Sample File:

	MD5 hash:
		0c1e3ca75491b6da7f7319e60f8034be

	SHA1 hash:
		96043bda6eb96ef40a69aa945ca316f3440503ae

	SHA256 hash:
		e1a3d8c2c842801a2e94c3d737a0336f5cc9dd837b0cebf63bcfd96fe5aa7869

	SSDEEP hash:
		3072:BGLrVCMxzXgDSdpp/518+oHdwZA5E/YfNtrISwCe3wwbA1L0nmDOBna/jlkbMhm6:2NTgDSdpp4GQEQfNVx43wwbA1YnmDX/P

	Filename(s):
		vfqvtn.exe

	Filetype:
		Windows Exe (x86-32)


Mutex IOCs:

		Global\386A96845A11128


Registry Key IOCs:

		HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System
		HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor
		HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\DisableUNCCheck
		HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\EnableExtensions
		HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\DelayedExpansion
		HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\DefaultColor
		HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\CompletionChar
		HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\PathCompletionChar
		HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\AutoRun
		HKEY_CURRENT_USER\Software\Microsoft\Command Processor
		HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DisableUNCCheck
		HKEY_CURRENT_USER\Software\Microsoft\Command Processor\EnableExtensions
		HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DelayedExpansion
		HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DefaultColor
		HKEY_CURRENT_USER\Software\Microsoft\Command Processor\CompletionChar
		HKEY_CURRENT_USER\Software\Microsoft\Command Processor\PathCompletionChar
		HKEY_CURRENT_USER\Software\Microsoft\Command Processor\AutoRun
		HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell
		HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1
		HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\PowerShellEngine
		HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell\1\PowerShellEngine\ApplicationBase
		HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment
		HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment\PSMODULEPATH
		HKEY_CURRENT_USER\Environment
		HKEY_CURRENT_USER\Environment\PSMODULEPATH
		HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell
		HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell\path
		HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN
		HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\StackVersion
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\PowerShell
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\HardwareEvents
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\HardwareEvents\PowerShell
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Internet Explorer
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Internet Explorer\PowerShell
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Key Management Service
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Key Management Service\PowerShell
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Media Center
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Media Center\PowerShell
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\OAlerts
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\OAlerts\PowerShell
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Security
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Security\PowerShell
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System\PowerShell
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Windows PowerShell
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Windows PowerShell\PowerShell
		HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds
		HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\PipelineMaxStackSizeMB
		HKEY_PERFORMANCE_DATA
		HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
		HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook\DisplayName
		HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX\DisplayName
		HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager\DisplayName
		HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx\DisplayName
		HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DXM_Runtime\DisplayName
		HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore\DisplayName
		HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE40\DisplayName
		HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data\DisplayName
		HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX\DisplayName
		HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEData\DisplayName
		HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack\DisplayName
		HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MPlayer2\DisplayName
		HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Office14.PRJPROR\DisplayName
		HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Office14.PROPLUSR\DisplayName
		HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Office14.VISIOR\DisplayName
		HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent\DisplayName
		HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WIC\DisplayName
		HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}\DisplayName
		HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37B8F9C7-03FB-3253-8781-2517C99D7C00}\DisplayName
		HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}\DisplayName
		HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}\DisplayName
		HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0015-0409-1000-0000000FF1CE}\DisplayName
		HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0016-0409-1000-0000000FF1CE}\DisplayName
		HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0018-0409-1000-0000000FF1CE}\DisplayName
		HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0019-0409-1000-0000000FF1CE}\DisplayName
		HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001A-0409-1000-0000000FF1CE}\DisplayName
		HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001B-0409-1000-0000000FF1CE}\DisplayName
		HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001F-0409-1000-0000000FF1CE}\DisplayName
		HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{0242505C-4E90-407F-9299-B5B275F50D86}\DisplayName
		HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001F-0409-1000-0000000FF1CE}_Office14.VISIOR_{0242505C-4E90-407F-9299-B5B275F50D86}\DisplayName
		HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001F-040C-1000-0000000FF1CE}\DisplayName
		HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUSR_{B51389C8-2890-4633-81D8-47D2A7402274}\DisplayName
		HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001F-040C-1000-0000000FF1CE}_Office14.VISIOR_{B51389C8-2890-4633-81D8-47D2A7402274}\DisplayName
		HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001F-0C0A-1000-0000000FF1CE}\DisplayName
		HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001F-0C0A-1000-0000000FF1CE}_Office14.PROPLUSR_{1779650B-2E44-4A19-8DF6-3866D645764A}\DisplayName
		HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-001F-0C0A-1000-0000000FF1CE}_Office14.VISIOR_{1779650B-2E44-4A19-8DF6-3866D645764A}\DisplayName
		HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-002C-0409-1000-0000000FF1CE}\DisplayName
		HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-002C-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{270CA0B9-9881-44DB-BC3B-37C7E66A044A}\DisplayName
		HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-002C-0409-1000-0000000FF1CE}_Office14.VISIOR_{270CA0B9-9881-44DB-BC3B-37C7E66A044A}\DisplayName
		HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0043-0000-1000-0000000FF1CE}\DisplayName
		HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}\DisplayName
		HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0043-0000-1000-0000000FF1CE}_Office14.VISIOR_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}\DisplayName
		HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0043-0409-1000-0000000FF1CE}\DisplayName
		HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0043-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{FCD1C311-8B02-4DBD-BA46-1079C629577E}\DisplayName
		HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0043-0409-1000-0000000FF1CE}_Office14.VISIOR_{FCD1C311-8B02-4DBD-BA46-1079C629577E}\DisplayName
		HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0044-0409-1000-0000000FF1CE}\DisplayName
		HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0054-0409-1000-0000000FF1CE}\DisplayName
		HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0054-0409-1000-0000000FF1CE}_Office14.VISIOR_{7DC2B20B-31B9-4C7C-B8DC-8492A9A3095E}\DisplayName
		HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-006E-0409-1000-0000000FF1CE}\DisplayName
		HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-006E-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{516CA4A9-98E6-4F77-A863-CBD8487368E4}\DisplayName
		HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-006E-0409-1000-0000000FF1CE}_Office14.VISIOR_{516CA4A9-98E6-4F77-A863-CBD8487368E4}\DisplayName
		HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-00A1-0409-1000-0000000FF1CE}\DisplayName
		HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-00B4-0409-1000-0000000FF1CE}\DisplayName
		HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-00B4-0409-1000-0000000FF1CE}_Office14.PRJPROR_{316A864B-0547-40CE-B136-B02B4D18BF09}\DisplayName
		HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-00BA-0409-1000-0000000FF1CE}\DisplayName
		HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0115-0409-1000-0000000FF1CE}\DisplayName
		HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0115-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{516CA4A9-98E6-4F77-A863-CBD8487368E4}\DisplayName
		HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0115-0409-1000-0000000FF1CE}_Office14.VISIOR_{516CA4A9-98E6-4F77-A863-CBD8487368E4}\DisplayName
		HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-0117-0409-1000-0000000FF1CE}\DisplayName
		HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91140000-0011-0000-1000-0000000FF1CE}\DisplayName
		HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91140000-003B-0000-1000-0000000FF1CE}\DisplayName
		HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91140000-003B-0000-1000-0000000FF1CE}_Office14.PRJPROR_{E6F88893-86F0-4CFB-B7E0-733575D1DEB4}\DisplayName
		HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91140000-0057-0000-1000-0000000FF1CE}\DisplayName
		HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{91140000-0057-0000-1000-0000000FF1CE}_Office14.VISIOR_{9081486B-B26D-42DB-8D31-81C525A9526A}\DisplayName
		HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{929FBD26-9020-399B-9A7A-751D61F0B942}\DisplayName
		HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033\DisplayName
		HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{94A631D5-B30A-3DD8-B65C-1117C09DA73E}\DisplayName
		HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}\DisplayName
		HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}\DisplayName
		HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}\DisplayName
		HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.NET CLR Data\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.NET CLR Networking\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.NET CLR Networking 4.0.0.0\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.NET Data Provider for Oracle\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.NET Data Provider for SqlServer\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.NET Memory Cache 4.0\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.NETFramework\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\1394ohci\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ACPI\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AcpiPmi\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AdobeFlashPlayerUpdateSvc\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\adp94xx\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\adpahci\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\adpu320\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\adsi\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AeLookupSvc\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AFD\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\agp440\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ALG\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\aliide\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\amdide\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AmdK8\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AmdPPM\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\amdsata\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\amdsbs\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\amdxata\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AppID\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AppIDSvc\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Appinfo\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AppMgmt\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\arc\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\arcsas\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ASP.NET\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ASP.NET_4.0.30319\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\aspnet_state\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AsyncMac\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\atapi\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AudioEndpointBuilder\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AudioSrv\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AxInstSV\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\b06bdrv\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\b57nd60a\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BattC\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BDESVC\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Beep\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BFE\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\blbdrive\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bowser\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BrFiltLo\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BrFiltUp\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Browser\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Brserid\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BrSerWdm\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BrUsbMdm\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BrUsbSer\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHMODEM\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bthserv\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cdfs\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cdrom\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CertPropSvc\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\circlass\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CLFS\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\clr_optimization_v2.0.50727_32\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\clr_optimization_v2.0.50727_64\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\clr_optimization_v4.0.30319_32\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\clr_optimization_v4.0.30319_64\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CmBatt\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdide\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CNG\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Compbatt\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CompositeBus\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\COMSysApp\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\crcdisk\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\crypt32\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CryptSvc\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CSC\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CscService\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DCLocator\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DcomLaunch\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\defragsvc\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DfsC\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dhcp\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DiagTrack\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\discache\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Disk\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\dmvsc\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\dot3svc\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DPS\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\drmkaud\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DXGKrnl\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\E1G60\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EapHost\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ebdrv\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EFS\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ehRecvr\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ehSched\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\elxstor\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ErrDev\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ESENT\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventSystem\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\exfat\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\fastfat\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Fax\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\fdc\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\fdPHost\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FDResPub\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FileInfo\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Filetrace\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\flpydisk\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FltMgr\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FontCache\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FontCache3.0.0.0\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FsDepends\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Fs_Rec\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\fvevol\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\gagp30kx\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\gpsvc\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\gupdate\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\gupdatem\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\hcw85cir\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HdAudAddService\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HDAudBus\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HidBatt\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HidBth\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HidIr\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\hidserv\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HidUsb\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\hkmsvc\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HomeGroupListener\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HomeGroupProvider\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HpSAMD\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HTTP\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\hwpolicy\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\i8042prt\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\iaStorV\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\idsvc\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\iirsp\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IKEEXT\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\inetaccs\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\intelide\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\intelppm\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IPBusEnum\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IpFilterDriver\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\iphlpsvc\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IPMIDRV\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IPNAT\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IRENUM\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\isapnp\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\iScsiPrt\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\kbdclass\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\kbdhid\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\KeyIso\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\KSecDD\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\KSecPkg\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ksthunk\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\KtmRm\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ldap\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lltdio\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lltdsvc\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lmhosts\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Lsa\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LSI_FC\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LSI_SAS\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LSI_SAS2\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LSI_SCSI\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\luafv\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Mcx2Svc\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\megasas\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MegaSR\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Microsoft SharePoint Workspace Audit Service\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MMCSS\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Modem\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\monitor\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mouclass\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mouhid\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mountmgr\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MozillaMaintenance\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mpio\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mpsdrv\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MpsSvc\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MRxDAV\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mrxsmb\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mrxsmb10\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mrxsmb20\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\msahci\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\msdsm\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSDTC\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSDTC Bridge 3.0.0.0\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSDTC Bridge 4.0.0.0\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Msfs\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mshidkmdf\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\msisadrv\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSiSCSI\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\msiserver\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSKSSRV\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSPCLOCK\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSPQM\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MsRPC\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSSCNTRS\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mssmbios\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSTEE\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MTConfig\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Mup\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\napagent\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NativeWifiP\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NDIS\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NdisCap\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NdisTapi\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Ndisuio\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NdisWan\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NDProxy\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBIOS\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netman\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetMsmqActivator\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetPipeActivator\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\netprofm\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetTcpActivator\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetTcpPortSharing\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\nfrd960\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NlaSvc\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Npfs\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\nsi\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\nsiproxy\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Ntfs\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Null\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\nvraid\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\nvstor\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\nv_agp\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ohci1394\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ose64\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\osppsvc\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Outlook\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\p2pimsvc\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\p2psvc\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Parport\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\partmgr\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PcaSvc\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\pci\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\pciide\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\pcmcia\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\pcw\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PEAUTH\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PeerDistSvc\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PerfHost\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\pla\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PlugPlay\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PNRPAutoReg\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PNRPsvc\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PolicyAgent\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Power\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PptpMiniport\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Processor\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ProfSvc\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ProtectedStorage\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Psched\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ql2300\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ql40xx\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\QWAVE\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\QWAVEdrv\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasAcd\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasAgileVpn\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasAuto\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Rasl2tp\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasMan\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasPppoe\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasSstp\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\rdbss\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\rdpbus\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RDPCDD\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RDPDD\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RDPDR\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RDPENCDD\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RDPNP\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RDPREFMP\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RDPWD\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\rdyboost\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcEptMapper\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcLocator\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcSs\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\rspndr\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\s3cap\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SamSs\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sbp2port\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SCardSvr\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\scfilter\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Schedule\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SCPolicySvc\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SDRSVC\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\secdrv\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\seclogon\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SENS\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SensrSvc\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Serenum\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Serial\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sermouse\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ServiceModelEndpoint 3.0.0.0\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ServiceModelOperation 3.0.0.0\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ServiceModelService 3.0.0.0\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SessionEnv\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sffdisk\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sffp_mmc\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sffp_sd\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sfloppy\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ShellHWDetection\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SiSRaid2\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SiSRaid4\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Smb\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SMSvcHost 3.0.0.0\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SMSvcHost 4.0.0.0\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SNMPTRAP\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\spldr\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Spooler\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sppsvc\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sppuinotify\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srv\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srv2\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srvnet\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SSDPSRV\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SstpSvc\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\stexstor\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\stisvc\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\storflt\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\StorSvc\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\storvsc\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\swenum\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\swprv\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SysMain\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TabletInputService\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TapiSrv\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TBS\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TCPIP6\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TCPIP6TUNNEL\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tcpipreg\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TCPIPTUNNEL\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TDPIPE\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TDTCP\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tdx\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TermDD\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TermService\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Themes\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\THREADORDER\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TrkWks\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TrustedInstaller\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TSDDD\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tssecsrv\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TsUsbFlt\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TsUsbGD\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tunnel\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\uagp35\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\udfs\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UGatherer\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UGTHRSVC\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UI0Detect\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\uliagpkx\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\umbus\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UmPass\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UmRdpService\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\upnphost\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\usbccgp\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\usbcir\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\usbehci\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\usbhub\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\usbohci\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\usbprint\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\USBSTOR\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\usbuhci\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UxSms\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VaultSvc\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vdrvroot\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vds\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vga\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VgaSave\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vhdmp\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\viaide\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vmbus\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VMBusHID\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\volmgr\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\volmgrx\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\volsnap\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vsmraid\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VSS\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vwifibus\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W3SVC\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WacomPen\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WANARP\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Wanarpv6\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wbengine\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WbioSrvc\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wcncsvc\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WcsPlugInService\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Wd\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Wdf01000\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WdiServiceHost\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WdiSystemHost\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WebClient\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Wecsvc\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wercplsupport\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WerSvc\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WfpLwf\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WIMMount\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinDefend\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Windows Workflow Foundation 3.0.0.0\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Windows Workflow Foundation 4.0.0.0\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinHttpAutoProxySvc\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Winmgmt\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinRM\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Winsock\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Wlansvc\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WmiAcpi\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WmiApRpl\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wmiApSrv\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WMPNetworkSvc\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WPCSvc\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WPDBusEnum\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ws2ifsl\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WSearch\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WSearchIdxPi\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WudfPf\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wudfsvc\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WwanSvc\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\xmlprov\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{9FFEC482-6000-4064-8D7E-74720C869585}\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{ECF237EA-3AD2-4D35-B4FE-425EFF427D86}\DisplayName
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{ECF237EA-3AD2-4D35-B4FE-425EFF427D86}
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{ECF237EA-3AD2-4D35-B4FE-425EFF427D86}\Dhcpv6ClassId
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{ECF237EA-3AD2-4D35-B4FE-425EFF427D86}
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{ECF237EA-3AD2-4D35-B4FE-425EFF427D86}\DhcpClassId
		HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion
		HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProductName
		HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IntelliForms\Storage2
		HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet
		HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command
		HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook
		HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\05cb6f136411cf4daf1f74e966b0a7dc
		HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\0a0d020000000000c000000000000046
		HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\13dbb0c8aa05101a9bb000aa002fc45a
		HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\3517490d76624c419a828607e2a54604
		HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\4b62e5f8c092a64ea9b79fd559a5a15e
		HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\609a848a708f544697003a34105400ef
		HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\63cba20b08018a458b6edb5d87fb54da
		HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\828cd3a417cead4ab3a214070dce1c3d
		HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\8503020000000000c000000000000046
		HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\88d17fec23cbdd4fb54ad1d34c0dce09
		HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9207f3e0a3b11019908b08002b2a56c2
		HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676
		HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001
		HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001\Email
		HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002
		HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002\Email
		HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003
		HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003\Email
		HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003\POP3 Server
		HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003\POP3 Port
		HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003\POP3 User
		HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003\POP3 Password
		HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003\IMAP Server
		HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003\SMTP Server
		HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003\SMTP Port
		HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003\SMTP User
		HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003\SMTP Password
		HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003\HTTP Server
		HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000004
		HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000004\Email
		HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\a533ec91a4f74549ac2130b6908c8aac
		HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\b70c659765f94740b657fee657d05ab4
		HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\cce6b8ce16bac4458e5e40e3530d6f1d
		HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\dd7f40a823cda64b92e9a96e9e46e406
		HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\ddb0922fc50b8d42be5a821ede840761
		HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\f86ed2903a4a11cfb57e524153480001
		HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\{D9734F19-8CFB-411D-BC59-833E334FCB5E}
		HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\{D9734F19-8CFB-411D-BC59-833E334FCB5E}\Calendar Summary
		HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\{D9734F19-8CFB-411D-BC59-833E334FCB5E}\Calendar Summary\Email
		HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook
		HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook
		HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Sessions\
		HKEY_CURRENT_USER\SOFTWARE\ORL\WinVNC3
		HKEY_LOCAL_MACHINE\SOFTWARE\RealVNC\vncserver
		HKEY_LOCAL_MACHINE\SOFTWARE\RealVNC\WinVNC4
		HKEY_LOCAL_MACHINE\SOFTWARE\TigerVNC\WinVNC4
		HKEY_CURRENT_USER\Software\SimonTatham\PuTTY\Sessions
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\WDigest
		HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\WDigest\UseLogonCredential
		HKEY_CURRENT_USER\Software\OpenVPN-GUI\Configs


Domain IOCs:

		api.ip.sb
		189.167.222.95.zen.spamhaus.org
		xduwtfono


IP IOCs:

		203.176.135.102
		212.109.220.111
		192.168.0.1
		185.255.55.29
		172.245.186.147
		23.95.231.187
		107.173.26.231
		127.0.0.3
		127.0.0.10
		127.0.0.4
		fe80:0000:0000:0000:a89e:d7fe:9a2e:2a1e
		192.168.0.173
		192.168.0.2
		192.168.0.3
		192.168.0.4
		192.168.0.5
		192.168.0.6
		192.168.0.7
		192.168.0.8
		192.168.0.9
		192.168.0.10
		192.168.0.11
		192.168.0.12
		192.168.0.13
		192.168.0.14
		192.168.0.15
		192.168.0.16
		192.168.0.17
		192.168.0.18
		192.168.0.19
		192.168.0.20
		192.168.0.21
		192.168.0.22
		192.168.0.23
		192.168.0.24
		192.168.0.25
		192.168.0.26
		192.168.0.27
		192.168.0.28
		192.168.0.29
		192.168.0.30
		192.168.0.31
		192.168.0.32
		192.168.0.33
		192.168.0.34
		192.168.0.35
		192.168.0.36
		192.168.0.37
		192.168.0.38
		192.168.0.39
		192.168.0.40
		192.168.0.41
		192.168.0.42
		192.168.0.43
		192.168.0.44
		192.168.0.45
		192.168.0.46
		192.168.0.47
		192.168.0.48
		192.168.0.49
		192.168.0.50
		192.168.0.51
		192.168.0.52
		192.168.0.53
		192.168.0.54
		192.168.0.55
		192.168.0.56
		192.168.0.57
		192.168.0.58
		192.168.0.59
		192.168.0.60
		192.168.0.61
		192.168.0.62
		192.168.0.63
		192.168.0.64
		192.168.0.65
		192.168.0.66
		192.168.0.67
		192.168.0.68
		192.168.0.69
		192.168.0.70
		192.168.0.71
		192.168.0.72
		192.168.0.73
		192.168.0.74
		192.168.0.75
		192.168.0.76
		192.168.0.77
		192.168.0.78
		192.168.0.79
		192.168.0.80
		192.168.0.81
		192.168.0.82
		192.168.0.83
		192.168.0.84
		192.168.0.85
		192.168.0.86
		192.168.0.87
		192.168.0.88
		192.168.0.89
		192.168.0.90
		192.168.0.91
		192.168.0.92
		192.168.0.93
		192.168.0.94
		192.168.0.95
		192.168.0.96
		192.168.0.97
		192.168.0.98
		192.168.0.99
		192.168.0.100
		192.168.0.101
		192.168.0.102
		192.168.0.103
		192.168.0.104
		192.168.0.105
		192.168.0.106
		192.168.0.107
		192.168.0.108
		192.168.0.109
		192.168.0.110
		192.168.0.111
		192.168.0.112
		192.168.0.113
		192.168.0.114
		192.168.0.115
		192.168.0.116
		192.168.0.117
		192.168.0.118
		192.168.0.119
		192.168.0.120
		192.168.0.121
		192.168.0.122
		192.168.0.123
		192.168.0.124
		192.168.0.125
		192.168.0.126
		192.168.0.127
		192.168.0.128
		192.168.0.129
		192.168.0.130
		192.168.0.131
		192.168.0.132
		192.168.0.133
		192.168.0.134
		192.168.0.135
		192.168.0.136
		192.168.0.137
		192.168.0.138
		192.168.0.139
		192.168.0.140
		192.168.0.141
		192.168.0.142
		192.168.0.143
		192.168.0.144
		192.168.0.145
		192.168.0.146
		192.168.0.147
		192.168.0.148
		192.168.0.149
		192.168.0.150
		192.168.0.151
		192.168.0.152
		192.168.0.153
		192.168.0.154
		192.168.0.155
		192.168.0.156
		192.168.0.157
		192.168.0.158
		192.168.0.159
		192.168.0.160
		192.168.0.161
		192.168.0.162
		192.168.0.163
		192.168.0.164
		192.168.0.165
		192.168.0.166
		192.168.0.167
		192.168.0.168
		192.168.0.169
		192.168.0.170
		192.168.0.171
		192.168.0.172
		192.168.0.174
		192.168.0.175
		192.168.0.176
		192.168.0.177
		192.168.0.178
		192.168.0.179
		192.168.0.180
		192.168.0.181
		192.168.0.182
		192.168.0.183
		192.168.0.184
		192.168.0.185
		192.168.0.186
		192.168.0.187
		192.168.0.188
		192.168.0.189
		192.168.0.190
		192.168.0.191
		192.168.0.192
		192.168.0.193
		192.168.0.194
		192.168.0.195
		192.168.0.196
		192.168.0.197
		192.168.0.198
		192.168.0.199
		192.168.0.200
		192.168.0.201
		192.168.0.202
		192.168.0.203
		192.168.0.204
		192.168.0.205
		192.168.0.206
		192.168.0.207
		192.168.0.208
		192.168.0.209
		192.168.0.210
		192.168.0.211
		192.168.0.212
		192.168.0.213
		192.168.0.214
		192.168.0.215
		192.168.0.216
		192.168.0.217
		192.168.0.218
		192.168.0.219
		192.168.0.220
		192.168.0.221
		192.168.0.222
		192.168.0.223
		192.168.0.224
		192.168.0.225
		192.168.0.226
		192.168.0.227
		192.168.0.228
		192.168.0.229
		192.168.0.230
		192.168.0.231
		192.168.0.232
		192.168.0.233
		192.168.0.234
		192.168.0.235
		192.168.0.236
		192.168.0.237
		192.168.0.238
		192.168.0.239
		192.168.0.240
		192.168.0.241
		192.168.0.242
		192.168.0.243
		192.168.0.244
		192.168.0.245
		192.168.0.246
		192.168.0.247
		192.168.0.248
		192.168.0.249
		192.168.0.250
		192.168.0.251
		192.168.0.252
		192.168.0.253
		192.168.0.254
		192.168.0.255


URL IOCs:

		23.95.231.187/ddd5/XDUWTFONO_W617601.313667336C1F720D3DAA9B5A6F9B8891/5/spk/
		api.ip.sb/ip
		23.95.231.187/ddd5/XDUWTFONO_W617601.313667336C1F720D3DAA9B5A6F9B8891/0/Windows 7 x64 SP1/1083/95.222.167.189/1AE717BD464F4D285AA14E7BD4C1F7EA7FA0B3C79A9E80BF3A068E0746E60CA3/uskcWSKE80ywskcYSOGA2yskcUMIECA/
		23.95.231.187/ddd5/XDUWTFONO_W617601.313667336C1F720D3DAA9B5A6F9B8891/14/user/SYSTEM/0/
		23.95.231.187/ddd5/XDUWTFONO_W617601.313667336C1F720D3DAA9B5A6F9B8891/14/path/C:%5CUsers%5C5p5NrGJn0jS%20HALPmcxz%5CAppData%5CRoaming%5Cgpuhealth%5Cvdqvtl.exe/0/
		23.95.231.187/ddd5/XDUWTFONO_W617601.313667336C1F720D3DAA9B5A6F9B8891/63/systeminfo/GetSystemInfo/c3VjY2Vzcw==/systeminfo/
		23.95.231.187/ddd5/XDUWTFONO_W617601.313667336C1F720D3DAA9B5A6F9B8891/14/NAT%20status/client%20is%20behind%20NAT/0/
		23.95.231.187/ddd5/XDUWTFONO_W617601.313667336C1F720D3DAA9B5A6F9B8891/23/1000495/
		212.109.220.111/ddd5/XDUWTFONO_W617601.313667336C1F720D3DAA9B5A6F9B8891/5/spk/
		212.109.220.111/ddd5/XDUWTFONO_W617601.313667336C1F720D3DAA9B5A6F9B8891/0/Windows 7 x64 SP1/1083/95.222.167.189/1AE717BD464F4D285AA14E7BD4C1F7EA7FA0B3C79A9E80BF3A068E0746E60CA3/C84yumgaUME820wum/
		212.109.220.111/ddd5/XDUWTFONO_W617601.313667336C1F720D3DAA9B5A6F9B8891/14/user/SYSTEM/0/
		212.109.220.111/ddd5/XDUWTFONO_W617601.313667336C1F720D3DAA9B5A6F9B8891/14/NAT%20status/client%20is%20behind%20NAT/0/
		212.109.220.111/ddd5/XDUWTFONO_W617601.313667336C1F720D3DAA9B5A6F9B8891/14/DNSBL/listed/0/
		107.173.26.231/ddd5/XDUWTFONO_W617601.313667336C1F720D3DAA9B5A6F9B8891/5/pwgrab64/
		212.109.220.111/ddd5/XDUWTFONO_W617601.313667336C1F720D3DAA9B5A6F9B8891/5/dpost/
		212.109.220.111/ddd5/XDUWTFONO_W617601.313667336C1F720D3DAA9B5A6F9B8891/64/pwgrab/VERS/browser/
		212.109.220.111/ddd5/XDUWTFONO_W617601.313667336C1F720D3DAA9B5A6F9B8891/10/62/LTZFLRZHTBNXFPXJT/1/
		212.109.220.111/ddd5/XDUWTFONO_W617601.313667336C1F720D3DAA9B5A6F9B8891/1/kigaYWOGA2wuokgYUQICNJD7/
		107.173.26.231/ddd5/XDUWTFONO_W617601.313667336C1F720D3DAA9B5A6F9B8891/5/networkDll64/
		212.109.220.111/ddd5/XDUWTFONO_W617601.313667336C1F720D3DAA9B5A6F9B8891/10/62/90985299/1/
		212.109.220.111/ddd5/XDUWTFONO_W617601.313667336C1F720D3DAA9B5A6F9B8891/63/networkDll/start///
		212.109.220.111/ddd5/XDUWTFONO_W617601.313667336C1F720D3DAA9B5A6F9B8891/64/pwgrab/DEBG/browser/
		212.109.220.111/ddd5/XDUWTFONO_W617601.313667336C1F720D3DAA9B5A6F9B8891/1/RLF75zvphbTRJHB3xtphdbZVPNLD91z/
		107.173.26.231/ddd5/XDUWTFONO_W617601.313667336C1F720D3DAA9B5A6F9B8891/5/mshareDll64/
		212.109.220.111/ddd5/XDUWTFONO_W617601.313667336C1F720D3DAA9B5A6F9B8891/10/62/90985308/1/
		212.109.220.111/ddd5/XDUWTFONO_W617601.313667336C1F720D3DAA9B5A6F9B8891/63/mshareDll/infect///
		212.109.220.111/ddd5/XDUWTFONO_W617601.313667336C1F720D3DAA9B5A6F9B8891/64/pwgrab/DPST/browser/
		212.109.220.111/ddd5/XDUWTFONO_W617601.313667336C1F720D3DAA9B5A6F9B8891/1/420ywokecUOME62ws/
		107.173.26.231/ddd5/XDUWTFONO_W617601.313667336C1F720D3DAA9B5A6F9B8891/5/mwormDll64/
		212.109.220.111/ddd5/XDUWTFONO_W617601.313667336C1F720D3DAA9B5A6F9B8891/10/62/90985318/1/
		212.109.220.111/ddd5/XDUWTFONO_W617601.313667336C1F720D3DAA9B5A6F9B8891/63/mwormDll/infect///
		212.109.220.111/ddd5/XDUWTFONO_W617601.313667336C1F720D3DAA9B5A6F9B8891/1/1vnhdbZRNJB73ztnlfbVTLJD51xtphfX/
		107.173.26.231/ddd5/XDUWTFONO_W617601.313667336C1F720D3DAA9B5A6F9B8891/5/tabDll64/
		212.109.220.111/ddd5/XDUWTFONO_W617601.313667336C1F720D3DAA9B5A6F9B8891/64/tabDll/InfectMachine/infect/
		203.176.135.102/ddd5/XDUWTFONO_W617601.313667336C1F720D3DAA9B5A6F9B8891/81/
		172.245.186.147/images/lastimg.png
		212.109.220.111/ddd5/XDUWTFONO_W617601.313667336C1F720D3DAA9B5A6F9B8891/10/62/90985329/1/
		212.109.220.111/ddd5/XDUWTFONO_W617601.313667336C1F720D3DAA9B5A6F9B8891/63/tabDll/infect///
		172.245.186.147/images/mini.png
		212.109.220.111/ddd5/XDUWTFONO_W617601.313667336C1F720D3DAA9B5A6F9B8891/1/woicWOKIA20yskiaSKGA2womk/


File IOCs:

	Filenames:
		install.txt
		C:\Windows\System32\WindowsPowerShell\v1.0\powershell.config
		C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
		C:\Windows\system32
		C:\Windows\System32\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xml
		C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\gpuhealth\data\networkDll64_configs\
		C:\Windows\System32\WindowsPowerShell\v1.0\types.ps1xml
		C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\gpuhealth\Data\mshareDll64
		C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\vfqvtn.exe
		C:\Windows\System32\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xml
		C:\Windows\System32\WindowsPowerShell\v1.0\Certificate.format.ps1xml
		C:\Users
		C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\gpuhealth\data\pwgrab64_configs\dpost
		C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Login Data.bak
		C:\Windows
		C:\Program Files (x86)\uvnc bvba\UltraVNC\ultravnc.ini
		ver.txt
		C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Login Data.bak-wal
		C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\gpuhealth\data\tabDll64_configs\
		C:\Users\5p5NrGJn0jS HALPmcxz
		C:\Users\5p5NrGJn0jS HALPmcxz\Documents\WindowsPowerShell\Microsoft.PowerShell_profile.ps1
		C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\gpuhealth\Data\networkDll64
		C:\Users\5p5NrGJn0jS HALPmcxz\Documents\WindowsPowerShell\profile.ps1
		settings.ini
		C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Web Data
		C:\Windows\System32\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xml
		C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Login Data
		C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\gpuhealth\Data\pwgrab64
		C:\Windows\system32\net1.exe
		C:\Program Files (x86)\\UltraVNC\ultravnc.ini
		C:\Windows\System32\WindowsPowerShell\v1.0\Help.format.ps1xml
		C:\Program Files\uvnc bvba\UltraVNC\ultravnc.ini
		log_install.tmp
		C:\Windows\system32\cmd.exe
		C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Web Data.bak-wal
		C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\gpuhealth\Data\mwormDll64
		C:\Users\5p5NrGJn0jS HALPmcxz\Desktop
		C:\
		C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Web Data.bak
		C:\Windows\System32\WindowsPowerShell\v1.0\Registry.format.ps1xml
		C:\Windows\System32\WindowsPowerShell\v1.0\GetEvent.types.ps1xml
		C:\Windows\assembly\GAC_MSIL\System.Management.Automation\1.0.0.0__31bf3856ad364e35\System.Management.Automation.dll
		C:\Windows\System32\WindowsPowerShell\v1.0
		C:\Windows\System32\WindowsPowerShell\v1.0\FileSystem.format.ps1xml
		C:\Windows\System32\WindowsPowerShell\v1.0\Microsoft.PowerShell_profile.ps1
		C:\Program Files\\UltraVNC\ultravnc.ini
		C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\gpuhealth\Data\tabDll64
		C:\Windows\System32\WindowsPowerShell\v1.0\WSMan.format.ps1xml
		C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Web Data.bak-journal
		C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\desktop.ini
		C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\gpuhealth
		data\
		C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Local\Google\Chrome\User Data\Default\Login Data.bak-journal
		C:\Windows\System32\WindowsPowerShell\v1.0\profile.ps1
		C:\Windows\System32\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xml
		C:\Windows\system32\svchost.exe
		C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\gpuhealth\data\pwgrab64_configs\

	MD5 hashes:
		cfbca4c1f12c2908b39f14143cffc82e
		7e20ed78388bbe597750cf89025f5432
		4625d030e0270c2016ff4616bf21d402
		a9ad136b547532401b4e4026d6e07205
		9b1f38f5282d6f4bd59103595f290493
		eaebb1253112cd759c45521c341b1615
		01c7925be09f98d03146e99ee7be8f68
		0b52f7cf3cbd22936f995b55a296fb13
		0c1e3ca75491b6da7f7319e60f8034be
		29844404ae855e9df054833f71888eb1
		3067eb8025ae0262c7a5c681d7982d67
		6be6c96c499d0925073e2ae3bf7e34df
		f008475b33f126969f99289c46aa4aba

	SHA1 hashes:
		396da2de65d8e516cdc6484d2a6944e51f24a04e
		96043bda6eb96ef40a69aa945ca316f3440503ae
		d9e36fcedf70f2785252091708af6c7a76846103
		34844f26193556b73f08d26321186323b7a882d3
		fbec2560e4f0b8b682fa57cceb3cf3d10c25b072
		6b122541ec858f228f922c9a73632a5fd1ad0501
		ef20f8cb42949fe8beec44c510782fe27c87bcf8
		3720e1c45734406eb590fd6d27f7690042817461
		3ae5e623d774b76f59773c4b1a0281d341b56976
		534976f915f2dd49adcf09677f9d38a0d0cfee63
		e555604826f0c8dd51e6aaf0ae60126768c064c0
		3e86f08def08fc14ddec0227d0643319562666db
		ad4cbdc627fe4138a0ea23b2ba3d0352b4578a26

	SHA256 hashes:
		443078f74a0a6a831fd5f5348a3323065e94284cb632078700f1acc039dbc2da
		aafd8ff358dbc1f1abfefa55efe52500e5c1a9193c1b313808029d40425fcb2d
		62816d2dfa4198b1e2b467f53aa20904c6bea50126a0446e24d6ae650d5b5436
		38c4ac71f25bdea86b8a8eed3561245afcb775143720fbf026b3555a3190ef82
		c381401ea96dfe9b926126dcbbc0dd6ab541dbf549732cc6c66f20096b1f663e
		7504d909fb236fcc87526db632700f84df3eef119997073d3391778969bd009e
		76904f8379749a1aea8eb72c903e0796e77c8f8b786f6bbe375570083b1039b8
		63f458f39f36e537b12f465eb7d019cfab447893af0616a8c3d40611821c2e2d
		172c62a5dae0a6cd53acaf382dacdc3a89e7ef39a5cf32159f53f8cafca94175
		7c64fe385cedc48f01db1d5db72c86020003f600f7ab1e6b14b613907fd402cb
		e1a3d8c2c842801a2e94c3d737a0336f5cc9dd837b0cebf63bcfd96fe5aa7869
		9260dd9c2b2253e0a886f4d66e22c561d23604fe0010bbac8240f8fdc3aaf945
		3df90616e4e2914fd119f23eaeb99c4f5542f66a0035d9a1747732159040ea79

	SSDEEP hashes:
		24:LLijhJ0KL7G0TMJHUyyJtmCm0u6lOKQAE9V8FsffDVOzeCmly6UwcTa/HMQW:wz+JH3yJUhJCVE9V8FsXhFlNU1Ts3W
		96:byNQIoYnMvqyWx7pnqH+w/fVIrECuKdPraBdUDBBVWqwmKT/WTPepeWbtxYB+tCX:blkMvuzzTP6btWutle
		24576:pWxJIWRaw2tC/70u1NjIsjYxTc8dxB576hke+CIq:QzIW0w2Du1NjD+dJm+e+CB
		192:ohcdyt+C7+LRvQY9dV6X0lLZFdQnUTQeMTns693nH7zdVxRpWG3:oiyH7YiSdgXElo+PMTs6JH7BVXpV
		6144:+DRdk/aRqDoepJkaDC0vu4psV+odLlonFQvpL+BIiOQhRfaweEeRe0in:Wk/aRqDoAqaDCKs5R2nFQvRKR32bi
		192:ohcdyt+C7+LRvQY9dV6X0lLZFdQnUTQeMQqaC4PfNavFVc2pWG3:oiyH7YiSdgXElo+PMkC4P6FK2pV
		384:A3MIMmMfdQRyKcCr3mR3GjcI3DR4SW7oS5PH3z/lF:Gc2yKcC23Gjc8DR4Sl2PH3xF
		3072:BGLrVCMxzXgDSdpp/518+oHdwZA5E/YfNtrISwCe3wwbA1L0nmDOBna/jlkbMhm6:2NTgDSdpp4GQEQfNVx43wwbA1YnmDX/P
		6144:+DRdk/aRqDoepJkaDC0vuwpsV+odLlonFQvpL+BIiOQhRfaweEeRe0in:Wk/aRqDoAqaDCis5R2nFQvRKR32bi
		768:o1rAgcN/4PWUAhTqCkpk7G1ErFKdiz3nIl8S57:Kk9N/+WUAtDp3E8Y7
		384:87z6U7GqQ16/VtQ/8pIyVwF3hOPv16HhtiErpfqEDartZYv5flQqOa+294:87z37B4wQgwzOPdCtiEr1qEOOv5yx
		24:zz2SLkNVzPMKpMAtLwMqgyUeUfR+a/fClfNQi50mL0SBXAZr:zJLyVzLBxFqgnR+aCVjgT5
		12288:L8EM1JBFBz+b48nXLxRhywwXwamXT1SuJEwJso5jt4r00TAp9aP89KUocgAIOt3:LBSf7z+pXvgmXTcwJso5RMMVoc5Iq