C:\\WINDOWS\\system32\\ C:\\Program Files\\ C:\\Documents and Settings\\dev\\Local Settings\\Application Data\\ C:\\Program Files\\*.exe C:\\Documents and Settings\\dev\\Local Settings\\Application Data\\Microsoft\\*.exe C:\\Documents and Settings\\dev\\Local Settings\\Application Data\\*.exe C:\\WINDOWS\\WINHELP.INI C:\\WINDOWS\\System32\\*.dll C:\\WINDOWS\\system32\\*.exe C:\\Documents and Settings\\dev\\Local Settings\\Temporary Internet Files\\Content.IE5\\ C:\\Documents and Settings\\dev\\Local Settings\\Historique\\History.IE5\\ C:\\Python27\\Tools\\webchecker\\ C:\\DOCUME~1\\dev\\LOCALS~1\\Temp\\*.bat C:\\WINDOWS\\system32\\cmd.exe C:\\DOCUME~1\\dev\\LOCALS~1\\Temp\\*.tmp C:\\Documents and Settings\\dev\\Application Data\\*.exe C:\\Documents and Settings\\dev\\Application Data\\*.dll C:\\WINDOWS\\system32\\drivers\\etc\\hosts Device\\KsecDD PIPE\\lsarpc MountPointManager C:\\Documents and Settings\\dev\\Application Data\\*.dat PIPE\\wkssvc Dfs PIPE\\DAV RPC SERVICE c:\\autoexec.bat C:\\Documents and Settings\\dev\\Application Data\\Microsoft\\SystemCertificates Device\\Tcp6 PhysicalDrive C:\\WINDOWS\\win.ini C:\\Documents and Settings\\All Users\\Application Data\\*.dat C:\\Documents and Settings\\dev\\Local Settings\\Application Data\\*.dat C:\\Documents and Settings\\dev\\Application Data\\*.sqlite C:\\WINDOWS\\*.ini PIPE\\samr C:\\WINDOWS\\system32\\*.pbk C:\\WINDOWS\\Registration\\R000000000007.clb C:\\WINDOWS\\explorer.exe autorun.inf Software\\Microsoft\\Windows\\CurrentVersion\\Run System\\CurrentControlSet\\Control\\SafeBoot\\minimal System\\CurrentControlSet\\Control\\SafeBoot\\M System\\CurrentControlSet\\Control\\SafeBoot\\NetWork System\\CurrentControlSet\\Control\\SafeBoot\\N Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\Run SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Shell Folders Software\\Microsoft\\Active Setup\\Installed Components\\ Software\\Borland HKEY_CLASSES_ROOT\\http\\shell\\open\\command HKEY_CLASSES_ROOT\\Applications\\iexplore.exe\\shell\\open\\command Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\User Shell Folders Software\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings Software\\Policies\\Microsoft\\Internet Explorer\\Main Software\\Policies\\Microsoft\\Internet Explorer\\Security Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\MountPoints2\\ Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\ Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\ Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\ Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Zones\\ Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Lockdown_Zones\\ HKEY_CLASSES_ROOT\\exefile\\*shell\\Open Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer" Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileExts HKEY_CLASSES_ROOT\\.exe Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\RestrictRun Software\\Microsoft\\Windows\\CurrentVersion\\App Paths\\ Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\FileAssociation HKEY_LOCAL_MACHINE\\System\\Setup Software\\Microsoft\\Internet Explorer\\PhishingFilter Software\\Microsoft\\Internet Explorer\\Privacy HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Session Manager\\Environment HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\System HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Command Processor System\\CurrentControlSet\\Services\\DNS SYSTEM\\CurrentControlSet\\Services\\SharedAccess\\Parameters\\FirewallPolicy SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\ Software\\Microsoft\\Windows\\CurrentVersion\\WindowsUpdate CurrentControlSet\\Services\\Tcpip\\Parameters\\Interfaces Software\\Microsoft\\Cryptography\\ Keyboard Layout\\Toggle Software\\Microsoft\\Windows\\ShellNoRoam Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShellExecuteHooks Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\ZoneMap\\*Domains\\ Software\\Microsoft\\Ole Software\\Microsoft\\COM3 Software\\Microsoft\\Windows\\ShellNoRoam\\MUICache HKEY_CLASSES_ROOT\\batfile\\*shell\\open HKEY_CLASSES_ROOT\\SystemFileAssociations Software\\Microsoft\\Internet Explorer\\Main SOFTWARE\\Microsoft\\VBA Software\\Classes\\CLSID Software\\Microsoft\\Windows\\Help Software\\Microsoft\\Windows\\HTML system\\currentcontrolset\\services\\disk\\enum System\\CurrentControlSet\\Control\\Session Manager\\AppCertDlls Software\\Microsoft\\Windows\\CurrentVersion\\WinTrust\\Trust Providers Software\\Policies\\Microsoft\\SystemCertificates Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Attachments Software\\Microsoft\\Internet Explorer\\Download Software\\Microsoft\\Internet Explorer\\Main\\FeatureControl\\ HKEY_CLASSES_ROOT\\Applications\\ Control Panel\\Mouse Software\\AutoIt v3\\AutoIt SOFTWARE\\Microsoft\\CTF SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Windows Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunOnceEx SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Terminal Server\\Install\\Software\\Microsoft\\Windows\\CurrentVersion\\ SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ShellServiceObjectDelayLoad SYSTEM\\CurrentControlSet\\Services\\WinSock2\\Parameters\\Protocol_Catalog9\\Catalog_Entries SYSTEM\\CurrentControlSet\\Control\\WOW HKEY_CURRENT_USER\\Control Panel\\Desktop SYSTEM\\CurrentControlSet\\Control\\Session Manager" System\\CurrentControlSet\\Control\\MPRServices\\ SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects Software\\Microsoft\\Internet Explorer\\Search Software\\Microsoft\\Internet Explorer\\SearchUrl Software\\Microsoft\\Windows NT\\CurrentVersion\\Image Software\\Microsoft\\Windows NT\\CurrentVersion\\Accessibility\\Utility Manager SOFTWARE\\Classes\\Folder\\shellex\\ColumnHandlers System\\CurrentControlSet\\Control\\SecurityProviders SYSTEM\\CurrentControlSet\\Control\\Print\\Monitors system\\currentcontrolset\\control\\lsa Software\\Microsoft\\Windows NT\\CurrentVersion\\AeDebug Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\ShellIconOverlayIdentifiers SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Drivers32 SYSTEM\\CurrentControlSet\\Control\\BootVerificationProgram WininetStartupMutex WininetConnectionMutex WininetProxyRegistryMutex Global\\{40ED9F83-B6AC-3481-*} c:!documents and settings!dev!local settings!historique!history.ie5! c:!documents and settings!dev!cookies! c:!documents and settings!dev!local settings!temporary internet files!content.ie5! _!MSFTHISTORY!_ Bitcoin BitMiner-btc.miner CreateService MSCTF.Shared.MUTEX.MHF "value": "ADVAPI32.dll" "value": "appHelp.dll" "value": "aticalrt.dll" "value": "browseui.dll" "value": "Cabinet.dll" "value": "CERTMGR.dll" "value": "chrome.dll" "value": "comctl32.dll" "value": "COMDLG32.dll" "value": "comsvcs.dll" "value": "crtdll.dll" "value": "CRYPT32.dll" "value": "cscui.dll" "value": "d3d8.dll" "value": "d3d9.dll" "value": "ddraw.dll" "value": "DNSAPI.dll" "value": "gdi32.dll" "value": "gdiplus.dll" "value": "imagehlp.dll" "value": "inetmib1.dll" "value": "iphlpapi.dll" "value": "LINKINFO.dll" "value": "mlang.dll" "value": "MPRAPI.dll" "value": "mpr.dll" "value": "msacm32.dll" "value": "mscoree.dll" "value": "msi.dll" "value": "msimg32.dll" "value": "msutb.dll" "value": "MSVCP60.dll" "value": "msvcrt.dll" "value": "MSWSOCK.dll" "value": "Netapi32.dll" "value": "nspr4.dll" "value": "ntdll.dll" "value": "NTMARTA.dll" "value": "odbc32.dll" "value": "ole32.dll" "value": "oleaut32.dll" "value": "powrprof.dll" "value": "psapi.dll" "value": "pstorec.dll" "value": "qcap.dll" "value": "rooksbas.dll" "value": "rsaenh.dll" "value": "RTUTILS.dll" "value": "sbiedll.dll" "value": "secur32.dll" "value": "SETUPAPI.dll" "value": "SHELL32.dll" "value": "SHFolder.dll" "value": "shlwapi.dll" "value": "snmpapi.dll" "value": "ssleay32.dll" "value": "syncui.dll" "value": "txflog.dll" "value": "urlmon.dll" "value": "USER32.dll" "value": "USERENV.dll" "value": "uxtheme.dll" "value": "VBoxDisp.dll" "value": "version.dll" "value": "WININET.dll" "value": "winmm.dll" "value": "WINTRUST.dll" "value": "wmisvc.dll" "value": "WOW32.DLL" "value": "ws2_32.dll" "value": "wsock32.dll" "value": "xpsp2res.dll"