C:\\WINDOWS\\system32\\
C:\\Program Files\\
C:\\Documents and Settings\\dev\\Local Settings\\Application Data\\
C:\\Program Files\\*.exe
C:\\Documents and Settings\\dev\\Local Settings\\Application Data\\Microsoft\\*.exe
C:\\Documents and Settings\\dev\\Local Settings\\Application Data\\*.exe
C:\\WINDOWS\\WINHELP.INI
C:\\WINDOWS\\System32\\*.dll
C:\\WINDOWS\\system32\\*.exe
C:\\Documents and Settings\\dev\\Local Settings\\Temporary Internet Files\\Content.IE5\\
C:\\Documents and Settings\\dev\\Local Settings\\Historique\\History.IE5\\
C:\\Python27\\Tools\\webchecker\\
C:\\DOCUME~1\\dev\\LOCALS~1\\Temp\\*.bat
C:\\WINDOWS\\system32\\cmd.exe
C:\\DOCUME~1\\dev\\LOCALS~1\\Temp\\*.tmp
C:\\Documents and Settings\\dev\\Application Data\\*.exe
C:\\Documents and Settings\\dev\\Application Data\\*.dll
C:\\WINDOWS\\system32\\drivers\\etc\\hosts
Device\\KsecDD
PIPE\\lsarpc
MountPointManager
C:\\Documents and Settings\\dev\\Application Data\\*.dat
PIPE\\wkssvc
Dfs
PIPE\\DAV RPC SERVICE
c:\\autoexec.bat
C:\\Documents and Settings\\dev\\Application Data\\Microsoft\\SystemCertificates
Device\\Tcp6
PhysicalDrive
C:\\WINDOWS\\win.ini
C:\\Documents and Settings\\All Users\\Application Data\\*.dat
C:\\Documents and Settings\\dev\\Local Settings\\Application Data\\*.dat
C:\\Documents and Settings\\dev\\Application Data\\*.sqlite
C:\\WINDOWS\\*.ini
PIPE\\samr
C:\\WINDOWS\\system32\\*.pbk
C:\\WINDOWS\\Registration\\R000000000007.clb
C:\\WINDOWS\\explorer.exe
autorun.inf
Software\\Microsoft\\Windows\\CurrentVersion\\Run
System\\CurrentControlSet\\Control\\SafeBoot\\minimal
System\\CurrentControlSet\\Control\\SafeBoot\\M
System\\CurrentControlSet\\Control\\SafeBoot\\NetWork
System\\CurrentControlSet\\Control\\SafeBoot\\N
Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\Run
SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Shell Folders
Software\\Microsoft\\Active Setup\\Installed Components\\
Software\\Borland
HKEY_CLASSES_ROOT\\http\\shell\\open\\command
HKEY_CLASSES_ROOT\\Applications\\iexplore.exe\\shell\\open\\command
Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders
Software\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon
SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings
Software\\Policies\\Microsoft\\Internet Explorer\\Main
Software\\Policies\\Microsoft\\Internet Explorer\\Security
Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\
Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\
Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\
Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\
Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\
Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\
HKEY_CLASSES_ROOT\\exefile\\*shell\\Open
Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer"
Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts
HKEY_CLASSES_ROOT\\.exe
Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced
Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System
Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\RestrictRun
Software\\Microsoft\\Windows\\CurrentVersion\\App Paths\\
Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileAssociation
HKEY_LOCAL_MACHINE\\System\\Setup
Software\\Microsoft\\Internet Explorer\\PhishingFilter
Software\\Microsoft\\Internet Explorer\\Privacy
HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList
HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Session Manager\\Environment
HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\System
HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Command Processor
System\\CurrentControlSet\\Services\\DNS
SYSTEM\\CurrentControlSet\\Services\\SharedAccess\\Parameters\\FirewallPolicy
SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\
Software\\Microsoft\\Windows\\CurrentVersion\\WindowsUpdate
CurrentControlSet\\Services\\Tcpip\\Parameters\\Interfaces
Software\\Microsoft\\Cryptography\\
Keyboard Layout\\Toggle
Software\\Microsoft\\Windows\\ShellNoRoam
Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShellExecuteHooks
Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\*Domains\\
Software\\Microsoft\\Ole
Software\\Microsoft\\COM3
Software\\Microsoft\\Windows\\ShellNoRoam\\MUICache
HKEY_CLASSES_ROOT\\batfile\\*shell\\open
HKEY_CLASSES_ROOT\\SystemFileAssociations
Software\\Microsoft\\Internet Explorer\\Main
SOFTWARE\\Microsoft\\VBA
Software\\Classes\\CLSID
Software\\Microsoft\\Windows\\Help
Software\\Microsoft\\Windows\\HTML
system\\currentcontrolset\\services\\disk\\enum
System\\CurrentControlSet\\Control\\Session Manager\\AppCertDlls
Software\\Microsoft\\Windows\\CurrentVersion\\WinTrust\\Trust Providers
Software\\Policies\\Microsoft\\SystemCertificates
Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Attachments
Software\\Microsoft\\Internet Explorer\\Download
Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\
HKEY_CLASSES_ROOT\\Applications\\
Control Panel\\Mouse
Software\\AutoIt v3\\AutoIt
SOFTWARE\\Microsoft\\CTF
SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Windows
Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce
SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunOnceEx
SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\Install\\Software\\Microsoft\\Windows\\CurrentVersion\\
SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ShellServiceObjectDelayLoad
SYSTEM\\CurrentControlSet\\Services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries
SYSTEM\\CurrentControlSet\\Control\\WOW
HKEY_CURRENT_USER\\Control Panel\\Desktop
SYSTEM\\CurrentControlSet\\Control\\Session Manager"
System\\CurrentControlSet\\Control\\MPRServices\\
SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects
Software\\Microsoft\\Internet Explorer\\Search
Software\\Microsoft\\Internet Explorer\\SearchUrl
Software\\Microsoft\\Windows NT\\CurrentVersion\\Image
Software\\Microsoft\\Windows NT\\CurrentVersion\\Accessibility\\Utility Manager
SOFTWARE\\Classes\\Folder\\shellex\\ColumnHandlers
System\\CurrentControlSet\\Control\\SecurityProviders
SYSTEM\\CurrentControlSet\\Control\\Print\\Monitors
system\\currentcontrolset\\control\\lsa
Software\\Microsoft\\Windows NT\\CurrentVersion\\AeDebug
Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShellIconOverlayIdentifiers
SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Drivers32
SYSTEM\\CurrentControlSet\\Control\\BootVerificationProgram
WininetStartupMutex
WininetConnectionMutex
WininetProxyRegistryMutex
Global\\{40ED9F83-B6AC-3481-*}
c:!documents and settings!dev!local settings!historique!history.ie5!
c:!documents and settings!dev!cookies!
c:!documents and settings!dev!local settings!temporary internet files!content.ie5!
_!MSFTHISTORY!_
Bitcoin
BitMiner-btc.miner
CreateService
MSCTF.Shared.MUTEX.MHF
"value": "ADVAPI32.dll"
"value": "appHelp.dll"
"value": "aticalrt.dll"
"value": "browseui.dll"
"value": "Cabinet.dll"
"value": "CERTMGR.dll"
"value": "chrome.dll"
"value": "comctl32.dll"
"value": "COMDLG32.dll"
"value": "comsvcs.dll"
"value": "crtdll.dll"
"value": "CRYPT32.dll"
"value": "cscui.dll"
"value": "d3d8.dll"
"value": "d3d9.dll"
"value": "ddraw.dll"
"value": "DNSAPI.dll"
"value": "gdi32.dll"
"value": "gdiplus.dll"
"value": "imagehlp.dll"
"value": "inetmib1.dll"
"value": "iphlpapi.dll"
"value": "LINKINFO.dll"
"value": "mlang.dll"
"value": "MPRAPI.dll"
"value": "mpr.dll"
"value": "msacm32.dll"
"value": "mscoree.dll"
"value": "msi.dll"
"value": "msimg32.dll"
"value": "msutb.dll"
"value": "MSVCP60.dll"
"value": "msvcrt.dll"
"value": "MSWSOCK.dll"
"value": "Netapi32.dll"
"value": "nspr4.dll"
"value": "ntdll.dll"
"value": "NTMARTA.dll"
"value": "odbc32.dll"
"value": "ole32.dll"
"value": "oleaut32.dll"
"value": "powrprof.dll"
"value": "psapi.dll"
"value": "pstorec.dll"
"value": "qcap.dll"
"value": "rooksbas.dll"
"value": "rsaenh.dll"
"value": "RTUTILS.dll"
"value": "sbiedll.dll"
"value": "secur32.dll"
"value": "SETUPAPI.dll"
"value": "SHELL32.dll"
"value": "SHFolder.dll"
"value": "shlwapi.dll"
"value": "snmpapi.dll"
"value": "ssleay32.dll"
"value": "syncui.dll"
"value": "txflog.dll"
"value": "urlmon.dll"
"value": "USER32.dll"
"value": "USERENV.dll"
"value": "uxtheme.dll"
"value": "VBoxDisp.dll"
"value": "version.dll"
"value": "WININET.dll"
"value": "winmm.dll"
"value": "WINTRUST.dll"
"value": "wmisvc.dll"
"value": "WOW32.DLL"
"value": "ws2_32.dll"
"value": "wsock32.dll"
"value": "xpsp2res.dll"