Sample File:

	MD5 hash:
		59706e1c7a11cc204a9be6b75cdf214b

	SHA1 hash:
		e12b557a77bb984674374109d99717eb97bc6429

	SHA256 hash:
		634ad02fba5314a9c69334923a448c452550e08427ca7edb11d2d984eb66c115

	SSDEEP hash:
		24576:MCdxte/80jYLT3U1jfsWaaFYbqukGmoBxcATQ0j:tw80cTsjkWaaxrA

	Filename(s):
		urkotu.exe

	Filetype:
		Windows Exe (x86-32)


Mutex IOCs:

		{ergvvsvfxlybedyahvxbrbqcraka}


Registry Key IOCs:

		HKEY_CLASSES_ROOT\HTTP\shell\open\command
		HKEY_CLASSES_ROOT\jarfile\shell\open\command
		HKEY_CURRENT_USER\Control Panel\Mouse
		HKEY_CURRENT_USER\Control Panel\Mouse\SwapMouseButtons
		HKEY_CURRENT_USER\SOFTWARE\Blizzard Entertainment
		HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
		HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
		HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Task Protect 2.3
		HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Task Protect 2.3
		HKEY_CURRENT_USER\Software\AppDataLow\Google Updater
		HKEY_CURRENT_USER\Software\AppDataLow\Google Updater\LastUpdate
		HKEY_CURRENT_USER\Software\AppDataLow\Software
		HKEY_CURRENT_USER\Software\AppDataLow\Software\MyMailClient
		HKEY_CURRENT_USER\Software\AppDataLow\Software\{1C1C1C1C-1C1C-1C1C-1C1C-1C1C1C1C1C1C}\00101CF2\fd01153281ab2
		HKEY_CURRENT_USER\Software\AppDataLow\Software\{2F917068-DC0D-ADE9-C564-77CBD67FE7B8}\11881FB1
		HKEY_CURRENT_USER\Software\AppDataLow\Software\{2F917068-DC0D-ADE9-C564-77CBD67FE7B8}\11881FB1\117ce5fb8f9407ebb4
		HKEY_CURRENT_USER\Software\AppDataLow\Software\{2F917068-DC0D-ADE9-C564-77CBD67FE7B8}\11881FB1\322f798102854
		HKEY_CURRENT_USER\Software\AppDataLow\Software\{2F917068-DC0D-ADE9-C564-77CBD67FE7B8}\11881FB1\322f798102854\d14736f3a3af25
		HKEY_CURRENT_USER\Software\AppDataLow\Software\{2F917068-DC0D-ADE9-C564-77CBD67FE7B8}\11881FB1\5559d2db9daca3e4ef7
		HKEY_CURRENT_USER\Software\AppDataLow\Software\{2F917068-DC0D-ADE9-C564-77CBD67FE7B8}\11881FB1\CW1
		HKEY_CURRENT_USER\Software\AppDataLow\Software\{2F917068-DC0D-ADE9-C564-77CBD67FE7B8}\11881FB1\e6577de29e95e38a02
		HKEY_CURRENT_USER\Software\AppDataLow\Software\{2F917068-DC0D-ADE9-C564-77CBD67FE7B8}\11881FB1\e6577de29e95e38a02\02693813c9e94ded
		HKEY_CURRENT_USER\Software\AppDataLow\Software\{2F917068-DC0D-ADE9-C564-77CBD67FE7B8}\11881FB1\e6577de29e95e38a02\053351c4408b7c813
		HKEY_CURRENT_USER\Software\AppDataLow\Software\{2F917068-DC0D-ADE9-C564-77CBD67FE7B8}\11881FB1\e6577de29e95e38a02\0c5af5e4d37
		HKEY_CURRENT_USER\Software\AppDataLow\Software\{2F917068-DC0D-ADE9-C564-77CBD67FE7B8}\11881FB1\e6577de29e95e38a02\0d12757fbbf3
		HKEY_CURRENT_USER\Software\AppDataLow\Software\{2F917068-DC0D-ADE9-C564-77CBD67FE7B8}\11881FB1\e6577de29e95e38a02\41f5ddd483f58
		HKEY_CURRENT_USER\Software\AppDataLow\Software\{2F917068-DC0D-ADE9-C564-77CBD67FE7B8}\11881FB1\e6577de29e95e38a02\511df58c43fc0
		HKEY_CURRENT_USER\Software\AppDataLow\Software\{2F917068-DC0D-ADE9-C564-77CBD67FE7B8}\11881FB1\e6577de29e95e38a02\5615404c6cc999b
		HKEY_CURRENT_USER\Software\AppDataLow\Software\{2F917068-DC0D-ADE9-C564-77CBD67FE7B8}\11881FB1\e6577de29e95e38a02\5ffd897d923e
		HKEY_CURRENT_USER\Software\AppDataLow\Software\{2F917068-DC0D-ADE9-C564-77CBD67FE7B8}\11881FB1\e6577de29e95e38a02\66dfeeb3f4c63abca14
		HKEY_CURRENT_USER\Software\AppDataLow\Software\{2F917068-DC0D-ADE9-C564-77CBD67FE7B8}\11881FB1\e6577de29e95e38a02\7f9ca0f406c3b226
		HKEY_CURRENT_USER\Software\AppDataLow\Software\{2F917068-DC0D-ADE9-C564-77CBD67FE7B8}\11881FB1\e6577de29e95e38a02\8014f07ffab8a0f657
		HKEY_CURRENT_USER\Software\AppDataLow\Software\{2F917068-DC0D-ADE9-C564-77CBD67FE7B8}\11881FB1\e6577de29e95e38a02\820ee8cfcabdd7fb1
		HKEY_CURRENT_USER\Software\AppDataLow\Software\{2F917068-DC0D-ADE9-C564-77CBD67FE7B8}\11881FB1\e6577de29e95e38a02\9b98592ad9d1
		HKEY_CURRENT_USER\Software\AppDataLow\Software\{2F917068-DC0D-ADE9-C564-77CBD67FE7B8}\11881FB1\e6577de29e95e38a02\af65e3d3b62960
		HKEY_CURRENT_USER\Software\AppDataLow\Software\{2F917068-DC0D-ADE9-C564-77CBD67FE7B8}\11881FB1\e6577de29e95e38a02\cb7bbbee06636e5
		HKEY_CURRENT_USER\Software\AppDataLow\Software\{2F917068-DC0D-ADE9-C564-77CBD67FE7B8}\11881FB1\e6577de29e95e38a02\d4241b38e93732569
		HKEY_CURRENT_USER\Software\AppDataLow\Software\{2F917068-DC0D-ADE9-C564-77CBD67FE7B8}\11881FB1\e6577de29e95e38a02\d6a1c812c2
		HKEY_CURRENT_USER\Software\AppDataLow\Software\{2F917068-DC0D-ADE9-C564-77CBD67FE7B8}\11881FB1\e6577de29e95e38a02\dca28b911c
		HKEY_CURRENT_USER\Software\AppDataLow\Software\{2F917068-DC0D-ADE9-C564-77CBD67FE7B8}\11881FB1\e6577de29e95e38a02\eb57aba56f848
		HKEY_CURRENT_USER\Software\AppDataLow\Software\{2F917068-DC0D-ADE9-C564-77CBD67FE7B8}\11881FB1\e6577de29e95e38a02\ee74df3587
		HKEY_CURRENT_USER\Software\AutoIt v3\AutoIt
		HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\TrendMicro\HijackThis
		HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
		HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Isolation
		HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\NoProtectedModeBanner
		HKEY_CURRENT_USER\Software\Microsoft\Terminal Server Client\Default
		HKEY_CURRENT_USER\Software\Microsoft\VisualStudio
		HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
		HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1\2500
		HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
		HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\2500
		HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
		HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500
		HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
		HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\2500
		HKEY_CURRENT_USER\Software\Skype
		HKEY_CURRENT_USER\Software\VMware, Inc.
		HKEY_CURRENT_USER\Software\Valve\Steam
		HKEY_CURRENT_USER\Software\Win7zip
		HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System
		HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\BIOS
		HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer
		HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
		HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString
		HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion
		HKEY_LOCAL_MACHINE\SOFTWARE\AdwCleaner
		HKEY_LOCAL_MACHINE\SOFTWARE\Classes\origin
		HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP
		HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion
		HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rstrui.exe
		HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rstrui.exe\Debugger
		HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ws97995e1qms.exe
		HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ws97995e1qms.exe\Debugger
		HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ws97995e1qms.exe\DisableExceptionChainValidation
		HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductId
		HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
		HKEY_LOCAL_MACHINE\SOFTWARE\Safer Networking Limited\Spybot - Search & Destroy 2
		HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\InstalledApps
		HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\InstalledApps
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\EnableFirewall
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\EnableFirewall
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\.NET CLR Data
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\.NET CLR Networking
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\.NET CLR Networking 4.0.0.0
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\.NET Data Provider for Oracle
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\.NET Data Provider for SqlServer
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\.NET Memory Cache 4.0
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\.NETFramework
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\1394ohci
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\3ware
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\ACPI
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\ADOVMPPackage
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\ADP80XX
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\AFD
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\AJRouter
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\ALG
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\AcpiPmi
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\AdobeARMservice
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\AmdK8
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\AmdPPM
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\AppID
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\AppIDSvc
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\AppMgmt
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\AppReadiness
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\AppXSvc
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Appinfo
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Apple Mobile Device
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\AsyncMac
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\AudioEndpointBuilder
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Audiosrv
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\AxInstSV
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BDESVC
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BTHMODEM
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BTHPORT
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BasicDisplay
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BasicRender
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BattC
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Beep
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BrokerInfrastructure
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Browser
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BthAvrcpTg
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BthHFEnum
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BthHFSrv
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\CDPSvc
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\CLFS
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\CNG
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\COMSysApp
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\CSC
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\CapImg
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\CertPropSvc
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\ClickToRunSvc
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\ClipSVC
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\CmBatt
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\CompositeBus
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\CoreMessagingRegistrar
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\CoreUI
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\CryptSvc
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\CscService
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\DCLocator
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\DPS
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\DXGKrnl
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\DcomLaunch
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\DcpSvc
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\DevQueryBroker
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\DeviceAssociationService
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\DeviceInstall
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dfsc
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dhcp
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\DiagTrack
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\DmEnrollmentSvc
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Dnscache
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\DoSvc
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\DsSvc
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\DsmSvc
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\EFS
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\ESENT
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Eaphost
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\EhStorClass
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\EhStorTcgDrv
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\EntAppSvc
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\ErrDev
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\EventLog
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\EventSystem
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FDResPub
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Fax
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FileCrypt
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FileInfo
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Filetrace
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FltMgr
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FontCache
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FontCache3.0.0.0
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FsDepends
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Fs_Rec
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\GPIOClx0101
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\GpuEnergyDrv
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\HDAudBus
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\HTTP
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\HdAudAddService
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\HidBatt
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\HidBth
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\HidIr
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\HidUsb
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\HomeGroupListener
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\HomeGroupProvider
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\HpSAMD
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\HyperVideo
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\IEEtwCollectorService
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\IKEEXT
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\IPMIDRV
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\IPNAT
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\IRENUM
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\IoQos
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\IpFilterDriver
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\KSecDD
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\KSecPkg
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\KeyIso
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\KtmRm
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LSI_SAS
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LSI_SAS2i
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LSI_SAS3i
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LSI_SSS
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LSM
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanServer
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanWorkstation
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LicenseManager
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Lsa
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\MMCSS
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\MRxDAV
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\MSDTC
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\MSDTC Bridge 3.0.0.0
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\MSDTC Bridge 4.0.0.0
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\MSKSSRV
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\MSPCLOCK
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\MSPQM
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\MSSCNTRS
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\MSTEE
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\MSiSCSI
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\MTConfig
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\MapsBroker
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Modem
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\MozillaMaintenance
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\MpsSvc
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\MsBridge
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\MsLldp
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\MsRPC
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Msfs
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Mup
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\N360
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NAV
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NDIS
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NETVSCVFPP
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NIS
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NTDS
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NTFS
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NativeWifiP
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NcaSvc
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NcbService
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NcdAutoSetup
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NdisCap
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NdisImPlatform
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NdisTapi
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NdisVirtualBus
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NdisWan
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Ndisuio
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Ndu
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetSetupSvc
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetTcpPortSharing
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetbiosSmb
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Netlogon
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Netman
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NgcCtnrSvc
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NgcSvc
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NlaSvc
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Npfs
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Null
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\OneSyncSvc
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\OneSyncSvc_Session1
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PEAUTH
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PNRPAutoReg
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PNRPsvc
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Parport
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PcaSvc
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PeerDistSvc
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PerfDisk
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PerfHost
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PerfNet
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PerfOS
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PerfProc
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PimIndexMaintenanceSvc
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PimIndexMaintenanceSvc_Session1
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PlugPlay
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PolicyAgent
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PortProxy
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Power
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PptpMiniport
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PrintNotify
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Processor
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\ProfSvc
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Psched
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\QWAVE
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\QWAVEdrv
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RDMANDK
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RDPDR
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RDPNP
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RDPUDD
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RapportMgmtService
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RasAcd
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RasAgileVpn
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RasAuto
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RasMan
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RasPppoe
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RasSstp
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Rasl2tp
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Razerlow
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RdpVideoMiniport
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\ReFSv1
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RegFilter
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RemoteAccess
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RemoteRegistry
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RetailDemo
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RpcEptMapper
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RpcLocator
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RpcSs
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SCPolicySvc
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SCardSvr
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SDRSVC
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SENS
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SMSvcHost 3.0.0.0
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SMSvcHost 4.0.0.0
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SNMPTRAP
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SSDPSRV
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SamSs
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\ScDeviceEnum
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Schedule
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SensorDataService
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SensorService
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SensrSvc
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SerCx
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SerCx2
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Serenum
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Serial
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\ServiceModelEndpoint 3.0.0.0
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\ServiceModelOperation 3.0.0.0
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\ServiceModelService 3.0.0.0
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SessionEnv
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\ShellHWDetection
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SiSRaid2
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SiSRaid4
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SmsRouter
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SpbCx
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Spooler
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SstpSvc
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\StateRepository
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\StorSvc
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Synth3dVsc
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SysMain
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SystemEventsBroker
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\TCPIP6TUNNEL
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\TCPIPTUNNEL
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\TPM
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\TSDDD
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\TabletInputService
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\TapiSrv
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip6
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\TermService
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Themes
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\TimeBroker
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\TrkWks
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\TrustedInstaller
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\TsUsbFlt
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\TsUsbGD
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\UASPStor
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\UEFI
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\UGTHRSVC
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\UGatherer
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\UI0Detect
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\UcmCx0101
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\UcmUcsi
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Ucx01000
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\UdeCx
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Ufx01000
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\UfxChipidea
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\UmPass
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\UmRdpService
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\UnistoreSvc
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\UnistoreSvc_Session1
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\UrsChipidea
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\UrsCx01000
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\acpiex
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\acpipagr
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\acpitime
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\adsi
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\agp440
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\ahcache
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\amdsata
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\amdsbs
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\amdxata
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\arcsas
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\atapi
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\b06bdrv
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\bcmfn2
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\bowser
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\bthhfhid
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\bthserv
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\buttonconverter
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\cdfs
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\cdrom
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\circlass
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\clr_optimization_v2.0.50727_32
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\clr_optimization_v2.0.50727_64
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\clr_optimization_v4.0.30319_32
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\clr_optimization_v4.0.30319_64
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\cnghwassist
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\condrv
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\crypt32
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\dam
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\defragsvc
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\dg_ssudbus
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\diagnosticshub.standardcollector.service
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\disk
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\dmvsc
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\dmwappushservice
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\dot3svc
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\drmkaud
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\e1iexpress
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\ebdrv
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\embeddedmode
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\exfat
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\fastfat
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\fcvsc
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\fdPHost
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\fdc
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\fhsvc
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\flpydisk
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\fvevol
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\gagp30kx
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\gencounter
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\genericusbfn
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\gpsvc
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\gupdate
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\gupdatem
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\hidi2c
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\hidinterrupt
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\hidserv
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\hwpolicy
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\hyperkbd
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\i8042prt
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\iScsiPrt
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\iaLPSSi_GPIO
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\iaLPSSi_I2C
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\iaStorAV
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\iaStorV
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\ibbus
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\icssvc
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\inetaccs
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\intelide
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\intelpep
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\intelppm
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\iphlpsvc
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\isapnp
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\kbdclass
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\kbdhid
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\kdnic
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\ksthunk
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\ldap
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\lfsvc
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\lltdio
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\lltdsvc
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\lmhosts
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\luafv
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\megasas
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\megasr
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\mlx4_bus
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\monitor
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\mouclass
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\mouhid
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\mountmgr
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\mpsdrv
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\mrxsmb
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\mrxsmb10
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\mrxsmb20
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\msgpiowin32
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\mshidkmdf
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\mshidumdf
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\msisadrv
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\msiserver
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\mssmbios
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\mvumis
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\napagent
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\ndfltr
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\ndiswanlegacy
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\ndproxy
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\netprofm
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\netvsc
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\npsvctrig
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\nsi
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\nsiproxy
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\nv_agp
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\nvraid
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\nvstor
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\ose64
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\p2pimsvc
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\p2psvc
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\partmgr
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\pci
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\pciide
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\pcmcia
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\pcw
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\pdc
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\percsas2i
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\percsas3i
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\pla
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\rdbss
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\rdpbus
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\rdyboost
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\rspndr
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\s3cap
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\sbp2port
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\scfilter
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\sdbus
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\sdstor
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\seclogon
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\sermouse
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\sfloppy
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\smphost
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\spaceport
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\sppsvc
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\srv
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\srv2
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\srvnet
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\stexstor
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\stisvc
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\storahci
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\storflt
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\stornvme
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\storqosflt
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\storufs
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\storvsc
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\svsvc
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\swenum
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\swprv
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\tcpipreg
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\tdx
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\terminpt
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\tiledatamodelsvc
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\tunnel
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\uagp35
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\udfs
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\ufxsynopsys
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\uliagpkx
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\umbus
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\upnphost
		HKEY_LOCAL_MACHINE\Software\Win7zip


Domain IOCs:

		google.com


IP IOCs:

		- None -


URL IOCs:

		- None -


File IOCs:

	Filenames:

		C:\ComboFix
		C:\LinhaDefensiva
		C:\Program Files (x86)
		C:\Program Files (x86)\League of Legends
		C:\ProgramData
		C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
		C:\ProgramData\Task Protect 2.3
		C:\ProgramData\Task Protect 2.3\kttkyovpa.txt
		C:\ProgramData\Task Protect 2.3\ws97995e1qms.exe
		C:\ProgramData\Task Protect 2.3\ws97995e1qms.exe.config
		C:\ProgramData\Task Protect 2.3\ws97995e1qms.exe.manifest
		C:\ProgramData\Task Protect 2.3\ws97995e1qms.exe:Zone.Identifier
		C:\Users\CIIHMN~1\AppData\Local\Temp\11981D41.txt
		C:\Users\CIIHMN~1\AppData\Local\Temp\HouseCall
		C:\Users\CIiHmnxMn6Ps
		C:\Users\CIiHmnxMn6Ps\AppData\Roaming
		C:\Users\CIiHmnxMn6Ps\AppData\Roaming\.minecraft
		C:\Users\CIiHmnxMn6Ps\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
		C:\Users\CIiHmnxMn6Ps\Desktop\urkotu.exe
		C:\Users\CIiHmnxMn6Ps\Desktop\urkotu.exe:Zone.Identifier
		C:\Users\CIiHmnxMn6Ps\Documents
		C:\Users\CIiHmnxMn6Ps\Music
		C:\Users\CIiHmnxMn6Ps\Pictures
		C:\Users\CIiHmnxMn6Ps\Videos
		C:\Users\CIiHmnxMn6Ps\jagexcache
		C:\Windows\SYSTEM32\ntdll.dll
		C:\Windows\SysWOW64\explorer.exe
		C:\Windows\SysWOW64\tapi3.dll
		C:\Windows\system32\drivers\prl_boot.sys
		C:\Windows\system32\drivers\vboxguest.sys
		C:\Windows\system32\drivers\vboxvideo.sys
		C:\Windows\system32\drivers\vmhgfs.sys
		\\.\HGFS
		\\.\VBoxGuest

	MD5 hashes:

		59706e1c7a11cc204a9be6b75cdf214b
		d41d8cd98f00b204e9800998ecf8427e

	SHA1 hashes:

		da39a3ee5e6b4b0d3255bfef95601890afd80709
		e12b557a77bb984674374109d99717eb97bc6429

	SHA256 hashes:

		634ad02fba5314a9c69334923a448c452550e08427ca7edb11d2d984eb66c115
		e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

	SSDEEP hashes:

		24576:MCdxte/80jYLT3U1jfsWaaFYbqukGmoBxcATQ0j:tw80cTsjkWaaxrA
		3::