:03:05	sad.exe	d2018679d5381c11c9554668935865fe
2019-01-10 08:06:08	rosinject.exe	8cf16019bc7dc6f2517c178f3b1a2851
2019-01-11 15:12:22	wangying.exe	f5a3fafbb6792f8d77c7267c5fdfd3fa
2019-01-11 15:15:24	diantao.exe	648810c343ae9cc440d14e6832df34a9
2019-01-11 15:18:30	lingyi.exe	2206bcabc1d0bd30cece9ca79e020e44
2019-01-11 15:22:00	chengzai.exe	d2a3fb920d982c7a27dc5ffa59499afa
2019-01-11 15:24:21	jingling.exe	59791d13edd64f2ff0cac07f9eec073c
2019-01-11 15:28:19	taobaowang.exe	ca8cb2603e80d9111e7d984c442e0cba
2019-01-11 15:48:16	jingling.exe	99bb541446cc94980f325826aea997a8
2019-01-12 07:30:16	systool.exe	74df64c06fb6b983b9753d4c1ee20970
2019-01-12 09:18:07	svvchost.exe	e199ffd9339f042d05d54a0c54402704
2019-01-12 13:03:07	KeywordService.exe	57f56925110b2885d40e31040b8f4abf
2019-01-12 14:42:03	5c130869bde72mshta.exe	2c98d1d12d5cdc1fdbe3c198871e81bb
2019-01-12 16:30:08	readme.exe	18ee23d07ebd14c18b8931015ba42f59
2019-01-12 16:33:07	win.exe	81945fbda08b6a18af3286e0f526b0fe
2019-01-12 22:03:06	Install_Bsdt_DotNet20.exe	992542b00ac7c8f9b25c17f11b866299
2019-01-12 22:27:06	231.exe	481be3ad5a8b48b4db3858d6de84a970
2019-01-14 14:51:10	VTechRepiar.exe	4cf248bd0710ef55dc447532c0d37e91
2019-01-14 23:45:18	loader.exe	2db7860692f9fc883f08ff3a292e126a
2019-01-15 00:06:04	wall.exe	74bab76984e9561e46305c277cf5b12d
2019-01-15 01:36:05	down.exe	7c37cec76bc17732727eaff9c835ed30
2019-01-16 18:21:04	VeilInjector.exe	15745dbac240993bdf41da546f185342
2019-01-16 18:24:04	dcad3069268a3307.exe	3bc442ee5c6cbf7a1b9b841285df693f
2019-01-17 01:39:05	1.exe	7fa1451564e528a0bbf381b608e56164
2019-01-17 09:42:05	taken2.exe	c1a014f111ad13da6db742c3ab722691
2019-01-17 10:03:03	taken.exe	9dda4a0b46639258b567e5bcc1548a13
2019-01-17 13:15:04	not_a_rat.exe	7f3fdb1ee65c60e68b13e7727e2f43da
2019-01-17 16:27:04	gay_rat.exe	41a89c161db48fe207b1246c09238e39
2019-01-18 01:24:03	Ultimate_Trolling_GUI.exe	ec601d8053420186d79ab7093afd37b4
2019-01-18 01:27:04	RAT.exe	7ad54d78f0707b0418775e8b4ace6403
2019-01-18 13:30:04	Roblox_cracker.exe	b10d1d81bf33f8919beeb4ff0220d846
2019-01-18 14:33:04	good.exe	23da8a28fa471b50a5998557cd333ef5
2019-01-19 01:21:04	Synapse_x_injector.exe	a543544e38e7b88639ef62b11895d16c
2019-01-19 22:06:08	taken3.exe	30e9206ec9838aac54167888768f4911
2019-01-19 22:30:04	taken2.exe	1a1ae849fa2f209fbb1e48cbf8a71981
2019-01-19 22:33:04	taken1.exe	8f651270e46936427cb394a9788cfc43
2019-01-20 08:54:08	bblr.png	219f3822190d25733aef6bbb793c703e
2019-01-20 08:57:06	lawabj.png	8ca2331fa1f78f1b009aae691c1417f0
2019-01-20 09:03:07	smt.png	0679d7f3cdf787d382e83903a916eb4d
2019-01-21 17:09:04	install_flash_player_13_plugin_cc.exe	deb425480b1fc422ac3c772fbdff70e0
2019-01-21 19:03:06	ace.exe	c78cffac0df6b51c2e6388d324d196e1
2019-01-21 19:06:04	jay1.exe	6d4dafdd35e3f2851ba2977570226d67
2019-01-21 19:24:05	ion.exe	8d57adfdcb089759894bcc52f2344edc
2019-01-22 03:15:12	Build100552.exe	667b012c279842a0ee4be931f2f6ce34
2019-01-22 04:48:13	AutoPK.exe	3a7f2baac3f33d6d0af0cba14d7ef428
2019-01-22 04:54:06	RaoVatCTC.exe	4f1b859b7cf98306c0d95a307862bf39
2019-01-22 04:57:06	LoginPVTK.exe	3170ccef60228ac7db4eda4cdc0a50b8
2019-01-22 05:00:07	VLMPLogin.exe	ce5c1b79c68d645895eb363604935338
2019-01-22 05:03:06	LoginCTCus.exe	27279c1e851cfb7e4f41a53d78f12859
2019-01-22 05:18:07	CTCTanthu.exe	eca0860d6a9fe1f12e6e18c2863fb4cd
2019-01-22 05:24:06	VLTKNhatRac.exe	479fdfb2b1e0860dc5cd825187d47f67
2019-01-22 05:30:08	VLTKBacdau.exe	8bb94b416fd08fab1d24ad5f512d467d
2019-01-22 06:30:10	CTCKeoxe2.exe	fd4937d63bc278993ee3e798beb1ce36
2019-01-22 07:54:12	qcoin135.exe	17cda33d988a252dc62e7038d774786b
2019-01-22 08:00:06	qcoin128.exe	c17eca0060a35299ba10f48ab4dcfe61
2019-01-22 08:09:07	qcoin133.exe	414fe6ada5328e44c825069e3af23235
2019-01-22 08:12:07	jd156.exe	852a30a2b95611a520cce3c6ff904ca3
2019-01-22 08:18:07	qcoin130.exe	63c7f84f68c2661a3baf006a02b2c764
2019-01-22 08:21:08	qcoin142.exe	1d5ba6bd6feb0456ade6b15113f53847
2019-01-22 08:24:08	jd124.exe	8ef51652049ad4f69e60676b10bbd3f0
2019-01-22 08:27:10	qcoin141.exe	d98c70aa373bacb8ee843d1a2e4c8375
2019-01-22 08:30:06	jd127.exe	1c89f2fdbadc7d41fd89205e5005126e
2019-01-22 08:36:08	qcoin146.exe	4c7dcbbdc2d65bb8c8d9f5fd8dac7422
2019-01-22 08:42:08	jd145.exe	2d8b481844219e8195b119c69fe6de8c
2019-01-22 08:45:08	qcoin140.exe	166b1183ad5e8e9ef50f8ae723b3d085
2019-01-22 08:51:07	qcoin131.exe	50cb6f081db83490bc2e560326dc04ef
2019-01-22 08:54:05	jd144.exe	d74bee5b0023115a134f7c8a676cac45
2019-01-22 08:57:06	jd138.exe	5ea928760bcbdc138627d94b58e029de
2019-01-22 09:03:06	jd136.exe	59679a4df49f852ba989838ca1a3c5a4
2019-01-22 09:30:07	qcoin139.exe	e9726ea801251c54724da10f656b39cd
2019-01-22 09:33:07	jd137.exe	2b68cbc49ab740df5046f1caf826f957
2019-01-22 10:00:08	qcoin138.exe	b3463dcf1ee4f0ea44e5f2668b413822
2019-01-23 02:39:04	N3tfl1X_Reaper.exe	439fb49cb62c5e3f9a3709305d38507a
2019-01-24 18:12:05	jubajeo.exe	e519167afeccf3eb21772197027a810c
2019-01-25 23:51:08	GetDataAVK.exe	9ce1045ed9b9d6753b47de8cde9b3b4b
2019-01-28 03:57:05	nzejj.exe	61c3a0d5a9ac9bf77562129240b60ed8
2019-01-28 04:00:04	clientbobo33.exe	b6c3692bfbd98dcc39a6347fa9f4fb69
2019-01-28 04:09:10	scan.exe	cbc69887e4a432072be1ecda9dbbf262
2019-01-28 08:54:05	scan.exe	92085960e5f74f8de0219811d4d6723c
2019-01-28 08:57:04	mon.exe	8589df8ffc16b06bbb03e536e0d7744d
2019-01-28 09:06:04	EXPL0RER.exe	a1081cf916c150d38d11afb7099b67b4
2019-01-28 11:57:04	lakuba.exe	38ebfb6ba48d76b7a1d3bb173ce0078d
2019-01-28 19:48:07	test.exe	7c7b2b92922c95615d8e2dd08602fe7b
2019-01-28 19:51:03	vb.exe	7d77623bec9708b187866e94f20ba8ea
2019-01-28 19:54:03	vbc.exe	ebced7a42c5233b136c008c83a8d1c1d
2019-01-28 23:00:04	TheDocBuilder.exe	cc93bfb2d0ad7b47085a7b0db4724a63
2019-01-29 08:12:04	f4bc1ea828b71.jpg	b2c4c3ba3706f61673d05f6c6b7245cd
2019-01-30 06:03:05	amb001.exe	9b05f2be7a17804456fded8301926c0c
2019-01-30 07:36:04	crypted.exe	26c7f08a4760fc18cc3ab666fc97c888
2019-01-30 13:54:06	miguel.exe	d96d5930e801a2ab71eb6925322a29f1
2019-01-30 17:45:07	donpy.exe	8bf604d05638787e408785c4c46a163d
2019-01-30 19:00:05	obn.exe	d9723268c4f4b9e408648b8d8a0c9174
2019-01-30 19:03:05	dg.exe	4002f13fec49ba4f432fc392f8555fc7
2019-01-30 19:06:04	ab.exe	fb58911b77f7b03a7355e88df0a69154
2019-01-30 19:30:07	mrniger.exe	19f103943a60be56c2e26a26066af04d
2019-01-30 23:45:05	vbc.exe	51667a5b1127b0a1b4ef6c2746a62c26
2019-02-01 02:18:19	elvis.png	e0ae0e514bd37873a9160b5a0f828740
2019-02-01 02:51:03	BetaClothing_bot_G0dDamn.exe	d4dd0b6cd6b9007b7025740423c40799
2019-02-01 08:09:07	document003.exe	ea89a9c4eac31b45c8613ba04c923e71
2019-02-01 12:09:07	scan(1).exe	a378fc3d5e899253b7595b23bd5d34f0
2019-02-01 12:18:04	scan(1).exe	574da65930bab974b3f2526cd10cb94c
2019-02-01 12:21:04	nze2.exe	6ae26d4e88727087b68511dc1567b7cf
2019-02-01 12:24:04	Document0022.exe	cf9c95e36bb4ed9f6f8b2996e4bf7e39
2019-02-02 09:57:09	33.exe	603ee0c09ff8e63add39b18ba1bf601d
2019-02-02 11:03:09	ord.exe	8500ce138e2efe74989cb1bc45f2533a
2019-02-02 11:54:05	file.exe	19091abeb4f0f27a8d7a8b2c14316c28
2019-02-02 11:57:07	DOCUMENT.exe	ca9c2913e35c74a38b7f8ece1cb17785
2019-02-03 09:15:04	AdsShow_installer.exe	58d54f0cd034f70626578d388a3ce366
2019-02-03 09:18:06	wizzcaster_installer_v2.exe	30136ac5c03bc8bf208de6e1a0476366
2019-02-03 09:27:05	wizzcaster_uninstaller_v2.exe	d006da609c1390d64448703888496c56
2019-02-03 09:33:04	wizzcaster_v2.exe	0ef1c8a62b29bf298858d4f3da77cc77
2019-02-03 10:00:06	updater.exe	2939e9c16882b32022a1e718035d2b9c
2019-02-03 10:03:04	shutdowntime-uninstaller.exe	ef865f8284a054f052141f5b2f6b38d7
2019-02-03 10:09:04	remote.exe	7adaaa2bed861d4f5d2f73bb3db8cb84
2019-02-03 10:12:05	shutdowntime-installer.exe	cb7ece2a0530cc669b0c102d4aa36bbc
2019-02-03 11:06:04	powerproductions.exe	d4194f33ce761cc71609a0f28c8f6707
2019-02-03 11:18:03	Windows_Patch_Guard_.exe	cb2b362c3fb0bee335ac936e893777ac
2019-02-03 11:21:03	Rbx.Sell.exe	b37e3ec089a4efcd004ce9850d0d5c27
2019-02-03 12:12:04	test.exe	bd73bf6ec76a3e29b48afd1fdfbc2015
2019-02-04 02:33:05	file.exe	22adf1eab4de4c8974dc0ea938060951
2019-02-04 02:42:08	jupiteri.exe	f4c31735ea6aceb1c6b40624ca9b5158
2019-02-04 04:51:04	bloom.exe	4d7e1d649003c140fbeb492c45589de5
2019-02-07 21:54:04	autopatcher.exe	a7058a3a202429b353b02c74ad1b6c91
2019-02-07 22:03:04	Autopatcher.exe	04e6ba94a6961971e97c8b834fbaa6ea
2019-02-07 22:36:03	autopatcher1.exe	5cf8cf9dbc9f8e9ef4c022c6a229a424
2019-02-07 23:36:12	d.exe	06fcf23101e287a10b150149da8a2492
2019-02-07 23:39:11	np.exe	69a2bc4265951b76349ca5e189067be9
2019-02-10 13:33:11	java.exe	1c03eb97cf05830ec1446ee5b0219143
2019-02-10 14:48:05	lokra.exe	d5a3b59f2c25b6d4ab82cfec7339bf1a
2019-02-10 15:51:05	update.exe	ebddee306fa872a99a7c4df6a279c6ee
2019-02-10 16:09:06	jab.exe	ec8df4f4481fcec29e0ce473a0991aac
2019-02-10 18:33:06	1212.exe	720ebbe190c55fd77b837d1dde3e0098
2019-02-12 09:06:06	ZASTI.exe	f3eea1b45ca04f7c0c33122cc2ed0590
2019-02-14 00:21:15	tongbujl.exe	d25c1b6baec619b62ad1d860320e1537
2019-02-14 04:36:06	zhangtjl.exe	18cbce82cff2eae97fb78cf35736676c
2019-02-14 13:51:09	az1.exe	49915b5cc6712a58f8e7da5efe740da5
2019-02-14 16:54:06	LoginTDVL.exe	71380f765a45917b03b9654bb3cf76e5
2019-02-14 19:00:04	az1.exe	a0ec86356e28553a1bd9a60033dbaf12
2019-02-15 04:42:17	net.exe	a4d91d383f8206eb5aa1cc0d89931d2f
2019-02-15 15:30:06	XX.exe	02e70174f1f6c1afb24340a8bef26358
2019-02-15 16:00:04	AA.exe	c0480833e47ceb91dfc949148a58642e
2019-02-15 16:03:05	55.exe	5549f698a59f9fabc4b606b886aa2e70
2019-02-15 17:33:07	document.pdf.exe	eff66439bbbae2cd2194ba453ac3d977
2019-02-16 15:18:07	58.exe	0afafd7fd55ab35a2b27d7b190145ada
2019-02-16 17:51:15	ps.exe	22d2ec2ff1cd94487a7fa8104ff97b05
2019-02-20 13:03:06	FlashUpdate.exe	561a562a0eb58d9eb70955b3bc9ee95e
2019-02-21 05:27:07	ZXMiner.exe	7a4a95857027e5468cc9bb1e35247036
2019-02-23 16:36:12	2.exe	5083e13216e5462e6715979ba9d4a65d
2019-02-24 07:18:18	ufc_2.exe	e04bfd3c3c6f375684dfbd83556d6ceb
2019-02-28 23:48:05	IMM.EXE	0c501c81117bd124e7ac1111c7f0fa68
2019-03-01 06:15:07	strt.exe	acb2840b575bd538efdd76ada3a603a2
2019-03-01 15:03:04	eyu.exe	32ffae9524a6321051248e4313c91852
2019-03-01 18:39:05	kl.exe	076009e57431ad692bd745389ff86a05
2019-03-01 18:54:08	rat.exe	d6f756f414f27124099d7ffae65d9727
2019-03-05 10:39:06	KuQGPllkICewEQFToxsaTcnldneew.exe	0afd3c523727da0991e06e8c118fdf8c
2019-03-07 00:57:05	drive.png	9cabb5bb7e93fe746697252ce64638d4
2019-03-07 01:00:05	drver.png	b3c338dbc6192dea325c4e43ea372811
2019-03-07 01:03:05	file.png	bcc628e58ba88e4e46751df749efd96e
2019-03-11 10:54:05	orderreceipt.exe	95fb70475df8e71ac7da72f241a6c117
2019-03-19 00:36:06	bin.exe	67ef19394f3d78f92bc79bb6c191ef91
2019-03-23 14:06:07	server.exe	96580a68c5c3349db9fd217d6565dd27
2019-03-23 16:06:09	data.exe	09f12bc5f6a10ec24821aaa31684bdc0
2019-03-24 09:33:15	CIG_MHKD.dat	9b8b3ade510c30bc233a260a86a92e52
2019-03-25 13:09:05	vbc.exe	78a97330ffd3fafb96f6884278ade6e9
2019-03-26 14:00:16	vbc.exe	530005f5cddcbf178177ecd2ff08fb19
2019-03-29 10:27:05	vbc.exe	d4a35a334b20ac4984592f0fddce9924
2019-04-04 02:18:06	new.exe	ada86fa7333077686882e311dd569ac3
2019-04-04 03:12:04	nj.exe	97eebaae286dd77c78f2fa727b6b11df
2019-04-08 16:00:11	vbc.exe	2f1bc487120c1d5410a763b20869051b
2019-04-12 16:49:02	winsw.exe	1f41775fcf14aee2085c5fca5cd99d81
2019-04-12 17:31:57	ieqgrkfl65.exe	b3c9f98dd07005fccf57842451ce1b33
2019-04-12 17:32:27	hqpi64.exe	6e72ae22942e7d5e1e5a0c7e1920c595
2019-04-12 17:32:30	hqpi64.exe	36a4243c798e2ebb860c301c14b8f084
2019-04-12 17:34:46	hqpi64.exe	6995e574182cc7eaaae1c45fc44a87d9
2019-04-12 17:34:48	hqpi64.exe	5c248368d88ce227a7773e28b729c189
2019-04-12 17:34:50	hqpi64.exe	458a56504533cc708c79801a35003b80
2019-04-12 17:35:06	hqpi64.exe	76ef09ea4e96109c0592ec8e454e60ae
2019-04-12 19:43:17	svchosts.exe	90157f67f2b7e71bf0ffa985d0dad3c4
2019-04-12 19:43:35	svchosts.exe	3b476bf7a87c6ad76800c1ca964fdcab
2019-04-12 19:44:38	svchosts.exe	5d8300933b2c456063a0e9d2525da4f0
2019-04-12 19:44:46	svchosts.exe	d09e78a05bc979545aa0072c2e0228c4
2019-04-12 19:46:23	svchosts.exe	745eafcabba612c4be96957f9bde08e8
2019-04-12 19:46:35	svchosts.exe	266f71551e3b04d1c95209f371527afc
2019-04-12 19:46:44	svchosts.exe	389ca8b23a431c1e1c5963ce8ca4df25
2019-04-12 19:47:16	svchosts.exe	bca51d7c75c1f3a2410a9fb08b7fb11a
2019-04-12 19:48:04	svchosts.exe	283feb61f1e28c3fb121fe62e381844a
2019-04-12 19:48:08	svchosts.exe	f0e49865ccb5dfc694a517d26dd37d4d
2019-04-12 19:48:53	svchosts.exe	7e75c705498d397cd5320900bf7996cb
2019-04-12 19:49:10	svchosts.exe	6575472c664c57a5370dc770d8474498
2019-04-12 19:49:30	svchosts.exe	14788e0458a7a647a276233ac3dfce9f
2019-04-15 11:21:05	i.exe	72efce53674ad8207af18fc16dc159f5
2019-04-15 11:21:06	sv.exe	6b31a91d831065f08ed70e9d55ec1d98
2019-04-15 11:35:59	ConsoleApp1.exe	9cdfb4be0d593bb1d9c80d9735f65040
2019-04-15 12:09:04	install.exe	29ca9d583059495c031264e2b56f3dbb
2019-04-15 12:12:03	timeclean.exe	55f35bcfd36eeccbc66eae1d44f710af
2019-04-15 12:30:04	cleankombat2.exe	7ddaa9ee091c73e5b7e49a9fa52f88a8
2019-04-15 12:48:03	csrss.exe	a5eefe4b6362f6772eff4d4e9eb762f7
2019-04-15 18:33:04	wormclean.exe	7ecd069d8459f2adbe807f6cc1ac2ce0
2019-04-15 18:57:03	111.jpg	a7e7378e1c13ffcd9a0f1398ff147bb9
2019-04-15 20:39:03	20190410125938	fa4a414fafc8d6d2b5d8eac7aecbbfbc
2019-04-15 22:00:04	setup.exe	ecdd4613dffb8dba4c331e5493366feb
2019-04-15 22:27:04	service.exe	3a54e30efd41cedfa26d0ffd41a2b08a
2019-04-17 15:33:04	sockets.pif	044cbeed4c2a9c26fef4eb7560101cc6
2019-04-18 02:39:05	TT.exe	906aa26b2fabfab4c53c2b1ea53f4309
2019-04-21 05:24:06	sms.exe	487b0c9de7a17ccb35dc4673b486444a
2019-04-21 05:30:05	sl.exe	88e0ea38334d5b6d9353545e22a51621
2019-04-21 06:09:04	vnc.exe	d312ff15227b275800d0eb47b7fced4a
2019-04-21 15:36:04	aba.exe	e145d0267685dd91735857acd7b708ba
2019-04-23 18:00:06	RederictBind.exe	fcc248bdb9b56bdd926a13bbff61fadd
2019-04-28 05:09:07	bad-boy.exe	eff906a637ecbbf5b17c982ae48bfafc
2019-04-28 05:33:05	josh.exe	c9a560b2721b47ca68d577115cfa9d14
2019-04-28 05:48:04	PROTECTED.exe	66ec03a648bf0c5d2376bc947871c5ce
2019-04-29 03:33:04	hasa.exe	9c58424ea3c20cbac6ca0a20c316d2d1
2019-04-29 03:36:06	growtopia_gem_hack.exe	17d7de992ab0ae9d2acf51b82ba62f5d
2019-04-29 05:24:06	security_update.exe	70da2075ac350649f734b0d950c545ca
2019-04-29 08:57:12	synapse_3.0.0.exe	eb6e8318439c723186a8e1a9c017a3a8
2019-04-29 11:24:04	microsoft.exe	1902277f9e0065b54e92370b015070d2
2019-04-30 06:36:09	office1@rigin.exe	5e75042a64c328980048ef2d3810f0c4
2019-05-01 22:24:05	1.exe	6e8cd72f06e888779fe95f162abb5858
2019-05-02 01:54:03	80.exe	ab3338c54e7c9c6c3281d9c603371018
2019-05-02 02:30:03	9006.exe	952a93c0e4a9e9673b085d3f31a6750b
2019-05-03 06:00:09	doc_attached.exe	2fc34cf714906c34c046c52ab48785e7
2019-05-04 00:57:07	readme.exe	a5fca3c0bddc116eab6072c0c6c5b9f2
2019-05-04 01:03:06	ftp.exe	cbd4eefaa76d62fc469005250a506ed5
2019-05-04 01:06:05	read.exe	19f8534dd27ddea549c49a40a06631c9
2019-05-04 01:09:04	file.exe	ae5c37d8ca2f7bc82f360a391992aed6
2019-05-07 17:54:04	main.exe	53da76ddc6fe8e0a1f9a30c2ab29fdc4
2019-05-09 19:45:04	ylmwafqqohh.exe	5905a17da3a04fc4a1f3de2f6d9babe2
2019-05-10 03:45:02	wjiojt1sux3.exe	7f65debb41ebc0019cdc504010636f63
2019-05-14 05:03:09	demo.exe	58b82f6046af7142174639c87cc98049
2019-05-14 09:12:03	file.exe	acb54dd5b48a1e39f3e8bec5fa2d3645
2019-05-14 13:33:04	Lucion%20FileConvert%2010.1.0.20_Keygen[Shadow%20Mask].exe	cd042df973e6a6ab6f91d1b2749b3971
2019-05-15 15:42:06	bintu.exe	3ebbc221f2ae9bbc1be99240aaf206f0
2019-05-15 15:57:13	svshost.exe	1137352b9630eeb1fc19db6f8d08cde9
2019-05-18 10:03:09	batch-mp3-converter.exe	7e46364bee1ed52f9c03d379596bf3d2
2019-05-19 15:06:03	NetworkBrowser.exe	ae5b01b53c318c2fa988430dfddf0400
2019-05-20 09:51:08	serve21.exe	4af780f8a33e65f7ea0106022544c6c4
2019-05-20 14:54:04	serve.exe	a4ef742b98e058119168ce394c768d72
2019-05-20 15:12:07	power2.exe	963c74f6cb6ce4c0a2a6b6124a8d188c
2019-05-20 15:42:04	Smarts.jpg	868cff01ad6607cb29790c29797c78fa
2019-05-20 20:39:03	onetap.su_crack1.exe	cdaa68385861d602a46ec350cbcdfc36
2019-05-20 22:18:07	nokte.exe	1d7aea8c2d195ff0ace70a1e1dddac42
2019-05-22 09:54:03	echoload.exe	a607a1bf33fe2bb4ea542e7c5065a568
2019-05-23 21:18:03	setup.exe	f6e97d8efe91f07ea4d0eb99483a3d55
2019-05-25 00:42:05	Quasar.exe	78e2802f8cca7c8a810a17872c64996c
2019-05-25 04:21:04	sqlbrowser.exe	a122483546ea2e178c61cb6f0d34a0a2
2019-05-27 03:24:04	PurchaseOrder.exe	e6ab137417e4198e624eb85b86085e16
2019-05-27 15:12:42	Authorizationcode‮gpj.exe	9243e8863f77ab8cef6ff0683fdafc58
2019-05-28 03:30:08	LL14915C.exe	64f753cc7a2d2c630f950ff85d7f1123
2019-05-29 04:45:13	InstallX2.exe	c9eeabdbcd7b56286e5ce68ac00475ad
2019-05-29 05:06:06	CIG.exe	659b9f9347729e5ba830f256db62eaf2
2019-05-30 16:42:04	Khayam.exe	478ae8bd5b62f2ede2f17f9cd53e91e8
2019-05-30 16:45:04	f_moshiry.exe	dbd48c425f5bce897b40913fc0ad6fb0
2019-05-30 16:48:05	bagh_ayene_shamloo.exe	0e4a12bf35e32b62b3a560001986c13b
2019-05-30 16:51:03	Hejdah_Sooreh_Az_Ghoraan.exe	18327c11d4487fa945be3f30d9d68c26
2019-05-30 16:54:04	GhazaliatKhaghany.exe	f34c0209d89499c6469ba67153f0cdf6
2019-05-30 16:57:04	AmirMoezzi.exe	29af7ec33b09961e2b5d4890045bf0ac
2019-05-31 02:48:03	parcel_details_PDF.exe	4ab9148e539fe297ad1da723de595b1f
2019-05-31 03:06:09	RoabaeyatFayzKashany.exe	14a370f9fe9c5071c2ac56a35b8f13e8
2019-05-31 03:09:03	factura_PDF.exe	e6505502f71ce71406ebccac0ed19578
2019-05-31 03:54:08	Chehel_Hadith.exe	934e787a303d0b685afd69c76c5b79a6
2019-05-31 04:00:04	factura_rds_PDF.exe	afd5eb72bb8f02b9e9bbb7594e0d3cd4
2019-05-31 04:06:09	AnvariGhazal.exe	f8d3ee9202b44b624b7204a438f42dc3
2019-05-31 04:15:09	NimaYoushij.exe	cd9a27d8d571d3518199c54652c067bd
2019-05-31 06:21:06	WpTester.exe	c6d48e3a23805e324b7f65c36f82f84f
2019-05-31 22:18:03	2	08f03feeed1aa88f35d5675713572898
2019-06-06 08:59:48	smk.exe	4151547bb07e484d413480cc278a1a59
2019-06-08 14:06:12	c.exe	dd68e958ce2f6b7c5255772b3824dd78
2019-06-09 04:42:05	aqworlds_acs_generator_v1.00testing.exe	e676df3caaa81170933f9f7662063358
2019-06-09 08:09:04	system.exe	3d6fff87f5b762e6178c98ebc0085fc6
2019-06-09 23:03:13	open_to_generate_gems_.exe	c1155abb2dda1149471a2312bad2012b
2019-06-09 23:06:06	winskype.exe	5a71d8db406dadbd02628232270dfdb6
2019-06-10 06:21:04	monmoney.exe	13e87e83a013092938d18403624a1ba4
2019-06-11 06:36:06	Beautiful%20Woman.exe	7e2b543deb7e0bab70c76aeecf370516
2019-06-13 09:09:07	opr2.exe	73617d83955b149861d2a18244e6f8f2
2019-06-13 17:51:04	2019-Mclaw030.exe	8a7e582e85cb994d6f0d728cf8de1a95
2019-06-13 19:12:04	opr2.exe	3c3537cdf8dad5bb9d2cfafe75afe89a
2019-06-14 02:09:09	batch-mp3-converter-lite.exe	25861abef66c24618a4ec0703659a94a
2019-06-16 06:18:04	hybrid-analysis.open-ns.ru	5aceba8187ffdf461e156df725cd40af
2019-06-16 07:21:06	igb.exe	3143c62bf3186747c4461776354a06fe
2019-06-17 01:00:03	invoice.open-ns.ru	2bc5e2a899a7e99a11518a930690fb38
2019-06-17 01:03:03	www.invoice.open-ns.ru	b31769e2c6392cbb1eb8f2a3278a0af4
2019-06-18 07:42:08	sClient.exe	9b6a3102e7a7051a058802dc3ad11efe
2019-06-27 04:03:04	file10.exe	c10190943e3ee420992083e3c795cd94
2019-06-27 05:54:03	file01.exe	20ab822aa24f01d171f063a93675a115
2019-06-28 17:48:06	microsofts32.exe	3a53247801f783111d1d0beeadc8f0a0
2019-06-28 20:30:06	microsofts32.exe	cff45e9f164c1195f1fb1ab696c3001e
2019-06-28 20:54:03	conhosts.exe	2e4217e446ccbda3ae9be1205a2719cb
2019-06-28 20:57:03	apagaexcluir.exe	a2f4dbf09ad1b1779008c4cb5936e9b9
2019-06-28 21:57:03	vshost32.exe	46ea51b4dd17dbebd59f9df96ad6334a
2019-06-29 07:30:04	atualiza.exe	f3a3756f28f8988177a527a038337f95
2019-06-29 14:03:03	conhosts.exe	ecc3ff5eabd144171bdfb00ac5d29096
2019-06-29 15:45:07	zyy.exe	faab922f277ef22403b55e638ca9b23c
2019-06-29 22:24:04	Minecraft.exe	c4e0d686d9dd97c26ab8f40ffc347e45
2019-07-01 21:57:07	download.php	c152e07c298d1a007ce410a488d0563a
2019-07-03 01:06:08	FlashPlayer.exe	d6391a45f26407a595261cca34fdbf43
2019-07-03 19:30:03	remove.exe	299c49ab19eb9ae529fddd88333eaf88
2019-07-03 23:45:03	explorer32.exe	c0d1615f5e2233627fa610db81ca2dcd
2019-07-05 05:36:04	klplu.tar.gz	7099a939fa30d939ccceb2f0597b19ed
2019-07-06 20:18:05	BITION.exe	0c5154fdc0e2d6c6455abbb65fcab0ac
2019-07-07 16:39:03	servicess.exe	e48bce55f783f289bb36f5f7401df52e
2019-07-08 19:48:04	NewPatcher.exe	77d3042a4eab3c1dce955b64550f284b
2019-07-08 19:57:06	NewPatcher.exe	025181de497ae705a32cf6be10c9ef15
2019-07-10 05:39:05	new.exe	bbddeffc4177bca5f06394d76de35624
2019-07-11 00:00:05	order453452.exe	bd5a7489b40d754703235b6160170cda
2019-07-12 23:36:08	bukkypa.exe	852a684bdfbda120c52177832fd51396
2019-07-12 23:39:06	chiefobi.exe	385ca4e34242fb28971e3a3b3a822e78
2019-07-17 22:45:07	windowsapplication1.exe	59ffb998635b4bfbe0b49f6c804c5873
2019-07-17 23:27:09	tedata.exe	b3d7442e17bd50c60008113a33f0c6ac
2019-07-18 21:15:03	384b3de65ee2731a7c4b55b29bb15d87.exe	0beb47fb8d046a51f181b5979f08d960
2019-07-18 21:18:03	e8400a86a36fd6a98ebd26dca5a8038e.exe	0560220e1afd2102c7c31c947450affa
2019-07-18 21:48:03	56eccdb0a780f6db52605b183c687a87.exe	5b02b9ea8aff89850a13b2515e8d2aad
2019-07-19 12:00:05	amix	f328a95046e3a2514c36347eaec911c0
2019-07-24 21:33:04	WindowsMediaPlayer.exe	0f32d7f8a79e0e09cbb309f7cbcfa61b
2019-07-28 17:15:06	1.exe	77fe24f9247f36f17c62ec39b770dfbc
2019-07-28 17:24:05	kk.png	12ac72e42bb2682baabf4d0ce104c6e7
2019-07-28 17:27:04	webs.exe	205ae42f6d69d8cbc494a5f9fa537106
2019-07-28 20:42:05	pdf.exe	5d388f1bb12c97e54a7a4d801095cb33
2019-08-01 11:57:05	PluginFlash.exe	039a35282f6bdc426bb5df5990d16daa
2019-08-02 11:00:06	hero.exe	3a83a041861de0bc047e441716aea873
2019-08-03 11:18:03	EMEH2307.exe	fdf2f76f519838d2ae522a4b63b3e506
2019-08-03 13:09:03	COLLINS2307.exe	963379e3aa6338b1e11e700eec79f2c7
2019-08-03 13:15:07	stamped.scr	f8b713a2a5ea0ef217e26c67a7535677
2019-08-03 14:21:03	CHIMA2307.exe	1b17fd788d2cdf5a3d64175885b2fb51
2019-08-03 22:33:03	MANI2407.exe	d61573c48305f757bf00cfdd4fbc63d3
2019-08-03 23:24:03	CHIMA2407.exe	d60066d98a7ed4f3474301df9f8c5215
2019-08-03 23:27:03	ANICHE247.exe	85b5eda79127fcb026d5bbc5863f74a5
2019-08-03 23:33:02	EMEH2407.exe	828c6cd8af6330fec6e6c0e35666e9e3
2019-08-05 06:48:03	CHIMA2507.exe	5a903c575826f0b128ad29b87847c17d
2019-08-05 10:18:03	EMEH2507.exe	2b10c10615611040fb67be94ce665714
2019-08-05 10:21:03	ANICHE2607.exe	7e8c50bb6ad871888f60ba46cbddf45c
2019-08-05 10:24:03	AMANI2607.exe	99c54960d31b1665d74144907f4a891d
2019-08-05 10:27:03	AMANI2507.exe	5d057bdc639c31593b92ba3f3d20bc86
2019-08-05 10:30:03	COLLINS2507.exe	9ca9f34f9ecdd23aeaf1b55b427aade2
2019-08-05 14:30:03	COLLINS2607.exe	d283fd4e861c69b82aa47deb54ef8e16
2019-08-05 14:33:03	EMEH2607.exe	c56c879ee5ce22df1b059a05f9fc004d
2019-08-05 20:15:03	PHYNO2607.exe	64c2c03ea8e021699e74141986d7c58d
2019-08-05 23:42:05	tmt.exe	ed9b4f2ed81beeddccf08da93f5d4262
2019-08-06 12:12:03	AMANI2707.exe	47e7060e9f85d5e5a2599183a2ef6fc2
2019-08-06 17:00:03	COLLINS2707.exe	891ae9f175ba6d7c1e0d37abb58b71f7
2019-08-06 18:51:03	PHYNO2707.exe	40b6c7d2e0b76b55c3fc0248567cbe81
2019-08-06 19:30:12	cl3.exe	876d68cea7af67dd4090baef18a89657
2019-08-07 12:24:08	office.exe	d1753c4026d91bc4d4f889e14bcaa47d
2019-08-07 20:36:03	business.exe	61a1a17a00c97327362834f3af8bb49c
2019-08-07 20:39:07	newvirus.exe	68822582a0974bfea5b912a44c64c2a8
2019-08-10 06:09:03	PHYNO0108.exe	b0c5b7b3a3d490e8088c490fdcb9fa49
2019-08-10 06:36:05	main.exe	d41740255bf565a5df7474e7fb36852e
2019-08-10 08:03:03	CHIMA2707.exe	36e115843cfc23b428018b56fc009c14
2019-08-10 08:06:03	PHYNO2907.exe	1e7d7ed6b123cd4d6bf846f7f5672ab5
2019-08-10 08:09:03	CHIMA2907.exe	b281af3171cd9211daff871f2c258e5a
2019-08-10 08:12:03	COLLINS2407.exe	ef32e577c7f8c82699c2162d7027210a
2019-08-10 08:18:03	EMEH2907.exe	0679ff8965a354cbe614a19cb8d2844b
2019-08-10 08:21:04	CHIMA2607.exe	989438513fdd82b1ef465d57c753ad99
2019-08-10 08:24:03	ANICHE2307.exe	1522e4ca5c8381b037b07e692ec675d9
2019-08-10 15:57:10	Sweetlogv2.exe	e6eecbe1580add27aedbdb4850d40c86
2019-08-10 20:51:03	We_have_a_new_delivery_for_you.exe	dd7bdff48701af37f8e219e045c26598
2019-08-11 02:15:04	systemupdate_security.exe	5e003d4e1b57f983f1602c5cd5d11428
2019-08-11 04:12:04	01082019PFINVOICINGPROCEDUTE.exe	cb45f274c551b050a8531031355043a2
2019-08-11 05:00:04	cod2.3.exe	a1cf9d0c4d401bc10cf89eebaa13176f
2019-08-11 05:24:05	Augustine.exe	23c7d67bf355c8808f46690f35241fed
2019-08-11 18:18:06	invoice.exe	8124439ed5df3caa7fc137e48afd44fd
2019-08-12 11:42:03	Windows.exe	25d275f95dbf0f4b68b8a91943bcde0a
2019-08-12 11:45:04	Mozilla.exe	c26ab151f1b6c679564b3795f0b90465
2019-08-12 16:03:04	jiz.exe	7fe31bb75ebf5a1e126d5a385af1065b
2019-08-12 16:06:04	fft.exe	ad0416b1b7d6c7dd620b1d1d5569e7c2
2019-08-12 16:09:04	emy.exe	70f38792a1ba01553aa062c0f8543246
2019-08-12 16:12:04	ago.exe	83e94bc36566396af6a782d13516ab2b
2019-08-12 16:15:05	obi.exe	f96a7b2aef7aa8c897c4e30027efb0e5
2019-08-12 19:21:03	rob1.6.exe	d5c143ea66b4a34d242bdf0938271aa0
2019-08-13 06:39:04	M0ZIlla.exe	cb46ec944e71b5eb8877c6622762ac1c
2019-08-13 07:48:04	OBA.exe	1781aff5535c818c0c6b5407da41607c
2019-08-13 20:09:08	aHeyhi_lower.exe	a1fdead23276087e5c8a7b8114ad769e
2019-08-13 20:33:07	Aurfile_copted-pdf.exe	f308a2b51b2d4976af7e4c24c09c1d6c
2019-08-14 08:12:05	sor.exe	facb332629697bd8b3f64a49768bdabf
2019-08-14 08:30:03	lvwfFwZqbAzXwkf.exe	070cd81ddbaee5e6a43ea326bb35cdcd
2019-08-14 10:24:03	sorano.exe	8134dcc2a38fb7b0112fae066e0b912e
2019-08-14 13:54:03	ZQ4uArnDoUiW4WO.exe	ebcf26d8ed6c0748008b470c0a7ba031
2019-08-14 21:45:04	Software.exe	a3568dce8ec0a41e8efe1790b128686b
2019-08-14 21:48:04	dak.jpg	71446943723b77b35713df2119cd8d3c
2019-08-15 04:36:04	update_Protected.exe	8a90650cd2750555feab95f2a9b73eee
2019-08-15 06:51:04	ClienttsMoneyFollowup.exe	89b44b6050929956cc68d4b40dd7d163
2019-08-15 16:24:03	q2nou3zws1avbfv4jvt02zyh0.exe	be6f7a9f9c1b036c8b400f9427bfb92b
2019-08-17 20:36:09	INVOICE2.exe	5ee7670dd7af0492bd2d8fb6d5603d5d
2019-08-18 09:51:08	vbc.exe	e942c220a2138f38582eea88a24497be
2019-08-18 09:57:04	vbc.exe	a3bd44122110dc9b42584e27a8b79467
2019-08-18 10:03:04	vbc.exe	f25f18f43b56ac8f2c91bf89db13f49a
2019-08-19 11:55:17	PO#august_pdf.scr	1cb2f40e4d9f8029d58ad21fe10a364b
2019-08-19 14:54:10	db06jul2016.exe	7e60b39491fdf32aff6e216bcee8e4eb
2019-08-20 03:18:04	hstt.jpg	4692b66498118efb687ba8db821fe716
2019-08-20 03:21:04	hst.jpg	3d299e72a17f086dce4af24df8040bee
2019-08-22 10:18:05	whe.exe	af5141d170da335a2e7024f82b7b96df
2019-08-22 20:06:06	vbc.exe	5c8b7475b0513b0e6ec19638880195ab
2019-08-23 09:24:03	vbc.exe	f58835de00f4f569b90d86654a45dff9
2019-08-23 11:15:04	01.exe	beeb267f02d85bd60bdfa3b2f30c2e27
2019-08-23 12:27:03	PDA.exe	3bd0c7fc4ae0c1338a7750404bccfb77
2019-08-23 13:06:03	sms2.jpg	e691b27673cd3c961cea2d313ba64ef8
2019-08-23 13:09:03	sms1.jpg	0048f18180d7bcba60d5941c016dcaca
2019-08-23 15:27:07	blezz.exe	97130c47d40e44eee0433ff6964ab187
2019-08-23 15:30:05	lolok.exe	7a44eec58bcf4ee5407acd23ba60ccd6
2019-08-24 01:42:10	9078950	07161ca4140287310008ab8a51b1a8a2
2019-08-24 16:18:03	ezep.exe	f7f5c1591e4688cdb11573256eeeb358
2019-08-25 06:12:07	realenvanter.exe	7aa8d50c79bb7e378a09f36bd22fc360
2019-08-25 06:30:07	ernest.exe	581e38611dd24f3f2b090a3b16b4e677
2019-08-25 08:39:03	copy.exe	6006fc9318afd70e711a4bca012efac8
2019-08-25 14:15:07	fnk.exe	e67509e05c71958e6930c2203d6883b9
2019-08-25 21:36:05	gen.exe	113ff86f598428056f80eae006883444
2019-08-26 04:12:05	1106778.exe	80e4001e0b9cd2a49c8d037f0b3d8fbe
2019-08-26 08:24:06	0578102.exe	ed55c82865aa6508ec629d9efbcb811e
2019-08-26 08:30:05	08437.exe	2be697f9927ec8222bcf655737880309
2019-08-26 08:39:04	go.exe	99d6526357af2c0bfea167c0d92ec995
2019-08-26 08:45:03	gregtalin.exe	7512715b0d5fa050fed4c375e847e7d5
2019-08-26 08:48:06	60589.exe	9333024788725c3a856926b50280944e
2019-08-26 22:51:05	60380.exe	dbede2dea8e41342f93c67d632a87f01
2019-08-26 22:54:06	horigin221.exe	f1a07566a6bff2fd7e4e6da7120e50c0
2019-08-26 23:00:05	order.exe	16861f7fe0f74c587b82a16505f35790
2019-08-27 01:30:08	1101708.exe	c5d9235167fde6067834bc0bc369b983
2019-09-03 21:21:09	00222222222222222222222222222.exe	a93d6e2addba520f5f1faa50c6171829
2019-09-03 21:36:05	FLO0309.exe	8b954ce0da006f197b80258bbf171052
2019-09-03 22:12:04	DON0309.exe	82b5e633f83bc7ab47899d22c69deee5
2019-09-04 02:18:03	EMEH0109CRYPTED.exe	744e024c0cd467b09d4e144c53b591e2
2019-09-04 04:24:10	wwininilog.txt	2ad8ef1b928417101943241a0c67f1d2
2019-09-04 05:45:04	99.exe	c23164dbc82fc4c18fbe709bbfdbe55b
2019-09-04 05:51:03	DON3008.exe	1b521d6828abb005dd97cb9342fe0a84
2019-09-04 05:54:03	FLOC3008.exe	ef1038d43576f822f8ced996273daea0
2019-09-04 05:57:03	flo.exe	b0ccda5c8656dddcd0aeb19fd10b9d4e
2019-09-04 06:00:03	COLLINS0109CRYPTED.exe	e503f0c1e8a34448ba08475f2c493e77
2019-09-04 06:06:03	MUSIC.exe	6612b8b076faf50b72d8d2027c15930a
2019-09-04 06:09:03	jojo.exe	192154a36151e0863ae155a7649c0cc5
2019-09-04 06:15:03	JOJOC3008.exe	ef380cc9b0aad035d0237b2024812f46
2019-09-04 07:09:03	CHIMA0709CRYPTED.exe	4df4c00bc21cf80c5d0b14427779818f
2019-09-04 07:48:07	96053407	33bb104f190e368fa91a7f2495ff6dc8
2019-09-04 07:57:06	2055970	6efa19047e613a29860b4106e01bed69
2019-09-04 09:36:04	dam.exe	001841be7c47d683d72ff03ecc3b1781
2019-09-04 20:15:07	bin.exe	9703358e47352991c09016f4959cb5a3
2019-09-04 20:18:04	newfile.exe	3bc028fea775e3da19e29de628c96387
2019-09-04 20:21:10	jVnPAZ9GVYKqDxH.exe	d0cb3d898e184ce762e7f196df253258
2019-09-05 02:00:05	asdfg.exe	1806a175244b69c11f40ea3d77cc867c
2019-09-05 09:15:09	EmbroideryStudio.exe	4a559ebc94ae7a53b9ea1d699f23be93
2019-09-05 09:18:06	microsoftoffice.exe	3993ada00b50bf40a47ab579bc7dc062
2019-09-06 03:21:03	cjcryp.exe	69c0691c823d07064b85f2a73f032c1d
2019-09-06 03:24:06	pdf.exe	93c76ec29f0152b3ed728118b27464ec
2019-09-07 03:54:03	smilcryp.exe	b48c68646e860155e6b840363fd98f8a
2019-09-07 04:27:03	chigocry.exe	498e18b69f3ff51d8648b5472909f289
2019-09-07 11:36:10	8mondaVenBoy.exe	a4ca3c8c8e25aa077cfdb6768f9395d2
2019-09-07 12:00:05	603529077	76275eca3309ffd1e3156a6ce400b162
2019-09-07 13:27:12	YangheLove.exe	833a03290b713b1c2d4c04701fba0d84
2019-09-07 18:51:03	990309.exe	3def0019fd1303a21a0f842a44641658
2019-09-08 04:36:08	ScanOrder	d6de7d5b60ff40185546d83c8086685e
2019-09-08 06:06:03	AMANI0309.exe	efd4b2eed5f278972a63bb1597eeeeab
2019-09-08 06:36:04	help.exe	5f41ec27825870637f45ad2191a5f508
2019-09-08 13:33:06	ghhha.exe	33c5ef1aaa88e8262791ff752d94f3b0
2019-09-08 13:36:04	07.exe	1456a5131ca97f009b9b9f36dd552924
2019-09-08 18:24:05	emm.exe	65d3130346f13eec2ee510ba5a67d13d
2019-09-09 00:03:06	301.exe	105f94e56d5fc9fc7555aef13e0af78e
2019-09-09 01:15:06	bm.exe	5c811c15e7d32e2791c113cc83a6963e
2019-09-09 06:09:05	saturday.exe	460b7924e199fb2e8f28a9eb79ae4281
2019-09-09 07:48:07	newhost.exe	68906bd58062be03946b9b7a2c9a52df
2019-09-09 07:54:06	lastone.exe	2f453380058a36c38c911c5023c725bc
2019-09-10 23:39:08	1.exe	2769f42634a0e87c53d616b0c7afffb7
2019-09-11 05:27:03	cabify.mp3	e151dae6b2f1533a3c6b1fe2dde4106f
2019-09-11 13:12:03	sureqwerty.exe	7f85f1077a4a7820d94700c9ca952909
2019-09-11 16:42:11	jiokee.exe	b4adbbe65ad0f10a5ec66d85306f0667
2019-09-11 16:57:05	maddy.exe	5efe142207e92081aa090d4c4956bd17
2019-09-11 18:15:06	Scan091019	d56c99b19bd3279426234753d3573d43
2019-09-11 21:03:07	380028.exe	12e17930d2bfeef681f060f40ee3a5e3
2019-09-12 02:12:08	cjcrypt.exe	8dbebff7a181f6e8d00453b24c3cba6b
2019-09-12 03:30:06	5a2eec141864de49a45bb29ac52dbe6b.php	131c2c561ed08be561321f706140bd43
2019-09-12 03:33:04	rizz.exe	da609eb2e4ff25c05db64c9a53a96c97
2019-09-12 05:06:04	vnc.exe	4f0a4c05f73f7797a13ecbeddb051382
2019-09-12 05:18:09	educrypt.exe	a24880cd1d650ff516ce49f742075ad4
2019-09-12 05:27:04	ffffffff.exe	f0c0b2b0679b88e798e2589e322cbcc2
2019-09-12 06:15:05	inno.exe	b115061acd459a7cbfc6b12f85b16083
2019-09-12 06:42:08	wwininilog.exe	3b6ab37dd4d45edc29a9bf02eb9f3912
2019-09-12 12:51:03	ezee.exe	beec34e6b3a2aa7bd0448452cbadfc4e
2019-09-12 23:39:12	Undeliverable.exe	d61047ec3bb5152898cf880011a02d3d
2019-09-13 00:21:09	AWB%20No.2234564.exe	9ee6727f4d679ea147957ae67cb93f16
2019-09-13 00:24:06	SKMT20191092083.exe	d658a16e23b7b7499f54719893f56009
2019-09-13 00:27:10	dhl.exe	b8b6ef8cbd486e29b0ef8f3478aea552
2019-09-13 00:36:04	educry.exe	e983a03f474bbf7282387c0874124165
2019-09-13 00:39:04	ojacrypt.exe	40051f35c08c9688535469ab95223b12
2019-09-13 00:42:04	bab.exe	2ede49624073770c932b8a00762be61d
2019-09-13 01:12:11	HASL70EC79000100.exe	8220aabc402c76099f852f4ed682fa22
2019-09-13 04:39:04	smp.exe	d7f1521acc86febf77129374d4e0e539
2019-09-13 05:15:04	sd.exe	a955500b4e1023df4ffba193de91cea7
2019-09-13 05:21:03	mf.exe	e401ee3eb6d02d38885d8ba08d7575fe
2019-09-13 06:03:04	bea.exe	8555a4c5f5b88c22ff2e99b56900f691
2019-09-13 09:57:07	gmb.exe	3646b7b40de456c3960de34b613438b0
2019-09-13 10:03:06	go.exe	8f28626a6ceb715af960707e35f85dbd
2019-09-13 10:06:06	dar.exe	46cdc84b017b68046bb014918abf5a74
2019-09-13 14:27:04	vbc.exe	b1a61e65334971e5ce0925a0bcb660ef
2019-09-13 15:51:05	Swift.exe	9cede07c7a331dcaa691a604d28ebead
2019-09-13 16:03:05	anon.exe	d00ee2c5fde2e74d5c926998cd5e5bc9
2019-09-13 18:09:04	FlashPlayer_4.54.66.exe	bf90c9136e75d1f1be5404d2e04ccf8c
2019-09-13 18:12:31	FlashPlayer_4.54.65.exe.exe	bdc752d3b5277c6b5d0eabd4330255bc
2019-09-13 18:15:05	2342.exe	a340a8ed76fbd90be431d784246e812a
2019-09-13 21:06:05	vbc.exe	513f2055972cab45d472bfcd83c01d6b
2019-09-13 21:12:03	win.exe	b0334d1cafe2822b4eb3785a0e72c6e7
2019-09-14 00:57:04	invoice.exe	c4b0035e2eb094317a5957b915085058
2019-09-14 10:00:14	mt09.doc	15d326f77238c16dc6ca235605483a88
2019-09-14 10:03:05	naashbj876.exe	f1d529fdb5da841335269b021de052d4
2019-09-14 11:51:03	conhost.exe	07d5b291b2d9626c5e30e9247e58a388
2019-09-14 11:54:03	222.exe	7e592f22990e0889aa82907ec7a45638
2019-09-14 14:06:06	rnaashbj876.exe	f78e882638b94ff89f8612f03ea9ac02
2019-09-15 14:45:05	zzz.exe	8d14a4e9e4ef7f54ceb7516453ba5fb7
2019-09-15 18:42:06	R.exe	f020d1d254c28bc2b2fb5a153c9e85fc
2019-09-15 18:45:04	O.exe	1361a18bda5df2080018ebe752879fb9
2019-09-16 06:24:05	bot.exe	d77697c7279a7829e4fdf2ad1319929d
2019-09-16 08:06:12	jioke.exe	4a515b62671e7544446ee41659b15b6a
2019-09-16 08:09:13	goodone.exe	89713a3c0512539c9cf2647479ef3c25
2019-09-16 08:12:12	base.exe	0079e96ef61a0e4947841c860b50f3ff
2019-09-16 10:54:08	8074100	e08308048b7b315ac345c5c40c6465d7
2019-09-16 10:57:14	tk1.exe	6e6af938bd3b9f3349b419a80c5611d8
2019-09-16 17:21:10	metrocatt.exe	aa1a4272d37c4f35ebae69cb74e244e0
2019-09-16 21:21:06	Product%20Inquiry.exe	bb25fe20156c94de4b034bdf58dcbd4f
2019-09-17 08:09:04	win33.exe	c2130199129b3e6adc4765897066f0a5
2019-09-17 11:48:04	x..x.exe	3affbe4a31564940e12d8decd97b4a22
2019-09-17 13:30:04	llv.exe	ad15aa0b326105d1f747f0932d64e41a
2019-09-18 07:30:04	Black.exe	d003aa51ca1a18452646839fc3855a94
2019-09-18 07:33:03	WDefender.exe	0f5eddedd151aab4ae36e6e7d0e65f9f
2019-09-18 07:36:04	host.exe	1c58edf7def801b6fa9802a65f7af5de
2019-09-18 07:39:04	note.exe	217187ed6b05d36fecf8ebb2bae471ed
2019-09-18 07:42:03	yourown.exe	a780a6822834141a5ebea782e1adcf58
2019-09-18 08:57:08	shao.jpg	a3064ae3262154379ae5d6b5ee01c958
2019-09-18 19:15:04	kak.exe	b91114eb71f8e3f884381e97c548009f
2019-09-18 19:36:09	erp.exe	672d96ef99c5148af062b0763b1530e2
2019-09-19 00:27:07	lm46.exe	6edc2592bb0de7cc924ce31d5831de8f
2019-09-19 00:42:04	9407803699300044850263.exe	dd0d46842443bace025185c081d7d311
2019-09-19 07:09:09	trump.exe	a23c4061227a4a87676528c64e791497
2019-09-19 08:21:04	the.exe	b56bcedae5263d3fbc55735a63657a27
2019-09-19 08:27:04	g222.exe	f2e528cc680cd743feb014dfa8e43d8b
2019-09-19 08:30:06	dg1.exe	2c8ab4da7362670f9d9058eef558d7ef
2019-09-19 08:33:04	wop.exe	e876efb719ede93e7ae4c27d3636433a
2019-09-19 10:00:05	nwsfkjutyy56.exe	d8f3929c6b0ec36c51a9209f3b9874e1
2019-09-19 10:33:06	Purchase%20Order.exe	299a7603a4db753b8a20f2d459463891
2019-09-19 10:39:07	o0.exe	e77e96fdcf52fa42b97ec4b4d1a924f3
2019-09-19 21:09:08	big.exe	e66b8fb74f7a5d490b39b718be129134
2019-09-20 02:21:04	stan.exe	feb139e1cae14e17d93da19699412a75
2019-09-20 10:21:05	nsdfkjh567.exe	7f47dccad1b4b5c771e8e2cc4a73b030
2019-09-21 04:51:04	win32.exe	bcd3596521d07988efbc7f90a021d9b8
2019-09-21 17:00:04	guy2.txt	9c7108c1e5be06fed237fc885f18db27

#infosec #automation

TheSystem Itself @ 2019-08-20 15:00:07

Detected family: #Nanocore

TheSystem Itself @ 2019-08-20 15:06:04