HitmanPro-20160312-1913.log

Document joint : FCmsODSG51G_HitmanPro-20160312-1913.log

Cliquez pour partager vos propres fichiers

Format du document : application/octet-stream

Prévisualisation

[code]
HitmanPro 3.7.13.258
www.hitmanpro.com

Computer name . . . . : LFS_ULTRA
Windows . . . . . . . : 6.2.0.9200.X64/2
Safe Mode Boot . . . : NETWORK
User name . . . . . . : LFS_ULTRA\Jean-Marie
UAC . . . . . . . . . : Disabled
License . . . . . . . : Paid (869 days left)

Scan date . . . . . . : 2016-03-12 19:00:35
Scan mode . . . . . . : EWS
Scan duration . . . . : 11m 59s
Disk access mode . . : Direct disk access (SRB)
Cloud . . . . . . . . : Internet
Reboot . . . . . . . : Yes

Threats . . . . . . . : 2
Traces . . . . . . . : 183

Objects scanned . . . : 1 607 454
Files scanned . . . . : 71 012
Remnants scanned . . : 492 293 files / 1 044 149 keys

Malware _____________________________________________________________________

C:\Users\Jean-Marie\AppData\Local\{4533736F-619B-1FD7-0C03-3A3F286BC6A7}\uninstall.exe -> Quarantined
Size . . . . . . . : 312 832 bytes
Age . . . . . . . : 0.2 days (2016-03-12 13:17:07)
Entropy . . . . . : 6.9
SHA-256 . . . . . : 4E4CECE27F60D93FBEED12B43C7A3E23396A6FCB3C6BCCDFAE472496B9917F88
> Bitdefender . . . : Gen:Variant.Adware.Symmi.61795
Fuzzy . . . . . . : 108.0
Forensic Cluster
-19.2s C:\Program Files\ByteFence\
-16.2s C:\Program Files\ByteFence\ByteFence.exe
-15.9s C:\Program Files\ByteFence\ByteFence.exe.config
-15.9s C:\Program Files\ByteFence\ByteFenceGUI.dll
-15.8s C:\Program Files\ByteFence\rsEngine.dll
-15.4s C:\Program Files\ByteFence\Microsoft.Win32.TaskScheduler.dll
-15.4s C:\Program Files\ByteFence\rsEngineHelper.exe
-15.3s C:\Program Files\ByteFence\rsEngineHelper.exe.config
-15.3s C:\Program Files\ByteFence\Signatures.dat
-15.2s C:\Program Files\ByteFence\EULA.txt
-15.2s C:\Program Files\ByteFence\WhiteList.dat
-15.2s C:\Program Files\ByteFence\x64\
-15.2s C:\Program Files\ByteFence\x64\System.Data.SQLite.dll
-15.0s C:\Program Files\ByteFence\x86\
-15.0s C:\Program Files\ByteFence\x86\System.Data.SQLite.dll
-14.8s C:\Program Files\ByteFence\Uninstall.exe
-14.8s C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ByteFence Anti-Malware\
-14.8s C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ByteFence Anti-Malware\ByteFence Anti-Malware.lnk
-14.0s C:\Users\Jean-Marie\AppData\Local\{4533736F-619B-1FD7-0C03-3A3F286BC6A7}\
-13.9s C:\Users\Jean-Marie\AppData\LocalLow\Microsoft\Internet Explorer\Services\YahooProvidedSearch.ico
-13.8s C:\Users\Jean-Marie\AppData\Local\{4533736F-619B-1FD7-0C03-3A3F286BC6A7}\Sqlite3.dll
-13.1s C:\Users\Jean-Marie\AppData\Roaming\Mozilla\Firefox\Profiles\gl1x1oq0.default\searchplugins\Search Provided by Yahoo.xml
-11.8s C:\Program Files\Mozilla Firefox\browser\components\mrt.js
-11.3s C:\Users\Jean-Marie\AppData\Local\{4533736F-619B-1FD7-0C03-3A3F286BC6A7}\toce
-11.1s C:\Users\Jean-Marie\AppData\Local\{4533736F-619B-1FD7-0C03-3A3F286BC6A7}\info.dat
-10.6s C:\Users\Jean-Marie\AppData\Local\{4533736F-619B-1FD7-0C03-3A3F286BC6A7}\HowToRemove\
-10.6s C:\Users\Jean-Marie\AppData\Local\{4533736F-619B-1FD7-0C03-3A3F286BC6A7}\HowToRemove\control panel-min-min.JPG
-10.6s C:\Users\Jean-Marie\AppData\Local\{4533736F-619B-1FD7-0C03-3A3F286BC6A7}\HowToRemove\down.png
-10.6s C:\Users\Jean-Marie\AppData\Local\{4533736F-619B-1FD7-0C03-3A3F286BC6A7}\HowToRemove\ff menu.JPG
-10.6s C:\Users\Jean-Marie\AppData\Local\{4533736F-619B-1FD7-0C03-3A3F286BC6A7}\HowToRemove\ff search engine-min.png
-10.6s C:\Users\Jean-Marie\AppData\Local\{4533736F-619B-1FD7-0C03-3A3F286BC6A7}\HowToRemove\HowToRemove.html
-10.6s C:\Users\Jean-Marie\AppData\Local\{4533736F-619B-1FD7-0C03-3A3F286BC6A7}\HowToRemove\hp-min ff.png
-10.6s C:\Users\Jean-Marie\AppData\Local\{4533736F-619B-1FD7-0C03-3A3F286BC6A7}\HowToRemove\hp-min ie.png
-10.6s C:\Users\Jean-Marie\AppData\Local\{4533736F-619B-1FD7-0C03-3A3F286BC6A7}\HowToRemove\search engine.gif
-10.6s C:\Users\Jean-Marie\AppData\Local\{4533736F-619B-1FD7-0C03-3A3F286BC6A7}\HowToRemove\setup pages.gif
-10.6s C:\Users\Jean-Marie\AppData\Local\{4533736F-619B-1FD7-0C03-3A3F286BC6A7}\HowToRemove\sp-min.png
-10.6s C:\Users\Jean-Marie\AppData\Local\{4533736F-619B-1FD7-0C03-3A3F286BC6A7}\HowToRemove\start-min.jpg
-10.6s C:\Users\Jean-Marie\AppData\Local\{4533736F-619B-1FD7-0C03-3A3F286BC6A7}\HowToRemove\up.png
-10.6s C:\Users\Jean-Marie\AppData\Local\{4533736F-619B-1FD7-0C03-3A3F286BC6A7}\HowToRemove\chromium-min.jpg
-10.4s C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HowToRemove.html.lnk
-10.4s C:\Users\Jean-Marie\AppData\Local\{4533736F-619B-1FD7-0C03-3A3F286BC6A7}\install.log
-10.4s C:\Users\Jean-Marie\AppData\Local\{4533736F-619B-1FD7-0C03-3A3F286BC6A7}\uninst.dat
0.0s C:\Users\Jean-Marie\AppData\Local\{4533736F-619B-1FD7-0C03-3A3F286BC6A7}\uninstall.exe
0.6s C:\Program Files\ByteFence\Errors.dat
3.0s C:\Windows\Tasks\Scan de ByteFence.job
3.4s C:\Users\Jean-Marie\AppData\Local\Mozilla\Firefox\Profiles\gl1x1oq0.default\cache2\entries\33B0555E63C1C5E8A63C37B1B9D193F42DEA6A89
7.9s C:\Users\Jean-Marie\AppData\Local\Mozilla\Firefox\Profiles\gl1x1oq0.default\cache2\entries\03352F9CD1B4BAAF879AB1B51951ACD1C0ADCF18
8.0s C:\Users\Jean-Marie\AppData\Local\Mozilla\Firefox\Profiles\gl1x1oq0.default\cache2\entries\A94ECDC19AEA941F4EE567CBE5ED3601235A62DF
9.8s C:\Users\Jean-Marie\AppData\Local\{4533736F-619B-1FD7-0C03-3A3F286BC6A7}\config.dat
30.7s C:\Program Files\ByteFence\Logs\
30.7s C:\Program Files\ByteFence\Logs\Events\
31.2s C:\Program Files\ByteFence\Scans\
33.3s C:\Users\Jean-Marie\AppData\Local\Mozilla\Firefox\Profiles\gl1x1oq0.default\cache2\entries\65D5A065F9AA99F8C261D34ADE153AEC49AFE120
34.5s C:\Users\Jean-Marie\AppData\Local\Mozilla\Firefox\Profiles\gl1x1oq0.default\cache2\entries\168AE9214FA38AE8F08E0D1A9396B55AE973503A
34.5s C:\Users\Jean-Marie\AppData\Local\Mozilla\Firefox\Profiles\gl1x1oq0.default\cache2\entries\E42E3C3614A6A307A66833253C93D8AA880DAAF1
34.8s C:\Users\Jean-Marie\AppData\Local\Mozilla\Firefox\Profiles\gl1x1oq0.default\cache2\entries\83D6565881937EA3D25F69DA6A51B718D82FE542
34.8s C:\Users\Jean-Marie\AppData\Local\Mozilla\Firefox\Profiles\gl1x1oq0.default\cache2\entries\CC7D8BBCEC4D26824C1727DBA4BD505041716054
34.8s C:\Users\Jean-Marie\AppData\Local\Mozilla\Firefox\Profiles\gl1x1oq0.default\cache2\entries\BA79722CAF91D3115FE504EEE224A0BC3EEDD020
35.5s C:\Users\Jean-Marie\AppData\Local\Mozilla\Firefox\Profiles\gl1x1oq0.default\cache2\entries\7AFE295174A5A25F5D444AC0530169FF00368FEC
35.5s C:\Users\Jean-Marie\AppData\Local\Mozilla\Firefox\Profiles\gl1x1oq0.default\cache2\entries\4016E0026A6F882A4DAC9ECAAF5CE073F27872C1
36.3s C:\Users\Jean-Marie\AppData\Local\Mozilla\Firefox\Profiles\gl1x1oq0.default\cache2\entries\C68E4D858D9EACA264A04DA57DC3F6C701E18A02
36.4s C:\Users\Jean-Marie\AppData\Local\Mozilla\Firefox\Profiles\gl1x1oq0.default\cache2\entries\81E8110B6908FFC2E26F6BBBF8E8BF1193D3E1CA
36.4s C:\Users\Jean-Marie\AppData\Local\Mozilla\Firefox\Profiles\gl1x1oq0.default\cache2\entries\7BC5F40A359F955E04F5937AC20E758D53B35296

C:\Users\Jean-Marie\Desktop\THQ\unzacme_1_06.08.2015.1.exe -> Quarantined
Size . . . . . . . : 1 760 392 bytes
Age . . . . . . . : 0.2 days (2016-03-12 13:24:45)
Entropy . . . . . : 7.5
SHA-256 . . . . . : 36ACB85ECFDD7BA065CDADE83E85816384D992A75CD87FAABC808C706DBF417C
RSA Key Size . . . : 3072
Authenticode . . . : Self-signed
> Kaspersky . . . . : Trojan.Win32.Reconyc.etxv
Fuzzy . . . . . . : 119.0
Forensic Cluster
-88.8s C:\Users\Jean-Marie\AppData\Roaming\IObit\Smart Defrag 4\
-88.8s C:\Users\Jean-Marie\AppData\Roaming\IObit\Smart Defrag 4\Config.ini
-69.3s C:\Program Files (x86)\IObit\Smart Defrag 4\
-69.3s C:\Program Files (x86)\IObit\Smart Defrag 4\unins000.dat
-69.3s C:\Program Files (x86)\IObit\Smart Defrag 4\unins000.exe
-69.2s C:\Program Files (x86)\IObit\Smart Defrag 4\SendBugReportNew.exe
-68.9s C:\Program Files (x86)\IObit\Smart Defrag 4\vcl120.bpl
-68.7s C:\Program Files (x86)\IObit\Smart Defrag 4\vclx120.bpl
-68.7s C:\Program Files (x86)\IObit\Smart Defrag 4\rtl120.bpl
-68.6s C:\Program Files (x86)\IObit\Smart Defrag 4\sdassist.dll
-68.6s C:\Program Files (x86)\IObit\Smart Defrag 4\GameScaner.dll
-68.3s C:\Program Files (x86)\IObit\Smart Defrag 4\AUpdate.exe
-68.3s C:\Program Files (x86)\IObit\Smart Defrag 4\SDInstaller.exe
-67.9s C:\Program Files (x86)\IObit\Smart Defrag 4\DB\
-67.9s C:\Program Files (x86)\IObit\Smart Defrag 4\DB\Gamecore000.db
-67.8s C:\Program Files (x86)\IObit\Smart Defrag 4\DB\Gamecore001.db
-67.7s C:\Program Files (x86)\IObit\Smart Defrag 4\DB\Gamecore002.db
-67.7s C:\Program Files (x86)\IObit\Smart Defrag 4\DB\Gamecore003.db
-67.7s C:\Program Files (x86)\IObit\Smart Defrag 4\DB\Gamecore004.db
-67.7s C:\Program Files (x86)\IObit\Smart Defrag 4\DB\Gamecore005.db
-67.7s C:\Program Files (x86)\IObit\Smart Defrag 4\DB\gbupdater.ini
-67.7s C:\Program Files (x86)\IObit\Smart Defrag 4\Extension\
-67.7s C:\Program Files (x86)\IObit\Smart Defrag 4\Extension\IObitSmartDefragExtension_x64.dll
-67.6s C:\Program Files (x86)\IObit\Smart Defrag 4\Extension\IObitSmartDefragExtension_x86.dll
-67.6s C:\Program Files (x86)\IObit\Smart Defrag 4\skin\
-67.6s C:\Program Files (x86)\IObit\Smart Defrag 4\skin\classic.rcc
-67.6s C:\Program Files (x86)\IObit\Smart Defrag 4\skin\white.rcc
-67.5s C:\Program Files (x86)\IObit\Smart Defrag 4\Database\
-67.5s C:\Program Files (x86)\IObit\Smart Defrag 4\Database\PriTemp.dbd
-67.5s C:\Program Files (x86)\IObit\Smart Defrag 4\sqlite3.dll
-67.3s C:\Program Files (x86)\IObit\Smart Defrag 4\Language\
-67.3s C:\Program Files (x86)\IObit\Smart Defrag 4\Language\Albanian.lng
-67.3s C:\Program Files (x86)\IObit\Smart Defrag 4\Language\Arabic.lng
-67.3s C:\Program Files (x86)\IObit\Smart Defrag 4\Language\Armenian.lng
-67.3s C:\Program Files (x86)\IObit\Smart Defrag 4\Language\Belarusian.lng
-67.3s C:\Program Files (x86)\IObit\Smart Defrag 4\Language\Bosnian.lng
-67.3s C:\Program Files (x86)\IObit\Smart Defrag 4\Language\Bulgarian.lng
-67.3s C:\Program Files (x86)\IObit\Smart Defrag 4\Language\ChineseSimp.lng
-67.2s C:\Program Files (x86)\IObit\Smart Defrag 4\Language\ChineseTrad.lng
-67.2s C:\Program Files (x86)\IObit\Smart Defrag 4\Language\Croatian.lng
-67.2s C:\Program Files (x86)\IObit\Smart Defrag 4\Language\Czech.lng
-67.2s C:\Program Files (x86)\IObit\Smart Defrag 4\Language\Danish.lng
-67.2s C:\Program Files (x86)\IObit\Smart Defrag 4\Language\Dutch.lng
-67.2s C:\Program Files (x86)\IObit\Smart Defrag 4\Language\English.lng
-67.2s C:\Program Files (x86)\IObit\Smart Defrag 4\Language\Finnish.lng
-67.2s C:\Program Files (x86)\IObit\Smart Defrag 4\Language\French.lng
-67.2s C:\Program Files (x86)\IObit\Smart Defrag 4\Language\Georgian.lng
-67.2s C:\Program Files (x86)\IObit\Smart Defrag 4\Language\German.lng
-67.1s C:\Program Files (x86)\IObit\Smart Defrag 4\Language\Greek.lng
-67.1s C:\Program Files (x86)\IObit\Smart Defrag 4\Language\Hebrew.lng
-67.1s C:\Program Files (x86)\IObit\Smart Defrag 4\Language\Hungarian.lng
-67.1s C:\Program Files (x86)\IObit\Smart Defrag 4\Language\Indonesian.lng
-67.1s C:\Program Files (x86)\IObit\Smart Defrag 4\Language\Italian.lng
-67.1s C:\Program Files (x86)\IObit\Smart Defrag 4\Language\Japanese.lng
-67.1s C:\Program Files (x86)\IObit\Smart Defrag 4\Language\Korean.lng
-67.1s C:\Program Files (x86)\IObit\Smart Defrag 4\Language\Kurdish.lng
-67.1s C:\Program Files (x86)\IObit\Smart Defrag 4\Language\Malayalam.lng
-67.0s C:\Program Files (x86)\IObit\Smart Defrag 4\Language\Maltese.lng
-67.0s C:\Program Files (x86)\IObit\Smart Defrag 4\Language\Mongolian.lng
-67.0s C:\Program Files (x86)\IObit\Smart Defrag 4\Language\Polish.lng
-67.0s C:\Program Files (x86)\IObit\Smart Defrag 4\Language\Portuguese (PT-BR).lng
-67.0s C:\Program Files (x86)\IObit\Smart Defrag 4\Language\Portuguese (PT-PT).lng
-67.0s C:\Program Files (x86)\IObit\Smart Defrag 4\Language\Romanian.lng
-67.0s C:\Program Files (x86)\IObit\Smart Defrag 4\Language\Russian.lng
-67.0s C:\Program Files (x86)\IObit\Smart Defrag 4\Language\Serbian (Cyrillic).lng
-67.0s C:\Program Files (x86)\IObit\Smart Defrag 4\Language\Serbian (Latin).lng
-67.0s C:\Program Files (x86)\IObit\Smart Defrag 4\Language\Slovak.lng
-67.0s C:\Program Files (x86)\IObit\Smart Defrag 4\Language\Slovenian.lng
-67.0s C:\Program Files (x86)\IObit\Smart Defrag 4\Language\Spanish.lng
-66.9s C:\Program Files (x86)\IObit\Smart Defrag 4\Language\Swedish.lng
-66.9s C:\Program Files (x86)\IObit\Smart Defrag 4\Language\Thai.lng
-66.9s C:\Program Files (x86)\IObit\Smart Defrag 4\Language\Turkish.lng
-66.9s C:\Program Files (x86)\IObit\Smart Defrag 4\Language\Ukrainian.lng
-66.9s C:\Program Files (x86)\IObit\Smart Defrag 4\drivers\wxp_x86\
-66.9s C:\Program Files (x86)\IObit\Smart Defrag 4\drivers\wxp_x86\SmartDefragBootTime.exe
-66.9s C:\Program Files (x86)\IObit\Smart Defrag 4\Language\Vietnamese.lng
-66.9s C:\Program Files (x86)\IObit\Smart Defrag 4\drivers\
-66.8s C:\Program Files (x86)\IObit\Smart Defrag 4\drivers\wxp_x86\SmartDefragDriver.sys
-66.8s C:\Program Files (x86)\IObit\Smart Defrag 4\drivers\wxp_x64\
-66.8s C:\Program Files (x86)\IObit\Smart Defrag 4\drivers\wxp_x64\SmartDefragBootTime.exe
-66.8s C:\Program Files (x86)\IObit\Smart Defrag 4\drivers\wxp_x64\SmartDefragDriver.sys
-66.8s C:\Program Files (x86)\IObit\Smart Defrag 4\drivers\wnet_x86\
-66.8s C:\Program Files (x86)\IObit\Smart Defrag 4\drivers\wnet_x86\SmartDefragBootTime.exe
-66.8s C:\Program Files (x86)\IObit\Smart Defrag 4\drivers\wnet_x86\SmartDefragDriver.sys
-66.8s C:\Program Files (x86)\IObit\Smart Defrag 4\drivers\wnet_x64\
-66.8s C:\Program Files (x86)\IObit\Smart Defrag 4\drivers\wnet_x64\SmartDefragBootTime.exe
-66.8s C:\Program Files (x86)\IObit\Smart Defrag 4\drivers\wnet_x64\SmartDefragDriver.sys
-66.8s C:\Program Files (x86)\IObit\Smart Defrag 4\drivers\wlh_x86\
-66.8s C:\Program Files (x86)\IObit\Smart Defrag 4\drivers\wlh_x86\SmartDefragBootTime.exe
-66.8s C:\Program Files (x86)\IObit\Smart Defrag 4\drivers\wlh_x86\SmartDefragDriver.sys
-66.8s C:\Program Files (x86)\IObit\Smart Defrag 4\drivers\wlh_x64\
-66.8s C:\Program Files (x86)\IObit\Smart Defrag 4\drivers\wlh_x64\SmartDefragBootTime.exe
-66.7s C:\Program Files (x86)\IObit\Smart Defrag 4\drivers\wlh_x64\SmartDefragDriver.sys
-66.7s C:\Program Files (x86)\IObit\Smart Defrag 4\drivers\win7_x86\
-66.7s C:\Program Files (x86)\IObit\Smart Defrag 4\drivers\win7_x86\SmartDefragBootTime.exe
-66.7s C:\Program Files (x86)\IObit\Smart Defrag 4\drivers\win7_x86\SmartDefragDriver.sys
-66.7s C:\Program Files (x86)\IObit\Smart Defrag 4\drivers\win7_x64\
-66.7s C:\Program Files (x86)\IObit\Smart Defrag 4\drivers\win7_x64\SmartDefragBootTime.exe
-66.7s C:\Program Files (x86)\IObit\Smart Defrag 4\drivers\win7_x64\SmartDefragDriver.sys
-66.7s C:\Program Files (x86)\IObit\Smart Defrag 4\drivers\win8_x86\
-66.7s C:\Program Files (x86)\IObit\Smart Defrag 4\drivers\win8_x86\SmartDefragBootTime.exe
-66.7s C:\Program Files (x86)\IObit\Smart Defrag 4\drivers\win8_x86\SmartDefragDriver.sys
-66.7s C:\Program Files (x86)\IObit\Smart Defrag 4\drivers\win8_x64\
-66.7s C:\Program Files (x86)\IObit\Smart Defrag 4\drivers\win8_x64\SmartDefragBootTime.exe
-66.6s C:\Program Files (x86)\IObit\Smart Defrag 4\drivers\win8_x64\SmartDefragDriver.sys
-66.6s C:\Program Files (x86)\IObit\Smart Defrag 4\drivers\win10_x86\
-66.6s C:\Program Files (x86)\IObit\Smart Defrag 4\drivers\win10_x86\SmartDefragBootTime.exe
-66.6s C:\Program Files (x86)\IObit\Smart Defrag 4\drivers\win10_x86\SmartDefragDriver.sys
-66.6s C:\Program Files (x86)\IObit\Smart Defrag 4\drivers\win10_x64\
-66.6s C:\Program Files (x86)\IObit\Smart Defrag 4\drivers\win10_x64\SmartDefragBootTime.exe
-66.6s C:\Program Files (x86)\IObit\Smart Defrag 4\NtfsData.dll
-66.6s C:\Program Files (x86)\IObit\Smart Defrag 4\drivers\win10_x64\SmartDefragDriver.sys
-66.6s C:\Program Files (x86)\IObit\Smart Defrag 4\SDDriverMgr.dll
-66.6s C:\Program Files (x86)\IObit\Smart Defrag 4\SmartDefrag.exe
-66.0s C:\Program Files (x86)\IObit\Smart Defrag 4\SDInit.exe
-65.8s C:\Program Files (x86)\IObit\Smart Defrag 4\taskMgr.dll
-65.8s C:\Program Files (x86)\IObit\Smart Defrag 4\sdcore.dll
-65.7s C:\Program Files (x86)\IObit\Smart Defrag 4\sdlib.dll
-65.7s C:\Program Files (x86)\IObit\Smart Defrag 4\webres.dll
-65.6s C:\Program Files (x86)\IObit\Smart Defrag 4\LocalLang.exe
-65.5s C:\Program Files (x86)\IObit\Smart Defrag 4\winid.dat
-65.5s C:\Program Files (x86)\IObit\Smart Defrag 4\ReProcess.exe
-65.5s C:\Program Files (x86)\IObit\Smart Defrag 4\ProductStatistics.dll
-65.4s C:\Program Files (x86)\IObit\Smart Defrag 4\AutoUpdate.exe
-65.2s C:\Program Files (x86)\IObit\Smart Defrag 4\UninstallPromote.exe
-64.9s C:\Program Files (x86)\IObit\Smart Defrag 4\ActionCenterDownloader.exe
-64.7s C:\Program Files (x86)\IObit\Smart Defrag 4\Update\
-64.7s C:\Program Files (x86)\IObit\Smart Defrag 4\Update\freeware.ini
-64.6s C:\Program Files (x86)\IObit\Smart Defrag 4\Update History.txt
-64.6s C:\Program Files (x86)\IObit\Smart Defrag 4\EULA.rtf
-64.6s C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag 4\
-64.4s C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag 4\Smart Defrag 4.lnk
-64.4s C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag 4\Désinstaller Smart Defrag 4.lnk
-64.4s C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag 4\Smart Defrag Home Page.url
-64.4s C:\Users\Jean-Marie\Desktop\THQ\Smart Defrag 4.lnk
-64.3s C:\Program Files (x86)\IObit\Smart Defrag 4\unins000.msg
-64.0s C:\Windows\System32\Drivers\SmartDefragDriver.sys
-63.9s C:\Program Files (x86)\IObit\Smart Defrag 4\Lang.dat
-62.7s C:\Users\Jean-Marie\AppData\Local\Mozilla\Firefox\Profiles\gl1x1oq0.default\cache2\entries\917C21E7ADD8901ACE3B7CEF3A9C8A1811BA13EB
-61.9s C:\Windows\System32\SmartDefragBootTime.exe
-61.0s C:\Windows\System32\IObitSmartDefragExtension.dll
-60.0s C:\Users\Jean-Marie\AppData\Local\Mozilla\Firefox\Profiles\gl1x1oq0.default\cache2\entries\658C8D6139C83EDA979988C640635518B3F51C3D
-45.8s C:\ProgramData\IObit\ASCDownloader\Downloader.log
-45.7s C:\Program Files (x86)\IObit\Smart Defrag 4\Temp\
-38.9s C:\Users\Jean-Marie\AppData\Local\Mozilla\Firefox\Profiles\gl1x1oq0.default\cache2\entries\A04543613775308C89CD9EC227FE97F77EF0B640
-15.4s C:\ProgramData\IObit\ASCDownloader\SD4\
-15.4s C:\ProgramData\IObit\ASCDownloader\SD4Downloader.log
-14.9s C:\ProgramData\IObit\ASCDownloader\SD4\Freeware.dat
-14.3s C:\Users\Jean-Marie\AppData\Local\Mozilla\Firefox\Profiles\gl1x1oq0.default\cache2\entries\A7523EDEAF0D9F5F724CC4C7909F36B1D4E1D33C
-14.1s C:\Users\Jean-Marie\AppData\Local\Mozilla\Firefox\Profiles\gl1x1oq0.default\cache2\entries\A473A305C90EB5F88E9D4FD01363FE50D9E913C3
-14.0s C:\Program Files (x86)\IObit\Smart Defrag 4\ActionCenter2.log
-13.7s C:\Program Files (x86)\IObit\Smart Defrag 4\LatestNews\
-13.7s C:\Program Files (x86)\IObit\Smart Defrag 4\LatestNews\LatestNews.ini
-13.7s C:\Users\Jean-Marie\AppData\Roaming\IObit\Smart Defrag 4\LocalGames.ini
-13.5s C:\Users\Jean-Marie\AppData\Local\Mozilla\Firefox\Profiles\gl1x1oq0.default\cache2\entries\B50C1222D421B7D1CD537EB8BDBB96ADC276EE12
-13.4s C:\ProgramData\IObit\ASCDownloader\SD4\Driver Booster 3.exe
-12.9s C:\Users\Jean-Marie\AppData\Local\Mozilla\Firefox\Profiles\gl1x1oq0.default\cache2\entries\B3D603B294C4B613E286E305AE528735E91E1052
-12.8s C:\Users\Jean-Marie\AppData\Local\Mozilla\Firefox\Profiles\gl1x1oq0.default\cache2\entries\F4E3F72B782AA66C4FD62CD332DBEA2A114BE0EB
-12.8s C:\Users\Jean-Marie\AppData\Local\Mozilla\Firefox\Profiles\gl1x1oq0.default\cache2\entries\CD2E3ACFB983DE3AF6C4DA8D5664AD37A61D228D
-12.8s C:\Users\Jean-Marie\AppData\Local\Mozilla\Firefox\Profiles\gl1x1oq0.default\cache2\entries\FF61F0EB8E2A011AF94DE83637AC6EAF9D62DEAD
-12.8s C:\Users\Jean-Marie\AppData\Local\Mozilla\Firefox\Profiles\gl1x1oq0.default\cache2\entries\24AF265C6F2D1EAFEF700335F626BA8A22835198
-12.8s C:\Users\Jean-Marie\AppData\Local\Mozilla\Firefox\Profiles\gl1x1oq0.default\cache2\entries\168D78200118E723CED1F4E6F4550ED11D02FE8E
-12.8s C:\Users\Jean-Marie\AppData\Local\Mozilla\Firefox\Profiles\gl1x1oq0.default\cache2\entries\1CB37D87AE1CC2550434523E8EAA75786560B3EA
-12.2s C:\Users\Jean-Marie\AppData\Local\Mozilla\Firefox\Profiles\gl1x1oq0.default\cache2\entries\DB1B0E454A2D02F4B128F0AF3C05286FB43E8C82
-12.2s C:\Users\Jean-Marie\AppData\Local\Mozilla\Firefox\Profiles\gl1x1oq0.default\cache2\entries\2D98AF82C5CBF51E6B091FCD7B69AA8F3D3F1872
-12.1s C:\Users\Jean-Marie\AppData\Local\Mozilla\Firefox\Profiles\gl1x1oq0.default\cache2\entries\FDF8F78BB127AF7A41A2F79E58D797ECB3277E3A
-11.7s C:\Users\Jean-Marie\AppData\Local\Mozilla\Firefox\Profiles\gl1x1oq0.default\cache2\entries\E983DBB8E9C7DDCC4E7F0304B4B26C623383DBAB
-11.7s C:\Users\Jean-Marie\AppData\Local\Mozilla\Firefox\Profiles\gl1x1oq0.default\cache2\entries\3E2FABA4AA531F154A6810A85A67A229E11667E0
-11.6s C:\Users\Jean-Marie\AppData\Local\Mozilla\Firefox\Profiles\gl1x1oq0.default\cache2\entries\A2D2124D31E16333DA5EF75920B59AEFF937274A
-10.2s C:\Users\Jean-Marie\AppData\Local\Mozilla\Firefox\Profiles\gl1x1oq0.default\cache2\entries\213EA196EFEB28C552F86FA99504EC0EC3BF3EA2
-8.3s C:\Users\Jean-Marie\AppData\Roaming\IObit\Smart Defrag 4\FileList.ini
-7.3s C:\Program Files (x86)\IObit\Smart Defrag 4\LatestNews\imagenews.png
-7.1s C:\Program Files (x86)\IObit\Smart Defrag 4\LatestNews\imagenews_B.png
-7.1s C:\Program Files (x86)\IObit\Smart Defrag 4\AutoUpdate.log
-6.8s C:\Program Files (x86)\IObit\Smart Defrag 4\UserGame.ini
-6.8s C:\ProgramData\ProductData\sd4Stat.ini
-6.8s C:\Users\Jean-Marie\AppData\Roaming\IObit\Smart Defrag 4\CustomGame.ini
-5.7s C:\Users\Jean-Marie\AppData\Local\Mozilla\Firefox\Profiles\gl1x1oq0.default\cache2\entries\FD475C0870617209FC75EFFC51844AD180386CFA
-5.2s C:\Users\Jean-Marie\AppData\Local\Mozilla\Firefox\Profiles\gl1x1oq0.default\cache2\entries\EA0A973469C83834CDBE2A70D1E0F8D0EE238E8B
-5.0s C:\Users\Jean-Marie\AppData\Local\Mozilla\Firefox\Profiles\gl1x1oq0.default\cache2\entries\9984A20B30885A9A9B611A4AC619ADBA98FFFF19
-4.8s C:\Program Files (x86)\IObit\Smart Defrag 4\Update\Update.ini
-2.0s C:\Program Files (x86)\IObit\Smart Defrag 4\SDFreeBigUpgrade.exe
0.0s C:\Users\Jean-Marie\Desktop\THQ\unzacme_1_06.08.2015.1.exe
13.7s C:\Program Files (x86)\IObit\Driver Booster\
13.7s C:\Program Files (x86)\IObit\Driver Booster\unins000.dat
13.7s C:\Program Files (x86)\IObit\Driver Booster\unins000.exe
13.7s C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
14.3s C:\Program Files (x86)\IObit\Driver Booster\Scanner.dll
14.3s C:\Program Files (x86)\IObit\Driver Booster\DrvInstall\
14.3s C:\Program Files (x86)\IObit\Driver Booster\DrvInstall\DbzInst.dll
14.3s C:\Program Files (x86)\IObit\Driver Booster\DrvInstall\DpInstX32.exe
14.4s C:\Program Files (x86)\IObit\Driver Booster\DrvInstall\DpInstX64.exe
14.5s C:\Program Files (x86)\IObit\Driver Booster\Register.dll
14.6s C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe
14.9s C:\Program Files (x86)\IObit\Driver Booster\FaultFixes.exe
15.1s C:\Program Files (x86)\IObit\Driver Booster\Scheduler.exe
15.2s C:\Program Files (x86)\IObit\Driver Booster\SetupHlp.exe
15.3s C:\Program Files (x86)\IObit\Driver Booster\ScanDisp.exe
15.3s C:\Program Files (x86)\IObit\Driver Booster\InstStat.exe
15.4s C:\Users\Jean-Marie\AppData\Local\Mozilla\Firefox\Profiles\gl1x1oq0.default\cache2\entries\FCDB8C9FB75971D148F19CD61BA5DEF70D12BB25
15.4s C:\Program Files (x86)\IObit\Driver Booster\Promote.exe
15.6s C:\Program Files (x86)\IObit\Driver Booster\Backup.exe
15.7s C:\Program Files (x86)\IObit\Driver Booster\ChangeIcon.exe
15.7s C:\Program Files (x86)\IObit\Driver Booster\AUpdate.exe
15.7s C:\Program Files (x86)\IObit\Driver Booster\DBDownloader.exe
15.9s C:\Program Files (x86)\IObit\Driver Booster\NoteIcon.exe
15.9s C:\Program Files (x86)\IObit\Driver Booster\Bugreport.exe
16.0s C:\Program Files (x86)\IObit\Driver Booster\Cmpnt.dll
16.0s C:\Program Files (x86)\IObit\Driver Booster\SQLite3.dll
16.1s C:\Program Files (x86)\IObit\Driver Booster\TaskMgr.dll
16.1s C:\Program Files (x86)\IObit\Driver Booster\SysRest.dll
16.1s C:\Program Files (x86)\IObit\Driver Booster\DataState.dll
16.1s C:\Program Files (x86)\IObit\Driver Booster\WebRes.dll
16.2s C:\Program Files (x86)\IObit\Driver Booster\MsgBoxEx.dll
16.3s C:\Program Files (x86)\IObit\Driver Booster\GameCheck.dll
16.4s C:\Program Files (x86)\IObit\Driver Booster\CommStat.dll
16.4s C:\Program Files (x86)\IObit\Driver Booster\Zip.dll
16.5s C:\Program Files (x86)\IObit\Driver Booster\HTMLayout.dll
16.7s C:\Program Files (x86)\IObit\Driver Booster\rtl120.bpl
16.8s C:\Program Files (x86)\IObit\Driver Booster\vcl120.bpl
17.1s C:\Program Files (x86)\IObit\Driver Booster\vclx120.bpl
17.1s C:\Program Files (x86)\IObit\Driver Booster\madBasic_.bpl
17.1s C:\Program Files (x86)\IObit\Driver Booster\madDisAsm_.bpl
17.1s C:\Program Files (x86)\IObit\Driver Booster\madExcept_.bpl
17.2s C:\Program Files (x86)\IObit\Driver Booster\DpInst\
17.2s C:\Program Files (x86)\IObit\Driver Booster\DpInst\x86\
17.2s C:\Program Files (x86)\IObit\Driver Booster\DpInst\x86\dpinst.exe
17.3s C:\Program Files (x86)\IObit\Driver Booster\DpInst\x64\
17.3s C:\Program Files (x86)\IObit\Driver Booster\DpInst\x64\dpinst.exe
17.4s C:\Program Files (x86)\IObit\Driver Booster\DrvInstall\DIFxAPI32.dll
17.4s C:\Program Files (x86)\IObit\Driver Booster\DrvInstall\DIFxAPI64.dll
17.5s C:\Program Files (x86)\IObit\Driver Booster\DrvInstall\SetVolume32.dll
17.5s C:\Program Files (x86)\IObit\Driver Booster\DrvInstall\SetVolume64.dll
17.5s C:\Program Files (x86)\IObit\Driver Booster\HWiNFO\
17.5s C:\Program Files (x86)\IObit\Driver Booster\HWiNFO\HWiNFO32.dll
17.7s C:\Program Files (x86)\IObit\Driver Booster\HWiNFO\HWiNFO.exe
17.7s C:\Program Files (x86)\IObit\Driver Booster\TaskbarPin\
17.7s C:\Program Files (x86)\IObit\Driver Booster\TaskbarPin\ICONPIN32.exe
17.8s C:\Program Files (x86)\IObit\Driver Booster\TaskbarPin\ICONPIN32.dll
17.8s C:\Program Files (x86)\IObit\Driver Booster\TaskbarPin\ICONPIN64.exe
17.9s C:\Program Files (x86)\IObit\Driver Booster\TaskbarPin\ICONPIN64.dll
17.9s C:\Program Files (x86)\IObit\Driver Booster\Database\
17.9s C:\Program Files (x86)\IObit\Driver Booster\Database\Games\
17.9s C:\Program Files (x86)\IObit\Driver Booster\Database\Games\GamecoreList.ini
17.9s C:\Program Files (x86)\IObit\Driver Booster\Database\Games\GameStore.db
18.1s C:\Program Files (x86)\IObit\Driver Booster\Database\Scan\
18.2s C:\Program Files (x86)\IObit\Driver Booster\HTMLayout\
18.2s C:\Program Files (x86)\IObit\Driver Booster\HTMLayout\compares.html
18.2s C:\Program Files (x86)\IObit\Driver Booster\HTMLayout\compares1.html
18.2s C:\Program Files (x86)\IObit\Driver Booster\HTMLayout\compares2.html
18.2s C:\Program Files (x86)\IObit\Driver Booster\HTMLayout\embed.html
18.2s C:\Program Files (x86)\IObit\Driver Booster\HTMLayout\features.html
18.2s C:\Program Files (x86)\IObit\Driver Booster\HTMLayout\mask.html
18.2s C:\Program Files (x86)\IObit\Driver Booster\HTMLayout\Update.ini
18.2s C:\Program Files (x86)\IObit\Driver Booster\HTMLayout\Version.ini
18.2s C:\Program Files (x86)\IObit\Driver Booster\HTMLayout\data\
18.3s C:\Program Files (x86)\IObit\Driver Booster\HTMLayout\data\compares-data.html
18.3s C:\Program Files (x86)\IObit\Driver Booster\HTMLayout\data\compares-lang.html
18.3s C:\Program Files (x86)\IObit\Driver Booster\HTMLayout\data\compares1-data.html
18.3s C:\Program Files (x86)\IObit\Driver Booster\HTMLayout\data\compares2-data.html
18.3s C:\Program Files (x86)\IObit\Driver Booster\HTMLayout\data\embed-data.html
18.3s C:\Program Files (x86)\IObit\Driver Booster\HTMLayout\data\embed-lang.html
18.3s C:\Program Files (x86)\IObit\Driver Booster\HTMLayout\data\features-data.html
18.3s C:\Program Files (x86)\IObit\Driver Booster\HTMLayout\data\features-lang.html
18.3s C:\Program Files (x86)\IObit\Driver Booster\HTMLayout\data\mask-data.html
18.3s C:\Program Files (x86)\IObit\Driver Booster\HTMLayout\style\
18.3s C:\Program Files (x86)\IObit\Driver Booster\HTMLayout\style\compares-black.css
18.4s C:\Program Files (x86)\IObit\Driver Booster\HTMLayout\style\compares-extend-black.css
18.5s C:\Program Files (x86)\IObit\Driver Booster\HTMLayout\style\compares-extend-inter.css
18.6s C:\Program Files (x86)\IObit\Driver Booster\HTMLayout\style\compares-extend-white.css
18.6s C:\Program Files (x86)\IObit\Driver Booster\HTMLayout\style\compares-inter.css
18.6s C:\Program Files (x86)\IObit\Driver Booster\HTMLayout\style\compares-white.css
18.6s C:\Program Files (x86)\IObit\Driver Booster\HTMLayout\style\embed-black.css
18.6s C:\Program Files (x86)\IObit\Driver Booster\HTMLayout\style\embed-inter.css
18.6s C:\Program Files (x86)\IObit\Driver Booster\HTMLayout\style\embed-white.css
18.6s C:\Program Files (x86)\IObit\Driver Booster\HTMLayout\style\features-black.css
18.6s C:\Program Files (x86)\IObit\Driver Booster\HTMLayout\style\features-inter.css
18.6s C:\Program Files (x86)\IObit\Driver Booster\HTMLayout\style\features-white.css
18.6s C:\Program Files (x86)\IObit\Driver Booster\HTMLayout\style\mask-black.css
18.6s C:\Program Files (x86)\IObit\Driver Booster\HTMLayout\style\mask-inter.css
18.7s C:\Program Files (x86)\IObit\Driver Booster\HTMLayout\style\mask-white.css
18.7s C:\Program Files (x86)\IObit\Driver Booster\HTMLayout\images\
18.7s C:\Program Files (x86)\IObit\Driver Booster\HTMLayout\images\boxshot.png
18.7s C:\Program Files (x86)\IObit\Driver Booster\HTMLayout\images\btn_close.png
18.7s C:\Program Files (x86)\IObit\Driver Booster\HTMLayout\images\icon_cart.png
18.7s C:\Program Files (x86)\IObit\Driver Booster\HTMLayout\images\icon_feature_1.png
18.7s C:\Program Files (x86)\IObit\Driver Booster\HTMLayout\images\icon_feature_2.png
18.7s C:\Program Files (x86)\IObit\Driver Booster\HTMLayout\images\icon_feature_3.png
18.7s C:\Program Files (x86)\IObit\Driver Booster\HTMLayout\images\icon_feature_4.png
18.7s C:\Program Files (x86)\IObit\Driver Booster\HTMLayout\images\icon_feature_inter_1.png
18.7s C:\Program Files (x86)\IObit\Driver Booster\HTMLayout\images\icon_feature_inter_2.png
18.7s C:\Program Files (x86)\IObit\Driver Booster\HTMLayout\images\icon_feature_inter_3.png
18.8s C:\Program Files (x86)\IObit\Driver Booster\HTMLayout\images\icon_feature_inter_4.png
18.8s C:\Program Files (x86)\IObit\Driver Booster\HTMLayout\images\icon_feature_white_1.png
18.8s C:\Program Files (x86)\IObit\Driver Booster\HTMLayout\images\icon_feature_white_2.png
18.8s C:\Program Files (x86)\IObit\Driver Booster\HTMLayout\images\icon_feature_white_3.png
18.8s C:\Program Files (x86)\IObit\Driver Booster\HTMLayout\images\icon_feature_white_4.png
18.8s C:\Program Files (x86)\IObit\Driver Booster\HTMLayout\images\icon_list_1.png
18.8s C:\Program Files (x86)\IObit\Driver Booster\HTMLayout\images\icon_list_2.png
18.8s C:\Program Files (x86)\IObit\Driver Booster\HTMLayout\images\icon_list_3.png
18.8s C:\Program Files (x86)\IObit\Driver Booster\HTMLayout\images\icon_list_4.png
18.8s C:\Program Files (x86)\IObit\Driver Booster\HTMLayout\images\icon_list_5.png
18.8s C:\Program Files (x86)\IObit\Driver Booster\HTMLayout\images\icon_list_6.png
18.8s C:\Program Files (x86)\IObit\Driver Booster\HTMLayout\images\icon_list_7.png
18.9s C:\Program Files (x86)\IObit\Driver Booster\HTMLayout\images\icon_moneyback.png
18.9s C:\Program Files (x86)\IObit\Driver Booster\HTMLayout\images\icon_support_1.png
18.9s C:\Program Files (x86)\IObit\Driver Booster\HTMLayout\images\icon_support_2.png
18.9s C:\Program Files (x86)\IObit\Driver Booster\HTMLayout\images\icon_support_3.png
18.9s C:\Program Files (x86)\IObit\Driver Booster\HTMLayout\images\icon_support_4.png
18.9s C:\Program Files (x86)\IObit\Driver Booster\HTMLayout\images\splitline-u.png
18.9s C:\Program Files (x86)\IObit\Driver Booster\HTMLayout\images\splitline-w.png
18.9s C:\Program Files (x86)\IObit\Driver Booster\HTMLayout\images\splitline.png
18.9s C:\Program Files (x86)\IObit\Driver Booster\EULA.rtf
18.9s C:\Program Files (x86)\IObit\Driver Booster\History.txt
18.9s C:\Program Files (x86)\IObit\Driver Booster\Skin\
18.9s C:\Program Files (x86)\IObit\Driver Booster\Skin\black.rcc
19.0s C:\Program Files (x86)\IObit\Driver Booster\Skin\inter.rcc
19.2s C:\Program Files (x86)\IObit\Driver Booster\Skin\public.rcc
19.2s C:\Program Files (x86)\IObit\Driver Booster\Skin\white.rcc
19.3s C:\Program Files (x86)\IObit\Driver Booster\Icons\
19.3s C:\Program Files (x86)\IObit\Driver Booster\Icons\Main\
19.3s C:\Program Files (x86)\IObit\Driver Booster\Icons\Main\0.ico
19.3s C:\Program Files (x86)\IObit\Driver Booster\Icons\Main\1.ico
19.4s C:\Program Files (x86)\IObit\Driver Booster\Icons\Main\10.ico
19.4s C:\Program Files (x86)\IObit\Driver Booster\Icons\Main\2.ico
19.4s C:\Program Files (x86)\IObit\Driver Booster\Icons\Main\3.ico
19.4s C:\Program Files (x86)\IObit\Driver Booster\Icons\Main\4.ico
19.4s C:\Program Files (x86)\IObit\Driver Booster\Icons\Main\5.ico
19.5s C:\Program Files (x86)\IObit\Driver Booster\Icons\Main\6.ico
19.5s C:\Program Files (x86)\IObit\Driver Booster\Icons\Main\7.ico
19.5s C:\Program Files (x86)\IObit\Driver Booster\Icons\Main\8.ico
19.5s C:\Program Files (x86)\IObit\Driver Booster\Icons\Main\9.ico
19.5s C:\Program Files (x86)\IObit\Driver Booster\Icons\GameApp\
19.5s C:\Program Files (x86)\IObit\Driver Booster\Icons\GameApp\air.png
19.5s C:\Program Files (x86)\IObit\Driver Booster\Icons\GameApp\directx.png
19.6s C:\Program Files (x86)\IObit\Driver Booster\Icons\GameApp\flash.png
19.6s C:\Program Files (x86)\IObit\Driver Booster\Icons\GameApp\jre.png
19.6s C:\Program Files (x86)\IObit\Driver Booster\Icons\GameApp\null.png
19.6s C:\Program Files (x86)\IObit\Driver Booster\Icons\GameApp\openal.png
19.6s C:\Program Files (x86)\IObit\Driver Booster\Icons\GameApp\physx.png
19.6s C:\Program Files (x86)\IObit\Driver Booster\Icons\GameApp\shockwave.png
19.6s C:\Program Files (x86)\IObit\Driver Booster\Icons\GameApp\unity3d.png
19.6s C:\Program Files (x86)\IObit\Driver Booster\Icons\GameApp\vcrt2008.png
19.6s C:\Program Files (x86)\IObit\Driver Booster\Icons\GameApp\vcrt2010.png
19.6s C:\Program Files (x86)\IObit\Driver Booster\Icons\GameApp\vcrt2012.png
19.6s C:\Program Files (x86)\IObit\Driver Booster\Language\
19.6s C:\Program Files (x86)\IObit\Driver Booster\Language\Albanian.lng
19.6s C:\Program Files (x86)\IObit\Driver Booster\Language\Arabic.lng
19.7s C:\Program Files (x86)\IObit\Driver Booster\Language\Belarusian.lng
19.7s C:\Program Files (x86)\IObit\Driver Booster\Language\Bosnian.lng
19.7s C:\Program Files (x86)\IObit\Driver Booster\Language\Bulgarian.lng
19.7s C:\Program Files (x86)\IObit\Driver Booster\Language\Catalan.lng
19.7s C:\Program Files (x86)\IObit\Driver Booster\Language\ChineseSimp.lng
19.7s C:\Program Files (x86)\IObit\Driver Booster\Language\ChineseTrad.lng
19.7s C:\Program Files (x86)\IObit\Driver Booster\Language\Czech.lng
19.7s C:\Program Files (x86)\IObit\Driver Booster\Language\Danish.lng
19.7s C:\Program Files (x86)\IObit\Driver Booster\Language\Dutch.lng
19.8s C:\Program Files (x86)\IObit\Driver Booster\Language\English.lng
19.8s C:\Program Files (x86)\IObit\Driver Booster\Language\Finnish.lng
19.8s C:\Program Files (x86)\IObit\Driver Booster\Language\French.lng
19.8s C:\Program Files (x86)\IObit\Driver Booster\Language\Georgian.lng
19.8s C:\Program Files (x86)\IObit\Driver Booster\Language\German.lng
19.8s C:\Program Files (x86)\IObit\Driver Booster\Language\Greek.lng
19.8s C:\Program Files (x86)\IObit\Driver Booster\Language\Hebrew.lng
19.9s C:\Program Files (x86)\IObit\Driver Booster\Language\Hungarian.lng
19.9s C:\Program Files (x86)\IObit\Driver Booster\Language\Indonesian.lng
19.9s C:\Program Files (x86)\IObit\Driver Booster\Language\Italian.lng
19.9s C:\Program Files (x86)\IObit\Driver Booster\Language\Japanese.lng
19.9s C:\Program Files (x86)\IObit\Driver Booster\Language\Korean.lng
19.9s C:\Program Files (x86)\IObit\Driver Booster\Language\Latvian.lng
19.9s C:\Program Files (x86)\IObit\Driver Booster\Language\Malayalam.lng
20.0s C:\Program Files (x86)\IObit\Driver Booster\Language\Maltese.lng
20.0s C:\Program Files (x86)\IObit\Driver Booster\Language\Mongolian.lng
20.0s C:\Program Files (x86)\IObit\Driver Booster\Language\Norwegian.lng
20.0s C:\Program Files (x86)\IObit\Driver Booster\Language\Persian.lng
20.0s C:\Program Files (x86)\IObit\Driver Booster\Language\Polish.lng
20.0s C:\Program Files (x86)\IObit\Driver Booster\Language\Portuguese (PT-BR).lng
20.0s C:\Program Files (x86)\IObit\Driver Booster\Language\Portuguese (PT-PT).lng
20.0s C:\Program Files (x86)\IObit\Driver Booster\Language\Romanian.lng
20.1s C:\Program Files (x86)\IObit\Driver Booster\Language\Russian.lng
20.1s C:\Program Files (x86)\IObit\Driver Booster\Language\Serbian (Cyrillic).lng
20.1s C:\Program Files (x86)\IObit\Driver Booster\Language\Serbian (Latin).lng
20.1s C:\Program Files (x86)\IObit\Driver Booster\Language\Slovak.lng
20.1s C:\Program Files (x86)\IObit\Driver Booster\Language\Slovenian.lng
20.1s C:\Program Files (x86)\IObit\Driver Booster\Language\Spanish.lng
20.2s C:\Program Files (x86)\IObit\Driver Booster\Language\Swedish.lng
20.2s C:\Program Files (x86)\IObit\Driver Booster\Language\Thai.lng
20.2s C:\Program Files (x86)\IObit\Driver Booster\Language\Turkish.lng
20.2s C:\Program Files (x86)\IObit\Driver Booster\Language\Ukrainian.lng
20.2s C:\Program Files (x86)\IObit\Driver Booster\Language\Vietnamese.lng
20.2s C:\Program Files (x86)\IObit\Driver Booster\LocalData\
20.2s C:\Program Files (x86)\IObit\Driver Booster\LocalData\Apps.ini
20.3s C:\Program Files (x86)\IObit\Driver Booster\LocalData\IconState.ini
20.3s C:\Program Files (x86)\IObit\Driver Booster\LocalData\InstConf.ini
20.3s C:\Program Files (x86)\IObit\Driver Booster\LocalData\RqstFilter.ini
20.3s C:\Program Files (x86)\IObit\Driver Booster\LocalData\Scheduler.ini
20.3s C:\Program Files (x86)\IObit\Driver Booster\LocalData\Vendor.ini
20.3s C:\Program Files (x86)\IObit\Driver Booster\LocalData\WhiteList.ini
20.3s C:\Program Files (x86)\IObit\Driver Booster\Update\
20.3s C:\Program Files (x86)\IObit\Driver Booster\IObitDownloader.exe
20.6s C:\Program Files (x86)\IObit\Driver Booster\local.dat
20.8s C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 3\
20.9s C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 3\Driver Booster 3.lnk
21.0s C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 3\Désinstaller Driver Booster 3.lnk
21.0s C:\Users\Jean-Marie\Desktop\THQ\Driver Booster 3.lnk
21.1s C:\Program Files (x86)\IObit\Driver Booster\Driver Booster 3.lnk
21.1s C:\Program Files (x86)\IObit\Driver Booster\unins000.msg
21.3s C:\Users\Jean-Marie\AppData\Roaming\IObit\Driver Booster\
21.4s C:\Users\Jean-Marie\AppData\Roaming\IObit\Driver Booster\Config.ini
21.5s C:\Program Files (x86)\IObit\Driver Booster\InnoSetup.log
21.6s C:\Users\Jean-Marie\AppData\Local\Mozilla\Firefox\Profiles\gl1x1oq0.default\cache2\entries\B604BCB1EA17F5A0637069DDE76AD850A40989D4
23.2s C:\ProgramData\IObit\Driver Booster\
23.2s C:\ProgramData\IObit\Driver Booster\License\
23.2s C:\Program Files (x86)\IObit\Driver Booster\Download\
23.2s C:\Program Files (x86)\IObit\Driver Booster\Backups\
23.2s C:\Users\Jean-Marie\AppData\Roaming\IObit\Driver Booster\Logs\
23.9s C:\Program Files (x86)\IObit\Driver Booster\LocalData\Config.ini
25.1s C:\Users\Jean-Marie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Driver Booster 3.lnk
26.0s C:\ProgramData\IObit\ASCDownloader\SD4\Driver Booster 3.exe.dat
26.9s C:\Users\Jean-Marie\AppData\Roaming\IObit\Driver Booster\Logs\Install\
26.9s C:\Users\Jean-Marie\AppData\Roaming\IObit\Driver Booster\Logs\Install\DbzInst.log
26.9s C:\Program Files (x86)\IObit\Driver Booster\ScanData\
28.7s C:\Windows\Tasks\Driver Booster SkipUAC (Jean-Marie).job
32.2s C:\Users\Jean-Marie\AppData\Roaming\IObit\Driver Booster\Logs\Main\
32.2s C:\Users\Jean-Marie\AppData\Roaming\IObit\Driver Booster\Logs\Main\20160312.log
32.9s C:\Windows\Tasks\Driver Booster Scheduler.job
32.9s C:\ProgramData\ProductData\db3Stat.ini
32.9s C:\Users\Jean-Marie\AppData\Roaming\IObit\Driver Booster\Logs\Scan\
32.9s C:\Users\Jean-Marie\AppData\Roaming\IObit\Driver Booster\Logs\Scan\20160312.log
35.9s C:\Program Files (x86)\IObit\Driver Booster\Update\Update.ini
36.7s C:\Program Files (x86)\IObit\Driver Booster\Update\Freeware.ini
38.7s C:\Program Files (x86)\IObit\Driver Booster\ScanData\config.ini
39.2s C:\Windows\Inf\PrintQueue.PNF
41.4s C:\Windows\Inf\oem15.PNF
41.6s C:\Windows\Inf\WpdFs.PNF
42.0s C:\Windows\Inf\c_swdevice.PNF
45.1s C:\Windows\Inf\AudioEndpoint.PNF
45.8s C:\Windows\Inf\oem6.PNF
47.5s C:\Windows\Inf\WSDScDrv.PNF
50.0s C:\Windows\Inf\prnepcl2.PNF
50.9s C:\Windows\System32\DriverStore\FileRepository\dot4prt.inf_amd64_5afdd67307b65b8b\dot4prt.PNF
56.5s C:\Program Files (x86)\IObit\Driver Booster\ScanData\cache.dat
56.5s C:\Program Files (x86)\IObit\Driver Booster\ScanData\dev.dat
56.9s C:\Users\Jean-Marie\AppData\Roaming\IObit\Driver Booster\Logs\Down\
56.9s C:\Users\Jean-Marie\AppData\Roaming\IObit\Driver Booster\Logs\Down\20160312-78375292.log
59.8s C:\Program Files (x86)\IObit\Driver Booster\Database\Scan\WhiteList.db
60.4s C:\Program Files (x86)\IObit\Driver Booster\Database\Scan\WhiteList.tmp.cfg

Potential Unwanted Programs _________________________________________________

C:\Program Files (x86)\RCP\ (RegClean Pro) -> Deleted
C:\Program Files (x86)\RCP\Chinese_rcp.ini (RegClean Pro) -> Deleted
C:\Program Files (x86)\RCP\Chinese_uninst.ini (RegClean Pro) -> Deleted
C:\Program Files (x86)\RCP\CleanSchedule.exe (RegClean Pro) -> Deleted
Size . . . . . . . : 101 144 bytes
Age . . . . . . . : 0.4 days (2016-03-12 09:26:59)
Entropy . . . . . : 5.4
SHA-256 . . . . . : EC6E44F1E6FF5CE441D62D8C43E8A0428448D8E19196A75FDD4D5EB4234210C3
RSA Key Size . . . : 2048
Authenticode . . . : Valid
Fuzzy . . . . . . : -7.0
Forensic Cluster
-12.5s C:\Users\Jean-Marie\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7B8944BA8AD0EFDF0E01A43EF62BECD0_43C6BFF81342EBED0985BC6A1265DDB6
-12.5s C:\Users\Jean-Marie\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7B8944BA8AD0EFDF0E01A43EF62BECD0_43C6BFF81342EBED0985BC6A1265DDB6
-9.0s C:\Program Files\Reason\Security\Cache\b8aac712d84c3a2cd64902a46d476c1baf56044e
-7.7s C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Avg\log\fmw1\
-7.7s C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Avg\log\fmw1\avgdiagex.log.lock
-7.7s C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Avg\log\fmw1\avgdiagex.log
-6.6s C:\Program Files\Reason\Security\Cache\67abbeb3d8390cdce97e9be5da6e0daa5a39683f
-1.7s C:\Program Files (x86)\RCP\
-1.7s C:\Program Files (x86)\RCP\unins000.dat
-1.7s C:\Program Files (x86)\RCP\unins000.exe
-0.5s C:\Program Files (x86)\RCP\install_left_image.bmp
-0.5s C:\Program Files (x86)\RCP\LicMgr.dll
-0.0s C:\Program Files (x86)\RCP\isxdl.dll
0.0s C:\Program Files (x86)\RCP\CleanSchedule.exe
0.0s C:\Program Files (x86)\RCP\RCPUninstall.exe
0.3s C:\Program Files (x86)\RCP\Chinese_rcp.ini
0.3s C:\Program Files (x86)\RCP\Danish_rcp.ini
0.3s C:\Program Files (x86)\RCP\Dutch_rcp.ini
0.3s C:\Program Files (x86)\RCP\eng_rcp.ini
0.3s C:\Program Files (x86)\RCP\French_rcp.ini
0.3s C:\Program Files (x86)\RCP\German_rcp.ini
0.4s C:\Program Files (x86)\RCP\Italian_rcp.ini
0.4s C:\Program Files (x86)\RCP\Japanese_rcp.ini
0.4s C:\Program Files (x86)\RCP\Norwegian_rcp.ini
0.4s C:\Program Files (x86)\RCP\Portuguese_rcp.ini
0.5s C:\Program Files (x86)\RCP\Spanish_rcp.ini
0.5s C:\Program Files (x86)\RCP\Swedish_rcp.ini
0.5s C:\Program Files (x86)\RCP\Finnish_rcp_fi.ini
0.5s C:\Program Files (x86)\RCP\portugese_rcp_pt.ini
0.5s C:\Program Files (x86)\RCP\russian_rcp_ru.ini
0.5s C:\Program Files (x86)\RCP\greek_rcp_el.ini
0.6s C:\Program Files (x86)\RCP\turkish_rcp_tr.ini
0.6s C:\Program Files (x86)\RCP\polish_rcp_pl.ini
0.6s C:\Program Files (x86)\RCP\korean_rcp_ko.ini
0.6s C:\Program Files (x86)\RCP\TraditionalCn_rcp_zh-tw.ini
0.6s C:\Program Files (x86)\RCP\FileList.rcp
0.6s C:\Program Files (x86)\RCP\RegList.rcp
0.7s C:\Program Files (x86)\RCP\Chinese_uninst.ini
0.7s C:\Program Files (x86)\RCP\Danish_uninst.ini
0.7s C:\Program Files (x86)\RCP\Dutch_uninst.ini
0.7s C:\Program Files (x86)\RCP\eng_uninst.ini
0.7s C:\Program Files (x86)\RCP\Finnish_uninst_fi.ini
0.8s C:\Program Files (x86)\RCP\French_uninst.ini
0.8s C:\Program Files (x86)\RCP\German_uninst.ini
0.8s C:\Program Files (x86)\RCP\greek_uninst_el.ini
0.8s C:\Program Files (x86)\RCP\Italian_uninst.ini
0.8s C:\Program Files (x86)\RCP\Japanese_uninst.ini
0.8s C:\Program Files (x86)\RCP\korean_uninst_ko.ini
0.8s C:\Program Files (x86)\RCP\Norwegian_uninst.ini
0.8s C:\Program Files (x86)\RCP\polish_uninst_pl.ini
0.8s C:\Program Files (x86)\RCP\portugese_uninst_pt.ini
0.8s C:\Program Files (x86)\RCP\Portuguese_uninst.ini
0.9s C:\Program Files (x86)\RCP\russian_uninst_ru.ini
0.9s C:\Program Files (x86)\RCP\spanish_uninst.ini
0.9s C:\Program Files (x86)\RCP\swedish_uninst.ini
0.9s C:\Program Files (x86)\RCP\traditionalcn_uninst_zh-tw.ini
0.9s C:\Program Files (x86)\RCP\Turkish_uninst_tr.ini
0.9s C:\Program Files (x86)\RCP\xmllite.dll
0.9s C:\Program Files (x86)\RCP\TPS.ico
1.0s C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro\
1.1s C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro\RegClean Pro.lnk
1.1s C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro\Register RegClean Pro.lnk
1.2s C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro\Désinstaller RegClean Pro.lnk
1.2s C:\Users\Jean-Marie\Desktop\i a les couches toujours - systweak & cyberlink\RegClean Pro.lnk
1.2s C:\Program Files (x86)\RCP\unins000.msg
3.6s C:\Program Files\Reason\Security\Cache\bc8f404ffdb1960b50c12ff9413c893b56f2e36f

C:\Program Files (x86)\RCP\Danish_rcp.ini (RegClean Pro) -> Deleted
C:\Program Files (x86)\RCP\Danish_uninst.ini (RegClean Pro) -> Deleted
C:\Program Files (x86)\RCP\Dutch_rcp.ini (RegClean Pro) -> Deleted
C:\Program Files (x86)\RCP\Dutch_uninst.ini (RegClean Pro) -> Deleted
C:\Program Files (x86)\RCP\eng_rcp.ini (RegClean Pro) -> Deleted
C:\Program Files (x86)\RCP\eng_uninst.ini (RegClean Pro) -> Deleted
C:\Program Files (x86)\RCP\FileList.rcp (RegClean Pro) -> Deleted
C:\Program Files (x86)\RCP\Finnish_rcp_fi.ini (RegClean Pro) -> Deleted
C:\Program Files (x86)\RCP\Finnish_uninst_fi.ini (RegClean Pro) -> Deleted
C:\Program Files (x86)\RCP\French_rcp.ini (RegClean Pro) -> Deleted
C:\Program Files (x86)\RCP\French_uninst.ini (RegClean Pro) -> Deleted
C:\Program Files (x86)\RCP\German_rcp.ini (RegClean Pro) -> Deleted
C:\Program Files (x86)\RCP\German_uninst.ini (RegClean Pro) -> Deleted
C:\Program Files (x86)\RCP\greek_rcp_el.ini (RegClean Pro) -> Deleted
C:\Program Files (x86)\RCP\greek_uninst_el.ini (RegClean Pro) -> Deleted
C:\Program Files (x86)\RCP\install_left_image.bmp (RegClean Pro) -> Deleted
C:\Program Files (x86)\RCP\isxdl.dll (RegClean Pro) -> Deleted
Size . . . . . . . : 156 952 bytes
Age . . . . . . . : 0.4 days (2016-03-12 09:26:59)
Entropy . . . . . : 6.4
SHA-256 . . . . . : 0A75D8C134CCBC6BC0BF01E946005070F4C4A91683A0B276C1F516EA655FF5B3
Product . . . . . : ISX Download DLL
Publisher . . . . : Bjørnar Henden
Description . . . : ISX Download DLL
Version . . . . . : 4.0.8.0
RSA Key Size . . . : 2048
LanguageID . . . . : 0
Authenticode . . . : Valid
Fuzzy . . . . . . : -10.0
Forensic Cluster
-12.5s C:\Users\Jean-Marie\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7B8944BA8AD0EFDF0E01A43EF62BECD0_43C6BFF81342EBED0985BC6A1265DDB6
-12.5s C:\Users\Jean-Marie\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7B8944BA8AD0EFDF0E01A43EF62BECD0_43C6BFF81342EBED0985BC6A1265DDB6
-9.0s C:\Program Files\Reason\Security\Cache\b8aac712d84c3a2cd64902a46d476c1baf56044e
-7.7s C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Avg\log\fmw1\
-7.7s C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Avg\log\fmw1\avgdiagex.log.lock
-7.7s C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Avg\log\fmw1\avgdiagex.log
-6.6s C:\Program Files\Reason\Security\Cache\67abbeb3d8390cdce97e9be5da6e0daa5a39683f
-1.7s C:\Program Files (x86)\RCP\
-1.7s C:\Program Files (x86)\RCP\unins000.dat
-1.7s C:\Program Files (x86)\RCP\unins000.exe
-0.5s C:\Program Files (x86)\RCP\install_left_image.bmp
-0.5s C:\Program Files (x86)\RCP\LicMgr.dll
0.0s C:\Program Files (x86)\RCP\isxdl.dll
0.0s C:\Program Files (x86)\RCP\CleanSchedule.exe
0.0s C:\Program Files (x86)\RCP\RCPUninstall.exe
0.3s C:\Program Files (x86)\RCP\Chinese_rcp.ini
0.3s C:\Program Files (x86)\RCP\Danish_rcp.ini
0.3s C:\Program Files (x86)\RCP\Dutch_rcp.ini
0.3s C:\Program Files (x86)\RCP\eng_rcp.ini
0.4s C:\Program Files (x86)\RCP\French_rcp.ini
0.4s C:\Program Files (x86)\RCP\German_rcp.ini
0.4s C:\Program Files (x86)\RCP\Italian_rcp.ini
0.4s C:\Program Files (x86)\RCP\Japanese_rcp.ini
0.4s C:\Program Files (x86)\RCP\Norwegian_rcp.ini
0.5s C:\Program Files (x86)\RCP\Portuguese_rcp.ini
0.5s C:\Program Files (x86)\RCP\Spanish_rcp.ini
0.5s C:\Program Files (x86)\RCP\Swedish_rcp.ini
0.5s C:\Program Files (x86)\RCP\Finnish_rcp_fi.ini
0.5s C:\Program Files (x86)\RCP\portugese_rcp_pt.ini
0.6s C:\Program Files (x86)\RCP\russian_rcp_ru.ini
0.6s C:\Program Files (x86)\RCP\greek_rcp_el.ini
0.6s C:\Program Files (x86)\RCP\turkish_rcp_tr.ini
0.6s C:\Program Files (x86)\RCP\polish_rcp_pl.ini
0.6s C:\Program Files (x86)\RCP\korean_rcp_ko.ini
0.6s C:\Program Files (x86)\RCP\TraditionalCn_rcp_zh-tw.ini
0.7s C:\Program Files (x86)\RCP\FileList.rcp
0.7s C:\Program Files (x86)\RCP\RegList.rcp
0.7s C:\Program Files (x86)\RCP\Chinese_uninst.ini
0.7s C:\Program Files (x86)\RCP\Danish_uninst.ini
0.7s C:\Program Files (x86)\RCP\Dutch_uninst.ini
0.8s C:\Program Files (x86)\RCP\eng_uninst.ini
0.8s C:\Program Files (x86)\RCP\Finnish_uninst_fi.ini
0.8s C:\Program Files (x86)\RCP\French_uninst.ini
0.8s C:\Program Files (x86)\RCP\German_uninst.ini
0.8s C:\Program Files (x86)\RCP\greek_uninst_el.ini
0.8s C:\Program Files (x86)\RCP\Italian_uninst.ini
0.8s C:\Program Files (x86)\RCP\Japanese_uninst.ini
0.8s C:\Program Files (x86)\RCP\korean_uninst_ko.ini
0.8s C:\Program Files (x86)\RCP\Norwegian_uninst.ini
0.9s C:\Program Files (x86)\RCP\polish_uninst_pl.ini
0.9s C:\Program Files (x86)\RCP\portugese_uninst_pt.ini
0.9s C:\Program Files (x86)\RCP\Portuguese_uninst.ini
0.9s C:\Program Files (x86)\RCP\russian_uninst_ru.ini
0.9s C:\Program Files (x86)\RCP\spanish_uninst.ini
0.9s C:\Program Files (x86)\RCP\swedish_uninst.ini
0.9s C:\Program Files (x86)\RCP\traditionalcn_uninst_zh-tw.ini
0.9s C:\Program Files (x86)\RCP\Turkish_uninst_tr.ini
0.9s C:\Program Files (x86)\RCP\xmllite.dll
1.0s C:\Program Files (x86)\RCP\TPS.ico
1.0s C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro\
1.1s C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro\RegClean Pro.lnk
1.2s C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro\Register RegClean Pro.lnk
1.2s C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro\Désinstaller RegClean Pro.lnk
1.2s C:\Users\Jean-Marie\Desktop\i a les couches toujours - systweak & cyberlink\RegClean Pro.lnk
1.3s C:\Program Files (x86)\RCP\unins000.msg
3.6s C:\Program Files\Reason\Security\Cache\bc8f404ffdb1960b50c12ff9413c893b56f2e36f

C:\Program Files (x86)\RCP\Italian_rcp.ini (RegClean Pro) -> Deleted
C:\Program Files (x86)\RCP\Italian_uninst.ini (RegClean Pro) -> Deleted
C:\Program Files (x86)\RCP\Japanese_rcp.ini (RegClean Pro) -> Deleted
C:\Program Files (x86)\RCP\Japanese_uninst.ini (RegClean Pro) -> Deleted
C:\Program Files (x86)\RCP\korean_rcp_ko.ini (RegClean Pro) -> Deleted
C:\Program Files (x86)\RCP\korean_uninst_ko.ini (RegClean Pro) -> Deleted
C:\Program Files (x86)\RCP\LicMgr.dll (RegClean Pro) -> Deleted
Size . . . . . . . : 1 542 424 bytes
Age . . . . . . . : 0.4 days (2016-03-12 09:26:59)
Entropy . . . . . : 7.2
SHA-256 . . . . . : 57C1F2AE3844EB98EF9B2B036B12EAD5449E68021E3297F7526443216183ED43
Product . . . . . : RCP
Publisher . . . . : RCP
Description . . . : RCP
Version . . . . . : 6.1.65.1080
Copyright . . . . : Copyright (C) 2002-2014. All rights reserved.
RSA Key Size . . . : 2048
LanguageID . . . . : 1033
Authenticode . . . : Valid
Fuzzy . . . . . . : -9.0
Forensic Cluster
-12.0s C:\Users\Jean-Marie\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7B8944BA8AD0EFDF0E01A43EF62BECD0_43C6BFF81342EBED0985BC6A1265DDB6
-12.0s C:\Users\Jean-Marie\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7B8944BA8AD0EFDF0E01A43EF62BECD0_43C6BFF81342EBED0985BC6A1265DDB6
-8.5s C:\Program Files\Reason\Security\Cache\b8aac712d84c3a2cd64902a46d476c1baf56044e
-7.2s C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Avg\log\fmw1\
-7.2s C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Avg\log\fmw1\avgdiagex.log.lock
-7.2s C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Avg\log\fmw1\avgdiagex.log
-6.1s C:\Program Files\Reason\Security\Cache\67abbeb3d8390cdce97e9be5da6e0daa5a39683f
-1.3s C:\Program Files (x86)\RCP\
-1.3s C:\Program Files (x86)\RCP\unins000.dat
-1.2s C:\Program Files (x86)\RCP\unins000.exe
-0.0s C:\Program Files (x86)\RCP\install_left_image.bmp
0.0s C:\Program Files (x86)\RCP\LicMgr.dll
0.5s C:\Program Files (x86)\RCP\isxdl.dll
0.5s C:\Program Files (x86)\RCP\CleanSchedule.exe
0.5s C:\Program Files (x86)\RCP\RCPUninstall.exe
0.7s C:\Program Files (x86)\RCP\Chinese_rcp.ini
0.8s C:\Program Files (x86)\RCP\Danish_rcp.ini
0.8s C:\Program Files (x86)\RCP\Dutch_rcp.ini
0.8s C:\Program Files (x86)\RCP\eng_rcp.ini
0.8s C:\Program Files (x86)\RCP\French_rcp.ini
0.8s C:\Program Files (x86)\RCP\German_rcp.ini
0.8s C:\Program Files (x86)\RCP\Italian_rcp.ini
0.9s C:\Program Files (x86)\RCP\Japanese_rcp.ini
0.9s C:\Program Files (x86)\RCP\Norwegian_rcp.ini
0.9s C:\Program Files (x86)\RCP\Portuguese_rcp.ini
0.9s C:\Program Files (x86)\RCP\Spanish_rcp.ini
1.0s C:\Program Files (x86)\RCP\Swedish_rcp.ini
1.0s C:\Program Files (x86)\RCP\Finnish_rcp_fi.ini
1.0s C:\Program Files (x86)\RCP\portugese_rcp_pt.ini
1.0s C:\Program Files (x86)\RCP\russian_rcp_ru.ini
1.0s C:\Program Files (x86)\RCP\greek_rcp_el.ini
1.0s C:\Program Files (x86)\RCP\turkish_rcp_tr.ini
1.1s C:\Program Files (x86)\RCP\polish_rcp_pl.ini
1.1s C:\Program Files (x86)\RCP\korean_rcp_ko.ini
1.1s C:\Program Files (x86)\RCP\TraditionalCn_rcp_zh-tw.ini
1.1s C:\Program Files (x86)\RCP\FileList.rcp
1.1s C:\Program Files (x86)\RCP\RegList.rcp
1.2s C:\Program Files (x86)\RCP\Chinese_uninst.ini
1.2s C:\Program Files (x86)\RCP\Danish_uninst.ini
1.2s C:\Program Files (x86)\RCP\Dutch_uninst.ini
1.2s C:\Program Files (x86)\RCP\eng_uninst.ini
1.2s C:\Program Files (x86)\RCP\Finnish_uninst_fi.ini
1.2s C:\Program Files (x86)\RCP\French_uninst.ini
1.2s C:\Program Files (x86)\RCP\German_uninst.ini
1.3s C:\Program Files (x86)\RCP\greek_uninst_el.ini
1.3s C:\Program Files (x86)\RCP\Italian_uninst.ini
1.3s C:\Program Files (x86)\RCP\Japanese_uninst.ini
1.3s C:\Program Files (x86)\RCP\korean_uninst_ko.ini
1.3s C:\Program Files (x86)\RCP\Norwegian_uninst.ini
1.3s C:\Program Files (x86)\RCP\polish_uninst_pl.ini
1.3s C:\Program Files (x86)\RCP\portugese_uninst_pt.ini
1.3s C:\Program Files (x86)\RCP\Portuguese_uninst.ini
1.3s C:\Program Files (x86)\RCP\russian_uninst_ru.ini
1.4s C:\Program Files (x86)\RCP\spanish_uninst.ini
1.4s C:\Program Files (x86)\RCP\swedish_uninst.ini
1.4s C:\Program Files (x86)\RCP\traditionalcn_uninst_zh-tw.ini
1.4s C:\Program Files (x86)\RCP\Turkish_uninst_tr.ini
1.4s C:\Program Files (x86)\RCP\xmllite.dll
1.4s C:\Program Files (x86)\RCP\TPS.ico
1.4s C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro\
1.6s C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro\RegClean Pro.lnk
1.6s C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro\Register RegClean Pro.lnk
1.7s C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro\Désinstaller RegClean Pro.lnk
1.7s C:\Users\Jean-Marie\Desktop\i a les couches toujours - systweak & cyberlink\RegClean Pro.lnk
1.7s C:\Program Files (x86)\RCP\unins000.msg
4.1s C:\Program Files\Reason\Security\Cache\bc8f404ffdb1960b50c12ff9413c893b56f2e36f

C:\Program Files (x86)\RCP\Norwegian_rcp.ini (RegClean Pro) -> Deleted
C:\Program Files (x86)\RCP\Norwegian_uninst.ini (RegClean Pro) -> Deleted
C:\Program Files (x86)\RCP\polish_rcp_pl.ini (RegClean Pro) -> Deleted
C:\Program Files (x86)\RCP\polish_uninst_pl.ini (RegClean Pro) -> Deleted
C:\Program Files (x86)\RCP\portugese_rcp_pt.ini (RegClean Pro) -> Deleted
C:\Program Files (x86)\RCP\portugese_uninst_pt.ini (RegClean Pro) -> Deleted
C:\Program Files (x86)\RCP\Portuguese_rcp.ini (RegClean Pro) -> Deleted
C:\Program Files (x86)\RCP\Portuguese_uninst.ini (RegClean Pro) -> Deleted
C:\Program Files (x86)\RCP\RCPUninstall.exe (RegClean Pro) -> Deleted
Size . . . . . . . : 543 512 bytes
Age . . . . . . . : 0.4 days (2016-03-12 09:26:59)
Entropy . . . . . : 6.7
SHA-256 . . . . . : F971E78D419C42BFACE7619D8818945633FC16AB0FB3DBBF57D22471D4163075
Product . . . . . : b4u
Version . . . . . : 1.0.0.0
Copyright . . . . : Copyright © 2014
RSA Key Size . . . : 2048
LanguageID . . . . : 1033
Authenticode . . . : Valid
Fuzzy . . . . . . : -12.0
Forensic Cluster
-12.5s C:\Users\Jean-Marie\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7B8944BA8AD0EFDF0E01A43EF62BECD0_43C6BFF81342EBED0985BC6A1265DDB6
-12.5s C:\Users\Jean-Marie\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7B8944BA8AD0EFDF0E01A43EF62BECD0_43C6BFF81342EBED0985BC6A1265DDB6
-9.0s C:\Program Files\Reason\Security\Cache\b8aac712d84c3a2cd64902a46d476c1baf56044e
-7.7s C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Avg\log\fmw1\
-7.7s C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Avg\log\fmw1\avgdiagex.log.lock
-7.7s C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Avg\log\fmw1\avgdiagex.log
-6.6s C:\Program Files\Reason\Security\Cache\67abbeb3d8390cdce97e9be5da6e0daa5a39683f
-1.8s C:\Program Files (x86)\RCP\
-1.8s C:\Program Files (x86)\RCP\unins000.dat
-1.7s C:\Program Files (x86)\RCP\unins000.exe
-0.5s C:\Program Files (x86)\RCP\install_left_image.bmp
-0.5s C:\Program Files (x86)\RCP\LicMgr.dll
-0.0s C:\Program Files (x86)\RCP\isxdl.dll
-0.0s C:\Program Files (x86)\RCP\CleanSchedule.exe
0.0s C:\Program Files (x86)\RCP\RCPUninstall.exe
0.2s C:\Program Files (x86)\RCP\Chinese_rcp.ini
0.3s C:\Program Files (x86)\RCP\Danish_rcp.ini
0.3s C:\Program Files (x86)\RCP\Dutch_rcp.ini
0.3s C:\Program Files (x86)\RCP\eng_rcp.ini
0.3s C:\Program Files (x86)\RCP\French_rcp.ini
0.3s C:\Program Files (x86)\RCP\German_rcp.ini
0.3s C:\Program Files (x86)\RCP\Italian_rcp.ini
0.4s C:\Program Files (x86)\RCP\Japanese_rcp.ini
0.4s C:\Program Files (x86)\RCP\Norwegian_rcp.ini
0.4s C:\Program Files (x86)\RCP\Portuguese_rcp.ini
0.4s C:\Program Files (x86)\RCP\Spanish_rcp.ini
0.5s C:\Program Files (x86)\RCP\Swedish_rcp.ini
0.5s C:\Program Files (x86)\RCP\Finnish_rcp_fi.ini
0.5s C:\Program Files (x86)\RCP\portugese_rcp_pt.ini
0.5s C:\Program Files (x86)\RCP\russian_rcp_ru.ini
0.5s C:\Program Files (x86)\RCP\greek_rcp_el.ini
0.5s C:\Program Files (x86)\RCP\turkish_rcp_tr.ini
0.6s C:\Program Files (x86)\RCP\polish_rcp_pl.ini
0.6s C:\Program Files (x86)\RCP\korean_rcp_ko.ini
0.6s C:\Program Files (x86)\RCP\TraditionalCn_rcp_zh-tw.ini
0.6s C:\Program Files (x86)\RCP\FileList.rcp
0.6s C:\Program Files (x86)\RCP\RegList.rcp
0.7s C:\Program Files (x86)\RCP\Chinese_uninst.ini
0.7s C:\Program Files (x86)\RCP\Danish_uninst.ini
0.7s C:\Program Files (x86)\RCP\Dutch_uninst.ini
0.7s C:\Program Files (x86)\RCP\eng_uninst.ini
0.7s C:\Program Files (x86)\RCP\Finnish_uninst_fi.ini
0.7s C:\Program Files (x86)\RCP\French_uninst.ini
0.7s C:\Program Files (x86)\RCP\German_uninst.ini
0.8s C:\Program Files (x86)\RCP\greek_uninst_el.ini
0.8s C:\Program Files (x86)\RCP\Italian_uninst.ini
0.8s C:\Program Files (x86)\RCP\Japanese_uninst.ini
0.8s C:\Program Files (x86)\RCP\korean_uninst_ko.ini
0.8s C:\Program Files (x86)\RCP\Norwegian_uninst.ini
0.8s C:\Program Files (x86)\RCP\polish_uninst_pl.ini
0.8s C:\Program Files (x86)\RCP\portugese_uninst_pt.ini
0.8s C:\Program Files (x86)\RCP\Portuguese_uninst.ini
0.8s C:\Program Files (x86)\RCP\russian_uninst_ru.ini
0.8s C:\Program Files (x86)\RCP\spanish_uninst.ini
0.9s C:\Program Files (x86)\RCP\swedish_uninst.ini
0.9s C:\Program Files (x86)\RCP\traditionalcn_uninst_zh-tw.ini
0.9s C:\Program Files (x86)\RCP\Turkish_uninst_tr.ini
0.9s C:\Program Files (x86)\RCP\xmllite.dll
0.9s C:\Program Files (x86)\RCP\TPS.ico
0.9s C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro\
1.1s C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro\RegClean Pro.lnk
1.1s C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro\Register RegClean Pro.lnk
1.2s C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro\Désinstaller RegClean Pro.lnk
1.2s C:\Users\Jean-Marie\Desktop\i a les couches toujours - systweak & cyberlink\RegClean Pro.lnk
1.2s C:\Program Files (x86)\RCP\unins000.msg
3.6s C:\Program Files\Reason\Security\Cache\bc8f404ffdb1960b50c12ff9413c893b56f2e36f

C:\Program Files (x86)\RCP\RegList.rcp (RegClean Pro) -> Deleted
C:\Program Files (x86)\RCP\russian_rcp_ru.ini (RegClean Pro) -> Deleted
C:\Program Files (x86)\RCP\russian_uninst_ru.ini (RegClean Pro) -> Deleted
C:\Program Files (x86)\RCP\Spanish_rcp.ini (RegClean Pro) -> Deleted
C:\Program Files (x86)\RCP\spanish_uninst.ini (RegClean Pro) -> Deleted
C:\Program Files (x86)\RCP\Swedish_rcp.ini (RegClean Pro) -> Deleted
C:\Program Files (x86)\RCP\swedish_uninst.ini (RegClean Pro) -> Deleted
C:\Program Files (x86)\RCP\TPS.ico (RegClean Pro) -> Deleted
C:\Program Files (x86)\RCP\TraditionalCn_rcp_zh-tw.ini (RegClean Pro) -> Deleted
C:\Program Files (x86)\RCP\traditionalcn_uninst_zh-tw.ini (RegClean Pro) -> Deleted
C:\Program Files (x86)\RCP\turkish_rcp_tr.ini (RegClean Pro) -> Deleted
C:\Program Files (x86)\RCP\Turkish_uninst_tr.ini (RegClean Pro) -> Deleted
C:\Program Files (x86)\RCP\unins000.dat (RegClean Pro) -> Deleted
C:\Program Files (x86)\RCP\unins000.exe (RegClean Pro) -> Deleted
Size . . . . . . . : 1 189 144 bytes
Age . . . . . . . : 0.4 days (2016-03-12 09:26:58)
Entropy . . . . . : 6.4
SHA-256 . . . . . : 865B23A4C46612A104C97C2B7BDC7CC3E678347E9667F19F2E5350E26590C4DB
RSA Key Size . . . : 2048
Authenticode . . . : Valid
Fuzzy . . . . . . : -7.0
References
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro\Désinstaller RegClean Pro.lnk
Forensic Cluster
-10.8s C:\Users\Jean-Marie\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7B8944BA8AD0EFDF0E01A43EF62BECD0_43C6BFF81342EBED0985BC6A1265DDB6
-10.8s C:\Users\Jean-Marie\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7B8944BA8AD0EFDF0E01A43EF62BECD0_43C6BFF81342EBED0985BC6A1265DDB6
-7.3s C:\Program Files\Reason\Security\Cache\b8aac712d84c3a2cd64902a46d476c1baf56044e
-6.0s C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Avg\log\fmw1\
-6.0s C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Avg\log\fmw1\avgdiagex.log.lock
-6.0s C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Avg\log\fmw1\avgdiagex.log
-4.9s C:\Program Files\Reason\Security\Cache\67abbeb3d8390cdce97e9be5da6e0daa5a39683f
-0.1s C:\Program Files (x86)\RCP\
-0.0s C:\Program Files (x86)\RCP\unins000.dat
0.0s C:\Program Files (x86)\RCP\unins000.exe
1.2s C:\Program Files (x86)\RCP\install_left_image.bmp
1.2s C:\Program Files (x86)\RCP\LicMgr.dll
1.7s C:\Program Files (x86)\RCP\isxdl.dll
1.7s C:\Program Files (x86)\RCP\CleanSchedule.exe
1.7s C:\Program Files (x86)\RCP\RCPUninstall.exe
2.0s C:\Program Files (x86)\RCP\Chinese_rcp.ini
2.0s C:\Program Files (x86)\RCP\Danish_rcp.ini
2.0s C:\Program Files (x86)\RCP\Dutch_rcp.ini
2.0s C:\Program Files (x86)\RCP\eng_rcp.ini
2.0s C:\Program Files (x86)\RCP\French_rcp.ini
2.0s C:\Program Files (x86)\RCP\German_rcp.ini
2.1s C:\Program Files (x86)\RCP\Italian_rcp.ini
2.1s C:\Program Files (x86)\RCP\Japanese_rcp.ini
2.1s C:\Program Files (x86)\RCP\Norwegian_rcp.ini
2.1s C:\Program Files (x86)\RCP\Portuguese_rcp.ini
2.1s C:\Program Files (x86)\RCP\Spanish_rcp.ini
2.2s C:\Program Files (x86)\RCP\Swedish_rcp.ini
2.2s C:\Program Files (x86)\RCP\Finnish_rcp_fi.ini
2.2s C:\Program Files (x86)\RCP\portugese_rcp_pt.ini
2.2s C:\Program Files (x86)\RCP\russian_rcp_ru.ini
2.2s C:\Program Files (x86)\RCP\greek_rcp_el.ini
2.3s C:\Program Files (x86)\RCP\turkish_rcp_tr.ini
2.3s C:\Program Files (x86)\RCP\polish_rcp_pl.ini
2.3s C:\Program Files (x86)\RCP\korean_rcp_ko.ini
2.3s C:\Program Files (x86)\RCP\TraditionalCn_rcp_zh-tw.ini
2.3s C:\Program Files (x86)\RCP\FileList.rcp
2.3s C:\Program Files (x86)\RCP\RegList.rcp
2.4s C:\Program Files (x86)\RCP\Chinese_uninst.ini
2.4s C:\Program Files (x86)\RCP\Danish_uninst.ini
2.4s C:\Program Files (x86)\RCP\Dutch_uninst.ini
2.4s C:\Program Files (x86)\RCP\eng_uninst.ini
2.4s C:\Program Files (x86)\RCP\Finnish_uninst_fi.ini
2.4s C:\Program Files (x86)\RCP\French_uninst.ini
2.4s C:\Program Files (x86)\RCP\German_uninst.ini
2.5s C:\Program Files (x86)\RCP\greek_uninst_el.ini
2.5s C:\Program Files (x86)\RCP\Italian_uninst.ini
2.5s C:\Program Files (x86)\RCP\Japanese_uninst.ini
2.5s C:\Program Files (x86)\RCP\korean_uninst_ko.ini
2.5s C:\Program Files (x86)\RCP\Norwegian_uninst.ini
2.5s C:\Program Files (x86)\RCP\polish_uninst_pl.ini
2.5s C:\Program Files (x86)\RCP\portugese_uninst_pt.ini
2.5s C:\Program Files (x86)\RCP\Portuguese_uninst.ini
2.5s C:\Program Files (x86)\RCP\russian_uninst_ru.ini
2.6s C:\Program Files (x86)\RCP\spanish_uninst.ini
2.6s C:\Program Files (x86)\RCP\swedish_uninst.ini
2.6s C:\Program Files (x86)\RCP\traditionalcn_uninst_zh-tw.ini
2.6s C:\Program Files (x86)\RCP\Turkish_uninst_tr.ini
2.6s C:\Program Files (x86)\RCP\xmllite.dll
2.6s C:\Program Files (x86)\RCP\TPS.ico
2.6s C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro\
2.8s C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro\RegClean Pro.lnk
2.8s C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro\Register RegClean Pro.lnk
2.9s C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro\Désinstaller RegClean Pro.lnk
2.9s C:\Users\Jean-Marie\Desktop\i a les couches toujours - systweak & cyberlink\RegClean Pro.lnk
2.9s C:\Program Files (x86)\RCP\unins000.msg
5.3s C:\Program Files\Reason\Security\Cache\bc8f404ffdb1960b50c12ff9413c893b56f2e36f

C:\Program Files (x86)\RCP\unins000.msg (RegClean Pro) -> Deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro\ (RegClean Pro) -> Deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro\Désinstaller RegClean Pro.lnk (RegClean Pro) -> PendingDelete
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro\RegClean Pro.lnk (RegClean Pro) -> Deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro\Register RegClean Pro.lnk (RegClean Pro) -> Deleted
C:\ProgramData\Systweak\ (Systweak) -> Deleted
C:\ProgramData\Systweak\Advanced System~Protector\ (Systweak) -> Deleted
C:\ProgramData\Systweak\Advanced System~Protector\log.xslt (Systweak) -> Deleted
C:\ProgramData\Systweak\Advanced System~Protector\signatures\ (Systweak) -> Deleted
C:\ProgramData\Systweak\Advanced System~Protector\signatures\completedatabase.db (Systweak) -> Deleted
C:\ProgramData\Systweak\Advanced System~Protector\signatures\completedatabase.db-journal (Systweak) -> Deleted
C:\ProgramData\Systweak\Advanced System~Protector\updates\ (Systweak) -> Deleted
C:\ProgramData\Systweak\Advanced System~Protector\updates\2561completedatabase.zip (Systweak) -> Deleted
C:\ProgramData\Systweak\Advanced System~Protector\updates\2582mupdate.zip (Systweak) -> Deleted
C:\ProgramData\Systweak\Advanced System~Protector\updates\2583update.zip (Systweak) -> Deleted
C:\ProgramData\Systweak\Advanced System~Protector\updates\2584update.zip (Systweak) -> Deleted
C:\ProgramData\Systweak\Advanced System~Protector\updates\2585update.zip (Systweak) -> Deleted
C:\ProgramData\Systweak\Advanced System~Protector\updates\2586update.zip (Systweak) -> Deleted
C:\ProgramData\Systweak\Advanced System~Protector\updates\2586update\ (Systweak) -> Deleted
C:\ProgramData\Systweak\Advanced System~Protector\updates\2586update\2586update.db (Systweak) -> Deleted
C:\Users\Jean-Marie\AppData\Roaming\Systweak\ (Systweak) -> Deleted
C:\Users\Jean-Marie\AppData\Roaming\Systweak\Advanced System~Protector\ (Systweak) -> Deleted
C:\Users\Jean-Marie\AppData\Roaming\Systweak\Advanced System~Protector\ASPLog.txt (Systweak) -> Deleted
C:\Users\Jean-Marie\AppData\Roaming\Systweak\Advanced System~Protector\QDetail.db (Systweak) -> Deleted
C:\Users\Jean-Marie\AppData\Roaming\Systweak\Advanced System~Protector\Settings.db (Systweak) -> Deleted
C:\Users\Jean-Marie\AppData\Roaming\Systweak\Advanced System~Protector\Update.ini (Systweak) -> Deleted
C:\Users\Jean-Marie\AppData\Roaming\Systweak\RegClean Pro\ (RegClean Pro) -> Deleted
C:\Users\Jean-Marie\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\ (Systweak) -> Deleted
C:\Users\Jean-Marie\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\backup4.bin (RegClean Pro) -> Deleted
C:\Users\Jean-Marie\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\backup6.bin (RegClean Pro) -> Deleted
C:\Users\Jean-Marie\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\French_rcp.dat (RegClean Pro) -> Deleted
C:\Users\Jean-Marie\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\log_03-12-2016.log (RegClean Pro) -> Deleted
C:\Users\Jean-Marie\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\voice\fr\ (Systweak) -> Deleted
C:\Users\Jean-Marie\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\voice\fr\voice.wav (RegClean Pro) -> Deleted
C:\Windows\system32\roboot64.exe (RegClean Pro) -> PendingDelete
Size . . . . . . . : 20 248 bytes
Age . . . . . . . : 1.2 days (2016-03-11 14:17:37)
Entropy . . . . . : 6.0
SHA-256 . . . . . : 5A87D3803D331FACB4620A2697C8F8D2A61B8838162357A7290D699A0E3EB2D9
Product . . . . . : RCP
Publisher
Description . . . : Registry Optimizer
Version . . . . . : 3.0.0.5326
Copyright . . . . : Copyright (C) 2013, All rights reserved.
RSA Key Size . . . : 2048
LanguageID . . . . : 1033
Authenticode . . . : Valid
Fuzzy . . . . . . : -2.0

HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}\ (RegClean Pro) -> Deleted
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146}\ (SaleCharger) -> Deleted
HKLM\SOFTWARE\Wow6432Node\Auslogics\Google Analytics Package\ (TweakBit) -> Deleted
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\RegClean Pro_is1\ (RegClean Pro) -> Deleted
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\RegClean-Pro_is1\ (RegClean Pro) -> Deleted
HKLM\SOFTWARE\Wow6432Node\Reg\Clean\ (AskBar) -> Deleted
HKLM\SOFTWARE\Wow6432Node\systweak\ (AdvSysProtector) -> Deleted
HKLM\SOFTWARE\Wow6432Node\systweak\RegClean Pro\ (RegClean Pro)
HKU\S-1-5-21-3331589601-751847041-4288644589-1001\Software\Microsoft\Internet Explorer\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146}\ (SaleCharger) -> Deleted
HKU\S-1-5-21-3331589601-751847041-4288644589-1001\Software\ProductSetup\1I1T1Q1S\ (TreasureTrack) -> Deleted
HKU\S-1-5-21-3331589601-751847041-4288644589-1001\Software\Reg\Clean\ (RegClean Pro) -> Deleted
HKU\S-1-5-21-3331589601-751847041-4288644589-1001\Software\systweak\ (AdvSysProtector) -> Deleted

Early Warning Scoring _______________________________________________________

c:\users\jean-marie\appdata\local\chromium\application\chrome.exe
Size . . . . . . . : 1 043 456 bytes
Age . . . . . . . : 0.2 days (2016-03-12 13:18:31)
Entropy . . . . . : 6.6
SHA-256 . . . . . : 4162E0DD500D8C0B5E86313CD93A10616AD06324451025641B340CFA5FEC5D44
Product . . . . . : Chromium
Publisher . . . . : The Chromium Authors
Description . . . : Chromium
Version . . . . . : 50.0.2632.0
Copyright . . . . : Copyright 2015 The Chromium Authors. All rights reserved.
LanguageID . . . . : 1033
Fuzzy . . . . . . : 21.0
This file was most recently added as automatic startup.
Uses the Windows Registry to run each time the user logs on.
Program starts automatically without user intervention.
Time indicates that the file appeared recently on this computer.
Startup
HKU\S-1-5-21-3331589601-751847041-4288644589-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Chromium
References
C:\Users\Jean-Marie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Chromium.lnk
C:\Users\Jean-Marie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Chromium.lnk
C:\Users\Jean-Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chromium.lnk
C:\Users\Jean-Marie\Desktop\THQ\Chromium.lnk
Forensic Cluster
-9.6s C:\Users\Jean-Marie\AppData\Local\Chromium\Application\50.0.2632.0\Installer\chrome.7z
-4.1s C:\Users\Jean-Marie\Desktop\THQ\
-2.3s C:\Users\Jean-Marie\AppData\Local\Chromium\Application\50.0.2632.0\Locales\
-2.3s C:\Users\Jean-Marie\AppData\Local\Chromium\Application\50.0.2632.0\Extensions\
-2.3s C:\Users\Jean-Marie\AppData\Local\Chromium\Application\50.0.2632.0\
-2.3s C:\Users\Jean-Marie\AppData\Local\Chromium\Application\50.0.2632.0\natives_blob.bin
-2.3s C:\Users\Jean-Marie\AppData\Local\Chromium\Application\50.0.2632.0\snapshot_blob.bin
-2.3s C:\Users\Jean-Marie\AppData\Local\Chromium\Application\50.0.2632.0\icudtl.dat
-1.9s C:\Users\Jean-Marie\AppData\Local\Chromium\Application\50.0.2632.0\chrome.dll
-1.2s C:\Users\Jean-Marie\AppData\Local\Chromium\Application\50.0.2632.0\chrome_child.dll
-0.8s C:\Users\Jean-Marie\AppData\Local\Chromium\Application\50.0.2632.0\chrome_elf.dll
-0.8s C:\Users\Jean-Marie\AppData\Local\Chromium\Application\50.0.2632.0\chrome_watcher.dll
-0.8s C:\Users\Jean-Marie\AppData\Local\Chromium\Application\50.0.2632.0\d3dcompiler_47.dll
-0.7s C:\Users\Jean-Marie\AppData\Local\Chromium\Application\50.0.2632.0\libegl.dll
-0.7s C:\Users\Jean-Marie\AppData\Local\Chromium\Application\50.0.2632.0\libexif.dll
-0.7s C:\Users\Jean-Marie\AppData\Local\Chromium\Application\50.0.2632.0\libglesv2.dll
-0.7s C:\Users\Jean-Marie\AppData\Local\Chromium\Application\50.0.2632.0\xinput1_3.dll
-0.7s C:\Users\Jean-Marie\AppData\Local\Chromium\Application\50.0.2632.0\delegate_execute.exe
-0.7s C:\Users\Jean-Marie\AppData\Local\Chromium\Application\50.0.2632.0\nacl64.exe
-0.7s C:\Users\Jean-Marie\AppData\Local\Chromium\Application\50.0.2632.0\Extensions\external_extensions.json
-0.7s C:\Users\Jean-Marie\AppData\Local\Chromium\Application\50.0.2632.0\49.0.2581.0.manifest
-0.7s C:\Users\Jean-Marie\AppData\Local\Chromium\Application\50.0.2632.0\49.0.2582.0.manifest
-0.7s C:\Users\Jean-Marie\AppData\Local\Chromium\Application\50.0.2632.0\49.0.2583.0.manifest
-0.7s C:\Users\Jean-Marie\AppData\Local\Chromium\Application\50.0.2632.0\49.0.2584.0.manifest
-0.7s C:\Users\Jean-Marie\AppData\Local\Chromium\Application\50.0.2632.0\49.0.2585.0.manifest
-0.7s C:\Users\Jean-Marie\AppData\Local\Chromium\Application\50.0.2632.0\49.0.2586.0.manifest
-0.7s C:\Users\Jean-Marie\AppData\Local\Chromium\Application\50.0.2632.0\49.0.2587.0.manifest
-0.7s C:\Users\Jean-Marie\AppData\Local\Chromium\Application\50.0.2632.0\49.0.2588.0.manifest
-0.7s C:\Users\Jean-Marie\AppData\Local\Chromium\Application\50.0.2632.0\49.0.2589.0.manifest
-0.7s C:\Users\Jean-Marie\AppData\Local\Chromium\Application\50.0.2632.0\49.0.2592.0.manifest
-0.7s C:\Users\Jean-Marie\AppData\Local\Chromium\Application\50.0.2632.0\49.0.2593.0.manifest
-0.7s C:\Users\Jean-Marie\AppData\Local\Chromium\Application\50.0.2632.0\49.0.2594.0.manifest
-0.7s C:\Users\Jean-Marie\AppData\Local\Chromium\Application\50.0.2632.0\49.0.2595.0.manifest
-0.7s C:\Users\Jean-Marie\AppData\Local\Chromium\Application\50.0.2632.0\49.0.2596.0.manifest
-0.7s C:\Users\Jean-Marie\AppData\Local\Chromium\Application\50.0.2632.0\49.0.2598.0.manifest
-0.7s C:\Users\Jean-Marie\AppData\Local\Chromium\Application\50.0.2632.0\49.0.2599.0.manifest
-0.7s C:\Users\Jean-Marie\AppData\Local\Chromium\Application\50.0.2632.0\49.0.2600.0.manifest
-0.7s C:\Users\Jean-Marie\AppData\Local\Chromium\Application\50.0.2632.0\49.0.2601.0.manifest
-0.6s C:\Users\Jean-Marie\AppData\Local\Chromium\Application\50.0.2632.0\49.0.2602.0.manifest
-0.6s C:\Users\Jean-Marie\AppData\Local\Chromium\Application\50.0.2632.0\49.0.2603.0.manifest
-0.6s C:\Users\Jean-Marie\AppData\Local\Chromium\Application\50.0.2632.0\49.0.2604.0.manifest
-0.6s C:\Users\Jean-Marie\AppData\Local\Chromium\Application\50.0.2632.0\49.0.2606.0.manifest
-0.6s C:\Users\Jean-Marie\AppData\Local\Chromium\Application\50.0.2632.0\49.0.2607.0.manifest
-0.6s C:\Users\Jean-Marie\AppData\Local\Chromium\Application\50.0.2632.0\49.0.2608.0.manifest
-0.6s C:\Users\Jean-Marie\AppData\Local\Chromium\Application\50.0.2632.0\49.0.2609.0.manifest
-0.6s C:\Users\Jean-Marie\AppData\Local\Chromium\Application\50.0.2632.0\49.0.2610.0.manifest
-0.6s C:\Users\Jean-Marie\AppData\Local\Chromium\Application\50.0.2632.0\49.0.2611.0.manifest
-0.6s C:\Users\Jean-Marie\AppData\Local\Chromium\Application\50.0.2632.0\49.0.2612.0.manifest
-0.6s C:\Users\Jean-Marie\AppData\Local\Chromium\Application\50.0.2632.0\49.0.2613.0.manifest
-0.6s C:\Users\Jean-Marie\AppData\Local\Chromium\Application\50.0.2632.0\49.0.2614.0.manifest
-0.6s C:\Users\Jean-Marie\AppData\Local\Chromium\Application\50.0.2632.0\49.0.2615.0.manifest
-0.6s C:\Users\Jean-Marie\AppData\Local\Chromium\Application\50.0.2632.0\49.0.2616.0.manifest
-0.6s C:\Users\Jean-Marie\AppData\Local\Chromium\Application\50.0.2632.0\49.0.2617.0.manifest
-0.6s C:\Users\Jean-Marie\AppData\Local\Chromium\Application\50.0.2632.0\49.0.2618.0.manifest
-0.6s C:\Users\Jean-Marie\AppData\Local\Chromium\Application\50.0.2632.0\49.0.2619.0.manifest
-0.6s C:\Users\Jean-Marie\AppData\Local\Chromium\Application\50.0.2632.0\49.0.2620.0.manifest
-0.6s C:\Users\Jean-Marie\AppData\Local\Chromium\Application\50.0.2632.0\49.0.2621.0.manifest
-0.6s C:\Users\Jean-Marie\AppData\Local\Chromium\Application\50.0.2632.0\49.0.2622.0.manifest
-0.6s C:\Users\Jean-Marie\AppData\Local\Chromium\Application\50.0.2632.0\49.0.2623.0.manifest
-0.6s C:\Users\Jean-Marie\AppData\Local\Chromium\Application\50.0.2632.0\50.0.2624.0.manifest
-0.6s C:\Users\Jean-Marie\AppData\Local\Chromium\Application\50.0.2632.0\50.0.2625.0.manifest
-0.6s C:\Users\Jean-Marie\AppData\Local\Chromium\Application\50.0.2632.0\50.0.2626.0.manifest
-0.6s C:\Users\Jean-Marie\AppData\Local\Chromium\Application\50.0.2632.0\50.0.2628.0.manifest
-0.6s C:\Users\Jean-Marie\AppData\Local\Chromium\Application\50.0.2632.0\50.0.2629.0.manifest
-0.6s C:\Users\Jean-Marie\AppData\Local\Chromium\Application\50.0.2632.0\50.0.2630.0.manifest
-0.6s C:\Users\Jean-Marie\AppData\Local\Chromium\Application\50.0.2632.0\50.0.2631.0.manifest
-0.6s C:\Users\Jean-Marie\AppData\Local\Chromium\Application\50.0.2632.0\50.0.2632.0.manifest
-0.6s C:\Users\Jean-Marie\AppData\Local\Chromium\Application\50.0.2632.0\nacl_irt_x86_32.nexe
-0.5s C:\Users\Jean-Marie\AppData\Local\Chromium\Application\50.0.2632.0\nacl_irt_x86_64.nexe
-0.5s C:\Users\Jean-Marie\AppData\Local\Chromium\Application\50.0.2632.0\Locales\am.pak
-0.5s C:\Users\Jean-Marie\AppData\Local\Chromium\Application\50.0.2632.0\Locales\ar.pak
-0.5s C:\Users\Jean-Marie\AppData\Local\Chromium\Application\50.0.2632.0\Locales\bg.pak
-0.5s C:\Users\Jean-Marie\AppData\Local\Chromium\Application\50.0.2632.0\Locales\bn.pak
-0.5s C:\Users\Jean-Marie\AppData\Local\Chromium\Application\50.0.2632.0\Locales\ca.pak
-0.5s C:\Users\Jean-Marie\AppData\Local\Chromium\Application\50.0.2632.0\chrome_100_percent.pak
-0.5s C:\Users\Jean-Marie\AppData\Local\Chromium\Application\50.0.2632.0\chrome_200_percent.pak
-0.5s C:\Users\Jean-Marie\AppData\Local\Chromium\Application\50.0.2632.0\chrome_material_100_percent.pak
-0.5s C:\Users\Jean-Marie\AppData\Local\Chromium\Application\50.0.2632.0\Locales\cs.pak
-0.5s C:\Users\Jean-Marie\AppData\Local\Chromium\Application\50.0.2632.0\Locales\da.pak
-0.5s C:\Users\Jean-Marie\AppData\Local\Chromium\Application\50.0.2632.0\Locales\de.pak
-0.5s C:\Users\Jean-Marie\AppData\Local\Chromium\Application\50.0.2632.0\chrome_material_200_percent.pak
-0.5s C:\Users\Jean-Marie\AppData\Local\Chromium\Application\50.0.2632.0\Locales\el.pak
-0.5s C:\Users\Jean-Marie\AppData\Local\Chromium\Application\50.0.2632.0\Locales\en-GB.pak
-0.5s C:\Users\Jean-Marie\AppData\Local\Chromium\Application\50.0.2632.0\Locales\en-US.pak
-0.5s C:\Users\Jean-Marie\AppData\Local\Chromium\Application\50.0.2632.0\Locales\es-419.pak
-0.5s C:\Users\Jean-Marie\AppData\Local\Chromium\Application\50.0.2632.0\Locales\es.pak
-0.5s C:\Users\Jean-Marie\AppData\Local\Chromium\Application\50.0.2632.0\Locales\et.pak
-0.5s C:\Users\Jean-Marie\AppData\Local\Chromium\Application\50.0.2632.0\Locales\fa.pak
-0.4s C:\Users\Jean-Marie\AppData\Local\Chromium\Application\50.0.2632.0\Locales\fi.pak
-0.4s C:\Users\Jean-Marie\AppData\Local\Chromium\Application\50.0.2632.0\Locales\fil.pak
-0.4s C:\Users\Jean-Marie\AppData\Local\Chromium\Application\50.0.2632.0\Locales\fr.pak
-0.4s C:\Users\Jean-Marie\AppData\Local\Chromium\Application\50.0.2632.0\Locales\gu.pak
-0.4s C:\Users\Jean-Marie\AppData\Local\Chromium\Application\50.0.2632.0\Locales\he.pak
-0.4s C:\Users\Jean-Marie\AppData\Local\Chromium\Application\50.0.2632.0\Locales\hi.pak
-0.4s C:\Users\Jean-Marie\AppData\Local\Chromium\Application\50.0.2632.0\Locales\hr.pak
-0.4s C:\Users\Jean-Marie\AppData\Local\Chromium\Application\50.0.2632.0\Locales\hu.pak
-0.4s C:\Users\Jean-Marie\AppData\Local\Chromium\Application\50.0.2632.0\Locales\id.pak
-0.4s C:\Users\Jean-Marie\AppData\Local\Chromium\Application\50.0.2632.0\Locales\it.pak
-0.4s C:\Users\Jean-Marie\AppData\Local\Chromium\Application\50.0.2632.0\Locales\ja.pak
-0.4s C:\Users\Jean-Marie\AppData\Local\Chromium\Application\50.0.2632.0\Locales\kn.pak
-0.4s C:\Users\Jean-Marie\AppData\Local\Chromium\Application\50.0.2632.0\Locales\ko.pak
-0.4s C:\Users\Jean-Marie\AppData\Local\Chromium\Application\50.0.2632.0\Locales\lt.pak
-0.4s C:\Users\Jean-Marie\AppData\Local\Chromium\Application\50.0.2632.0\Locales\lv.pak
-0.4s C:\Users\Jean-Marie\AppData\Local\Chromium\Application\50.0.2632.0\Locales\ml.pak
-0.4s C:\Users\Jean-Marie\AppData\Local\Chromium\Application\50.0.2632.0\Locales\mr.pak
-0.4s C:\Users\Jean-Marie\AppData\Local\Chromium\Application\50.0.2632.0\Locales\ms.pak
-0.3s C:\Users\Jean-Marie\AppData\Local\Chromium\Application\50.0.2632.0\Locales\nb.pak
-0.3s C:\Users\Jean-Marie\AppData\Local\Chromium\Application\50.0.2632.0\Locales\nl.pak
-0.3s C:\Users\Jean-Marie\AppData\Local\Chromium\Application\50.0.2632.0\Locales\pl.pak
-0.3s C:\Users\Jean-Marie\AppData\Local\Chromium\Application\50.0.2632.0\Locales\pt-BR.pak
-0.3s C:\Users\Jean-Marie\AppData\Local\Chromium\Application\50.0.2632.0\Locales\pt-PT.pak
-0.2s C:\Users\Jean-Marie\AppData\Local\Chromium\Application\50.0.2632.0\resources.pak
-0.2s C:\Users\Jean-Marie\AppData\Local\Chromium\Application\50.0.2632.0\Locales\ro.pak
-0.1s C:\Users\Jean-Marie\AppData\Local\Chromium\Application\50.0.2632.0\Locales\ru.pak
-0.1s C:\Users\Jean-Marie\AppData\Local\Chromium\Application\50.0.2632.0\Locales\sk.pak
-0.1s C:\Users\Jean-Marie\AppData\Local\Chromium\Application\50.0.2632.0\Locales\sl.pak
-0.1s C:\Users\Jean-Marie\AppData\Local\Chromium\Application\50.0.2632.0\Locales\sr.pak
-0.1s C:\Users\Jean-Marie\AppData\Local\Chromium\Application\50.0.2632.0\Locales\sv.pak
-0.1s C:\Users\Jean-Marie\AppData\Local\Chromium\Application\50.0.2632.0\Locales\sw.pak
-0.1s C:\Users\Jean-Marie\AppData\Local\Chromium\Application\50.0.2632.0\Locales\ta.pak
-0.1s C:\Users\Jean-Marie\AppData\Local\Chromium\Application\50.0.2632.0\Locales\te.pak
-0.1s C:\Users\Jean-Marie\AppData\Local\Chromium\Application\50.0.2632.0\Locales\th.pak
-0.1s C:\Users\Jean-Marie\AppData\Local\Chromium\Application\50.0.2632.0\Locales\tr.pak
-0.1s C:\Users\Jean-Marie\AppData\Local\Chromium\Application\50.0.2632.0\Locales\uk.pak
-0.1s C:\Users\Jean-Marie\AppData\Local\Chromium\Application\50.0.2632.0\Locales\vi.pak
-0.1s C:\Users\Jean-Marie\AppData\Local\Chromium\Application\50.0.2632.0\Locales\zh-CN.pak
-0.1s C:\Users\Jean-Marie\AppData\Local\Chromium\Application\50.0.2632.0\Locales\zh-TW.pak
-0.0s C:\Users\Jean-Marie\AppData\Local\Chromium\Application\
0.0s C:\Users\Jean-Marie\AppData\Local\Chromium\Application\chrome.exe
0.0s C:\Users\Jean-Marie\AppData\Local\Chromium\Application\50.0.2632.0\Installer\
0.0s C:\Users\Jean-Marie\AppData\Local\Chromium\Application\50.0.2632.0\Installer\setup.exe
0.3s C:\Users\Jean-Marie\AppData\Local\Chromium\Application\master_preferences
0.5s C:\Users\Jean-Marie\Desktop\THQ\Chromium.lnk
0.5s C:\Users\Jean-Marie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Chromium.lnk
0.6s C:\Users\Jean-Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chromium.lnk
1.7s C:\Users\Jean-Marie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Chromium.lnk
2.2s C:\Users\Jean-Marie\AppData\Local\Chromium\Application\uninstall.dat

C:\Windows\SYSTEM32\credssp.dll
Size . . . . . . . : 20 480 bytes
Age . . . . . . . : 19.7 days (2016-02-22 03:00:25)
Entropy . . . . . : 5.6
SHA-256 . . . . . : FB2E37E90096C23115505B4765776FDBF82CDE1C7329C9D42239EBAEEBBE5CE1
Product . . . . . : Microsoft® Windows® Operating System
Publisher . . . . : Microsoft Corporation
Description . . . : Credential Delegation Security Package
Version . . . . . : 6.2.9200.17581
Copyright . . . . : © Microsoft Corporation. All rights reserved.
LanguageID . . . . : 1033
Fuzzy . . . . . . : 12.0
Loads as a custom security support provider (SSP). Malware tends to start this way.
Program starts automatically without user intervention.
The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
Time indicates that the file appeared recently on this computer.
The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.
Startup
HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SecurityProviders
Forensic Cluster
-1.3s C:\Windows\System32\workerdd.dll
-1.3s C:\Windows\WinSxS\amd64_microsoft-windows-t..localsessionmanager_31bf3856ad364e35_6.2.9200.21736_none_fed0100aad423d5d\workerdd.dll
-1.2s C:\Windows\System32\msaudite.dll
-1.1s C:\Windows\WinSxS\amd64_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.2.9200.17592_en-us_b2c267dbe3aa99f6\msaudite.dll.mui
-1.1s C:\Windows\WinSxS\amd64_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.2.9200.17559_en-us_b2f4a991e383db93\msaudite.dll.mui
-1.1s C:\Windows\WinSxS\amd64_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.2.9200.17218_en-us_b31ee345e3645b03\msaudite.dll.mui
-1.0s C:\Windows\WinSxS\amd64_microsoft-windows-msauditevtlog_31bf3856ad364e35_6.2.9200.21736_none_20cdbd981b25028c\msaudite.dll
-1.0s C:\Windows\WinSxS\x86_microsoft-windows-msauditevtlog_31bf3856ad364e35_6.2.9200.17617_none_c43c256b4998d301\msaudite.dll
-1.0s C:\Windows\WinSxS\amd64_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.2.9200.21709_en-us_b3b457defc78eccf\msaudite.dll.mui
-1.0s C:\Windows\WinSxS\amd64_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.2.9200.21561_en-us_b36b723afcb0cf6f\msaudite.dll.mui
-1.0s C:\Windows\WinSxS\x86_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.2.9200.21335_en-us_577143d744377574\msaudite.dll.mui
-0.7s C:\Windows\WinSxS\x86_microsoft-windows-msauditevtlog_31bf3856ad364e35_6.2.9200.21736_none_c4af221462c79156\msaudite.dll
-0.6s C:\Windows\WinSxS\amd64_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.2.9200.17617_fr-fr_55a0bd76d65e3e4f\msaudite.dll.mui
-0.6s C:\Windows\WinSxS\amd64_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.2.9200.17559_fr-fr_55777c74d67ce39a\msaudite.dll.mui
-0.6s C:\Windows\WinSxS\amd64_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.2.9200.17218_fr-fr_55a1b628d65d630a\msaudite.dll.mui
-0.6s C:\Windows\System32\fr-FR\msaudite.dll.mui
-0.6s C:\Windows\WinSxS\x86_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.2.9200.17592_fr-fr_f9269f3b1e4630c7\msaudite.dll.mui
-0.5s C:\Windows\WinSxS\amd64_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.2.9200.21709_fr-fr_56372ac1ef71f4d6\msaudite.dll.mui
-0.5s C:\Windows\WinSxS\amd64_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.2.9200.21736_fr-fr_5613ba1fef8cfca4\msaudite.dll.mui
-0.5s C:\Windows\WinSxS\amd64_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.2.9200.21290_fr-fr_55cccf5defc31a7d\msaudite.dll.mui
-0.5s C:\Windows\WinSxS\x86_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.2.9200.21335_fr-fr_f9f416ba37307d7b\msaudite.dll.mui
-0.4s C:\Windows\WinSxS\x86_microsoft-windows-security-credssp_31bf3856ad364e35_6.2.9200.17617_none_c0b1dc8c72bb6316\credssp.dll
-0.3s C:\Windows\WinSxS\x86_microsoft-windows-security-credssp_31bf3856ad364e35_6.2.9200.21736_none_c124d9358bea216b\credssp.dll
-0.3s C:\Windows\WinSxS\amd64_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.2.9200.21709_fr-fr_56372ac1ef71f4d6\adtschema.dll.mui
-0.3s C:\Windows\WinSxS\amd64_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.2.9200.21736_fr-fr_5613ba1fef8cfca4\adtschema.dll.mui
-0.3s C:\Windows\WinSxS\x86_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.2.9200.21736_fr-fr_f9f51e9c372f8b6e\adtschema.dll.mui
-0.2s C:\Windows\WinSxS\amd64_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.2.9200.17617_fr-fr_55a0bd76d65e3e4f\adtschema.dll.mui
-0.2s C:\Windows\System32\fr-FR\adtschema.dll.mui
-0.2s C:\Windows\WinSxS\x86_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.2.9200.17592_fr-fr_f9269f3b1e4630c7\adtschema.dll.mui
-0.2s C:\Windows\WinSxS\x86_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.2.9200.17617_fr-fr_f98221f31e00cd19\adtschema.dll.mui
0.0s C:\Windows\System32\credssp.dll
0.0s C:\Windows\WinSxS\amd64_microsoft-windows-security-credssp_31bf3856ad364e35_6.2.9200.21736_none_1d4374b9444792a1\credssp.dll
0.1s C:\Windows\System32\fr-FR\lsasrv.dll.mui
0.1s C:\Windows\WinSxS\amd64_microsoft-windows-lsa.resources_31bf3856ad364e35_6.2.9200.21736_fr-fr_82b5ea7e2c4becfe\lsasrv.dll.mui
0.3s C:\Windows\System32\sspisrv.dll
0.4s C:\Windows\WinSxS\wow64_microsoft-windows-lsa-minwin_31bf3856ad364e35_6.2.9200.17617_none_a0d892905037f895\sspicli.dll
0.5s C:\Windows\WinSxS\wow64_microsoft-windows-lsa-minwin_31bf3856ad364e35_6.2.9200.21736_none_a14b8f396966b6ea\sspicli.dll
0.7s C:\Windows\WinSxS\x86_microsoft-windows-security-credssp_31bf3856ad364e35_6.2.9200.21736_none_c124d9358bea216b\TSpkg.dll
0.7s C:\Windows\WinSxS\x86_microsoft-windows-security-credssp_31bf3856ad364e35_6.2.9200.17617_none_c0b1dc8c72bb6316\TSpkg.dll
0.8s C:\Windows\WinSxS\amd64_microsoft-windows-lsa-minwin_31bf3856ad364e35_6.2.9200.21736_none_96f6e4e73505f4ef\ksecdd.sys
0.8s C:\Windows\WinSxS\amd64_microsoft-windows-security-credssp_31bf3856ad364e35_6.2.9200.21736_none_1d4374b9444792a1\TSpkg.dll
0.9s C:\Windows\System32\TSpkg.dll
1.1s C:\Windows\WinSxS\wow64_microsoft-windows-security-digest_31bf3856ad364e35_6.2.9200.21736_none_9ead38b353cd6394\wdigest.dll
1.2s C:\Windows\WinSxS\wow64_microsoft-windows-security-digest_31bf3856ad364e35_6.2.9200.17617_none_9e3a3c0a3a9ea53f\wdigest.dll
1.3s C:\Windows\System32\lsass.exe
1.4s C:\Windows\WinSxS\amd64_microsoft-windows-lsa-minwin_31bf3856ad364e35_6.2.9200.21736_none_96f6e4e73505f4ef\sspicli.dll
1.5s C:\Windows\WinSxS\amd64_microsoft-windows-security-digest_31bf3856ad364e35_6.2.9200.21736_none_94588e611f6ca199\wdigest.dll
1.6s C:\Windows\System32\wdigest.dll
1.7s C:\Windows\WinSxS\x86_microsoft-windows-usercpl_31bf3856ad364e35_6.2.9200.17617_none_88c89fa01f4a0b35\usercpl.dll
1.8s C:\Windows\WinSxS\x86_microsoft-windows-usercpl_31bf3856ad364e35_6.2.9200.21736_none_893b9c493878c98a\usercpl.dll
1.9s C:\Windows\System32\Drivers\fr-FR\mrxsmb.sys.mui
2.0s C:\Windows\WinSxS\amd64_microsoft-windows-smbminirdr.resources_31bf3856ad364e35_6.2.9200.21736_fr-fr_3b46823a8964bf31\mrxsmb.sys.mui
2.2s C:\Windows\WinSxS\amd64_microsoft-windows-t..localsessionmanager_31bf3856ad364e35_6.2.9200.21736_none_fed0100aad423d5d\lsm.dll
2.3s C:\Windows\System32\lsm.dll
2.4s C:\Windows\WinSxS\amd64_microsoft-windows-usercpl_31bf3856ad364e35_6.2.9200.21736_none_e55a37ccf0d63ac0\usercpl.dll
2.7s C:\Windows\System32\usercpl.dll
2.7s C:\Windows\WinSxS\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.2.9200.21736_none_ffd5ce0bff82c606\ksecpkg.sys
2.9s C:\Windows\System32\Drivers\ksecpkg.sys
2.9s C:\Windows\System32\Drivers\ksecdd.sys
3.0s C:\Windows\WinSxS\x86_microsoft-windows-msauditevtlog_31bf3856ad364e35_6.2.9200.21736_none_c4af221462c79156\adtschema.dll
3.2s C:\Windows\WinSxS\amd64_microsoft-windows-msauditevtlog_31bf3856ad364e35_6.2.9200.21736_none_20cdbd981b25028c\adtschema.dll
3.2s C:\Windows\WinSxS\amd64_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.2.9200.21709_en-us_b3b457defc78eccf\adtschema.dll.mui
3.2s C:\Windows\WinSxS\amd64_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.2.9200.21561_en-us_b36b723afcb0cf6f\adtschema.dll.mui
3.2s C:\Windows\WinSxS\amd64_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.2.9200.21335_en-us_b38fdf5afc94e6aa\adtschema.dll.mui
3.3s C:\Windows\WinSxS\x86_microsoft-windows-msauditevtlog_31bf3856ad364e35_6.2.9200.17617_none_c43c256b4998d301\adtschema.dll
3.3s C:\Windows\SysWOW64\adtschema.dll
3.4s C:\Windows\WinSxS\amd64_microsoft-windows-msauditevtlog_31bf3856ad364e35_6.2.9200.17617_none_205ac0ef01f64437\adtschema.dll
3.4s C:\Windows\System32\adtschema.dll
3.5s C:\Windows\WinSxS\amd64_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.2.9200.17592_en-us_b2c267dbe3aa99f6\adtschema.dll.mui
3.5s C:\Windows\WinSxS\amd64_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.2.9200.17450_en-us_b2eba511e38bfa5d\adtschema.dll.mui
3.5s C:\Windows\WinSxS\amd64_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.2.9200.17559_en-us_b2f4a991e383db93\adtschema.dll.mui
3.7s C:\Windows\WinSxS\x86_microsoft-windows-shcore_31bf3856ad364e35_6.2.9200.21736_none_c3e084ca0b8fbcc0\SHCore.dll
3.8s C:\Windows\WinSxS\amd64_microsoft-windows-shcore_31bf3856ad364e35_6.2.9200.21736_none_1fff204dc3ed2df6\SHCore.dll
3.9s C:\Windows\WinSxS\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.2.9200.21736_none_ffd5ce0bff82c606\cng.sys
4.0s C:\Windows\WinSxS\wow64_microsoft-windows-security-ntlm_31bf3856ad364e35_6.2.9200.21736_none_e092da6f39a312e3\msv1_0.dll
4.1s C:\Windows\WinSxS\wow64_microsoft-windows-security-ntlm_31bf3856ad364e35_6.2.9200.17617_none_e01fddc62074548e\msv1_0.dll
4.2s C:\Windows\System32\sspicli.dll
4.3s C:\Windows\WinSxS\x86_microsoft-windows-shcore_31bf3856ad364e35_6.2.9200.17617_none_c36d8820f260fe6b\SHCore.dll
4.4s C:\Windows\WinSxS\amd64_microsoft-windows-security-ntlm_31bf3856ad364e35_6.2.9200.21736_none_d63e301d054250e8\msv1_0.dll
4.7s C:\Windows\System32\msv1_0.dll
4.8s C:\Windows\WinSxS\amd64_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.2.9200.21736_none_e22fced2ee263b55\mrxsmb10.sys
4.8s C:\Windows\System32\Drivers\mrxsmb10.sys
5.0s C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.21736_none_c94e446077a909c5\winlogon.exe
5.4s C:\Windows\System32\winlogon.exe
5.5s C:\Windows\System32\Drivers\cng.sys
5.7s C:\Windows\System32\SHCore.dll
6.1s C:\Windows\WinSxS\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.2.9200.17617_none_b43f00d2f62fafc3\winresume.exe
6.1s C:\Windows\System32\winresume.exe
6.5s C:\Windows\WinSxS\amd64_microsoft-windows-smb20-minirdr_31bf3856ad364e35_6.2.9200.21736_none_e46638e52c7d6ec6\mrxsmb20.sys
6.6s C:\Windows\System32\Drivers\mrxsmb20.sys
6.8s C:\Windows\System32\winresume.efi
8.0s C:\Windows\WinSxS\wow64_microsoft-windows-security-kerberos_31bf3856ad364e35_6.2.9200.21736_none_4ab6cac787e5dfc3\kerberos.dll
8.3s C:\Windows\WinSxS\wow64_microsoft-windows-security-kerberos_31bf3856ad364e35_6.2.9200.17617_none_4a43ce1e6eb7216e\kerberos.dll
8.8s C:\Windows\WinSxS\amd64_microsoft-windows-security-kerberos_31bf3856ad364e35_6.2.9200.21736_none_4062207553851dc8\kerberos.dll
9.3s C:\Windows\System32\kerberos.dll
9.6s C:\Windows\WinSxS\amd64_microsoft-windows-smbminirdr_31bf3856ad364e35_6.2.9200.21736_none_d91cb07ef3d4fcf3\mrxsmb.sys
9.8s C:\Windows\System32\Drivers\mrxsmb.sys
10.3s C:\Windows\System32\winload.exe
10.6s C:\Windows\System32\winload.efi
11.2s C:\Windows\WinSxS\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.2.9200.21736_none_ffd5ce0bff82c606\lsasrv.dll
11.7s C:\Windows\System32\lsasrv.dll
13.9s C:\Windows\WinSxS\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.2.9200.21736_none_c5bba4ea56daa038\ntoskrnl.exe
19.6s C:\Windows\System32\ntoskrnl.exe
42.4s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_0609729198b21d43\CbsMsg.dll
42.4s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_62280e15510f8e79\CbsMsg.dll
42.4s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_0609729198b21d43\mspatcha.dll
42.4s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_0609729198b21d43\netfxconfig.dll
42.4s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_0609729198b21d43\cleanupai.dll
42.5s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_62280e15510f8e79\mspatcha.dll
42.5s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_62280e15510f8e79\cleanupai.dll
42.5s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_0609729198b21d43\RegisterIEPKeysAI.dll
42.6s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_62280e15510f8e79\netfxconfig.dll
42.6s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_62280e15510f8e79\RegisterIEPKeysAI.dll
42.6s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_62280e15510f8e79\appxreg.dll
42.6s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_0609729198b21d43\appxreg.dll
42.7s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_62280e15510f8e79\winsockai.dll
42.7s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_0609729198b21d43\winsockai.dll
42.7s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_62280e15510f8e79\wrpint.dll
42.8s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_06580a359876c22b\msdelta.dll
42.9s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\SetIEInstalledDateAI.dll
42.9s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack-net_31bf3856ad364e35_6.2.9200.16683_none_3b2f7f1bfc8510c1\FirewallOfflineAPI.dll
43.0s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack-net_31bf3856ad364e35_6.2.9200.16683_none_974e1a9fb4e281f7\FirewallOfflineAPI.dll
43.0s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\ConfigureIEOptionalComponentsAI.dll
43.1s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack-admin_31bf3856ad364e35_6.2.9200.16683_none_bb3528a7dce75509\wbemprox.dll
43.1s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack-admin_31bf3856ad364e35_6.2.9200.16683_none_bb3528a7dce75509\wmiutils.dll
43.2s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_62280e15510f8e79\ws2_helper.dll
43.2s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack-admin_31bf3856ad364e35_6.2.9200.16683_none_1753c42b9544c63f\wmiutils.dll
43.2s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_0609729198b21d43\ws2_helper.dll
43.3s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack-admin_31bf3856ad364e35_6.2.9200.16683_none_1753c42b9544c63f\wbemprox.dll
43.3s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\IEFileInstallAI.dll
43.3s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_0609729198b21d43\poqexec.exe
43.3s C:\Windows\SysWOW64\poqexec.exe
43.4s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_62280e15510f8e79\timezoneai.dll
43.4s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\peerdistai.dll
43.4s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_0609729198b21d43\luainstall.dll
43.4s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\fveupdateai.dll
43.5s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_62280e15510f8e79\luainstall.dll
43.5s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack-admin_31bf3856ad364e35_6.2.9200.16683_none_bb3528a7dce75509\mofinstall.dll
43.5s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack-admin_31bf3856ad364e35_6.2.9200.16683_none_1753c42b9544c63f\mofinstall.dll
43.6s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\httpai.dll
43.6s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\cmiadapter.dll
43.7s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack-net_31bf3856ad364e35_6.2.9200.16683_none_3b2f7f1bfc8510c1\cmifw.dll
43.7s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack-net_31bf3856ad364e35_6.2.9200.16683_none_974e1a9fb4e281f7\cmifw.dll
43.7s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\smipi.dll
43.9s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\dpx.dll
43.9s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_0609729198b21d43\PrintAdvancedInstaller.dll
43.9s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\PrintAdvancedInstaller.dll
43.9s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_62280e15510f8e79\bfsvc.dll
44.0s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_0609729198b21d43\bfsvc.dll
44.0s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_06580a359876c22b\SetIEInstalledDateAI.dll
44.1s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_0609729198b21d43\CntrtextInstaller.dll
44.1s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_62280e15510f8e79\CntrtextInstaller.dll
44.2s C:\Windows\System32\appserverai.dll
44.2s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack-termsrv_31bf3856ad364e35_6.2.9200.17516_none_517e62aea73de19f\appserverai.dll
44.2s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_06580a359876c22b\ConfigureIEOptionalComponentsAI.dll
44.2s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_06580a359876c22b\IEFileInstallAI.dll
44.2s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_06580a359876c22b\peerdistai.dll
44.3s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_06580a359876c22b\fveupdateai.dll
44.3s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_06580a359876c22b\smipi.dll
44.3s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_06580a359876c22b\httpai.dll
44.4s C:\Windows\System32\VmHostAI.dll
44.4s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_06580a359876c22b\cmiadapter.dll
44.5s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack-admin_31bf3856ad364e35_6.2.9200.16683_none_1753c42b9544c63f\wbemcomn.dll
44.5s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack-admin_31bf3856ad364e35_6.2.9200.16683_none_1753c42b9544c63f\repdrvfs.dll
44.6s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack-admin_31bf3856ad364e35_6.2.9200.16683_none_bb3528a7dce75509\repdrvfs.dll
44.7s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack-admin_31bf3856ad364e35_6.2.9200.16683_none_1753c42b9544c63f\esscli.dll
44.8s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack-admin_31bf3856ad364e35_6.2.9200.16683_none_bb3528a7dce75509\esscli.dll
44.8s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_06580a359876c22b\ceipfwdai.dll
44.8s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_06580a359876c22b\securebootai.dll
44.9s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack-admin_31bf3856ad364e35_6.2.9200.16683_none_1753c42b9544c63f\mofd.dll
44.9s C:\Windows\System32\poqexec.exe
45.0s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack-admin_31bf3856ad364e35_6.2.9200.16683_none_bb3528a7dce75509\mofd.dll
45.0s C:\Windows\System32\RDWebAI.dll
45.1s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack-admin_31bf3856ad364e35_6.2.9200.16683_none_1753c42b9544c63f\fastprox.dll
45.2s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack-admin_31bf3856ad364e35_6.2.9200.16683_none_bb3528a7dce75509\fastprox.dll
45.2s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\securebootai.dll
45.3s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\ceipfwdai.dll
45.3s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_06580a359876c22b\msdtcadvancedinstaller.dll
45.4s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\msdtcadvancedinstaller.dll
45.7s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_06580a359876c22b\TiFileFetcher.exe
45.8s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\TiFileFetcher.exe
45.8s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_0609729198b21d43\timezoneai.dll
45.9s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_06580a359876c22b\servicemodelregai.dll
46.0s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_06580a359876c22b\smiengine.dll
46.0s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_0609729198b21d43\wrpint.dll
46.1s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_0609729198b21d43\bcdeditai.dll
46.2s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack-admin_31bf3856ad364e35_6.2.9200.17516_none_bb83c04bdcabf9f1\wmicmiplugin.dll
46.3s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\msdelta.dll
46.3s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_06580a359876c22b\cmitrust.dll
46.4s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\cmipnpinstall.dll
46.4s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\servicemodelregai.dll
46.5s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\smiengine.dll
46.6s C:\Windows\System32\tssdisai.dll
46.8s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack-admin_31bf3856ad364e35_6.2.9200.17516_none_bb83c04bdcabf9f1\wbemcore.dll
46.8s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack-ds_31bf3856ad364e35_6.2.9200.17516_none_969b2dc475f4af7d\sppinst.dll
46.9s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_0609729198b21d43\DrUpdate.dll
47.1s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_62280e15510f8e79\bcdeditai.dll
47.1s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\wdscore.dll
47.2s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\PkgMgr.exe
47.3s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack-ds_31bf3856ad364e35_6.2.9200.17516_none_f2b9c9482e5220b3\sppinst.dll
47.3s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack-admin_31bf3856ad364e35_6.2.9200.16683_none_bb3528a7dce75509\wbemcomn.dll
47.5s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack-admin_31bf3856ad364e35_6.2.9200.17516_none_17a25bcf95096b27\wmicmiplugin.dll
47.5s C:\Windows\servicing\TrustedInstaller.exe
47.5s C:\Windows\WinSxS\amd64_microsoft-windows-trustedinstaller_31bf3856ad364e35_6.2.9200.16683_none_e9d5e050d6ebca10\TrustedInstaller.exe
47.6s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_62280e15510f8e79\TiWorker.exe
47.7s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\cmitrust.dll
47.8s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_62280e15510f8e79\DrUpdate.dll
47.8s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_0609729198b21d43\cmipnpinstall.dll
47.9s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_0609729198b21d43\PkgMgr.exe
48.0s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_0609729198b21d43\dpx.dll
48.0s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_0609729198b21d43\TiWorker.exe
48.2s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_0609729198b21d43\wdscore.dll
48.4s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_06580a359876c22b\CbsCore.dll
48.8s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_06580a359876c22b\wcp.dll
49.0s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack-admin_31bf3856ad364e35_6.2.9200.17516_none_17a25bcf95096b27\wbemcore.dll
49.1s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\CbsCore.dll
49.4s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_06580a359876c22b\cmiv2.dll
49.7s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_62280e15510f8e79\drvstore.dll
50.0s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\wcp.dll
50.2s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_0609729198b21d43\drvstore.dll
50.6s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\cmiv2.dll

C:\Windows\system32\drivers\hitmanpro37.sys
Size . . . . . . . : 49 584 bytes
Age . . . . . . . : -0.0 days (2016-03-12 19:00:35)
Entropy . . . . . : 6.6
SHA-256 . . . . . : 969B5FF4E762BC84F9B6588ECC9B08026519E081ACC1182885E163762CC3E21A
Product . . . . . : HitmanPro 3.7
RSA Key Size . . . : 2048
Service . . . . . : hitmanpro37
LanguageID . . . . : 0
Authenticode . . . : Valid
Fuzzy . . . . . . : 6.0
Time indicates that the file appeared recently on this computer.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
Starts automatically as a service during system bootup.
The file is a device driver. Device drivers run as trusted (highly privileged) code.
Program is code signed with a valid Authenticode certificate.
Startup
HKLM\SYSTEM\CurrentControlSet\Services\hitmanpro37\

C:\Windows\system32\DRIVERS\mrxsmb.sys
Size . . . . . . . : 403 456 bytes
Age . . . . . . . : 19.7 days (2016-02-22 03:00:34)
Entropy . . . . . : 6.0
SHA-256 . . . . . : 92CACD154D3D7E738C6D2492186270762B1888E89F505EE00C3CAE58F71650ED
Product . . . . . : Microsoft® Windows® Operating System
Publisher . . . . : Microsoft Corporation
Description . . . : Windows NT SMB Minirdr
Version . . . . . : 6.2.9200.17225
Copyright . . . . : © Microsoft Corporation. All rights reserved.
Service . . . . . : mrxsmb
LanguageID . . . . : 1033
Fuzzy . . . . . . : 6.0
Starts automatically as a service during system bootup.
The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
Time indicates that the file appeared recently on this computer.
The file is a device driver. Device drivers run as trusted (highly privileged) code.
The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.
Startup
HKLM\SYSTEM\CurrentControlSet\Services\mrxsmb\
Forensic Cluster
-11.2s C:\Windows\System32\workerdd.dll
-11.2s C:\Windows\WinSxS\amd64_microsoft-windows-t..localsessionmanager_31bf3856ad364e35_6.2.9200.21736_none_fed0100aad423d5d\workerdd.dll
-11.0s C:\Windows\System32\msaudite.dll
-10.9s C:\Windows\WinSxS\amd64_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.2.9200.17592_en-us_b2c267dbe3aa99f6\msaudite.dll.mui
-10.9s C:\Windows\WinSxS\amd64_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.2.9200.17559_en-us_b2f4a991e383db93\msaudite.dll.mui
-10.9s C:\Windows\WinSxS\amd64_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.2.9200.17218_en-us_b31ee345e3645b03\msaudite.dll.mui
-10.9s C:\Windows\WinSxS\amd64_microsoft-windows-msauditevtlog_31bf3856ad364e35_6.2.9200.21736_none_20cdbd981b25028c\msaudite.dll
-10.8s C:\Windows\WinSxS\x86_microsoft-windows-msauditevtlog_31bf3856ad364e35_6.2.9200.17617_none_c43c256b4998d301\msaudite.dll
-10.8s C:\Windows\WinSxS\amd64_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.2.9200.21709_en-us_b3b457defc78eccf\msaudite.dll.mui
-10.8s C:\Windows\WinSxS\amd64_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.2.9200.21561_en-us_b36b723afcb0cf6f\msaudite.dll.mui
-10.8s C:\Windows\WinSxS\x86_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.2.9200.21335_en-us_577143d744377574\msaudite.dll.mui
-10.5s C:\Windows\WinSxS\x86_microsoft-windows-msauditevtlog_31bf3856ad364e35_6.2.9200.21736_none_c4af221462c79156\msaudite.dll
-10.4s C:\Windows\WinSxS\amd64_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.2.9200.17617_fr-fr_55a0bd76d65e3e4f\msaudite.dll.mui
-10.4s C:\Windows\WinSxS\amd64_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.2.9200.17559_fr-fr_55777c74d67ce39a\msaudite.dll.mui
-10.4s C:\Windows\WinSxS\amd64_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.2.9200.17218_fr-fr_55a1b628d65d630a\msaudite.dll.mui
-10.4s C:\Windows\System32\fr-FR\msaudite.dll.mui
-10.4s C:\Windows\WinSxS\x86_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.2.9200.17592_fr-fr_f9269f3b1e4630c7\msaudite.dll.mui
-10.3s C:\Windows\WinSxS\amd64_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.2.9200.21709_fr-fr_56372ac1ef71f4d6\msaudite.dll.mui
-10.3s C:\Windows\WinSxS\amd64_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.2.9200.21736_fr-fr_5613ba1fef8cfca4\msaudite.dll.mui
-10.3s C:\Windows\WinSxS\amd64_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.2.9200.21290_fr-fr_55cccf5defc31a7d\msaudite.dll.mui
-10.3s C:\Windows\WinSxS\x86_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.2.9200.21335_fr-fr_f9f416ba37307d7b\msaudite.dll.mui
-10.2s C:\Windows\WinSxS\x86_microsoft-windows-security-credssp_31bf3856ad364e35_6.2.9200.17617_none_c0b1dc8c72bb6316\credssp.dll
-10.2s C:\Windows\WinSxS\x86_microsoft-windows-security-credssp_31bf3856ad364e35_6.2.9200.21736_none_c124d9358bea216b\credssp.dll
-10.1s C:\Windows\WinSxS\amd64_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.2.9200.21709_fr-fr_56372ac1ef71f4d6\adtschema.dll.mui
-10.1s C:\Windows\WinSxS\amd64_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.2.9200.21736_fr-fr_5613ba1fef8cfca4\adtschema.dll.mui
-10.1s C:\Windows\WinSxS\x86_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.2.9200.21736_fr-fr_f9f51e9c372f8b6e\adtschema.dll.mui
-10.0s C:\Windows\WinSxS\amd64_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.2.9200.17617_fr-fr_55a0bd76d65e3e4f\adtschema.dll.mui
-10.0s C:\Windows\System32\fr-FR\adtschema.dll.mui
-10.0s C:\Windows\WinSxS\x86_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.2.9200.17592_fr-fr_f9269f3b1e4630c7\adtschema.dll.mui
-10.0s C:\Windows\WinSxS\x86_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.2.9200.17617_fr-fr_f98221f31e00cd19\adtschema.dll.mui
-9.8s C:\Windows\System32\credssp.dll
-9.8s C:\Windows\WinSxS\amd64_microsoft-windows-security-credssp_31bf3856ad364e35_6.2.9200.21736_none_1d4374b9444792a1\credssp.dll
-9.7s C:\Windows\System32\fr-FR\lsasrv.dll.mui
-9.7s C:\Windows\WinSxS\amd64_microsoft-windows-lsa.resources_31bf3856ad364e35_6.2.9200.21736_fr-fr_82b5ea7e2c4becfe\lsasrv.dll.mui
-9.5s C:\Windows\System32\sspisrv.dll
-9.5s C:\Windows\WinSxS\wow64_microsoft-windows-lsa-minwin_31bf3856ad364e35_6.2.9200.17617_none_a0d892905037f895\sspicli.dll
-9.3s C:\Windows\WinSxS\wow64_microsoft-windows-lsa-minwin_31bf3856ad364e35_6.2.9200.21736_none_a14b8f396966b6ea\sspicli.dll
-9.2s C:\Windows\WinSxS\x86_microsoft-windows-security-credssp_31bf3856ad364e35_6.2.9200.21736_none_c124d9358bea216b\TSpkg.dll
-9.1s C:\Windows\WinSxS\x86_microsoft-windows-security-credssp_31bf3856ad364e35_6.2.9200.17617_none_c0b1dc8c72bb6316\TSpkg.dll
-9.0s C:\Windows\WinSxS\amd64_microsoft-windows-lsa-minwin_31bf3856ad364e35_6.2.9200.21736_none_96f6e4e73505f4ef\ksecdd.sys
-9.0s C:\Windows\WinSxS\amd64_microsoft-windows-security-credssp_31bf3856ad364e35_6.2.9200.21736_none_1d4374b9444792a1\TSpkg.dll
-8.9s C:\Windows\System32\TSpkg.dll
-8.8s C:\Windows\WinSxS\wow64_microsoft-windows-security-digest_31bf3856ad364e35_6.2.9200.21736_none_9ead38b353cd6394\wdigest.dll
-8.6s C:\Windows\WinSxS\wow64_microsoft-windows-security-digest_31bf3856ad364e35_6.2.9200.17617_none_9e3a3c0a3a9ea53f\wdigest.dll
-8.5s C:\Windows\System32\lsass.exe
-8.4s C:\Windows\WinSxS\amd64_microsoft-windows-lsa-minwin_31bf3856ad364e35_6.2.9200.21736_none_96f6e4e73505f4ef\sspicli.dll
-8.3s C:\Windows\WinSxS\amd64_microsoft-windows-security-digest_31bf3856ad364e35_6.2.9200.21736_none_94588e611f6ca199\wdigest.dll
-8.2s C:\Windows\System32\wdigest.dll
-8.1s C:\Windows\WinSxS\x86_microsoft-windows-usercpl_31bf3856ad364e35_6.2.9200.17617_none_88c89fa01f4a0b35\usercpl.dll
-8.0s C:\Windows\WinSxS\x86_microsoft-windows-usercpl_31bf3856ad364e35_6.2.9200.21736_none_893b9c493878c98a\usercpl.dll
-7.9s C:\Windows\System32\Drivers\fr-FR\mrxsmb.sys.mui
-7.8s C:\Windows\WinSxS\amd64_microsoft-windows-smbminirdr.resources_31bf3856ad364e35_6.2.9200.21736_fr-fr_3b46823a8964bf31\mrxsmb.sys.mui
-7.7s C:\Windows\WinSxS\amd64_microsoft-windows-t..localsessionmanager_31bf3856ad364e35_6.2.9200.21736_none_fed0100aad423d5d\lsm.dll
-7.6s C:\Windows\System32\lsm.dll
-7.4s C:\Windows\WinSxS\amd64_microsoft-windows-usercpl_31bf3856ad364e35_6.2.9200.21736_none_e55a37ccf0d63ac0\usercpl.dll
-7.1s C:\Windows\System32\usercpl.dll
-7.1s C:\Windows\WinSxS\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.2.9200.21736_none_ffd5ce0bff82c606\ksecpkg.sys
-7.0s C:\Windows\System32\Drivers\ksecpkg.sys
-6.9s C:\Windows\System32\Drivers\ksecdd.sys
-6.8s C:\Windows\WinSxS\x86_microsoft-windows-msauditevtlog_31bf3856ad364e35_6.2.9200.21736_none_c4af221462c79156\adtschema.dll
-6.7s C:\Windows\WinSxS\amd64_microsoft-windows-msauditevtlog_31bf3856ad364e35_6.2.9200.21736_none_20cdbd981b25028c\adtschema.dll
-6.6s C:\Windows\WinSxS\amd64_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.2.9200.21709_en-us_b3b457defc78eccf\adtschema.dll.mui
-6.6s C:\Windows\WinSxS\amd64_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.2.9200.21561_en-us_b36b723afcb0cf6f\adtschema.dll.mui
-6.6s C:\Windows\WinSxS\amd64_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.2.9200.21335_en-us_b38fdf5afc94e6aa\adtschema.dll.mui
-6.5s C:\Windows\WinSxS\x86_microsoft-windows-msauditevtlog_31bf3856ad364e35_6.2.9200.17617_none_c43c256b4998d301\adtschema.dll
-6.5s C:\Windows\SysWOW64\adtschema.dll
-6.4s C:\Windows\WinSxS\amd64_microsoft-windows-msauditevtlog_31bf3856ad364e35_6.2.9200.17617_none_205ac0ef01f64437\adtschema.dll
-6.4s C:\Windows\System32\adtschema.dll
-6.3s C:\Windows\WinSxS\amd64_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.2.9200.17592_en-us_b2c267dbe3aa99f6\adtschema.dll.mui
-6.3s C:\Windows\WinSxS\amd64_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.2.9200.17450_en-us_b2eba511e38bfa5d\adtschema.dll.mui
-6.3s C:\Windows\WinSxS\amd64_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.2.9200.17559_en-us_b2f4a991e383db93\adtschema.dll.mui
-6.2s C:\Windows\WinSxS\x86_microsoft-windows-shcore_31bf3856ad364e35_6.2.9200.21736_none_c3e084ca0b8fbcc0\SHCore.dll
-6.0s C:\Windows\WinSxS\amd64_microsoft-windows-shcore_31bf3856ad364e35_6.2.9200.21736_none_1fff204dc3ed2df6\SHCore.dll
-5.9s C:\Windows\WinSxS\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.2.9200.21736_none_ffd5ce0bff82c606\cng.sys
-5.8s C:\Windows\WinSxS\wow64_microsoft-windows-security-ntlm_31bf3856ad364e35_6.2.9200.21736_none_e092da6f39a312e3\msv1_0.dll
-5.7s C:\Windows\WinSxS\wow64_microsoft-windows-security-ntlm_31bf3856ad364e35_6.2.9200.17617_none_e01fddc62074548e\msv1_0.dll
-5.6s C:\Windows\System32\sspicli.dll
-5.6s C:\Windows\WinSxS\x86_microsoft-windows-shcore_31bf3856ad364e35_6.2.9200.17617_none_c36d8820f260fe6b\SHCore.dll
-5.4s C:\Windows\WinSxS\amd64_microsoft-windows-security-ntlm_31bf3856ad364e35_6.2.9200.21736_none_d63e301d054250e8\msv1_0.dll
-5.2s C:\Windows\System32\msv1_0.dll
-5.1s C:\Windows\WinSxS\amd64_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.2.9200.21736_none_e22fced2ee263b55\mrxsmb10.sys
-5.0s C:\Windows\System32\Drivers\mrxsmb10.sys
-4.8s C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.21736_none_c94e446077a909c5\winlogon.exe
-4.4s C:\Windows\System32\winlogon.exe
-4.3s C:\Windows\System32\Drivers\cng.sys
-4.1s C:\Windows\System32\SHCore.dll
-3.7s C:\Windows\WinSxS\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.2.9200.17617_none_b43f00d2f62fafc3\winresume.exe
-3.7s C:\Windows\System32\winresume.exe
-3.4s C:\Windows\WinSxS\amd64_microsoft-windows-smb20-minirdr_31bf3856ad364e35_6.2.9200.21736_none_e46638e52c7d6ec6\mrxsmb20.sys
-3.2s C:\Windows\System32\Drivers\mrxsmb20.sys
-3.0s C:\Windows\System32\winresume.efi
-1.9s C:\Windows\WinSxS\wow64_microsoft-windows-security-kerberos_31bf3856ad364e35_6.2.9200.21736_none_4ab6cac787e5dfc3\kerberos.dll
-1.6s C:\Windows\WinSxS\wow64_microsoft-windows-security-kerberos_31bf3856ad364e35_6.2.9200.17617_none_4a43ce1e6eb7216e\kerberos.dll
-1.0s C:\Windows\WinSxS\amd64_microsoft-windows-security-kerberos_31bf3856ad364e35_6.2.9200.21736_none_4062207553851dc8\kerberos.dll
-0.5s C:\Windows\System32\kerberos.dll
-0.2s C:\Windows\WinSxS\amd64_microsoft-windows-smbminirdr_31bf3856ad364e35_6.2.9200.21736_none_d91cb07ef3d4fcf3\mrxsmb.sys
0.0s C:\Windows\System32\Drivers\mrxsmb.sys
0.5s C:\Windows\System32\winload.exe
0.7s C:\Windows\System32\winload.efi
1.3s C:\Windows\WinSxS\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.2.9200.21736_none_ffd5ce0bff82c606\lsasrv.dll
1.8s C:\Windows\System32\lsasrv.dll
4.0s C:\Windows\WinSxS\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.2.9200.21736_none_c5bba4ea56daa038\ntoskrnl.exe
9.8s C:\Windows\System32\ntoskrnl.exe
32.5s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_0609729198b21d43\CbsMsg.dll
32.5s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_62280e15510f8e79\CbsMsg.dll
32.6s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_0609729198b21d43\mspatcha.dll
32.6s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_0609729198b21d43\netfxconfig.dll
32.6s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_0609729198b21d43\cleanupai.dll
32.6s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_62280e15510f8e79\mspatcha.dll
32.7s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_62280e15510f8e79\cleanupai.dll
32.7s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_0609729198b21d43\RegisterIEPKeysAI.dll
32.7s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_62280e15510f8e79\netfxconfig.dll
32.7s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_62280e15510f8e79\RegisterIEPKeysAI.dll
32.8s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_62280e15510f8e79\appxreg.dll
32.8s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_0609729198b21d43\appxreg.dll
32.9s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_62280e15510f8e79\winsockai.dll
32.9s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_0609729198b21d43\winsockai.dll
32.9s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_62280e15510f8e79\wrpint.dll
33.0s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_06580a359876c22b\msdelta.dll
33.0s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\SetIEInstalledDateAI.dll
33.1s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack-net_31bf3856ad364e35_6.2.9200.16683_none_3b2f7f1bfc8510c1\FirewallOfflineAPI.dll
33.2s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack-net_31bf3856ad364e35_6.2.9200.16683_none_974e1a9fb4e281f7\FirewallOfflineAPI.dll
33.2s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\ConfigureIEOptionalComponentsAI.dll
33.2s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack-admin_31bf3856ad364e35_6.2.9200.16683_none_bb3528a7dce75509\wbemprox.dll
33.3s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack-admin_31bf3856ad364e35_6.2.9200.16683_none_bb3528a7dce75509\wmiutils.dll
33.3s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_62280e15510f8e79\ws2_helper.dll
33.4s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack-admin_31bf3856ad364e35_6.2.9200.16683_none_1753c42b9544c63f\wmiutils.dll
33.4s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_0609729198b21d43\ws2_helper.dll
33.5s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack-admin_31bf3856ad364e35_6.2.9200.16683_none_1753c42b9544c63f\wbemprox.dll
33.5s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\IEFileInstallAI.dll
33.5s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_0609729198b21d43\poqexec.exe
33.5s C:\Windows\SysWOW64\poqexec.exe
33.5s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_62280e15510f8e79\timezoneai.dll
33.6s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\peerdistai.dll
33.6s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_0609729198b21d43\luainstall.dll
33.6s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\fveupdateai.dll
33.6s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_62280e15510f8e79\luainstall.dll
33.6s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack-admin_31bf3856ad364e35_6.2.9200.16683_none_bb3528a7dce75509\mofinstall.dll
33.7s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack-admin_31bf3856ad364e35_6.2.9200.16683_none_1753c42b9544c63f\mofinstall.dll
33.7s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\httpai.dll
33.8s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\cmiadapter.dll
33.8s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack-net_31bf3856ad364e35_6.2.9200.16683_none_3b2f7f1bfc8510c1\cmifw.dll
33.9s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack-net_31bf3856ad364e35_6.2.9200.16683_none_974e1a9fb4e281f7\cmifw.dll
33.9s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\smipi.dll
34.0s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\dpx.dll
34.0s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_0609729198b21d43\PrintAdvancedInstaller.dll
34.1s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\PrintAdvancedInstaller.dll
34.1s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_62280e15510f8e79\bfsvc.dll
34.1s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_0609729198b21d43\bfsvc.dll
34.2s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_06580a359876c22b\SetIEInstalledDateAI.dll
34.2s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_0609729198b21d43\CntrtextInstaller.dll
34.3s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_62280e15510f8e79\CntrtextInstaller.dll
34.4s C:\Windows\System32\appserverai.dll
34.4s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack-termsrv_31bf3856ad364e35_6.2.9200.17516_none_517e62aea73de19f\appserverai.dll
34.4s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_06580a359876c22b\ConfigureIEOptionalComponentsAI.dll
34.4s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_06580a359876c22b\IEFileInstallAI.dll
34.4s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_06580a359876c22b\peerdistai.dll
34.5s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_06580a359876c22b\fveupdateai.dll
34.5s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_06580a359876c22b\smipi.dll
34.5s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_06580a359876c22b\httpai.dll
34.6s C:\Windows\System32\VmHostAI.dll
34.6s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_06580a359876c22b\cmiadapter.dll
34.7s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack-admin_31bf3856ad364e35_6.2.9200.16683_none_1753c42b9544c63f\wbemcomn.dll
34.7s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack-admin_31bf3856ad364e35_6.2.9200.16683_none_1753c42b9544c63f\repdrvfs.dll
34.7s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack-admin_31bf3856ad364e35_6.2.9200.16683_none_bb3528a7dce75509\repdrvfs.dll
34.9s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack-admin_31bf3856ad364e35_6.2.9200.16683_none_1753c42b9544c63f\esscli.dll
34.9s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack-admin_31bf3856ad364e35_6.2.9200.16683_none_bb3528a7dce75509\esscli.dll
35.0s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_06580a359876c22b\ceipfwdai.dll
35.0s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_06580a359876c22b\securebootai.dll
35.1s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack-admin_31bf3856ad364e35_6.2.9200.16683_none_1753c42b9544c63f\mofd.dll
35.1s C:\Windows\System32\poqexec.exe
35.1s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack-admin_31bf3856ad364e35_6.2.9200.16683_none_bb3528a7dce75509\mofd.dll
35.2s C:\Windows\System32\RDWebAI.dll
35.3s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack-admin_31bf3856ad364e35_6.2.9200.16683_none_1753c42b9544c63f\fastprox.dll
35.4s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack-admin_31bf3856ad364e35_6.2.9200.16683_none_bb3528a7dce75509\fastprox.dll
35.4s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\securebootai.dll
35.4s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\ceipfwdai.dll
35.5s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_06580a359876c22b\msdtcadvancedinstaller.dll
35.6s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\msdtcadvancedinstaller.dll
35.9s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_06580a359876c22b\TiFileFetcher.exe
35.9s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\TiFileFetcher.exe
36.0s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_0609729198b21d43\timezoneai.dll
36.0s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_06580a359876c22b\servicemodelregai.dll
36.1s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_06580a359876c22b\smiengine.dll
36.2s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_0609729198b21d43\wrpint.dll
36.3s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_0609729198b21d43\bcdeditai.dll
36.3s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack-admin_31bf3856ad364e35_6.2.9200.17516_none_bb83c04bdcabf9f1\wmicmiplugin.dll
36.4s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\msdelta.dll
36.5s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_06580a359876c22b\cmitrust.dll
36.6s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\cmipnpinstall.dll
36.6s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\servicemodelregai.dll
36.7s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\smiengine.dll
36.8s C:\Windows\System32\tssdisai.dll
36.9s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack-admin_31bf3856ad364e35_6.2.9200.17516_none_bb83c04bdcabf9f1\wbemcore.dll
37.0s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack-ds_31bf3856ad364e35_6.2.9200.17516_none_969b2dc475f4af7d\sppinst.dll
37.1s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_0609729198b21d43\DrUpdate.dll
37.2s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_62280e15510f8e79\bcdeditai.dll
37.3s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\wdscore.dll
37.3s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\PkgMgr.exe
37.5s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack-ds_31bf3856ad364e35_6.2.9200.17516_none_f2b9c9482e5220b3\sppinst.dll
37.5s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack-admin_31bf3856ad364e35_6.2.9200.16683_none_bb3528a7dce75509\wbemcomn.dll
37.6s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack-admin_31bf3856ad364e35_6.2.9200.17516_none_17a25bcf95096b27\wmicmiplugin.dll
37.7s C:\Windows\servicing\TrustedInstaller.exe
37.7s C:\Windows\WinSxS\amd64_microsoft-windows-trustedinstaller_31bf3856ad364e35_6.2.9200.16683_none_e9d5e050d6ebca10\TrustedInstaller.exe
37.8s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_62280e15510f8e79\TiWorker.exe
37.9s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\cmitrust.dll
37.9s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_62280e15510f8e79\DrUpdate.dll
38.0s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_0609729198b21d43\cmipnpinstall.dll
38.1s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_0609729198b21d43\PkgMgr.exe
38.2s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_0609729198b21d43\dpx.dll
38.2s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_0609729198b21d43\TiWorker.exe
38.3s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_0609729198b21d43\wdscore.dll
38.6s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_06580a359876c22b\CbsCore.dll
38.9s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_06580a359876c22b\wcp.dll
39.1s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack-admin_31bf3856ad364e35_6.2.9200.17516_none_17a25bcf95096b27\wbemcore.dll
39.3s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\CbsCore.dll
39.6s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_06580a359876c22b\cmiv2.dll
39.8s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_62280e15510f8e79\drvstore.dll
40.2s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\wcp.dll
40.3s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_0609729198b21d43\drvstore.dll
40.7s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\cmiv2.dll

C:\Windows\system32\DRIVERS\mrxsmb10.sys
Size . . . . . . . : 281 600 bytes
Age . . . . . . . : 19.7 days (2016-02-22 03:00:30)
Entropy . . . . . : 6.4
SHA-256 . . . . . : 2B4DC0B017FD90D7D2F6A35342F5A17B20E79D077D3DFC4AD2455C0D814B7B5E
Product . . . . . : Microsoft® Windows® Operating System
Publisher . . . . : Microsoft Corporation
Description . . . : Longhorn SMB Downlevel SubRdr
Version . . . . . : 6.2.9200.17420
Copyright . . . . : © Microsoft Corporation. All rights reserved.
Service . . . . . : mrxsmb10
LanguageID . . . . : 1033
Fuzzy . . . . . . : 6.0
Starts automatically as a service during system bootup.
The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
Time indicates that the file appeared recently on this computer.
The file is a device driver. Device drivers run as trusted (highly privileged) code.
The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.
Startup
HKLM\SYSTEM\CurrentControlSet\Services\mrxsmb10\
Forensic Cluster
-6.2s C:\Windows\System32\workerdd.dll
-6.2s C:\Windows\WinSxS\amd64_microsoft-windows-t..localsessionmanager_31bf3856ad364e35_6.2.9200.21736_none_fed0100aad423d5d\workerdd.dll
-6.0s C:\Windows\System32\msaudite.dll
-5.9s C:\Windows\WinSxS\amd64_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.2.9200.17592_en-us_b2c267dbe3aa99f6\msaudite.dll.mui
-5.9s C:\Windows\WinSxS\amd64_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.2.9200.17559_en-us_b2f4a991e383db93\msaudite.dll.mui
-5.9s C:\Windows\WinSxS\amd64_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.2.9200.17218_en-us_b31ee345e3645b03\msaudite.dll.mui
-5.9s C:\Windows\WinSxS\amd64_microsoft-windows-msauditevtlog_31bf3856ad364e35_6.2.9200.21736_none_20cdbd981b25028c\msaudite.dll
-5.8s C:\Windows\WinSxS\x86_microsoft-windows-msauditevtlog_31bf3856ad364e35_6.2.9200.17617_none_c43c256b4998d301\msaudite.dll
-5.8s C:\Windows\WinSxS\amd64_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.2.9200.21709_en-us_b3b457defc78eccf\msaudite.dll.mui
-5.8s C:\Windows\WinSxS\amd64_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.2.9200.21561_en-us_b36b723afcb0cf6f\msaudite.dll.mui
-5.8s C:\Windows\WinSxS\x86_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.2.9200.21335_en-us_577143d744377574\msaudite.dll.mui
-5.5s C:\Windows\WinSxS\x86_microsoft-windows-msauditevtlog_31bf3856ad364e35_6.2.9200.21736_none_c4af221462c79156\msaudite.dll
-5.4s C:\Windows\WinSxS\amd64_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.2.9200.17617_fr-fr_55a0bd76d65e3e4f\msaudite.dll.mui
-5.4s C:\Windows\WinSxS\amd64_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.2.9200.17559_fr-fr_55777c74d67ce39a\msaudite.dll.mui
-5.4s C:\Windows\WinSxS\amd64_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.2.9200.17218_fr-fr_55a1b628d65d630a\msaudite.dll.mui
-5.4s C:\Windows\System32\fr-FR\msaudite.dll.mui
-5.4s C:\Windows\WinSxS\x86_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.2.9200.17592_fr-fr_f9269f3b1e4630c7\msaudite.dll.mui
-5.3s C:\Windows\WinSxS\amd64_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.2.9200.21709_fr-fr_56372ac1ef71f4d6\msaudite.dll.mui
-5.3s C:\Windows\WinSxS\amd64_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.2.9200.21736_fr-fr_5613ba1fef8cfca4\msaudite.dll.mui
-5.3s C:\Windows\WinSxS\amd64_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.2.9200.21290_fr-fr_55cccf5defc31a7d\msaudite.dll.mui
-5.3s C:\Windows\WinSxS\x86_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.2.9200.21335_fr-fr_f9f416ba37307d7b\msaudite.dll.mui
-5.3s C:\Windows\WinSxS\x86_microsoft-windows-security-credssp_31bf3856ad364e35_6.2.9200.17617_none_c0b1dc8c72bb6316\credssp.dll
-5.2s C:\Windows\WinSxS\x86_microsoft-windows-security-credssp_31bf3856ad364e35_6.2.9200.21736_none_c124d9358bea216b\credssp.dll
-5.1s C:\Windows\WinSxS\amd64_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.2.9200.21709_fr-fr_56372ac1ef71f4d6\adtschema.dll.mui
-5.1s C:\Windows\WinSxS\amd64_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.2.9200.21736_fr-fr_5613ba1fef8cfca4\adtschema.dll.mui
-5.1s C:\Windows\WinSxS\x86_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.2.9200.21736_fr-fr_f9f51e9c372f8b6e\adtschema.dll.mui
-5.1s C:\Windows\WinSxS\amd64_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.2.9200.17617_fr-fr_55a0bd76d65e3e4f\adtschema.dll.mui
-5.1s C:\Windows\System32\fr-FR\adtschema.dll.mui
-5.1s C:\Windows\WinSxS\x86_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.2.9200.17592_fr-fr_f9269f3b1e4630c7\adtschema.dll.mui
-5.1s C:\Windows\WinSxS\x86_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.2.9200.17617_fr-fr_f98221f31e00cd19\adtschema.dll.mui
-4.8s C:\Windows\System32\credssp.dll
-4.8s C:\Windows\WinSxS\amd64_microsoft-windows-security-credssp_31bf3856ad364e35_6.2.9200.21736_none_1d4374b9444792a1\credssp.dll
-4.7s C:\Windows\System32\fr-FR\lsasrv.dll.mui
-4.7s C:\Windows\WinSxS\amd64_microsoft-windows-lsa.resources_31bf3856ad364e35_6.2.9200.21736_fr-fr_82b5ea7e2c4becfe\lsasrv.dll.mui
-4.5s C:\Windows\System32\sspisrv.dll
-4.5s C:\Windows\WinSxS\wow64_microsoft-windows-lsa-minwin_31bf3856ad364e35_6.2.9200.17617_none_a0d892905037f895\sspicli.dll
-4.3s C:\Windows\WinSxS\wow64_microsoft-windows-lsa-minwin_31bf3856ad364e35_6.2.9200.21736_none_a14b8f396966b6ea\sspicli.dll
-4.2s C:\Windows\WinSxS\x86_microsoft-windows-security-credssp_31bf3856ad364e35_6.2.9200.21736_none_c124d9358bea216b\TSpkg.dll
-4.1s C:\Windows\WinSxS\x86_microsoft-windows-security-credssp_31bf3856ad364e35_6.2.9200.17617_none_c0b1dc8c72bb6316\TSpkg.dll
-4.1s C:\Windows\WinSxS\amd64_microsoft-windows-lsa-minwin_31bf3856ad364e35_6.2.9200.21736_none_96f6e4e73505f4ef\ksecdd.sys
-4.0s C:\Windows\WinSxS\amd64_microsoft-windows-security-credssp_31bf3856ad364e35_6.2.9200.21736_none_1d4374b9444792a1\TSpkg.dll
-3.9s C:\Windows\System32\TSpkg.dll
-3.8s C:\Windows\WinSxS\wow64_microsoft-windows-security-digest_31bf3856ad364e35_6.2.9200.21736_none_9ead38b353cd6394\wdigest.dll
-3.6s C:\Windows\WinSxS\wow64_microsoft-windows-security-digest_31bf3856ad364e35_6.2.9200.17617_none_9e3a3c0a3a9ea53f\wdigest.dll
-3.6s C:\Windows\System32\lsass.exe
-3.4s C:\Windows\WinSxS\amd64_microsoft-windows-lsa-minwin_31bf3856ad364e35_6.2.9200.21736_none_96f6e4e73505f4ef\sspicli.dll
-3.3s C:\Windows\WinSxS\amd64_microsoft-windows-security-digest_31bf3856ad364e35_6.2.9200.21736_none_94588e611f6ca199\wdigest.dll
-3.2s C:\Windows\System32\wdigest.dll
-3.1s C:\Windows\WinSxS\x86_microsoft-windows-usercpl_31bf3856ad364e35_6.2.9200.17617_none_88c89fa01f4a0b35\usercpl.dll
-3.0s C:\Windows\WinSxS\x86_microsoft-windows-usercpl_31bf3856ad364e35_6.2.9200.21736_none_893b9c493878c98a\usercpl.dll
-2.9s C:\Windows\System32\Drivers\fr-FR\mrxsmb.sys.mui
-2.9s C:\Windows\WinSxS\amd64_microsoft-windows-smbminirdr.resources_31bf3856ad364e35_6.2.9200.21736_fr-fr_3b46823a8964bf31\mrxsmb.sys.mui
-2.7s C:\Windows\WinSxS\amd64_microsoft-windows-t..localsessionmanager_31bf3856ad364e35_6.2.9200.21736_none_fed0100aad423d5d\lsm.dll
-2.6s C:\Windows\System32\lsm.dll
-2.4s C:\Windows\WinSxS\amd64_microsoft-windows-usercpl_31bf3856ad364e35_6.2.9200.21736_none_e55a37ccf0d63ac0\usercpl.dll
-2.2s C:\Windows\System32\usercpl.dll
-2.1s C:\Windows\WinSxS\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.2.9200.21736_none_ffd5ce0bff82c606\ksecpkg.sys
-2.0s C:\Windows\System32\Drivers\ksecpkg.sys
-1.9s C:\Windows\System32\Drivers\ksecdd.sys
-1.8s C:\Windows\WinSxS\x86_microsoft-windows-msauditevtlog_31bf3856ad364e35_6.2.9200.21736_none_c4af221462c79156\adtschema.dll
-1.7s C:\Windows\WinSxS\amd64_microsoft-windows-msauditevtlog_31bf3856ad364e35_6.2.9200.21736_none_20cdbd981b25028c\adtschema.dll
-1.6s C:\Windows\WinSxS\amd64_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.2.9200.21709_en-us_b3b457defc78eccf\adtschema.dll.mui
-1.6s C:\Windows\WinSxS\amd64_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.2.9200.21561_en-us_b36b723afcb0cf6f\adtschema.dll.mui
-1.6s C:\Windows\WinSxS\amd64_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.2.9200.21335_en-us_b38fdf5afc94e6aa\adtschema.dll.mui
-1.5s C:\Windows\WinSxS\x86_microsoft-windows-msauditevtlog_31bf3856ad364e35_6.2.9200.17617_none_c43c256b4998d301\adtschema.dll
-1.5s C:\Windows\SysWOW64\adtschema.dll
-1.4s C:\Windows\WinSxS\amd64_microsoft-windows-msauditevtlog_31bf3856ad364e35_6.2.9200.17617_none_205ac0ef01f64437\adtschema.dll
-1.4s C:\Windows\System32\adtschema.dll
-1.3s C:\Windows\WinSxS\amd64_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.2.9200.17592_en-us_b2c267dbe3aa99f6\adtschema.dll.mui
-1.3s C:\Windows\WinSxS\amd64_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.2.9200.17450_en-us_b2eba511e38bfa5d\adtschema.dll.mui
-1.3s C:\Windows\WinSxS\amd64_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.2.9200.17559_en-us_b2f4a991e383db93\adtschema.dll.mui
-1.2s C:\Windows\WinSxS\x86_microsoft-windows-shcore_31bf3856ad364e35_6.2.9200.21736_none_c3e084ca0b8fbcc0\SHCore.dll
-1.0s C:\Windows\WinSxS\amd64_microsoft-windows-shcore_31bf3856ad364e35_6.2.9200.21736_none_1fff204dc3ed2df6\SHCore.dll
-0.9s C:\Windows\WinSxS\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.2.9200.21736_none_ffd5ce0bff82c606\cng.sys
-0.8s C:\Windows\WinSxS\wow64_microsoft-windows-security-ntlm_31bf3856ad364e35_6.2.9200.21736_none_e092da6f39a312e3\msv1_0.dll
-0.7s C:\Windows\WinSxS\wow64_microsoft-windows-security-ntlm_31bf3856ad364e35_6.2.9200.17617_none_e01fddc62074548e\msv1_0.dll
-0.7s C:\Windows\System32\sspicli.dll
-0.6s C:\Windows\WinSxS\x86_microsoft-windows-shcore_31bf3856ad364e35_6.2.9200.17617_none_c36d8820f260fe6b\SHCore.dll
-0.4s C:\Windows\WinSxS\amd64_microsoft-windows-security-ntlm_31bf3856ad364e35_6.2.9200.21736_none_d63e301d054250e8\msv1_0.dll
-0.2s C:\Windows\System32\msv1_0.dll
-0.1s C:\Windows\WinSxS\amd64_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.2.9200.21736_none_e22fced2ee263b55\mrxsmb10.sys
0.0s C:\Windows\System32\Drivers\mrxsmb10.sys
0.2s C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.21736_none_c94e446077a909c5\winlogon.exe
0.6s C:\Windows\System32\winlogon.exe
0.7s C:\Windows\System32\Drivers\cng.sys
0.9s C:\Windows\System32\SHCore.dll
1.3s C:\Windows\WinSxS\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.2.9200.17617_none_b43f00d2f62fafc3\winresume.exe
1.3s C:\Windows\System32\winresume.exe
1.6s C:\Windows\WinSxS\amd64_microsoft-windows-smb20-minirdr_31bf3856ad364e35_6.2.9200.21736_none_e46638e52c7d6ec6\mrxsmb20.sys
1.8s C:\Windows\System32\Drivers\mrxsmb20.sys
2.0s C:\Windows\System32\winresume.efi
3.1s C:\Windows\WinSxS\wow64_microsoft-windows-security-kerberos_31bf3856ad364e35_6.2.9200.21736_none_4ab6cac787e5dfc3\kerberos.dll
3.4s C:\Windows\WinSxS\wow64_microsoft-windows-security-kerberos_31bf3856ad364e35_6.2.9200.17617_none_4a43ce1e6eb7216e\kerberos.dll
4.0s C:\Windows\WinSxS\amd64_microsoft-windows-security-kerberos_31bf3856ad364e35_6.2.9200.21736_none_4062207553851dc8\kerberos.dll
4.5s C:\Windows\System32\kerberos.dll
4.8s C:\Windows\WinSxS\amd64_microsoft-windows-smbminirdr_31bf3856ad364e35_6.2.9200.21736_none_d91cb07ef3d4fcf3\mrxsmb.sys
5.0s C:\Windows\System32\Drivers\mrxsmb.sys
5.5s C:\Windows\System32\winload.exe
5.7s C:\Windows\System32\winload.efi
6.3s C:\Windows\WinSxS\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.2.9200.21736_none_ffd5ce0bff82c606\lsasrv.dll
6.8s C:\Windows\System32\lsasrv.dll
9.0s C:\Windows\WinSxS\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.2.9200.21736_none_c5bba4ea56daa038\ntoskrnl.exe
14.8s C:\Windows\System32\ntoskrnl.exe
37.5s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_0609729198b21d43\CbsMsg.dll
37.5s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_62280e15510f8e79\CbsMsg.dll
37.5s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_0609729198b21d43\mspatcha.dll
37.6s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_0609729198b21d43\netfxconfig.dll
37.6s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_0609729198b21d43\cleanupai.dll
37.6s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_62280e15510f8e79\mspatcha.dll
37.6s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_62280e15510f8e79\cleanupai.dll
37.7s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_0609729198b21d43\RegisterIEPKeysAI.dll
37.7s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_62280e15510f8e79\netfxconfig.dll
37.7s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_62280e15510f8e79\RegisterIEPKeysAI.dll
37.8s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_62280e15510f8e79\appxreg.dll
37.8s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_0609729198b21d43\appxreg.dll
37.8s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_62280e15510f8e79\winsockai.dll
37.9s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_0609729198b21d43\winsockai.dll
37.9s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_62280e15510f8e79\wrpint.dll
38.0s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_06580a359876c22b\msdelta.dll
38.0s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\SetIEInstalledDateAI.dll
38.1s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack-net_31bf3856ad364e35_6.2.9200.16683_none_3b2f7f1bfc8510c1\FirewallOfflineAPI.dll
38.1s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack-net_31bf3856ad364e35_6.2.9200.16683_none_974e1a9fb4e281f7\FirewallOfflineAPI.dll
38.2s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\ConfigureIEOptionalComponentsAI.dll
38.2s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack-admin_31bf3856ad364e35_6.2.9200.16683_none_bb3528a7dce75509\wbemprox.dll
38.3s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack-admin_31bf3856ad364e35_6.2.9200.16683_none_bb3528a7dce75509\wmiutils.dll
38.3s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_62280e15510f8e79\ws2_helper.dll
38.4s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack-admin_31bf3856ad364e35_6.2.9200.16683_none_1753c42b9544c63f\wmiutils.dll
38.4s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_0609729198b21d43\ws2_helper.dll
38.5s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack-admin_31bf3856ad364e35_6.2.9200.16683_none_1753c42b9544c63f\wbemprox.dll
38.5s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\IEFileInstallAI.dll
38.5s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_0609729198b21d43\poqexec.exe
38.5s C:\Windows\SysWOW64\poqexec.exe
38.5s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_62280e15510f8e79\timezoneai.dll
38.5s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\peerdistai.dll
38.6s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_0609729198b21d43\luainstall.dll
38.6s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\fveupdateai.dll
38.6s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_62280e15510f8e79\luainstall.dll
38.6s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack-admin_31bf3856ad364e35_6.2.9200.16683_none_bb3528a7dce75509\mofinstall.dll
38.7s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack-admin_31bf3856ad364e35_6.2.9200.16683_none_1753c42b9544c63f\mofinstall.dll
38.7s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\httpai.dll
38.8s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\cmiadapter.dll
38.8s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack-net_31bf3856ad364e35_6.2.9200.16683_none_3b2f7f1bfc8510c1\cmifw.dll
38.8s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack-net_31bf3856ad364e35_6.2.9200.16683_none_974e1a9fb4e281f7\cmifw.dll
38.9s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\smipi.dll
39.0s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\dpx.dll
39.0s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_0609729198b21d43\PrintAdvancedInstaller.dll
39.0s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\PrintAdvancedInstaller.dll
39.1s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_62280e15510f8e79\bfsvc.dll
39.1s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_0609729198b21d43\bfsvc.dll
39.2s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_06580a359876c22b\SetIEInstalledDateAI.dll
39.2s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_0609729198b21d43\CntrtextInstaller.dll
39.3s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_62280e15510f8e79\CntrtextInstaller.dll
39.3s C:\Windows\System32\appserverai.dll
39.3s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack-termsrv_31bf3856ad364e35_6.2.9200.17516_none_517e62aea73de19f\appserverai.dll
39.4s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_06580a359876c22b\ConfigureIEOptionalComponentsAI.dll
39.4s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_06580a359876c22b\IEFileInstallAI.dll
39.4s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_06580a359876c22b\peerdistai.dll
39.5s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_06580a359876c22b\fveupdateai.dll
39.5s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_06580a359876c22b\smipi.dll
39.5s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_06580a359876c22b\httpai.dll
39.6s C:\Windows\System32\VmHostAI.dll
39.6s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_06580a359876c22b\cmiadapter.dll
39.7s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack-admin_31bf3856ad364e35_6.2.9200.16683_none_1753c42b9544c63f\wbemcomn.dll
39.7s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack-admin_31bf3856ad364e35_6.2.9200.16683_none_1753c42b9544c63f\repdrvfs.dll
39.7s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack-admin_31bf3856ad364e35_6.2.9200.16683_none_bb3528a7dce75509\repdrvfs.dll
39.9s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack-admin_31bf3856ad364e35_6.2.9200.16683_none_1753c42b9544c63f\esscli.dll
39.9s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack-admin_31bf3856ad364e35_6.2.9200.16683_none_bb3528a7dce75509\esscli.dll
40.0s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_06580a359876c22b\ceipfwdai.dll
40.0s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_06580a359876c22b\securebootai.dll
40.0s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack-admin_31bf3856ad364e35_6.2.9200.16683_none_1753c42b9544c63f\mofd.dll
40.1s C:\Windows\System32\poqexec.exe
40.1s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack-admin_31bf3856ad364e35_6.2.9200.16683_none_bb3528a7dce75509\mofd.dll
40.2s C:\Windows\System32\RDWebAI.dll
40.3s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack-admin_31bf3856ad364e35_6.2.9200.16683_none_1753c42b9544c63f\fastprox.dll
40.4s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack-admin_31bf3856ad364e35_6.2.9200.16683_none_bb3528a7dce75509\fastprox.dll
40.4s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\securebootai.dll
40.4s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\ceipfwdai.dll
40.5s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_06580a359876c22b\msdtcadvancedinstaller.dll
40.6s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\msdtcadvancedinstaller.dll
40.9s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_06580a359876c22b\TiFileFetcher.exe
40.9s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\TiFileFetcher.exe
41.0s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_0609729198b21d43\timezoneai.dll
41.0s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_06580a359876c22b\servicemodelregai.dll
41.1s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_06580a359876c22b\smiengine.dll
41.2s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_0609729198b21d43\wrpint.dll
41.2s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_0609729198b21d43\bcdeditai.dll
41.3s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack-admin_31bf3856ad364e35_6.2.9200.17516_none_bb83c04bdcabf9f1\wmicmiplugin.dll
41.4s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\msdelta.dll
41.5s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_06580a359876c22b\cmitrust.dll
41.5s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\cmipnpinstall.dll
41.6s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\servicemodelregai.dll
41.7s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\smiengine.dll
41.8s C:\Windows\System32\tssdisai.dll
41.9s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack-admin_31bf3856ad364e35_6.2.9200.17516_none_bb83c04bdcabf9f1\wbemcore.dll
42.0s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack-ds_31bf3856ad364e35_6.2.9200.17516_none_969b2dc475f4af7d\sppinst.dll
42.1s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_0609729198b21d43\DrUpdate.dll
42.2s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_62280e15510f8e79\bcdeditai.dll
42.3s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\wdscore.dll
42.3s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\PkgMgr.exe
42.4s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack-ds_31bf3856ad364e35_6.2.9200.17516_none_f2b9c9482e5220b3\sppinst.dll
42.5s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack-admin_31bf3856ad364e35_6.2.9200.16683_none_bb3528a7dce75509\wbemcomn.dll
42.6s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack-admin_31bf3856ad364e35_6.2.9200.17516_none_17a25bcf95096b27\wmicmiplugin.dll
42.7s C:\Windows\servicing\TrustedInstaller.exe
42.7s C:\Windows\WinSxS\amd64_microsoft-windows-trustedinstaller_31bf3856ad364e35_6.2.9200.16683_none_e9d5e050d6ebca10\TrustedInstaller.exe
42.7s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_62280e15510f8e79\TiWorker.exe
42.9s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\cmitrust.dll
42.9s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_62280e15510f8e79\DrUpdate.dll
43.0s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_0609729198b21d43\cmipnpinstall.dll
43.1s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_0609729198b21d43\PkgMgr.exe
43.2s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_0609729198b21d43\dpx.dll
43.2s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_0609729198b21d43\TiWorker.exe
43.3s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_0609729198b21d43\wdscore.dll
43.6s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_06580a359876c22b\CbsCore.dll
43.9s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_06580a359876c22b\wcp.dll
44.1s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack-admin_31bf3856ad364e35_6.2.9200.17516_none_17a25bcf95096b27\wbemcore.dll
44.3s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\CbsCore.dll
44.6s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_06580a359876c22b\cmiv2.dll
44.8s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_62280e15510f8e79\drvstore.dll
45.2s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\wcp.dll
45.3s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_0609729198b21d43\drvstore.dll
45.7s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\cmiv2.dll

C:\Windows\system32\DRIVERS\mrxsmb20.sys
Size . . . . . . . : 210 432 bytes
Age . . . . . . . : 19.7 days (2016-02-22 03:00:31)
Entropy . . . . . : 6.2
SHA-256 . . . . . : 62AA83190CA041131E43B2031175D9F0F8ACD9A0EB0EC8B8F66C2951F15420E4
Product . . . . . : Microsoft® Windows® Operating System
Publisher . . . . : Microsoft Corporation
Description . . . : Longhorn SMB 2.0 Redirector
Version . . . . . : 6.2.9200.17420
Copyright . . . . : © Microsoft Corporation. All rights reserved.
Service . . . . . : mrxsmb20
LanguageID . . . . : 1033
Fuzzy . . . . . . : 6.0
Starts automatically as a service during system bootup.
The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
Time indicates that the file appeared recently on this computer.
The file is a device driver. Device drivers run as trusted (highly privileged) code.
The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.
Startup
HKLM\SYSTEM\CurrentControlSet\Services\mrxsmb20\
Forensic Cluster
-7.9s C:\Windows\System32\workerdd.dll
-7.9s C:\Windows\WinSxS\amd64_microsoft-windows-t..localsessionmanager_31bf3856ad364e35_6.2.9200.21736_none_fed0100aad423d5d\workerdd.dll
-7.8s C:\Windows\System32\msaudite.dll
-7.7s C:\Windows\WinSxS\amd64_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.2.9200.17592_en-us_b2c267dbe3aa99f6\msaudite.dll.mui
-7.7s C:\Windows\WinSxS\amd64_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.2.9200.17559_en-us_b2f4a991e383db93\msaudite.dll.mui
-7.7s C:\Windows\WinSxS\amd64_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.2.9200.17218_en-us_b31ee345e3645b03\msaudite.dll.mui
-7.6s C:\Windows\WinSxS\amd64_microsoft-windows-msauditevtlog_31bf3856ad364e35_6.2.9200.21736_none_20cdbd981b25028c\msaudite.dll
-7.6s C:\Windows\WinSxS\x86_microsoft-windows-msauditevtlog_31bf3856ad364e35_6.2.9200.17617_none_c43c256b4998d301\msaudite.dll
-7.6s C:\Windows\WinSxS\amd64_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.2.9200.21709_en-us_b3b457defc78eccf\msaudite.dll.mui
-7.6s C:\Windows\WinSxS\amd64_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.2.9200.21561_en-us_b36b723afcb0cf6f\msaudite.dll.mui
-7.6s C:\Windows\WinSxS\x86_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.2.9200.21335_en-us_577143d744377574\msaudite.dll.mui
-7.3s C:\Windows\WinSxS\x86_microsoft-windows-msauditevtlog_31bf3856ad364e35_6.2.9200.21736_none_c4af221462c79156\msaudite.dll
-7.2s C:\Windows\WinSxS\amd64_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.2.9200.17617_fr-fr_55a0bd76d65e3e4f\msaudite.dll.mui
-7.2s C:\Windows\WinSxS\amd64_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.2.9200.17559_fr-fr_55777c74d67ce39a\msaudite.dll.mui
-7.2s C:\Windows\WinSxS\amd64_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.2.9200.17218_fr-fr_55a1b628d65d630a\msaudite.dll.mui
-7.2s C:\Windows\System32\fr-FR\msaudite.dll.mui
-7.2s C:\Windows\WinSxS\x86_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.2.9200.17592_fr-fr_f9269f3b1e4630c7\msaudite.dll.mui
-7.1s C:\Windows\WinSxS\amd64_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.2.9200.21709_fr-fr_56372ac1ef71f4d6\msaudite.dll.mui
-7.1s C:\Windows\WinSxS\amd64_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.2.9200.21736_fr-fr_5613ba1fef8cfca4\msaudite.dll.mui
-7.1s C:\Windows\WinSxS\amd64_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.2.9200.21290_fr-fr_55cccf5defc31a7d\msaudite.dll.mui
-7.1s C:\Windows\WinSxS\x86_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.2.9200.21335_fr-fr_f9f416ba37307d7b\msaudite.dll.mui
-7.0s C:\Windows\WinSxS\x86_microsoft-windows-security-credssp_31bf3856ad364e35_6.2.9200.17617_none_c0b1dc8c72bb6316\credssp.dll
-6.9s C:\Windows\WinSxS\x86_microsoft-windows-security-credssp_31bf3856ad364e35_6.2.9200.21736_none_c124d9358bea216b\credssp.dll
-6.9s C:\Windows\WinSxS\amd64_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.2.9200.21709_fr-fr_56372ac1ef71f4d6\adtschema.dll.mui
-6.9s C:\Windows\WinSxS\amd64_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.2.9200.21736_fr-fr_5613ba1fef8cfca4\adtschema.dll.mui
-6.9s C:\Windows\WinSxS\x86_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.2.9200.21736_fr-fr_f9f51e9c372f8b6e\adtschema.dll.mui
-6.8s C:\Windows\WinSxS\amd64_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.2.9200.17617_fr-fr_55a0bd76d65e3e4f\adtschema.dll.mui
-6.8s C:\Windows\System32\fr-FR\adtschema.dll.mui
-6.8s C:\Windows\WinSxS\x86_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.2.9200.17592_fr-fr_f9269f3b1e4630c7\adtschema.dll.mui
-6.8s C:\Windows\WinSxS\x86_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.2.9200.17617_fr-fr_f98221f31e00cd19\adtschema.dll.mui
-6.6s C:\Windows\System32\credssp.dll
-6.6s C:\Windows\WinSxS\amd64_microsoft-windows-security-credssp_31bf3856ad364e35_6.2.9200.21736_none_1d4374b9444792a1\credssp.dll
-6.5s C:\Windows\System32\fr-FR\lsasrv.dll.mui
-6.5s C:\Windows\WinSxS\amd64_microsoft-windows-lsa.resources_31bf3856ad364e35_6.2.9200.21736_fr-fr_82b5ea7e2c4becfe\lsasrv.dll.mui
-6.3s C:\Windows\System32\sspisrv.dll
-6.2s C:\Windows\WinSxS\wow64_microsoft-windows-lsa-minwin_31bf3856ad364e35_6.2.9200.17617_none_a0d892905037f895\sspicli.dll
-6.1s C:\Windows\WinSxS\wow64_microsoft-windows-lsa-minwin_31bf3856ad364e35_6.2.9200.21736_none_a14b8f396966b6ea\sspicli.dll
-5.9s C:\Windows\WinSxS\x86_microsoft-windows-security-credssp_31bf3856ad364e35_6.2.9200.21736_none_c124d9358bea216b\TSpkg.dll
-5.9s C:\Windows\WinSxS\x86_microsoft-windows-security-credssp_31bf3856ad364e35_6.2.9200.17617_none_c0b1dc8c72bb6316\TSpkg.dll
-5.8s C:\Windows\WinSxS\amd64_microsoft-windows-lsa-minwin_31bf3856ad364e35_6.2.9200.21736_none_96f6e4e73505f4ef\ksecdd.sys
-5.8s C:\Windows\WinSxS\amd64_microsoft-windows-security-credssp_31bf3856ad364e35_6.2.9200.21736_none_1d4374b9444792a1\TSpkg.dll
-5.7s C:\Windows\System32\TSpkg.dll
-5.5s C:\Windows\WinSxS\wow64_microsoft-windows-security-digest_31bf3856ad364e35_6.2.9200.21736_none_9ead38b353cd6394\wdigest.dll
-5.4s C:\Windows\WinSxS\wow64_microsoft-windows-security-digest_31bf3856ad364e35_6.2.9200.17617_none_9e3a3c0a3a9ea53f\wdigest.dll
-5.3s C:\Windows\System32\lsass.exe
-5.2s C:\Windows\WinSxS\amd64_microsoft-windows-lsa-minwin_31bf3856ad364e35_6.2.9200.21736_none_96f6e4e73505f4ef\sspicli.dll
-5.1s C:\Windows\WinSxS\amd64_microsoft-windows-security-digest_31bf3856ad364e35_6.2.9200.21736_none_94588e611f6ca199\wdigest.dll
-5.0s C:\Windows\System32\wdigest.dll
-4.9s C:\Windows\WinSxS\x86_microsoft-windows-usercpl_31bf3856ad364e35_6.2.9200.17617_none_88c89fa01f4a0b35\usercpl.dll
-4.8s C:\Windows\WinSxS\x86_microsoft-windows-usercpl_31bf3856ad364e35_6.2.9200.21736_none_893b9c493878c98a\usercpl.dll
-4.7s C:\Windows\System32\Drivers\fr-FR\mrxsmb.sys.mui
-4.6s C:\Windows\WinSxS\amd64_microsoft-windows-smbminirdr.resources_31bf3856ad364e35_6.2.9200.21736_fr-fr_3b46823a8964bf31\mrxsmb.sys.mui
-4.4s C:\Windows\WinSxS\amd64_microsoft-windows-t..localsessionmanager_31bf3856ad364e35_6.2.9200.21736_none_fed0100aad423d5d\lsm.dll
-4.3s C:\Windows\System32\lsm.dll
-4.1s C:\Windows\WinSxS\amd64_microsoft-windows-usercpl_31bf3856ad364e35_6.2.9200.21736_none_e55a37ccf0d63ac0\usercpl.dll
-3.9s C:\Windows\System32\usercpl.dll
-3.9s C:\Windows\WinSxS\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.2.9200.21736_none_ffd5ce0bff82c606\ksecpkg.sys
-3.7s C:\Windows\System32\Drivers\ksecpkg.sys
-3.7s C:\Windows\System32\Drivers\ksecdd.sys
-3.6s C:\Windows\WinSxS\x86_microsoft-windows-msauditevtlog_31bf3856ad364e35_6.2.9200.21736_none_c4af221462c79156\adtschema.dll
-3.4s C:\Windows\WinSxS\amd64_microsoft-windows-msauditevtlog_31bf3856ad364e35_6.2.9200.21736_none_20cdbd981b25028c\adtschema.dll
-3.4s C:\Windows\WinSxS\amd64_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.2.9200.21709_en-us_b3b457defc78eccf\adtschema.dll.mui
-3.4s C:\Windows\WinSxS\amd64_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.2.9200.21561_en-us_b36b723afcb0cf6f\adtschema.dll.mui
-3.4s C:\Windows\WinSxS\amd64_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.2.9200.21335_en-us_b38fdf5afc94e6aa\adtschema.dll.mui
-3.3s C:\Windows\WinSxS\x86_microsoft-windows-msauditevtlog_31bf3856ad364e35_6.2.9200.17617_none_c43c256b4998d301\adtschema.dll
-3.3s C:\Windows\SysWOW64\adtschema.dll
-3.2s C:\Windows\WinSxS\amd64_microsoft-windows-msauditevtlog_31bf3856ad364e35_6.2.9200.17617_none_205ac0ef01f64437\adtschema.dll
-3.2s C:\Windows\System32\adtschema.dll
-3.1s C:\Windows\WinSxS\amd64_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.2.9200.17592_en-us_b2c267dbe3aa99f6\adtschema.dll.mui
-3.1s C:\Windows\WinSxS\amd64_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.2.9200.17450_en-us_b2eba511e38bfa5d\adtschema.dll.mui
-3.1s C:\Windows\WinSxS\amd64_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.2.9200.17559_en-us_b2f4a991e383db93\adtschema.dll.mui
-2.9s C:\Windows\WinSxS\x86_microsoft-windows-shcore_31bf3856ad364e35_6.2.9200.21736_none_c3e084ca0b8fbcc0\SHCore.dll
-2.8s C:\Windows\WinSxS\amd64_microsoft-windows-shcore_31bf3856ad364e35_6.2.9200.21736_none_1fff204dc3ed2df6\SHCore.dll
-2.7s C:\Windows\WinSxS\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.2.9200.21736_none_ffd5ce0bff82c606\cng.sys
-2.6s C:\Windows\WinSxS\wow64_microsoft-windows-security-ntlm_31bf3856ad364e35_6.2.9200.21736_none_e092da6f39a312e3\msv1_0.dll
-2.5s C:\Windows\WinSxS\wow64_microsoft-windows-security-ntlm_31bf3856ad364e35_6.2.9200.17617_none_e01fddc62074548e\msv1_0.dll
-2.4s C:\Windows\System32\sspicli.dll
-2.3s C:\Windows\WinSxS\x86_microsoft-windows-shcore_31bf3856ad364e35_6.2.9200.17617_none_c36d8820f260fe6b\SHCore.dll
-2.2s C:\Windows\WinSxS\amd64_microsoft-windows-security-ntlm_31bf3856ad364e35_6.2.9200.21736_none_d63e301d054250e8\msv1_0.dll
-1.9s C:\Windows\System32\msv1_0.dll
-1.8s C:\Windows\WinSxS\amd64_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.2.9200.21736_none_e22fced2ee263b55\mrxsmb10.sys
-1.8s C:\Windows\System32\Drivers\mrxsmb10.sys
-1.6s C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.21736_none_c94e446077a909c5\winlogon.exe
-1.2s C:\Windows\System32\winlogon.exe
-1.1s C:\Windows\System32\Drivers\cng.sys
-0.9s C:\Windows\System32\SHCore.dll
-0.5s C:\Windows\WinSxS\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.2.9200.17617_none_b43f00d2f62fafc3\winresume.exe
-0.5s C:\Windows\System32\winresume.exe
-0.1s C:\Windows\WinSxS\amd64_microsoft-windows-smb20-minirdr_31bf3856ad364e35_6.2.9200.21736_none_e46638e52c7d6ec6\mrxsmb20.sys
0.0s C:\Windows\System32\Drivers\mrxsmb20.sys
0.2s C:\Windows\System32\winresume.efi
1.4s C:\Windows\WinSxS\wow64_microsoft-windows-security-kerberos_31bf3856ad364e35_6.2.9200.21736_none_4ab6cac787e5dfc3\kerberos.dll
1.7s C:\Windows\WinSxS\wow64_microsoft-windows-security-kerberos_31bf3856ad364e35_6.2.9200.17617_none_4a43ce1e6eb7216e\kerberos.dll
2.2s C:\Windows\WinSxS\amd64_microsoft-windows-security-kerberos_31bf3856ad364e35_6.2.9200.21736_none_4062207553851dc8\kerberos.dll
2.7s C:\Windows\System32\kerberos.dll
3.0s C:\Windows\WinSxS\amd64_microsoft-windows-smbminirdr_31bf3856ad364e35_6.2.9200.21736_none_d91cb07ef3d4fcf3\mrxsmb.sys
3.2s C:\Windows\System32\Drivers\mrxsmb.sys
3.7s C:\Windows\System32\winload.exe
4.0s C:\Windows\System32\winload.efi
4.6s C:\Windows\WinSxS\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.2.9200.21736_none_ffd5ce0bff82c606\lsasrv.dll
5.1s C:\Windows\System32\lsasrv.dll
7.3s C:\Windows\WinSxS\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.2.9200.21736_none_c5bba4ea56daa038\ntoskrnl.exe
13.0s C:\Windows\System32\ntoskrnl.exe
35.8s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_0609729198b21d43\CbsMsg.dll
35.8s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_62280e15510f8e79\CbsMsg.dll
35.8s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_0609729198b21d43\mspatcha.dll
35.8s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_0609729198b21d43\netfxconfig.dll
35.8s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_0609729198b21d43\cleanupai.dll
35.9s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_62280e15510f8e79\mspatcha.dll
35.9s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_62280e15510f8e79\cleanupai.dll
35.9s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_0609729198b21d43\RegisterIEPKeysAI.dll
36.0s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_62280e15510f8e79\netfxconfig.dll
36.0s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_62280e15510f8e79\RegisterIEPKeysAI.dll
36.0s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_62280e15510f8e79\appxreg.dll
36.0s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_0609729198b21d43\appxreg.dll
36.1s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_62280e15510f8e79\winsockai.dll
36.1s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_0609729198b21d43\winsockai.dll
36.1s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_62280e15510f8e79\wrpint.dll
36.2s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_06580a359876c22b\msdelta.dll
36.3s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\SetIEInstalledDateAI.dll
36.3s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack-net_31bf3856ad364e35_6.2.9200.16683_none_3b2f7f1bfc8510c1\FirewallOfflineAPI.dll
36.4s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack-net_31bf3856ad364e35_6.2.9200.16683_none_974e1a9fb4e281f7\FirewallOfflineAPI.dll
36.4s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\ConfigureIEOptionalComponentsAI.dll
36.5s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack-admin_31bf3856ad364e35_6.2.9200.16683_none_bb3528a7dce75509\wbemprox.dll
36.5s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack-admin_31bf3856ad364e35_6.2.9200.16683_none_bb3528a7dce75509\wmiutils.dll
36.6s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_62280e15510f8e79\ws2_helper.dll
36.6s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack-admin_31bf3856ad364e35_6.2.9200.16683_none_1753c42b9544c63f\wmiutils.dll
36.6s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_0609729198b21d43\ws2_helper.dll
36.7s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack-admin_31bf3856ad364e35_6.2.9200.16683_none_1753c42b9544c63f\wbemprox.dll
36.7s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\IEFileInstallAI.dll
36.7s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_0609729198b21d43\poqexec.exe
36.7s C:\Windows\SysWOW64\poqexec.exe
36.8s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_62280e15510f8e79\timezoneai.dll
36.8s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\peerdistai.dll
36.8s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_0609729198b21d43\luainstall.dll
36.8s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\fveupdateai.dll
36.9s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_62280e15510f8e79\luainstall.dll
36.9s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack-admin_31bf3856ad364e35_6.2.9200.16683_none_bb3528a7dce75509\mofinstall.dll
36.9s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack-admin_31bf3856ad364e35_6.2.9200.16683_none_1753c42b9544c63f\mofinstall.dll
37.0s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\httpai.dll
37.0s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\cmiadapter.dll
37.1s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack-net_31bf3856ad364e35_6.2.9200.16683_none_3b2f7f1bfc8510c1\cmifw.dll
37.1s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack-net_31bf3856ad364e35_6.2.9200.16683_none_974e1a9fb4e281f7\cmifw.dll
37.1s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\smipi.dll
37.3s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\dpx.dll
37.3s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_0609729198b21d43\PrintAdvancedInstaller.dll
37.3s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\PrintAdvancedInstaller.dll
37.3s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_62280e15510f8e79\bfsvc.dll
37.4s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_0609729198b21d43\bfsvc.dll
37.4s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_06580a359876c22b\SetIEInstalledDateAI.dll
37.5s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_0609729198b21d43\CntrtextInstaller.dll
37.5s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_62280e15510f8e79\CntrtextInstaller.dll
37.6s C:\Windows\System32\appserverai.dll
37.6s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack-termsrv_31bf3856ad364e35_6.2.9200.17516_none_517e62aea73de19f\appserverai.dll
37.6s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_06580a359876c22b\ConfigureIEOptionalComponentsAI.dll
37.6s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_06580a359876c22b\IEFileInstallAI.dll
37.6s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_06580a359876c22b\peerdistai.dll
37.7s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_06580a359876c22b\fveupdateai.dll
37.7s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_06580a359876c22b\smipi.dll
37.7s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_06580a359876c22b\httpai.dll
37.8s C:\Windows\System32\VmHostAI.dll
37.8s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_06580a359876c22b\cmiadapter.dll
37.9s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack-admin_31bf3856ad364e35_6.2.9200.16683_none_1753c42b9544c63f\wbemcomn.dll
37.9s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack-admin_31bf3856ad364e35_6.2.9200.16683_none_1753c42b9544c63f\repdrvfs.dll
38.0s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack-admin_31bf3856ad364e35_6.2.9200.16683_none_bb3528a7dce75509\repdrvfs.dll
38.1s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack-admin_31bf3856ad364e35_6.2.9200.16683_none_1753c42b9544c63f\esscli.dll
38.2s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack-admin_31bf3856ad364e35_6.2.9200.16683_none_bb3528a7dce75509\esscli.dll
38.2s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_06580a359876c22b\ceipfwdai.dll
38.2s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_06580a359876c22b\securebootai.dll
38.3s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack-admin_31bf3856ad364e35_6.2.9200.16683_none_1753c42b9544c63f\mofd.dll
38.3s C:\Windows\System32\poqexec.exe
38.4s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack-admin_31bf3856ad364e35_6.2.9200.16683_none_bb3528a7dce75509\mofd.dll
38.4s C:\Windows\System32\RDWebAI.dll
38.5s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack-admin_31bf3856ad364e35_6.2.9200.16683_none_1753c42b9544c63f\fastprox.dll
38.6s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack-admin_31bf3856ad364e35_6.2.9200.16683_none_bb3528a7dce75509\fastprox.dll
38.6s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\securebootai.dll
38.7s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\ceipfwdai.dll
38.7s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_06580a359876c22b\msdtcadvancedinstaller.dll
38.8s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\msdtcadvancedinstaller.dll
39.1s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_06580a359876c22b\TiFileFetcher.exe
39.2s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\TiFileFetcher.exe
39.2s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_0609729198b21d43\timezoneai.dll
39.3s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_06580a359876c22b\servicemodelregai.dll
39.4s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_06580a359876c22b\smiengine.dll
39.4s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_0609729198b21d43\wrpint.dll
39.5s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_0609729198b21d43\bcdeditai.dll
39.6s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack-admin_31bf3856ad364e35_6.2.9200.17516_none_bb83c04bdcabf9f1\wmicmiplugin.dll
39.7s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\msdelta.dll
39.7s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_06580a359876c22b\cmitrust.dll
39.8s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\cmipnpinstall.dll
39.8s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\servicemodelregai.dll
39.9s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\smiengine.dll
40.0s C:\Windows\System32\tssdisai.dll
40.2s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack-admin_31bf3856ad364e35_6.2.9200.17516_none_bb83c04bdcabf9f1\wbemcore.dll
40.2s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack-ds_31bf3856ad364e35_6.2.9200.17516_none_969b2dc475f4af7d\sppinst.dll
40.3s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_0609729198b21d43\DrUpdate.dll
40.5s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_62280e15510f8e79\bcdeditai.dll
40.5s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\wdscore.dll
40.6s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\PkgMgr.exe
40.7s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack-ds_31bf3856ad364e35_6.2.9200.17516_none_f2b9c9482e5220b3\sppinst.dll
40.7s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack-admin_31bf3856ad364e35_6.2.9200.16683_none_bb3528a7dce75509\wbemcomn.dll
40.9s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack-admin_31bf3856ad364e35_6.2.9200.17516_none_17a25bcf95096b27\wmicmiplugin.dll
40.9s C:\Windows\servicing\TrustedInstaller.exe
40.9s C:\Windows\WinSxS\amd64_microsoft-windows-trustedinstaller_31bf3856ad364e35_6.2.9200.16683_none_e9d5e050d6ebca10\TrustedInstaller.exe
41.0s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_62280e15510f8e79\TiWorker.exe
41.1s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\cmitrust.dll
41.2s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_62280e15510f8e79\DrUpdate.dll
41.2s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_0609729198b21d43\cmipnpinstall.dll
41.3s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_0609729198b21d43\PkgMgr.exe
41.4s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_0609729198b21d43\dpx.dll
41.4s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_0609729198b21d43\TiWorker.exe
41.6s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_0609729198b21d43\wdscore.dll
41.8s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_06580a359876c22b\CbsCore.dll
42.2s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_06580a359876c22b\wcp.dll
42.4s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack-admin_31bf3856ad364e35_6.2.9200.17516_none_17a25bcf95096b27\wbemcore.dll
42.5s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\CbsCore.dll
42.8s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_06580a359876c22b\cmiv2.dll
43.1s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_62280e15510f8e79\drvstore.dll
43.4s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\wcp.dll
43.6s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_0609729198b21d43\drvstore.dll
44.0s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\cmiv2.dll

C:\Windows\System32\lsass.exe
Size . . . . . . . : 35 840 bytes
Age . . . . . . . : 19.7 days (2016-02-22 03:00:26)
Entropy . . . . . : 5.4
SHA-256 . . . . . : 8BDF328F18F1EB58AC0E383ABA7985BA69EA9622B262CD524E3390FDE824DEEB
Product . . . . . : Microsoft® Windows® Operating System
Publisher . . . . : Microsoft Corporation
Description . . . : Local Security Authority Process
Version . . . . . : 6.2.9200.16864
Copyright . . . . : © Microsoft Corporation. All rights reserved.
Service . . . . . : VaultSvc
Parent Name . . . : C:\Windows\system32\wininit.exe
LanguageID . . . . : 1033
Running processes : 756
Fuzzy . . . . . . : 12.0
This program is actively listening for inbound network connections.
Starts automatically as a service during system bootup.
The file is in use by one or more active processes.
The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
Time indicates that the file appeared recently on this computer.
The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.
Startup
HKLM\SYSTEM\CurrentControlSet\Services\EFS\
HKLM\SYSTEM\CurrentControlSet\Services\KeyIso\
HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\
HKLM\SYSTEM\CurrentControlSet\Services\SamSs\
HKLM\SYSTEM\CurrentControlSet\Services\VaultSvc\
Network Ports
0.0.0.0:49155
Forensic Cluster
-2.6s C:\Windows\System32\workerdd.dll
-2.6s C:\Windows\WinSxS\amd64_microsoft-windows-t..localsessionmanager_31bf3856ad364e35_6.2.9200.21736_none_fed0100aad423d5d\workerdd.dll
-2.4s C:\Windows\System32\msaudite.dll
-2.4s C:\Windows\WinSxS\amd64_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.2.9200.17592_en-us_b2c267dbe3aa99f6\msaudite.dll.mui
-2.4s C:\Windows\WinSxS\amd64_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.2.9200.17559_en-us_b2f4a991e383db93\msaudite.dll.mui
-2.4s C:\Windows\WinSxS\amd64_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.2.9200.17218_en-us_b31ee345e3645b03\msaudite.dll.mui
-2.3s C:\Windows\WinSxS\amd64_microsoft-windows-msauditevtlog_31bf3856ad364e35_6.2.9200.21736_none_20cdbd981b25028c\msaudite.dll
-2.3s C:\Windows\WinSxS\x86_microsoft-windows-msauditevtlog_31bf3856ad364e35_6.2.9200.17617_none_c43c256b4998d301\msaudite.dll
-2.2s C:\Windows\WinSxS\amd64_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.2.9200.21709_en-us_b3b457defc78eccf\msaudite.dll.mui
-2.2s C:\Windows\WinSxS\amd64_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.2.9200.21561_en-us_b36b723afcb0cf6f\msaudite.dll.mui
-2.2s C:\Windows\WinSxS\x86_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.2.9200.21335_en-us_577143d744377574\msaudite.dll.mui
-2.0s C:\Windows\WinSxS\x86_microsoft-windows-msauditevtlog_31bf3856ad364e35_6.2.9200.21736_none_c4af221462c79156\msaudite.dll
-1.9s C:\Windows\WinSxS\amd64_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.2.9200.17617_fr-fr_55a0bd76d65e3e4f\msaudite.dll.mui
-1.9s C:\Windows\WinSxS\amd64_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.2.9200.17559_fr-fr_55777c74d67ce39a\msaudite.dll.mui
-1.9s C:\Windows\WinSxS\amd64_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.2.9200.17218_fr-fr_55a1b628d65d630a\msaudite.dll.mui
-1.9s C:\Windows\System32\fr-FR\msaudite.dll.mui
-1.9s C:\Windows\WinSxS\x86_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.2.9200.17592_fr-fr_f9269f3b1e4630c7\msaudite.dll.mui
-1.8s C:\Windows\WinSxS\amd64_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.2.9200.21709_fr-fr_56372ac1ef71f4d6\msaudite.dll.mui
-1.8s C:\Windows\WinSxS\amd64_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.2.9200.21736_fr-fr_5613ba1fef8cfca4\msaudite.dll.mui
-1.8s C:\Windows\WinSxS\amd64_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.2.9200.21290_fr-fr_55cccf5defc31a7d\msaudite.dll.mui
-1.8s C:\Windows\WinSxS\x86_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.2.9200.21335_fr-fr_f9f416ba37307d7b\msaudite.dll.mui
-1.7s C:\Windows\WinSxS\x86_microsoft-windows-security-credssp_31bf3856ad364e35_6.2.9200.17617_none_c0b1dc8c72bb6316\credssp.dll
-1.6s C:\Windows\WinSxS\x86_microsoft-windows-security-credssp_31bf3856ad364e35_6.2.9200.21736_none_c124d9358bea216b\credssp.dll
-1.6s C:\Windows\WinSxS\amd64_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.2.9200.21709_fr-fr_56372ac1ef71f4d6\adtschema.dll.mui
-1.6s C:\Windows\WinSxS\amd64_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.2.9200.21736_fr-fr_5613ba1fef8cfca4\adtschema.dll.mui
-1.6s C:\Windows\WinSxS\x86_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.2.9200.21736_fr-fr_f9f51e9c372f8b6e\adtschema.dll.mui
-1.5s C:\Windows\WinSxS\amd64_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.2.9200.17617_fr-fr_55a0bd76d65e3e4f\adtschema.dll.mui
-1.5s C:\Windows\System32\fr-FR\adtschema.dll.mui
-1.5s C:\Windows\WinSxS\x86_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.2.9200.17592_fr-fr_f9269f3b1e4630c7\adtschema.dll.mui
-1.5s C:\Windows\WinSxS\x86_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.2.9200.17617_fr-fr_f98221f31e00cd19\adtschema.dll.mui
-1.3s C:\Windows\System32\credssp.dll
-1.3s C:\Windows\WinSxS\amd64_microsoft-windows-security-credssp_31bf3856ad364e35_6.2.9200.21736_none_1d4374b9444792a1\credssp.dll
-1.2s C:\Windows\System32\fr-FR\lsasrv.dll.mui
-1.2s C:\Windows\WinSxS\amd64_microsoft-windows-lsa.resources_31bf3856ad364e35_6.2.9200.21736_fr-fr_82b5ea7e2c4becfe\lsasrv.dll.mui
-1.0s C:\Windows\System32\sspisrv.dll
-0.9s C:\Windows\WinSxS\wow64_microsoft-windows-lsa-minwin_31bf3856ad364e35_6.2.9200.17617_none_a0d892905037f895\sspicli.dll
-0.7s C:\Windows\WinSxS\wow64_microsoft-windows-lsa-minwin_31bf3856ad364e35_6.2.9200.21736_none_a14b8f396966b6ea\sspicli.dll
-0.6s C:\Windows\WinSxS\x86_microsoft-windows-security-credssp_31bf3856ad364e35_6.2.9200.21736_none_c124d9358bea216b\TSpkg.dll
-0.6s C:\Windows\WinSxS\x86_microsoft-windows-security-credssp_31bf3856ad364e35_6.2.9200.17617_none_c0b1dc8c72bb6316\TSpkg.dll
-0.5s C:\Windows\WinSxS\amd64_microsoft-windows-lsa-minwin_31bf3856ad364e35_6.2.9200.21736_none_96f6e4e73505f4ef\ksecdd.sys
-0.4s C:\Windows\WinSxS\amd64_microsoft-windows-security-credssp_31bf3856ad364e35_6.2.9200.21736_none_1d4374b9444792a1\TSpkg.dll
-0.4s C:\Windows\System32\TSpkg.dll
-0.2s C:\Windows\WinSxS\wow64_microsoft-windows-security-digest_31bf3856ad364e35_6.2.9200.21736_none_9ead38b353cd6394\wdigest.dll
-0.1s C:\Windows\WinSxS\wow64_microsoft-windows-security-digest_31bf3856ad364e35_6.2.9200.17617_none_9e3a3c0a3a9ea53f\wdigest.dll
0.0s C:\Windows\System32\lsass.exe
0.1s C:\Windows\WinSxS\amd64_microsoft-windows-lsa-minwin_31bf3856ad364e35_6.2.9200.21736_none_96f6e4e73505f4ef\sspicli.dll
0.2s C:\Windows\WinSxS\amd64_microsoft-windows-security-digest_31bf3856ad364e35_6.2.9200.21736_none_94588e611f6ca199\wdigest.dll
0.3s C:\Windows\System32\wdigest.dll
0.4s C:\Windows\WinSxS\x86_microsoft-windows-usercpl_31bf3856ad364e35_6.2.9200.17617_none_88c89fa01f4a0b35\usercpl.dll
0.6s C:\Windows\WinSxS\x86_microsoft-windows-usercpl_31bf3856ad364e35_6.2.9200.21736_none_893b9c493878c98a\usercpl.dll
0.6s C:\Windows\System32\Drivers\fr-FR\mrxsmb.sys.mui
0.7s C:\Windows\WinSxS\amd64_microsoft-windows-smbminirdr.resources_31bf3856ad364e35_6.2.9200.21736_fr-fr_3b46823a8964bf31\mrxsmb.sys.mui
0.9s C:\Windows\WinSxS\amd64_microsoft-windows-t..localsessionmanager_31bf3856ad364e35_6.2.9200.21736_none_fed0100aad423d5d\lsm.dll
1.0s C:\Windows\System32\lsm.dll
1.2s C:\Windows\WinSxS\amd64_microsoft-windows-usercpl_31bf3856ad364e35_6.2.9200.21736_none_e55a37ccf0d63ac0\usercpl.dll
1.4s C:\Windows\System32\usercpl.dll
1.5s C:\Windows\WinSxS\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.2.9200.21736_none_ffd5ce0bff82c606\ksecpkg.sys
1.6s C:\Windows\System32\Drivers\ksecpkg.sys
1.6s C:\Windows\System32\Drivers\ksecdd.sys
1.7s C:\Windows\WinSxS\x86_microsoft-windows-msauditevtlog_31bf3856ad364e35_6.2.9200.21736_none_c4af221462c79156\adtschema.dll
1.9s C:\Windows\WinSxS\amd64_microsoft-windows-msauditevtlog_31bf3856ad364e35_6.2.9200.21736_none_20cdbd981b25028c\adtschema.dll
1.9s C:\Windows\WinSxS\amd64_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.2.9200.21709_en-us_b3b457defc78eccf\adtschema.dll.mui
1.9s C:\Windows\WinSxS\amd64_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.2.9200.21561_en-us_b36b723afcb0cf6f\adtschema.dll.mui
1.9s C:\Windows\WinSxS\amd64_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.2.9200.21335_en-us_b38fdf5afc94e6aa\adtschema.dll.mui
2.0s C:\Windows\WinSxS\x86_microsoft-windows-msauditevtlog_31bf3856ad364e35_6.2.9200.17617_none_c43c256b4998d301\adtschema.dll
2.0s C:\Windows\SysWOW64\adtschema.dll
2.1s C:\Windows\WinSxS\amd64_microsoft-windows-msauditevtlog_31bf3856ad364e35_6.2.9200.17617_none_205ac0ef01f64437\adtschema.dll
2.1s C:\Windows\System32\adtschema.dll
2.2s C:\Windows\WinSxS\amd64_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.2.9200.17592_en-us_b2c267dbe3aa99f6\adtschema.dll.mui
2.2s C:\Windows\WinSxS\amd64_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.2.9200.17450_en-us_b2eba511e38bfa5d\adtschema.dll.mui
2.2s C:\Windows\WinSxS\amd64_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.2.9200.17559_en-us_b2f4a991e383db93\adtschema.dll.mui
2.4s C:\Windows\WinSxS\x86_microsoft-windows-shcore_31bf3856ad364e35_6.2.9200.21736_none_c3e084ca0b8fbcc0\SHCore.dll
2.6s C:\Windows\WinSxS\amd64_microsoft-windows-shcore_31bf3856ad364e35_6.2.9200.21736_none_1fff204dc3ed2df6\SHCore.dll
2.7s C:\Windows\WinSxS\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.2.9200.21736_none_ffd5ce0bff82c606\cng.sys
2.7s C:\Windows\WinSxS\wow64_microsoft-windows-security-ntlm_31bf3856ad364e35_6.2.9200.21736_none_e092da6f39a312e3\msv1_0.dll
2.8s C:\Windows\WinSxS\wow64_microsoft-windows-security-ntlm_31bf3856ad364e35_6.2.9200.17617_none_e01fddc62074548e\msv1_0.dll
2.9s C:\Windows\System32\sspicli.dll
3.0s C:\Windows\WinSxS\x86_microsoft-windows-shcore_31bf3856ad364e35_6.2.9200.17617_none_c36d8820f260fe6b\SHCore.dll
3.2s C:\Windows\WinSxS\amd64_microsoft-windows-security-ntlm_31bf3856ad364e35_6.2.9200.21736_none_d63e301d054250e8\msv1_0.dll
3.4s C:\Windows\System32\msv1_0.dll
3.5s C:\Windows\WinSxS\amd64_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.2.9200.21736_none_e22fced2ee263b55\mrxsmb10.sys
3.6s C:\Windows\System32\Drivers\mrxsmb10.sys
3.7s C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.21736_none_c94e446077a909c5\winlogon.exe
4.1s C:\Windows\System32\winlogon.exe
4.3s C:\Windows\System32\Drivers\cng.sys
4.4s C:\Windows\System32\SHCore.dll
4.8s C:\Windows\WinSxS\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.2.9200.17617_none_b43f00d2f62fafc3\winresume.exe
4.8s C:\Windows\System32\winresume.exe
5.2s C:\Windows\WinSxS\amd64_microsoft-windows-smb20-minirdr_31bf3856ad364e35_6.2.9200.21736_none_e46638e52c7d6ec6\mrxsmb20.sys
5.3s C:\Windows\System32\Drivers\mrxsmb20.sys
5.6s C:\Windows\System32\winresume.efi
6.7s C:\Windows\WinSxS\wow64_microsoft-windows-security-kerberos_31bf3856ad364e35_6.2.9200.21736_none_4ab6cac787e5dfc3\kerberos.dll
7.0s C:\Windows\WinSxS\wow64_microsoft-windows-security-kerberos_31bf3856ad364e35_6.2.9200.17617_none_4a43ce1e6eb7216e\kerberos.dll
7.5s C:\Windows\WinSxS\amd64_microsoft-windows-security-kerberos_31bf3856ad364e35_6.2.9200.21736_none_4062207553851dc8\kerberos.dll
8.0s C:\Windows\System32\kerberos.dll
8.4s C:\Windows\WinSxS\amd64_microsoft-windows-smbminirdr_31bf3856ad364e35_6.2.9200.21736_none_d91cb07ef3d4fcf3\mrxsmb.sys
8.5s C:\Windows\System32\Drivers\mrxsmb.sys
9.1s C:\Windows\System32\winload.exe
9.3s C:\Windows\System32\winload.efi
9.9s C:\Windows\WinSxS\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.2.9200.21736_none_ffd5ce0bff82c606\lsasrv.dll
10.4s C:\Windows\System32\lsasrv.dll
12.6s C:\Windows\WinSxS\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.2.9200.21736_none_c5bba4ea56daa038\ntoskrnl.exe
18.3s C:\Windows\System32\ntoskrnl.exe
41.1s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_0609729198b21d43\CbsMsg.dll
41.1s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_62280e15510f8e79\CbsMsg.dll
41.1s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_0609729198b21d43\mspatcha.dll
41.1s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_0609729198b21d43\netfxconfig.dll
41.2s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_0609729198b21d43\cleanupai.dll
41.2s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_62280e15510f8e79\mspatcha.dll
41.2s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_62280e15510f8e79\cleanupai.dll
41.3s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_0609729198b21d43\RegisterIEPKeysAI.dll
41.3s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_62280e15510f8e79\netfxconfig.dll
41.3s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_62280e15510f8e79\RegisterIEPKeysAI.dll
41.3s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_62280e15510f8e79\appxreg.dll
41.4s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_0609729198b21d43\appxreg.dll
41.4s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_62280e15510f8e79\winsockai.dll
41.4s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_0609729198b21d43\winsockai.dll
41.5s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_62280e15510f8e79\wrpint.dll
41.5s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_06580a359876c22b\msdelta.dll
41.6s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\SetIEInstalledDateAI.dll
41.6s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack-net_31bf3856ad364e35_6.2.9200.16683_none_3b2f7f1bfc8510c1\FirewallOfflineAPI.dll
41.7s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack-net_31bf3856ad364e35_6.2.9200.16683_none_974e1a9fb4e281f7\FirewallOfflineAPI.dll
41.7s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\ConfigureIEOptionalComponentsAI.dll
41.8s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack-admin_31bf3856ad364e35_6.2.9200.16683_none_bb3528a7dce75509\wbemprox.dll
41.9s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack-admin_31bf3856ad364e35_6.2.9200.16683_none_bb3528a7dce75509\wmiutils.dll
41.9s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_62280e15510f8e79\ws2_helper.dll
41.9s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack-admin_31bf3856ad364e35_6.2.9200.16683_none_1753c42b9544c63f\wmiutils.dll
42.0s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_0609729198b21d43\ws2_helper.dll
42.0s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack-admin_31bf3856ad364e35_6.2.9200.16683_none_1753c42b9544c63f\wbemprox.dll
42.0s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\IEFileInstallAI.dll
42.1s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_0609729198b21d43\poqexec.exe
42.1s C:\Windows\SysWOW64\poqexec.exe
42.1s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_62280e15510f8e79\timezoneai.dll
42.1s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\peerdistai.dll
42.1s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_0609729198b21d43\luainstall.dll
42.2s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\fveupdateai.dll
42.2s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_62280e15510f8e79\luainstall.dll
42.2s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack-admin_31bf3856ad364e35_6.2.9200.16683_none_bb3528a7dce75509\mofinstall.dll
42.2s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack-admin_31bf3856ad364e35_6.2.9200.16683_none_1753c42b9544c63f\mofinstall.dll
42.3s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\httpai.dll
42.3s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\cmiadapter.dll
42.4s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack-net_31bf3856ad364e35_6.2.9200.16683_none_3b2f7f1bfc8510c1\cmifw.dll
42.4s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack-net_31bf3856ad364e35_6.2.9200.16683_none_974e1a9fb4e281f7\cmifw.dll
42.5s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\smipi.dll
42.6s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\dpx.dll
42.6s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_0609729198b21d43\PrintAdvancedInstaller.dll
42.6s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\PrintAdvancedInstaller.dll
42.6s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_62280e15510f8e79\bfsvc.dll
42.7s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_0609729198b21d43\bfsvc.dll
42.7s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_06580a359876c22b\SetIEInstalledDateAI.dll
42.8s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_0609729198b21d43\CntrtextInstaller.dll
42.9s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_62280e15510f8e79\CntrtextInstaller.dll
42.9s C:\Windows\System32\appserverai.dll
42.9s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack-termsrv_31bf3856ad364e35_6.2.9200.17516_none_517e62aea73de19f\appserverai.dll
42.9s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_06580a359876c22b\ConfigureIEOptionalComponentsAI.dll
42.9s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_06580a359876c22b\IEFileInstallAI.dll
43.0s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_06580a359876c22b\peerdistai.dll
43.0s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_06580a359876c22b\fveupdateai.dll
43.0s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_06580a359876c22b\smipi.dll
43.1s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_06580a359876c22b\httpai.dll
43.1s C:\Windows\System32\VmHostAI.dll
43.2s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_06580a359876c22b\cmiadapter.dll
43.2s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack-admin_31bf3856ad364e35_6.2.9200.16683_none_1753c42b9544c63f\wbemcomn.dll
43.2s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack-admin_31bf3856ad364e35_6.2.9200.16683_none_1753c42b9544c63f\repdrvfs.dll
43.3s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack-admin_31bf3856ad364e35_6.2.9200.16683_none_bb3528a7dce75509\repdrvfs.dll
43.4s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack-admin_31bf3856ad364e35_6.2.9200.16683_none_1753c42b9544c63f\esscli.dll
43.5s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack-admin_31bf3856ad364e35_6.2.9200.16683_none_bb3528a7dce75509\esscli.dll
43.5s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_06580a359876c22b\ceipfwdai.dll
43.6s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_06580a359876c22b\securebootai.dll
43.6s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack-admin_31bf3856ad364e35_6.2.9200.16683_none_1753c42b9544c63f\mofd.dll
43.6s C:\Windows\System32\poqexec.exe
43.7s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack-admin_31bf3856ad364e35_6.2.9200.16683_none_bb3528a7dce75509\mofd.dll
43.8s C:\Windows\System32\RDWebAI.dll
43.8s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack-admin_31bf3856ad364e35_6.2.9200.16683_none_1753c42b9544c63f\fastprox.dll
43.9s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack-admin_31bf3856ad364e35_6.2.9200.16683_none_bb3528a7dce75509\fastprox.dll
43.9s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\securebootai.dll
44.0s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\ceipfwdai.dll
44.0s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_06580a359876c22b\msdtcadvancedinstaller.dll
44.2s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\msdtcadvancedinstaller.dll
44.4s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_06580a359876c22b\TiFileFetcher.exe
44.5s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\TiFileFetcher.exe
44.6s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_0609729198b21d43\timezoneai.dll
44.6s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_06580a359876c22b\servicemodelregai.dll
44.7s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_06580a359876c22b\smiengine.dll
44.7s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_0609729198b21d43\wrpint.dll
44.8s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_0609729198b21d43\bcdeditai.dll
44.9s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack-admin_31bf3856ad364e35_6.2.9200.17516_none_bb83c04bdcabf9f1\wmicmiplugin.dll
45.0s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\msdelta.dll
45.0s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_06580a359876c22b\cmitrust.dll
45.1s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\cmipnpinstall.dll
45.1s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\servicemodelregai.dll
45.3s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\smiengine.dll
45.3s C:\Windows\System32\tssdisai.dll
45.5s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack-admin_31bf3856ad364e35_6.2.9200.17516_none_bb83c04bdcabf9f1\wbemcore.dll
45.6s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack-ds_31bf3856ad364e35_6.2.9200.17516_none_969b2dc475f4af7d\sppinst.dll
45.6s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_0609729198b21d43\DrUpdate.dll
45.8s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_62280e15510f8e79\bcdeditai.dll
45.8s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\wdscore.dll
45.9s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\PkgMgr.exe
46.0s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack-ds_31bf3856ad364e35_6.2.9200.17516_none_f2b9c9482e5220b3\sppinst.dll
46.1s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack-admin_31bf3856ad364e35_6.2.9200.16683_none_bb3528a7dce75509\wbemcomn.dll
46.2s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack-admin_31bf3856ad364e35_6.2.9200.17516_none_17a25bcf95096b27\wmicmiplugin.dll
46.3s C:\Windows\servicing\TrustedInstaller.exe
46.3s C:\Windows\WinSxS\amd64_microsoft-windows-trustedinstaller_31bf3856ad364e35_6.2.9200.16683_none_e9d5e050d6ebca10\TrustedInstaller.exe
46.3s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_62280e15510f8e79\TiWorker.exe
46.4s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\cmitrust.dll
46.5s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_62280e15510f8e79\DrUpdate.dll
46.6s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_0609729198b21d43\cmipnpinstall.dll
46.6s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_0609729198b21d43\PkgMgr.exe
46.7s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_0609729198b21d43\dpx.dll
46.8s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_0609729198b21d43\TiWorker.exe
46.9s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_0609729198b21d43\wdscore.dll
47.1s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_06580a359876c22b\CbsCore.dll
47.5s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_06580a359876c22b\wcp.dll
47.7s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack-admin_31bf3856ad364e35_6.2.9200.17516_none_17a25bcf95096b27\wbemcore.dll
47.8s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\CbsCore.dll
48.1s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_06580a359876c22b\cmiv2.dll
48.4s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_62280e15510f8e79\drvstore.dll
48.7s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\wcp.dll
48.9s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_0609729198b21d43\drvstore.dll
49.3s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\cmiv2.dll

C:\Windows\System32\lsm.dll
Size . . . . . . . : 439 808 bytes
Age . . . . . . . : 19.7 days (2016-02-22 03:00:27)
Entropy . . . . . : 6.3
SHA-256 . . . . . : 222CD4099DDF34E8AC05FC1099DF1C9E7E3905162B51D6820601BE097991F397
Product . . . . . : Microsoft® Windows® Operating System
Publisher . . . . : Microsoft Corporation
Description . . . : Local Session Manager Service
Version . . . . . : 6.2.9200.17581
Copyright . . . . : © Microsoft Corporation. All rights reserved.
Service . . . . . : LSM
LanguageID . . . . : 1033
Fuzzy . . . . . . : 10.0
Starts automatically as a service during system bootup.
Program starts automatically without user intervention.
The file is in use by one or more active processes.
The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
Time indicates that the file appeared recently on this computer.
The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.
Startup
HKLM\SYSTEM\CurrentControlSet\Services\LSM\
Forensic Cluster
-3.6s C:\Windows\System32\workerdd.dll
-3.6s C:\Windows\WinSxS\amd64_microsoft-windows-t..localsessionmanager_31bf3856ad364e35_6.2.9200.21736_none_fed0100aad423d5d\workerdd.dll
-3.4s C:\Windows\System32\msaudite.dll
-3.4s C:\Windows\WinSxS\amd64_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.2.9200.17592_en-us_b2c267dbe3aa99f6\msaudite.dll.mui
-3.4s C:\Windows\WinSxS\amd64_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.2.9200.17559_en-us_b2f4a991e383db93\msaudite.dll.mui
-3.4s C:\Windows\WinSxS\amd64_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.2.9200.17218_en-us_b31ee345e3645b03\msaudite.dll.mui
-3.3s C:\Windows\WinSxS\amd64_microsoft-windows-msauditevtlog_31bf3856ad364e35_6.2.9200.21736_none_20cdbd981b25028c\msaudite.dll
-3.3s C:\Windows\WinSxS\x86_microsoft-windows-msauditevtlog_31bf3856ad364e35_6.2.9200.17617_none_c43c256b4998d301\msaudite.dll
-3.2s C:\Windows\WinSxS\amd64_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.2.9200.21709_en-us_b3b457defc78eccf\msaudite.dll.mui
-3.2s C:\Windows\WinSxS\amd64_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.2.9200.21561_en-us_b36b723afcb0cf6f\msaudite.dll.mui
-3.2s C:\Windows\WinSxS\x86_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.2.9200.21335_en-us_577143d744377574\msaudite.dll.mui
-3.0s C:\Windows\WinSxS\x86_microsoft-windows-msauditevtlog_31bf3856ad364e35_6.2.9200.21736_none_c4af221462c79156\msaudite.dll
-2.9s C:\Windows\WinSxS\amd64_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.2.9200.17617_fr-fr_55a0bd76d65e3e4f\msaudite.dll.mui
-2.9s C:\Windows\WinSxS\amd64_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.2.9200.17559_fr-fr_55777c74d67ce39a\msaudite.dll.mui
-2.9s C:\Windows\WinSxS\amd64_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.2.9200.17218_fr-fr_55a1b628d65d630a\msaudite.dll.mui
-2.9s C:\Windows\System32\fr-FR\msaudite.dll.mui
-2.9s C:\Windows\WinSxS\x86_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.2.9200.17592_fr-fr_f9269f3b1e4630c7\msaudite.dll.mui
-2.8s C:\Windows\WinSxS\amd64_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.2.9200.21709_fr-fr_56372ac1ef71f4d6\msaudite.dll.mui
-2.8s C:\Windows\WinSxS\amd64_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.2.9200.21736_fr-fr_5613ba1fef8cfca4\msaudite.dll.mui
-2.8s C:\Windows\WinSxS\amd64_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.2.9200.21290_fr-fr_55cccf5defc31a7d\msaudite.dll.mui
-2.8s C:\Windows\WinSxS\x86_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.2.9200.21335_fr-fr_f9f416ba37307d7b\msaudite.dll.mui
-2.7s C:\Windows\WinSxS\x86_microsoft-windows-security-credssp_31bf3856ad364e35_6.2.9200.17617_none_c0b1dc8c72bb6316\credssp.dll
-2.6s C:\Windows\WinSxS\x86_microsoft-windows-security-credssp_31bf3856ad364e35_6.2.9200.21736_none_c124d9358bea216b\credssp.dll
-2.6s C:\Windows\WinSxS\amd64_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.2.9200.21709_fr-fr_56372ac1ef71f4d6\adtschema.dll.mui
-2.6s C:\Windows\WinSxS\amd64_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.2.9200.21736_fr-fr_5613ba1fef8cfca4\adtschema.dll.mui
-2.6s C:\Windows\WinSxS\x86_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.2.9200.21736_fr-fr_f9f51e9c372f8b6e\adtschema.dll.mui
-2.5s C:\Windows\WinSxS\amd64_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.2.9200.17617_fr-fr_55a0bd76d65e3e4f\adtschema.dll.mui
-2.5s C:\Windows\System32\fr-FR\adtschema.dll.mui
-2.5s C:\Windows\WinSxS\x86_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.2.9200.17592_fr-fr_f9269f3b1e4630c7\adtschema.dll.mui
-2.5s C:\Windows\WinSxS\x86_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.2.9200.17617_fr-fr_f98221f31e00cd19\adtschema.dll.mui
-2.3s C:\Windows\System32\credssp.dll
-2.3s C:\Windows\WinSxS\amd64_microsoft-windows-security-credssp_31bf3856ad364e35_6.2.9200.21736_none_1d4374b9444792a1\credssp.dll
-2.2s C:\Windows\System32\fr-FR\lsasrv.dll.mui
-2.2s C:\Windows\WinSxS\amd64_microsoft-windows-lsa.resources_31bf3856ad364e35_6.2.9200.21736_fr-fr_82b5ea7e2c4becfe\lsasrv.dll.mui
-2.0s C:\Windows\System32\sspisrv.dll
-1.9s C:\Windows\WinSxS\wow64_microsoft-windows-lsa-minwin_31bf3856ad364e35_6.2.9200.17617_none_a0d892905037f895\sspicli.dll
-1.7s C:\Windows\WinSxS\wow64_microsoft-windows-lsa-minwin_31bf3856ad364e35_6.2.9200.21736_none_a14b8f396966b6ea\sspicli.dll
-1.6s C:\Windows\WinSxS\x86_microsoft-windows-security-credssp_31bf3856ad364e35_6.2.9200.21736_none_c124d9358bea216b\TSpkg.dll
-1.6s C:\Windows\WinSxS\x86_microsoft-windows-security-credssp_31bf3856ad364e35_6.2.9200.17617_none_c0b1dc8c72bb6316\TSpkg.dll
-1.5s C:\Windows\WinSxS\amd64_microsoft-windows-lsa-minwin_31bf3856ad364e35_6.2.9200.21736_none_96f6e4e73505f4ef\ksecdd.sys
-1.4s C:\Windows\WinSxS\amd64_microsoft-windows-security-credssp_31bf3856ad364e35_6.2.9200.21736_none_1d4374b9444792a1\TSpkg.dll
-1.4s C:\Windows\System32\TSpkg.dll
-1.2s C:\Windows\WinSxS\wow64_microsoft-windows-security-digest_31bf3856ad364e35_6.2.9200.21736_none_9ead38b353cd6394\wdigest.dll
-1.1s C:\Windows\WinSxS\wow64_microsoft-windows-security-digest_31bf3856ad364e35_6.2.9200.17617_none_9e3a3c0a3a9ea53f\wdigest.dll
-1.0s C:\Windows\System32\lsass.exe
-0.9s C:\Windows\WinSxS\amd64_microsoft-windows-lsa-minwin_31bf3856ad364e35_6.2.9200.21736_none_96f6e4e73505f4ef\sspicli.dll
-0.8s C:\Windows\WinSxS\amd64_microsoft-windows-security-digest_31bf3856ad364e35_6.2.9200.21736_none_94588e611f6ca199\wdigest.dll
-0.7s C:\Windows\System32\wdigest.dll
-0.6s C:\Windows\WinSxS\x86_microsoft-windows-usercpl_31bf3856ad364e35_6.2.9200.17617_none_88c89fa01f4a0b35\usercpl.dll
-0.4s C:\Windows\WinSxS\x86_microsoft-windows-usercpl_31bf3856ad364e35_6.2.9200.21736_none_893b9c493878c98a\usercpl.dll
-0.4s C:\Windows\System32\Drivers\fr-FR\mrxsmb.sys.mui
-0.3s C:\Windows\WinSxS\amd64_microsoft-windows-smbminirdr.resources_31bf3856ad364e35_6.2.9200.21736_fr-fr_3b46823a8964bf31\mrxsmb.sys.mui
-0.1s C:\Windows\WinSxS\amd64_microsoft-windows-t..localsessionmanager_31bf3856ad364e35_6.2.9200.21736_none_fed0100aad423d5d\lsm.dll
0.0s C:\Windows\System32\lsm.dll
0.2s C:\Windows\WinSxS\amd64_microsoft-windows-usercpl_31bf3856ad364e35_6.2.9200.21736_none_e55a37ccf0d63ac0\usercpl.dll
0.4s C:\Windows\System32\usercpl.dll
0.5s C:\Windows\WinSxS\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.2.9200.21736_none_ffd5ce0bff82c606\ksecpkg.sys
0.6s C:\Windows\System32\Drivers\ksecpkg.sys
0.6s C:\Windows\System32\Drivers\ksecdd.sys
0.7s C:\Windows\WinSxS\x86_microsoft-windows-msauditevtlog_31bf3856ad364e35_6.2.9200.21736_none_c4af221462c79156\adtschema.dll
0.9s C:\Windows\WinSxS\amd64_microsoft-windows-msauditevtlog_31bf3856ad364e35_6.2.9200.21736_none_20cdbd981b25028c\adtschema.dll
0.9s C:\Windows\WinSxS\amd64_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.2.9200.21709_en-us_b3b457defc78eccf\adtschema.dll.mui
0.9s C:\Windows\WinSxS\amd64_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.2.9200.21561_en-us_b36b723afcb0cf6f\adtschema.dll.mui
0.9s C:\Windows\WinSxS\amd64_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.2.9200.21335_en-us_b38fdf5afc94e6aa\adtschema.dll.mui
1.0s C:\Windows\WinSxS\x86_microsoft-windows-msauditevtlog_31bf3856ad364e35_6.2.9200.17617_none_c43c256b4998d301\adtschema.dll
1.0s C:\Windows\SysWOW64\adtschema.dll
1.1s C:\Windows\WinSxS\amd64_microsoft-windows-msauditevtlog_31bf3856ad364e35_6.2.9200.17617_none_205ac0ef01f64437\adtschema.dll
1.1s C:\Windows\System32\adtschema.dll
1.2s C:\Windows\WinSxS\amd64_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.2.9200.17592_en-us_b2c267dbe3aa99f6\adtschema.dll.mui
1.2s C:\Windows\WinSxS\amd64_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.2.9200.17450_en-us_b2eba511e38bfa5d\adtschema.dll.mui
1.2s C:\Windows\WinSxS\amd64_microsoft-windows-m..ditevtlog.resources_31bf3856ad364e35_6.2.9200.17559_en-us_b2f4a991e383db93\adtschema.dll.mui
1.4s C:\Windows\WinSxS\x86_microsoft-windows-shcore_31bf3856ad364e35_6.2.9200.21736_none_c3e084ca0b8fbcc0\SHCore.dll
1.6s C:\Windows\WinSxS\amd64_microsoft-windows-shcore_31bf3856ad364e35_6.2.9200.21736_none_1fff204dc3ed2df6\SHCore.dll
1.7s C:\Windows\WinSxS\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.2.9200.21736_none_ffd5ce0bff82c606\cng.sys
1.7s C:\Windows\WinSxS\wow64_microsoft-windows-security-ntlm_31bf3856ad364e35_6.2.9200.21736_none_e092da6f39a312e3\msv1_0.dll
1.8s C:\Windows\WinSxS\wow64_microsoft-windows-security-ntlm_31bf3856ad364e35_6.2.9200.17617_none_e01fddc62074548e\msv1_0.dll
1.9s C:\Windows\System32\sspicli.dll
2.0s C:\Windows\WinSxS\x86_microsoft-windows-shcore_31bf3856ad364e35_6.2.9200.17617_none_c36d8820f260fe6b\SHCore.dll
2.2s C:\Windows\WinSxS\amd64_microsoft-windows-security-ntlm_31bf3856ad364e35_6.2.9200.21736_none_d63e301d054250e8\msv1_0.dll
2.4s C:\Windows\System32\msv1_0.dll
2.5s C:\Windows\WinSxS\amd64_microsoft-windows-smb10-minirdr_31bf3856ad364e35_6.2.9200.21736_none_e22fced2ee263b55\mrxsmb10.sys
2.6s C:\Windows\System32\Drivers\mrxsmb10.sys
2.7s C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.21736_none_c94e446077a909c5\winlogon.exe
3.1s C:\Windows\System32\winlogon.exe
3.3s C:\Windows\System32\Drivers\cng.sys
3.4s C:\Windows\System32\SHCore.dll
3.8s C:\Windows\WinSxS\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.2.9200.17617_none_b43f00d2f62fafc3\winresume.exe
3.8s C:\Windows\System32\winresume.exe
4.2s C:\Windows\WinSxS\amd64_microsoft-windows-smb20-minirdr_31bf3856ad364e35_6.2.9200.21736_none_e46638e52c7d6ec6\mrxsmb20.sys
4.3s C:\Windows\System32\Drivers\mrxsmb20.sys
4.6s C:\Windows\System32\winresume.efi
5.7s C:\Windows\WinSxS\wow64_microsoft-windows-security-kerberos_31bf3856ad364e35_6.2.9200.21736_none_4ab6cac787e5dfc3\kerberos.dll
6.0s C:\Windows\WinSxS\wow64_microsoft-windows-security-kerberos_31bf3856ad364e35_6.2.9200.17617_none_4a43ce1e6eb7216e\kerberos.dll
6.5s C:\Windows\WinSxS\amd64_microsoft-windows-security-kerberos_31bf3856ad364e35_6.2.9200.21736_none_4062207553851dc8\kerberos.dll
7.0s C:\Windows\System32\kerberos.dll
7.4s C:\Windows\WinSxS\amd64_microsoft-windows-smbminirdr_31bf3856ad364e35_6.2.9200.21736_none_d91cb07ef3d4fcf3\mrxsmb.sys
7.6s C:\Windows\System32\Drivers\mrxsmb.sys
8.1s C:\Windows\System32\winload.exe
8.3s C:\Windows\System32\winload.efi
8.9s C:\Windows\WinSxS\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.2.9200.21736_none_ffd5ce0bff82c606\lsasrv.dll
9.4s C:\Windows\System32\lsasrv.dll
11.6s C:\Windows\WinSxS\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.2.9200.21736_none_c5bba4ea56daa038\ntoskrnl.exe
17.3s C:\Windows\System32\ntoskrnl.exe
40.1s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_0609729198b21d43\CbsMsg.dll
40.1s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_62280e15510f8e79\CbsMsg.dll
40.1s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_0609729198b21d43\mspatcha.dll
40.1s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_0609729198b21d43\netfxconfig.dll
40.2s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_0609729198b21d43\cleanupai.dll
40.2s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_62280e15510f8e79\mspatcha.dll
40.2s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_62280e15510f8e79\cleanupai.dll
40.3s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_0609729198b21d43\RegisterIEPKeysAI.dll
40.3s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_62280e15510f8e79\netfxconfig.dll
40.3s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_62280e15510f8e79\RegisterIEPKeysAI.dll
40.3s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_62280e15510f8e79\appxreg.dll
40.4s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_0609729198b21d43\appxreg.dll
40.4s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_62280e15510f8e79\winsockai.dll
40.5s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_0609729198b21d43\winsockai.dll
40.5s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_62280e15510f8e79\wrpint.dll
40.5s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_06580a359876c22b\msdelta.dll
40.6s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\SetIEInstalledDateAI.dll
40.6s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack-net_31bf3856ad364e35_6.2.9200.16683_none_3b2f7f1bfc8510c1\FirewallOfflineAPI.dll
40.7s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack-net_31bf3856ad364e35_6.2.9200.16683_none_974e1a9fb4e281f7\FirewallOfflineAPI.dll
40.7s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\ConfigureIEOptionalComponentsAI.dll
40.8s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack-admin_31bf3856ad364e35_6.2.9200.16683_none_bb3528a7dce75509\wbemprox.dll
40.9s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack-admin_31bf3856ad364e35_6.2.9200.16683_none_bb3528a7dce75509\wmiutils.dll
40.9s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_62280e15510f8e79\ws2_helper.dll
41.0s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack-admin_31bf3856ad364e35_6.2.9200.16683_none_1753c42b9544c63f\wmiutils.dll
41.0s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_0609729198b21d43\ws2_helper.dll
41.0s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack-admin_31bf3856ad364e35_6.2.9200.16683_none_1753c42b9544c63f\wbemprox.dll
41.0s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\IEFileInstallAI.dll
41.1s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_0609729198b21d43\poqexec.exe
41.1s C:\Windows\SysWOW64\poqexec.exe
41.1s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_62280e15510f8e79\timezoneai.dll
41.1s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\peerdistai.dll
41.1s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_0609729198b21d43\luainstall.dll
41.2s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\fveupdateai.dll
41.2s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_62280e15510f8e79\luainstall.dll
41.2s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack-admin_31bf3856ad364e35_6.2.9200.16683_none_bb3528a7dce75509\mofinstall.dll
41.2s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack-admin_31bf3856ad364e35_6.2.9200.16683_none_1753c42b9544c63f\mofinstall.dll
41.3s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\httpai.dll
41.3s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\cmiadapter.dll
41.4s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack-net_31bf3856ad364e35_6.2.9200.16683_none_3b2f7f1bfc8510c1\cmifw.dll
41.4s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack-net_31bf3856ad364e35_6.2.9200.16683_none_974e1a9fb4e281f7\cmifw.dll
41.5s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\smipi.dll
41.6s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\dpx.dll
41.6s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_0609729198b21d43\PrintAdvancedInstaller.dll
41.6s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\PrintAdvancedInstaller.dll
41.6s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_62280e15510f8e79\bfsvc.dll
41.7s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_0609729198b21d43\bfsvc.dll
41.7s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_06580a359876c22b\SetIEInstalledDateAI.dll
41.8s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_0609729198b21d43\CntrtextInstaller.dll
41.9s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_62280e15510f8e79\CntrtextInstaller.dll
41.9s C:\Windows\System32\appserverai.dll
41.9s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack-termsrv_31bf3856ad364e35_6.2.9200.17516_none_517e62aea73de19f\appserverai.dll
41.9s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_06580a359876c22b\ConfigureIEOptionalComponentsAI.dll
41.9s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_06580a359876c22b\IEFileInstallAI.dll
42.0s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_06580a359876c22b\peerdistai.dll
42.0s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_06580a359876c22b\fveupdateai.dll
42.0s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_06580a359876c22b\smipi.dll
42.1s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_06580a359876c22b\httpai.dll
42.1s C:\Windows\System32\VmHostAI.dll
42.2s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_06580a359876c22b\cmiadapter.dll
42.2s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack-admin_31bf3856ad364e35_6.2.9200.16683_none_1753c42b9544c63f\wbemcomn.dll
42.2s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack-admin_31bf3856ad364e35_6.2.9200.16683_none_1753c42b9544c63f\repdrvfs.dll
42.3s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack-admin_31bf3856ad364e35_6.2.9200.16683_none_bb3528a7dce75509\repdrvfs.dll
42.4s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack-admin_31bf3856ad364e35_6.2.9200.16683_none_1753c42b9544c63f\esscli.dll
42.5s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack-admin_31bf3856ad364e35_6.2.9200.16683_none_bb3528a7dce75509\esscli.dll
42.5s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_06580a359876c22b\ceipfwdai.dll
42.6s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_06580a359876c22b\securebootai.dll
42.6s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack-admin_31bf3856ad364e35_6.2.9200.16683_none_1753c42b9544c63f\mofd.dll
42.6s C:\Windows\System32\poqexec.exe
42.7s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack-admin_31bf3856ad364e35_6.2.9200.16683_none_bb3528a7dce75509\mofd.dll
42.8s C:\Windows\System32\RDWebAI.dll
42.8s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack-admin_31bf3856ad364e35_6.2.9200.16683_none_1753c42b9544c63f\fastprox.dll
42.9s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack-admin_31bf3856ad364e35_6.2.9200.16683_none_bb3528a7dce75509\fastprox.dll
42.9s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\securebootai.dll
43.0s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\ceipfwdai.dll
43.0s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_06580a359876c22b\msdtcadvancedinstaller.dll
43.2s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\msdtcadvancedinstaller.dll
43.4s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_06580a359876c22b\TiFileFetcher.exe
43.5s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\TiFileFetcher.exe
43.6s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_0609729198b21d43\timezoneai.dll
43.6s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_06580a359876c22b\servicemodelregai.dll
43.7s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_06580a359876c22b\smiengine.dll
43.7s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_0609729198b21d43\wrpint.dll
43.8s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_0609729198b21d43\bcdeditai.dll
43.9s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack-admin_31bf3856ad364e35_6.2.9200.17516_none_bb83c04bdcabf9f1\wmicmiplugin.dll
44.0s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\msdelta.dll
44.0s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_06580a359876c22b\cmitrust.dll
44.1s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\cmipnpinstall.dll
44.1s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\servicemodelregai.dll
44.3s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\smiengine.dll
44.3s C:\Windows\System32\tssdisai.dll
44.5s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack-admin_31bf3856ad364e35_6.2.9200.17516_none_bb83c04bdcabf9f1\wbemcore.dll
44.6s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack-ds_31bf3856ad364e35_6.2.9200.17516_none_969b2dc475f4af7d\sppinst.dll
44.6s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_0609729198b21d43\DrUpdate.dll
44.8s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_62280e15510f8e79\bcdeditai.dll
44.8s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\wdscore.dll
44.9s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\PkgMgr.exe
45.0s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack-ds_31bf3856ad364e35_6.2.9200.17516_none_f2b9c9482e5220b3\sppinst.dll
45.1s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack-admin_31bf3856ad364e35_6.2.9200.16683_none_bb3528a7dce75509\wbemcomn.dll
45.2s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack-admin_31bf3856ad364e35_6.2.9200.17516_none_17a25bcf95096b27\wmicmiplugin.dll
45.3s C:\Windows\servicing\TrustedInstaller.exe
45.3s C:\Windows\WinSxS\amd64_microsoft-windows-trustedinstaller_31bf3856ad364e35_6.2.9200.16683_none_e9d5e050d6ebca10\TrustedInstaller.exe
45.3s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_62280e15510f8e79\TiWorker.exe
45.4s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\cmitrust.dll
45.5s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_62280e15510f8e79\DrUpdate.dll
45.6s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_0609729198b21d43\cmipnpinstall.dll
45.6s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_0609729198b21d43\PkgMgr.exe
45.7s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_0609729198b21d43\dpx.dll
45.8s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_0609729198b21d43\TiWorker.exe
45.9s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_0609729198b21d43\wdscore.dll
46.1s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_06580a359876c22b\CbsCore.dll
46.5s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_06580a359876c22b\wcp.dll
46.7s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack-admin_31bf3856ad364e35_6.2.9200.17516_none_17a25bcf95096b27\wbemcore.dll
46.8s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\CbsCore.dll
47.1s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_06580a359876c22b\cmiv2.dll
47.4s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_62280e15510f8e79\drvstore.dll
47.7s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\wcp.dll
47.9s C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_0609729198b21d43\drvstore.dll
48.3s C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\cmiv2.dll

C:\Windows\System32\shell32.dll
Size . . . . . . . : 19 778 048 bytes
Age . . . . . . . : 19.7 days (2016-02-22 03:03:28)
Entropy . . . . . : 6.0
SHA-256 . . . . . : 1021C29511579C69A84487F86FB6804E77B0CE9FE309B8E81DFDB805F92CCFAE
Product . . . . . : Microsoft® Windows® Operating System
Publisher . . . . : Microsoft Corporation
Description . . . : Windows Shell Common Dll
Version . . . . . : 6.2.9200.17464
Copyright . . . . : © Microsoft Corporation. All rights reserved.
LanguageID . . . . : 1033
Fuzzy . . . . . . : 10.0
This file contains a Thread Local Storage (TLS) data directory. This is not common for most programs.
Program starts automatically without user intervention.
The file is in use by one or more active processes.
The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
Time indicates that the file appeared recently on this computer.
The file is protected by Windows File Protection (WFP). This is typical for critical Windows system files.
Startup
HKLM\SOFTWARE\Classes\Directory\Shellex\CopyHookHandlers\FileSystem\
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}\
References
HKLM\SOFTWARE\Classes\CLSID\{0DF44EAA-FF21-4412-828E-260A8728E7F1}\
HKLM\SOFTWARE\Classes\CLSID\{217FC9C0-3AEA-1069-A2DB-08002B30309D}\
HKLM\SOFTWARE\Classes\CLSID\{40419485-C444-4567-851A-2DD7BFA1684D}\
HKLM\SOFTWARE\Classes\CLSID\{62D8ED13-C9D0-4CE8-A914-47DD628FB1B0}\
HKLM\SOFTWARE\Classes\CLSID\{6C8EEC18-8D75-41B2-A177-8831D59D2D50}\
HKLM\SOFTWARE\Classes\CLSID\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF}\
HKLM\SOFTWARE\Classes\CLSID\{725BE8F7-668E-4C7B-8F90-46BDB0936430}\
HKLM\SOFTWARE\Classes\CLSID\{80F3F1D5-FECA-45F3-BC32-752C152E456E}\
HKLM\SOFTWARE\Classes\CLSID\{87D66A43-7B11-4A28-9811-C86EE395ACF7}\
HKLM\SOFTWARE\Classes\CLSID\{A0275511-0E86-4ECA-97C2-ECD8F1221D08}\
HKLM\SOFTWARE\Classes\CLSID\{A3DD4F92-658A-410F-84FD-6FBBBEF2FFFE}\
HKLM\SOFTWARE\Classes\CLSID\{D17D1D6D-CC3F-4815-8FE3-607E7D5D10B3}\
HKLM\SOFTWARE\Classes\CLSID\{E2E7934B-DCE5-43C4-9576-7FE4F75E7480}\
HKLM\SOFTWARE\Classes\CLSID\{F2DDFC82-8F12-4CDD-B7DC-D4FE1425AA4D}\
HKLM\SOFTWARE\Classes\CLSID\{F82DF8F7-8B9F-442E-A48C-818EA735FF9B}\
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\{0DF44EAA-FF21-4412-828E-260A8728E7F1}\
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\{40419485-C444-4567-851A-2DD7BFA1684D}\
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\{62D8ED13-C9D0-4CE8-A914-47DD628FB1B0}\
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\{6C8EEC18-8D75-41B2-A177-8831D59D2D50}\
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF}\
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\{725BE8F7-668E-4C7B-8F90-46BDB0936430}\
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\{80F3F1D5-FECA-45F3-BC32-752C152E456E}\
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\{87D66A43-7B11-4A28-9811-C86EE395ACF7}\
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\{A0275511-0E86-4ECA-97C2-ECD8F1221D08}\
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\{A3DD4F92-658A-410F-84FD-6FBBBEF2FFFE}\
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\{D17D1D6D-CC3F-4815-8FE3-607E7D5D10B3}\
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\{E2E7934B-DCE5-43C4-9576-7FE4F75E7480}\
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\{F2DDFC82-8F12-4CDD-B7DC-D4FE1425AA4D}\
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\{F82DF8F7-8B9F-442E-A48C-818EA735FF9B}\
HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{217FC9C0-3AEA-1069-A2DB-08002B30309D}\

Cookies _____________________________________________________________________

C:\Users\Jean-Marie\AppData\Roaming\Microsoft\Windows\Cookies\12UE2O4X.txt
C:\Users\Jean-Marie\AppData\Roaming\Microsoft\Windows\Cookies\73I2M0XP.txt
C:\Users\Jean-Marie\AppData\Roaming\Microsoft\Windows\Cookies\D1Y5256B.txt
C:\Users\Jean-Marie\AppData\Roaming\Microsoft\Windows\Cookies\FY1TEYBW.txt
C:\Users\Jean-Marie\AppData\Roaming\Microsoft\Windows\Cookies\GHXM40SH.txt
C:\Users\Jean-Marie\AppData\Roaming\Microsoft\Windows\Cookies\JSRJ4VO9.txt
C:\Users\Jean-Marie\AppData\Roaming\Microsoft\Windows\Cookies\N3CAKH1S.txt
C:\Users\Jean-Marie\AppData\Roaming\Microsoft\Windows\Cookies\VB74KHQW.txt
C:\Users\Jean-Marie\AppData\Roaming\Mozilla\Firefox\Profiles\gl1x1oq0.default\cookies.sqlite:abmr.net
C:\Users\Jean-Marie\AppData\Roaming\Mozilla\Firefox\Profiles\gl1x1oq0.default\cookies.sqlite:adnxs.com
C:\Users\Jean-Marie\AppData\Roaming\Mozilla\Firefox\Profiles\gl1x1oq0.default\cookies.sqlite:ads.linkedin.com
C:\Users\Jean-Marie\AppData\Roaming\Mozilla\Firefox\Profiles\gl1x1oq0.default\cookies.sqlite:ads.servebom.com
C:\Users\Jean-Marie\AppData\Roaming\Mozilla\Firefox\Profiles\gl1x1oq0.default\cookies.sqlite:doubleclick.net
C:\Users\Jean-Marie\AppData\Roaming\Mozilla\Firefox\Profiles\gl1x1oq0.default\cookies.sqlite:in.getclicky.com
C:\Users\Jean-Marie\AppData\Roaming\Mozilla\Firefox\Profiles\gl1x1oq0.default\cookies.sqlite:mathtag.com
C:\Users\Jean-Marie\AppData\Roaming\Mozilla\Firefox\Profiles\gl1x1oq0.default\cookies.sqlite:outbrain.com
C:\Users\Jean-Marie\AppData\Roaming\Mozilla\Firefox\Profiles\gl1x1oq0.default\cookies.sqlite:taboola.com
C:\Users\Jean-Marie\AppData\Roaming\Mozilla\Firefox\Profiles\gl1x1oq0.default\cookies.sqlite:trc.taboola.com

[/code]

Signaler le contenu de ce document