Ps!SDSRegistryMachineSecuritySamSoftwareClientsMail!StartMenuInternet"IEXPLORE.EXEMiranda&Blizzard Entertainment!World of WarcraftD InstallPathC:\Program Files\World of Warcraft\MicrosoftSecurity CenterDirectPlaycryptographyE MachineGuid6ba1d002-21ed-4dbe-afb5-08cf8b81ca32RpcExtensions"!RemoteRpcDll'#DCOM Protocols!Internet ExplorerMain)Version9.11.14393.0WBEMESSIE4Setup:Path%programfiles%\Internet ExplorerWindows NTCurrentVersion$ InstallDater[6ProductId00331-10000-00001-AA607WinlogonNotify'ShellExplorer.exe>UserinitC:\Windows\system32\userinit.exe6&DefaultDomainNameHOME-D206F9C130Drivers32#auxwdmaud.drvFontSubstitutesAeDebug DWM.exeIniFileMappingwin.iniWindowsNUSR:Software\Microsoft\Windows NT\CurrentVersion\WindowsWindows"!AppInit_DLLsSvcHost>netsvcsBITSwscsvcSharedAccessW32Time,Image File Execution OptionsProfileList: ProgramData%SystemDrive%\ProgramData6Public%SystemDrive%\Users\Public=S-1-5-21-762101918-3281426462-4221395965-1000<%ProfileImagePathC:\Users\Administrator*SystemRootC:\WINDOWS/ ProductNameWindows 10 Pro%DigitalProductId¤00331-10000-00001-AA607ï [TH]X19-98795ï 4=Å9N½n/ iØWGõËÕêkùŽWindowsCurrentVersion6ProductId00331-10000-00001-AA607Uninstall"Connection ManagerIEDataRunRunOnce+ShellServiceObjectDelayLoad5$ProgramFilesDirC:\Program FilesA#CommonFilesDirC:\Program Files\Common FilesApp PathsIEXPLORE.EXEEC:\Program Files\Internet Explorer\iexplore.exe=PathC:\Program Files\Internet Explorer;MSNMSGR.EXE@C:\Program Files\MSN Messenger\msnmsgr.exe9PathC:\Program Files\MSN Messenger;Explorer#SharedTaskScheduler&Browser Helper ObjectsAdvancedShell Folders2#Common AppDataC:\ProgramData;#Common DesktopC:\Users\Public\Desktop`#Common StartupC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup"User Shell Folders1#Common AppData%ProgramData%4#Common Desktop%PUBLIC%\Desktop8%Common Documents%PUBLIC%\DocumentsX$Common Programs%ProgramData%\Microsoft\Windows\Start Menu\ProgramsQ&Common Start Menu%ProgramData%\Microsoft\Windows\Start Menu_#Common Startup%ProgramData%\Microsoft\Windows\Start Menu\Programs\StartupO%Common Templates%ProgramData%\Microsoft\Windows\Templates/ CommonMusic%PUBLIC%\Music5#CommonPictures%PUBLIC%\Pictures0 CommonVideo%PUBLIC%\VideosPoliciesSystemClassesexefileshellopencommandmsstylesfileNameTranslate&OLETransactionManagersP10FileOlePrn.AspHelpADsNamespaces.cer)Microsoft.DirectSoundWave!CDO.DropDirectoryADsDSOObject'CDO.NNTPPostConnector.1.386Drive"EditFlags8AVIFileExtensions.bmp.wav.txt.avi.wmv.wma.exe.dll.sys.datNoOpen.der"!Content Type.crl.lnkShellExQQshellopencommand?"C:\Program Files\Tencent\QQ\QQ.exe" "%1"Applicationsiexplore.exeshellopencommandJ"C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1httpshellopencommandO"C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome,InternetExplorer.ApplicationCLSID<{0002DF01-0000-0000-C000-000000000046}*WbemScripting.SWbemLocatorCLSID<{76A64158-CB41-11D1-8B02-00600806D9B6}CLSID6{0002DF01-0000-0000-C000-000000000046}LocalServer32G"C:\Program Files\Internet Explorer\IEXPLORE.EXE"6{0000031A-0000-0000-C000-000000000046}6{148BD520-A2AB-11CE-B11F-00AA00530503}DefaultIcon6{4590F811-1D3A-11D0-891F-00AA004B2E24}InprocServer32@%systemroot%\\system32\\wbem\\wbemprox.dllDirectory-InfoTipprop:DocCommentsInterface6{b196b287-bab4-101a-b69c-00aa00341d07}&IEnumConnectionsWOW6432NodeCLSID6{0002DF01-0000-0000-C000-000000000046}LocalServer32G"C:\Program Files\Internet Explorer\IEXPLORE.EXE"6{0000031A-0000-0000-C000-000000000046}6{148BD520-A2AB-11CE-B11F-00AA00530503}DefaultIcon6{4590F811-1D3A-11D0-891F-00AA004B2E24}InprocServer32@%systemroot%\\system32\\wbem\\wbemprox.dllInterfaceWOW6432NodeClientsMail!StartMenuInternet"IEXPLORE.EXEClassesMicrosoftSecurity CenterDirectPlaycryptographyRpcExtensions"!RemoteRpcDll'#DCOM Protocols!Internet ExplorerMain)Version9.11.14393.0WBEMESSWindowsCurrentVersionUninstall"Connection ManagerIEDataRunRunOnce+ShellServiceObjectDelayLoad;$ProgramFilesDirC:\Program Files (x86)G#CommonFilesDirC:\Program Files (x86)\Common FilesApp PathsIEXPLORE.EXEEC:\Program Files\Internet Explorer\iexplore.exe=PathC:\Program Files\Internet Explorer;MSNMSGR.EXE@C:\Program Files\MSN Messenger\msnmsgr.exe9PathC:\Program Files\MSN Messenger;ExplorerAdvanced&Browser Helper ObjectsShell Folders2#Common AppDataC:\ProgramData;#Common DesktopC:\Users\Public\Desktop`#Common StartupC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup"User Shell Folders1#Common AppData%ProgramData%4#Common Desktop%PUBLIC%\Desktop8%Common Documents%PUBLIC%\DocumentsX$Common Programs%ProgramData%\Microsoft\Windows\Start Menu\ProgramsQ&Common Start Menu%ProgramData%\Microsoft\Windows\Start Menu_#Common Startup%ProgramData%\Microsoft\Windows\Start Menu\Programs\StartupO%Common Templates%ProgramData%\Microsoft\Windows\Templates/ CommonMusic%PUBLIC%\Music5#CommonPictures%PUBLIC%\Pictures0 CommonVideo%PUBLIC%\VideosPoliciesSystemWindows NTCurrentVersionWinlogon'ShellExplorer.exe6&DefaultDomainNameHOME-D206F9C130Drivers32#auxwdmaud.drvFontSubstitutesAeDebug DWM.exeIniFileMappingwin.iniWindowsNUSR:Software\Microsoft\Windows NT\CurrentVersion\WindowsWindows"!AppInit_DLLsSvcHost>netsvcsBITSwscsvcSharedAccessW32Time,Image File Execution OptionsProfileList: ProgramData%SystemDrive%\ProgramData6Public%SystemDrive%\Users\Public=S-1-5-21-762101918-3281426462-4221395965-1000<%ProfileImagePathC:\Users\Administrator*SystemRootC:\WINDOWS/ ProductNameWindows 10 ProHARDWAREDESCRIPTIONSystem CentralProcessor0~MHz@Identifierx86 Family 6 Model 11 Stepping 1S(ProcessorNameStringIntel(R) Pentium(R) III CPU family 1000MHzC&SystemBiosVersionINTEL - 6040000 AWARD BIOS ,#SystemBiosDate01/02/03SYSTEMSetupSelect Current DefaultFailed&"LastKnownGoodControlSet001& CurrentControlSetServicesDiskEnum%!TimeoutValue<Pci7ImagePathsystem32\drivers\pci.sysStartWinSockEventlogStartDhcpStartRpcSsStartSharedAccessParametersFirewallPolicyStandardProfile&AuthorizedApplicationsListip6fwBITSWinSock2Parameters!Protocol_Catalog9Catalog_EntriesTcpipLinkageZBind\Device\{71CE3E16-B9A6-4EEB-9062-4EEDAF445A61}\Device\NdisWanIpParametersInterfaces6{06650599-fc0d-436a-bb1d-61e0a19fde6f}*IPAddress192.168.0.1-SubnetMask255.255.255.0E DescriptionIntel(R) Ethernet Connection I219-LM*$HardwareAddress3456786{8d02ddd0-a795-4179-a971-47a8944c15ff}+IPAddress192.168.75.1-SubnetMask255.255.255.06 DescriptionLocal Area Connection*$HardwareAddress345678ControlAGPWindows#CSDVersionTerminal ServerWinStationsRDP-Tcp#PortNumber= Session ManagerEnvironment:ComSpec%SystemRoot%\system32\cmd.exe+)NUMBER_OF_PROCESSORS4"OSWindows_NTiPath%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\WindowsPowerShell\v1.0MPATHEXT.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH+TEMP%SystemRoot%\TEMP*TMP%SystemRoot%\TEMP(windir%SystemRoot%SubSystemsWindows%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16!SecurityProvidersZ&SecurityProvidersmsapsspc.dll, schannel.dll, digest.dll, msnsspc.dllSafeBootMinimal6{4D36E967-E325-11CE-BFC1-08002BE10318}DiskDriveIDConfigDB!Hardware Profiles0001+!FriendlyNameProfile 1I"HwProfileGuid{b03c97f8-799f-11e6-b291-806e6f6e6963}User.DefaultS-1-5-19S-1-5-20=S-1-5-21-762101918-3281426462-4221395965-1000AppEventsSchemesAppsExplorerNavigating.Current.DefaultConsole!FontSize#FullScreenControl PanelSoundBeepyes'#ExtendedSoundsyesPowerCfgPowerPolicies0Keyboard0.InitialKeyboardIndicators2$"KeyboardDelay1Mouse'%SwapMouseButtons0Colors%Background0 0 0AccessibilityBlind AccessOn0InternationalGeoNation244GeoInfo2444USEnvironment:TEMP%USERPROFILE%\AppData\Local\Temp9TMP%USERPROFILE%\AppData\Local\TempEUDCKeyboard LayoutPreload100000409SubstitutesSoftwareClassesMicrosoftWindowsCurrentVersion!Internet SettingsZones3Explorer"User Shell Folders`)Administrative Tools%USERPROFILE%\Start Menu\Programs\Administrative Tools:AppData%USERPROFILE%\AppData\RoamingPCache%USERPROFILE%\Local Settings\Temporary Internet Files2Cookies%USERPROFILE%\Cookies2Desktop%USERPROFILE%\Desktop6Favorites%USERPROFILE%\FavoritesAHistory%USERPROFILE%\Local Settings\History>"Local AppData%USERPROFILE%\AppData\Local1My Music%USERPROFILE%\Music7 My Pictures%USERPROFILE%\Pictures2My Video%USERPROFILE%\Videos2NetHood%USERPROFILE%\NetHood5Personal%USERPROFILE%\Documents6PrintHood%USERPROFILE%\PrintHoodaPrograms%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs0Recent%USERPROFILE%\Recent0SendTo%USERPROFILE%\SendToZStart Menu%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start MenuhStartup%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartupXTemplates%USERPROFILE%\AppData\Roaming\Microsoft\Windows\TemplatesAdvancedShell Foldersi)Administrative ToolsC:\Users\Administrator\Start Menu\Programs\Administrative ToolsCAppDataC:\Users\Administrator\AppData\RoamingYCacheC:\Users\Administrator\Local Settings\Temporary Internet Files;CookiesC:\Users\Administrator\Cookies;DesktopC:\Users\Administrator\Desktop?FavoritesC:\Users\Administrator\FavoritesJHistoryC:\Users\Administrator\Local Settings\HistoryG"Local AppDataC:\Users\Administrator\AppData\Local:My MusicC:\Users\Administrator\Music@ My PicturesC:\Users\Administrator\Pictures;My VideoC:\Users\Administrator\Videos;NetHoodC:\Users\Administrator\NetHood>PersonalC:\Users\Administrator\Documents?PrintHoodC:\Users\Administrator\PrintHoodjProgramsC:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs9RecentC:\Users\Administrator\Recent9SendToC:\Users\Administrator\SendTocStart MenuC:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start MenuqStartupC:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartupaTemplatesC:\Users\Administrator\AppData\Roaming\Microsoft\Windows\TemplatesPoliciesSystemExplorerRunRun>CTFMON.EXEC:\Windows\system32\ctfmon.exe9QIP2005C:\Program Files\QIP\qip.exeRunOnceShellNoRoamMUICacheWindows NTCurrentVersionWindows!Internet ExplorerMain+Start Pageabout:blankSettings(Internet Account ManagerAccountsSecurity CenterRITThe Bat!MirabilisICQNewOwners9438713GhislerTotal Commander9FtpIniName%USERPROFILE%\wcx_ftp.ini@InstallDirC:\Program Files\Total CommanderRimArtsB2SettingsFarPluginsFTPHostsOpera Software$Volatile EnvironmentCAPPDATAC:\Users\Administrator\AppData\Roaming!HOMEDRIVEC:2HOMEPATH\Users\AdministratorX!LOCALAPPDATAC:\Users\Administrator\Local Settings\Application Data+USERNAMEAdministrator7 USERPROFILEC:\Users\AdministratorES-1-5-21-762101918-3281426462-4221395965-1000_Classes!Driver#cdrom#atapi#Disk#Beep#pci!FileSystem#Ntfs!ObjectTypes#Key#Device#Driver#Thread#Process!RPC Control!SECURITY!KernelObjects!Windows!WindowStations!?? GlobalRoot DosDevices GLOBAL??("CONPD:!KnownDlls32! KnownDlls!Device+"CdRom0 CdRom02"WMIDataDevice" WMIDataDevice+"KsecDD("Afd."NamedPipe PIPE-"MailSlot MAILSLOT("Mup.Parallel0 LPT1 PRN,Serial0 COM1 AUX)Null NUL7" 04HarddiskVolume1C: C: Users+ Documents and Settings>*All Users\Device\HarddiskVolume1\ProgramData" AdministratorAppData Local% Application Data# Local Settings-Temporary Internet Files Content.IE51GM0Z9M3TempMicrosoft&Internet ExplorerWindowsHistory HistoryThe Bat"AdministratorIpswitchWS_FTPSitesOpera"AdministratorMailProfileOpera ThunderbirdMozillaFirefoxQualcommEudoraSmartFTPCuteFTP GlobalSCAPECuteFTP7.0.gaimRoaming% Application DataMicrosoft&Internet ExplorerWindowsStart Menu Start MenuPrograms)Administrative ToolsStartupCookies Cookies&Network Shortcuts NetHood&Printer Shortcuts PrintHoodRecent RecentSendTo SendToTemplatesDesktopDocumentsD/Y5iswmyw.pdfkm_unvrslapp032.info+Y5ci.txt/Y5sqiwaa.doc.Y5sz11a.jpgFavoritesMusicPicturesVideos/&NTUSER.DATPublic Desktop Default! Default UserAppDataLocal% Application Data# Local Settings-Temporary Internet Files Content.IE51GM0Z9M3TempRoaming% Application DataMicrosoftWindowsStart Menu Start MenuProgramsCookies CookiesDesktop*Arquivos de programas&internet explorer1Y5iexplore.exe"Program Files!Common FilesSystemadoE0,msado15.dllkm_msado1500032.info%Microsoft SharedMSInfo Web FoldersServices%KAV Shared Files/Y5Avpupd.exe$Symantec SharedCCPD-LC1Y5symlcsvc.exe&Internet Explorer1Y5iexplore.exePLUGINSSIGNUP&Connection WizardMUIen-US$Outlook ExpressMessenger"MSN Messenger)Windows Media Player$MSN Gaming ZoneWindows Windovsbar_Kazaa%My Shared FolderWinMXSharedGrokster My Grokster eDonkey2000IncomingeMuleIncomingMorpheus%My Shared FolderSymantecLiveUpdate0AUPDATE.EXE/LSETUP.EXE1S32EVNT1.DLLTrillianUsersGlobalTencentQQ+Y5QQ.exeQIPWindows NT"Kaspersky Lab2Kaspersky Anti-Virus Personal.Y5Avpcc.exe-Y5Avpm.exe/Y5kavsvc.exe.Y5Avp32.exe8Kaspersky Anti-Virus Personal Pro 5.Y5kavmm.exe4Kaspersky Internet Security 7.0,Y5avp.exeKAV60Y5MailMon.exe1Y5KWatchUI.exe/Y5KAVSvc.exe/Y5KavPFW.exeMcAfee$McAfee Firewall,Y5cpd.exe'Network Associates%Common Framework9Y5FrameworkService.exemcafee.comvso1Y5mcshield.exe1Y5Mcvsshld.exe1Y5mcvsftsn.exe1Y5mcvsescn.exe&personal firewall3Y5MPFService.exe%Norton AntiVirus1Y5navapsvc.exe/Y5Navw32.exe0Y5Navrunr.exe-Norton Internet Security0Y5NISSERV.EXE%Norton AntiVirus/Y5Navwnt.exe0Y5SAVScan.exe0Navap32.dll'Symantec AntiVirus0Y5Rtvscan.exeEset1Y5nod32krn.exe1Y5nod32kui.exe/F-Secure Internet Securitybackweb4476822program0Y5fsbwsys.exeFWESProgram/Y5fsdfwd.exeF-SecureAnti-Virus/Y5fsav32.exe/Y5Fsgk32.exeAgnitum%Outpost Firewall0Y5outpost.exeRisingRav/Y5RavMon.exe0Y5RavMonD.exe0Y5CCenter.exerfw/Y5rfwsrv.exeZone LabsZoneAlarm2Y5zonealarm.exeSygateSPF,Y5smc.exe4AntiVir PersonalEdition Classic.Y5sched.exe0Y5avguard.exe1Y5avcenter.exe.Y5avgnt.exeIparmor0Y5Iparmor.exeKV2006/Y5kregex.exe-Y5kvxp.kxp360safesafemon0Y5360tray.exe%Microsoft OfficeOffice151Y5POWERPNT.EXE(Program Files (x86)&Internet Explorer1Y5iexplore.exe"Kaspersky Lab5Kaspersky Internet Security 21.3,Y5avp.exe.Y5avpui.exeKES.12.2.0/Y5avpsus.exe!NetworkAgent-Y5vapm.exe1Y5klnagent.exe  ProgramData% Application Data DesktopMicrosoftWindowsStart Menu Start MenuProgramsStartup WINDOWS SystemRootsystemTempHelpTourshtmlTourINFResourcespchealthhelpctrbinariesjavaclassesMediaCursorsDebugUserModeFontsConfigaddinsTasksAppPatchInstaller"Microsoft.NETFrameworkv2.0.50727/Y5RegAsm.exe0Y5MSBuild.exeWebWallpapersystem325 !KnownDllPathC:\WINDOWS\system32inetsrvdriversetc*HOSTSB-,indis.syskm_ndis00000064.infoB-tbeep.syskm_unvrsldrv064.info.tip6fw.sys-tntfs.sys-tdisk.sys.tatapi.sys,tpci.sys.ttcpip.sysC.Mnetio.syskm_netio0000064.infoD/AfltMgr.syskm_fltmgr000064.infowbemIMEdllcacheRestoreconfigComoobe)htmlspoolPRTPROCSW32X86MicrosoftMsdtcTraceMacromedFlashC.ǕFlash.ocxkm_flash0000032.info&WindowsPowerShellv1.0H3hTrpowershell.exekm_unvrslapp064.info0hTrsvchost.exe1hTrregsvr32.exe1hTrrundll32.exeA,gcmd.exekm_cmd000000064.info,Y5reg.exe,Y5net.exe-Y5net1.exe1Y5taskkill.exe1Y5shutdown.exe+Y5sc.exe1Y5userinit.exe-Y5calc.exe0Y5notepad.exe0Y5mspaint.exe.Y5netsh.exe1hTrdiskperf.exe1hTrWerFault.exe.hTrlsass.exe.hTrcsrss.exe-hTrsmss.exe0hTrwininit.exe1hTrservices.exe1hTrwinlogon.exe0hTrspoolsv.exeC.)etaadtb.dllkm_unvrsldll064.infoC.(aclui.dllkm_aclui0000064.infoF1# advapi32.dllkm_advapi320064.info! advapi32.dllE0advpack.dllkm_advpack00064.info-)etamsi.dllE0Ae}apphelp.dllkm_apphelp00064.info0)etappxsip.dllA,ƒ Gatl.dllkm_atl000000064.infoC.rauthz.dllkm_authz0000064.infoF1P(avicap32.dllkm_avicap320064.infoF1-avifil32.dllkm_avifil320064.infoE0NIbasesrv.dllkm_basesrv00064.infoD/_bcrypt.dllkm_bcrypt000064.info9)etbcryptprimitives.dllG2IW8BitsProxy.dllkm_bitsproxy064.infoE0DZcabinet.dllkm_cabinet00064.infoF1cfgmgr32.dllkm_cfgmgr320064.infoE0CAclusapi.dllkm_clusapi00064.infoE0h9[combase.dllkm_combase00064.info  combase.dllF1xcomctl32.dllkm_comctl320064.info! comctl32.dllF1yUcomdlg32.dllkm_comdlg320064.info! comdlg32.dllE0*)comsnap.dllkm_comsnap00064.infoE0-:crypt32.dllkm_crypt3200064.info  crypt32.dllG28cryptbase.dllkm_cryptbase064.infoF19ecryptdll.dllkm_cryptdll0064.infoE0:}cryptsp.dllkm_cryptsp00064.infoB-Cd3d9.dllkm_d3d900000064.infoE0e/7dbghelp.dllkm_dbghelp00064.infoC.zoddraw.dllkm_ddraw0000064.infoE0devenum.dllkm_devenum00064.infoD/49Fdfscli.dllkm_dfscli000064.infoD/}dnsapi.dllkm_dnsapi000064.infoC.:Tdpapi.dllkm_dpapi0000064.infoD/h/,Vdsound.dllkm_dsound000064.infoD/.*fltLib.dllkm_fltlib000064.infoC.K5)gdi32.dllkm_gdi320000064.info gdi32.dllE0czGdiPlus.dllkm_gdiplus00064.info  gdiplus.dllC. [glu32.dllkm_glu320000064.infoA,źhal.dllkm_hal000000064.infoA,[_hid.dllkm_hid000000064.infoB-7Bicmp.dllkm_icmp00000064.infoE0mQieframe.dllkm_ieframe00064.infoF1Eimagehlp.dllkm_imagehlp0064.info! imagehlp.dllC.`?imm32.dllkm_imm320000064.info imm32.dllF1&inetmib1.dllkm_inetmib10064.infoF1{IPHLPAPI.DLLkm_iphlpapi0064.infoF1d,kernel32.dllkm_kernel320064.info! kernel32.dllH3#KernelBase.dllkm_kernelbase64.info# kernelbase.dllF1r*linkinfo.dllkm_linkinfo0064.infoF1>logoncli.dllkm_logoncli0064.infoB-}$NNlz32.dllkm_lz3200000064.infoA,*15mpr.dllkm_mpr000000064.infoD/n mprapi.dllkm_mprapi000064.infoE0msacm32.dllkm_msacm3200064.infoD/jmsasn1.dllkm_msasn1000064.info msasn1.dllC.܇mscms.dllkm_mscms0000064.infoE0zmscoree.dllkm_mscoree00064.infoD/_Rmshtml.dllkm_mshtml000064.infoA,ikmsi.dllkm_msi000000064.infoE0]msimg32.dllkm_msimg3200064.infoE0fp=cmsvcirt.dllkm_msvcirt00064.infoF1msvcp140.dllkm_msvcp1400064.info2msvcp140d.dllD/_msvcrt.dllkm_msvcrt000064.info msvcrt.dllE0RD<msvfw32.dllkm_msvfw3200064.infoE0"mswsock.dllkm_mswsock00064.infoD/bh msxml6.dllkm_msxml6000064.infoF150gynetapi32.dllkm_netapi320064.infoF1\netutils.dllkm_netutils0064.infoC.ntdll.dllkm_ntdll0000064.info ntdll.dllF1_tntlanman.dllkm_ntlanman0064.infoF1(ntoskrnl.exekm_ntoskrnl0064.infoD/Podbc32.dllkm_odbc32000064.infoC.~LRole32.dllkm_ole320000064.info ole32.dllD/F%Πoleacc.dllkm_oleacc000064.infoF1Qoleaut32.dllkm_oleaut320064.info! oleaut32.dllD/aoledlg.dllkm_oledlg000064.infoF1=?eopengl32.dllkm_opengl320064.infoA,pdh.dllkm_pdh000000064.infoC.逫psapi.dllkm_psapi0000064.info psapi.dllE0"Hpstorec.dllkm_pstorec00064.infoB-Y#qmgr.dllkm_qmgr00000064.infoD/quartz.dllkm_quartz000064.infoF1rasapi32.dllkm_rasapi320064.infoF1friched20.dllkm_riched200064.infoD/;,]rpcrt4.dllkm_rpcrt4000064.info rpcrt4.dllD/Mmsamcli.dllkm_samcli000064.infoD/Dsamlib.dllkm_samlib000064.infoF1~schedcli.dllkm_schedcli0064.infoD/[Bscrrun.dllkm_scrrun000064.infoE0lcsechost.dllkm_sechost00064.info  sechost.dllE0!secur32.dllkm_secur3200064.infoF1 setupapi.dllkm_setupapi0064.info! setupapi.dllA,Cosfc.dllkm_sfc000000064.infoD/!sfc_os.dllkm_sfc_os000064.infoD/ {shcore.dllkm_shcore000064.infoE0shdocvw.dllkm_shdocvw00064.infoE0N+shell32.dllkm_shell3200064.info  shell32.dllF1U=shfolder.dllkm_shfolder0064.infoE0shlwapi.dllkm_shlwapi00064.info  shlwapi.dllE0r:snmpapi.dllkm_snmpapi00064.infoF1*srclient.dllkm_srclient0064.infoD/srvcli.dllkm_srvcli000064.infoE0ΑSspicli.dllkm_sspicli00064.infoD/tapi32.dllkm_tapi32000064.infoF1uytaskschd.dllkm_taskschd0064.infoF1ucrtbase.dllkm_ucrtbase0064.info! ucrtbase.dllG28ucrtbased.dllkm_ucrtbased064.infoB-Cbcrypt.dllkm_bcrypt000032.info9%bcryptprimitives.dllG2gBitsProxy.dllkm_bitsproxy032.infoE0+}%cabinet.dllkm_cabinet00032.infoF1fd cfgmgr32.dllkm_cfgmgr320032.infoE0ŏ jclusapi.dllkm_clusapi00032.infoE0:Ncombase.dllkm_combase00032.info combase.dllF1ocomctl32.dllkm_comctl320032.info!comctl32.dllF14jcomdlg32.dllkm_comdlg320032.info!comdlg32.dllE0ucomsnap.dllkm_comsnap00032.infoD/)[crtdll.dllkm_crtdll000032.infoE0f[ crypt32.dllkm_crypt3200032.info crypt32.dllG2+cryptbase.dllkm_cryptbase032.infoF1Xcryptdll.dllkm_cryptdll0032.infoE0cryptsp.dllkm_cryptsp00032.infoB-d3d9.dllkm_d3d900000032.infoE0Ndbghelp.dllkm_dbghelp00032.infoC.Lddraw.dllkm_ddraw0000032.infoE0T1devenum.dllkm_devenum00032.infoD/'/dfscli.dllkm_dfscli000032.infoD/Mdnsapi.dllkm_dnsapi000032.infoC.F[dpapi.dllkm_dpapi0000032.infoD/Mdsound.dllkm_dsound000032.infoD/sfltLib.dllkm_fltlib000032.infoC.ŭgdi32.dllkm_gdi320000032.infogdi32.dllE0GdiPlus.dllkm_gdiplus00032.info gdiplus.dllC.PAglu32.dllkm_glu320000032.infoA,)9>hal.dllkm_hal000000032.infoA,j>hid.dllkm_hid000000032.infoB-icmp.dllkm_icmp00000032.infoE04ieframe.dllkm_ieframe00032.infoF1 $bimagehlp.dllkm_imagehlp0032.info!imagehlp.dllC.jimm32.dllkm_imm320000032.infoimm32.dllF19inetmib1.dllkm_inetmib10032.infoF1QIPHLPAPI.DLLkm_iphlpapi0032.infoF1MLkernel32.dllkm_kernel320032.info!kernel32.dllH3]KernelBase.dllkm_kernelbase32.info#kernelbase.dllF1aK}linkinfo.dllkm_linkinfo0032.infoF1`iMlogoncli.dllkm_logoncli0032.infoB-/lz32.dllkm_lz3200000032.infoA,T+mpr.dllkm_mpr000000032.infoD/M&mprapi.dllkm_mprapi000032.infoE0,nmmsacm32.dllkm_msacm3200032.infoD/msasn1.dllkm_msasn1000032.infomsasn1.dllC.fKomscms.dllkm_mscms0000032.infoF1`Nmscomctl.ocxkm_mscomctl0032.infoF1o[mswinsck.ocxkm_mswinsck0032.infoE04 zmscoree.dllkm_mscoree00032.infoD/S3mshtml.dllkm_mshtml000032.infoA,p msi.dllkm_msi000000032.infoE0 Smsimg32.dllkm_msimg3200032.infoE0ܼ\msvcirt.dllkm_msvcirt00032.infoF1l{Emsvcp140.dllkm_msvcp1400032.info2l{Emsvcp140d.dllE0Mmsvcr71.dllkm_msvcr7100032.infoD/(j>=msvcrt.dllkm_msvcrt000032.infomsvcrt.dllF1msvcrt40.dllkm_msvcrt400032.infoE0P%msvfw32.dllkm_msvfw3200032.infoE0C2mswsock.dllkm_mswsock00032.infoD/ؤomsxml6.dllkm_msxml6000032.infoF1netapi32.dllkm_netapi320032.infoF1`netutils.dllkm_netutils0032.infoC.uTntdll.dllkm_ntdll0000032.infontdll.dllF1~ntlanman.dllkm_ntlanman0032.infoF1䰒ntoskrnl.exekm_ntoskrnl0032.infoD/odbc32.dllkm_odbc32000032.infoC.Ā3}ole32.dllkm_ole320000032.infoole32.dllD/$oleacc.dllkm_oleacc000032.infoF1"oleaut32.dllkm_oleaut320032.info!oleaut32.dllF19olecli32.dllkm_olecli320032.infoD/izoledlg.dllkm_oledlg000032.infoF1.olepro32.dllkm_olepro320032.infoF1opengl32.dllkm_opengl320032.infoA,W?pdh.dllkm_pdh000000032.infoC.SLʝpsapi.dllkm_psapi0000032.infopsapi.dllE0MjCpstorec.dllkm_pstorec00032.infoB-bBqmgr.dllkm_qmgr00000032.infoD/lquartz.dllkm_quartz000032.infoF1>N0rasapi32.dllkm_rasapi320032.infoF1[riched20.dllkm_riched200032.infoD/rpcrt4.dllkm_rpcrt4000032.inforpcrt4.dllD/o Lsamcli.dllkm_samcli000032.infoD/%vsamlib.dllkm_samlib000032.infoF1fxschedcli.dllkm_schedcli0032.infoD/gscrrun.dllkm_scrrun000032.infoE0sechost.dllkm_sechost00032.info sechost.dllE0+secur32.dllkm_secur3200032.infoF18setupapi.dllkm_setupapi0032.info!setupapi.dllA,5sfc.dllkm_sfc000000032.infoD/=3@sfc_os.dllkm_sfc_os000032.infoD/shcore.dllkm_shcore000032.infoE0Lkshdocvw.dllkm_shdocvw00032.infoE0Jshell32.dllkm_shell3200032.info shell32.dllF1hshfolder.dllkm_shfolder0032.infoE0]shlwapi.dllkm_shlwapi00032.info shlwapi.dllE0E[ snmpapi.dllkm_snmpapi00032.infoF1r渝srclient.dllkm_srclient0032.infoD/*usrvcli.dllkm_srvcli000032.infoE0VSspicli.dllkm_sspicli00032.infoD/"8etapi32.dllkm_tapi32000032.infoF1m taskschd.dllkm_taskschd0032.infoF1Npucrtbase.dllkm_ucrtbase0032.info!ucrtbase.dllG24oμucrtbased.dllkm_ucrtbased032.infoB-ulib.dllkm_ulib00000032.infoA,*url.dllkm_url000000032.infoD/Yurlmon.dllkm_urlmon000032.infoD/Θuser32.dllkm_user32000032.infouser32.dllE0T{suserenv.dllkm_userenv00032.infoE06 uxtheme.dllkm_uxtheme00032.infoJ5>vcruntime140.dllkm_vcruntime132.info6>vcruntime140d.dllE0Oversion.dllkm_version00032.infoF1͙wbemdisp.dllkm_wbemdisp0032.infoM8$Ewindows.storage.dllkm_windows_st32.info(windows.storage.dllE0winhttp.dllkm_winhttp00032.infoE02wininet.dllkm_wininet00032.infoC.Qwinmm.dllkm_winmm0000032.infoF1$WinSCard.dllkm_winscard0032.infoF1t6winspool.drvkm_winspool0032.infoD/Y winsrv.dllkm_winsrv000032.infoD/+winsta.dllkm_winsta000032.infoF1wintrust.dllkm_wintrust0032.info!wintrust.dllD/.ubwkscli.dllkm_wkscli000032.infoE0.wldap32.dllkm_wldap3200032.info1%wmiutils.dllA,vIwmp.dllkm_wmp000000032.infoD/fws2_32.dllkm_ws2_32000032.infows2_32.dllE0+ws2help.dllkm_ws2help00032.infoC.{ŵ;wshom.ocxkm_wshom0000032.infoE0Vwsock32.dllkm_wsock3200032.infoF1:AXwtsapi32.dllkm_wtsapi320032.info1%serialui.dll0%NTDSAPI.DLL1%ACTIVEDS.DLL.%dxva2.dll.%AUTHZ.DLLC.ԋmfc42.dllkm_mfc420000032.infoF1msvbvm50.dllkm_msvbvm600032.info1msvbvm60.dllD/ x)expsrv.dllkm_expsrv000032.infoE0 :msvcp60.dllkm_msvcp6000032.info0YWmsvcr80.dll06msvcr90.dll1Ȫmsvcr100.dll0% hmsvcp80.dll0}imsvcp90.dll1msvcp100.dllComconfigIMEinetsrvMacromedFlash.ǕFlash.ocxooberestorewbemdriversB-?ndis.syskm_ndis00000032.info-'\beep.sys.'\ip6fw.sys-'\ntfs.sys-'\disk.sys.'\atapi.sys,'\pci.sysetc&WindowsPowerShellv1.03Y5powershell.exe-Downloaded Program Files6WindowsUpdate.log1hTrexplorer.exe0hTrregedit.exe1'NTDETECT.COM*'ntldr-'boot.ini+'IO.SYS.'MSDOS.SYS1AUTOEXEC.BAT/CONFIG.SYSRecycledRecycler.System Volume InformationDownloads4Y5ChromeSetup.exe2hTrJavaSetup.exe.hTrazxeq.exe1Y5MQzqahoq.exe7"  4HarddiskVolume2E: E:,Y5hvf.exe0Y5frxDtxd.exe+Y5mu.exe7" @4HarddiskVolume3Z: Z:fXjllNn/Y5iswmyw.exehrt+Y5ci.exehzzRllj/Y5sqiwaa.exe!Harddisk0 Partition1("DR0# PhysicalDrive0 Partition0!Harddisk1 Partition1("DR1 Partition0!Harddisk2 Partition0 !BaseNamedObjects Local Global!Sessions!1 !BaseNamedObjects Local Global)mkm_dwnldapp0032.info)km_dwnlddll0032.info)Rt km_dwnldapp0064.info)(4km_dwnlddll0064.infoWINDOWS sysnative system32 driversetcMachineSoftwareClassesCLSIDInterface(5UserSIDl-c'5UserNameAdministrator'5NumberOfProcessors'5PhysicalMemoryInGb